Hi,

I am having trouble getting a login script to work on my website. The page calls a stored procedure on MS SQL and it returns EOF. I have placed the following line after opening the recordset:

If dbRecSet.EOF Then Response.Write("dbRecSet.EOF")

I have a backup database that when I run the same query also returns EOF.

I can't see a problem and query analyzer also says it is fine. Any ideas what the problem could be?

SQL:
Code:
CREATE PROCEDURE [hammerf_storage].[proc_LoginCheck]
(
@strUname nvarchar
)
AS
SELECT tblMembers.member_name, tblMembers.member_password, tblMembers.member_salt, tblMembers.member_id, tblMembers.member_code
FROM tblMembers
WHERE tblMembers.member_name = @strUname
ASP:
Code:
<!-- #include file="../../inc_common.asp" -->
<!-- #include file="../../fnc_hash1way.asp" -->
<%
Dim strUsername
Dim strPassword
Dim lngUserID
Dim strUserCode
Dim intForumID
Dim lngLoopCounter
Dim blnIncorrectLogin
Dim blnSecurityCodeOK
Dim strReferer

blnIncorrectLogin = false
blnSecurityCodeOK = true
strReferer = Request.ServerVariables("HTTP_REFERER")
strUsername = Trim(Mid(Request.Form("memName"), 1, 15))
strPassword = LCase(Trim(Mid(Request.Form("memPword"), 1, 15)))
strUsername = Replace(strUsername, "password", "", 1, -1, 1)
strUsername = Replace(strUsername, "salt", "", 1, -1, 1)
strUsername = Replace(strUsername, "author", "", 1, -1, 1)
strUsername = Replace(strUsername, "code", "", 1, -1, 1)
strUsername = Replace(strUsername, "username", "", 1, -1, 1)
strUsername = formatSQLInput(strUsername)
If strUsername <> "" AND blnLongSecurityCode = false Then
	'If blnLongSecurityCode = False Then Call checkSessionID(Request.Form("memSessionID"))
	If Session("lngSecurityCode") <> Trim(Mid(Request.Form("securityCode"), 1, 6)) AND blnLongSecurityCode Then blnSecurityCodeOK = False
	Set dbRecSet = Server.CreateObject("ADODB.Recordset")
	dbSQLStr = "EXECUTE proc_LoginCheck @strUname = '" & strUserName & "';"
	dbRecSet.Open dbSQLStr, dbConStr
	If dbRecSet.EOF = True Then 
		blnIncorrectLogin = True 
	End If
		If NOT dbRecSet.EOF Then 'AND blnSecurityCodeOK Then
		strPassword = strPassword & dbRecSet("tblMembers.member_salt")
		strPassword = HashEncode(strPassword)
		If strPassword = dbRecSet("tblMembers.member_password") Then
			lngUserID = CLng(dbRecSet("tblMembers.member_id"))
			strUsername = dbRecSet("tblMembers.member_name")
			Session("blnIsUserGood") = True
			strUserCode = userCode(strUsername)
			dbRecSet.Fields("tblMembers.member_code") = strUserCode
			dbRecSet.Update
			Response.Cookies("HMRCKI")("UID") = strUserCode
			dbRecSet.Close
			Set dbRecSet = Nothing
			dbCon.Close
			Set dbCon = Nothing
			blnIncorrectLogin = False
			If intForumID > 0 Then
				If blnActiveMember = False Then
					Response.Redirect(strReferer & "?Login=Suspended")
				ElseIf blnLoggedInUserEmail = False Then
					Response.Redirect(strReferer &"?Login=Inactive")
				Else
					Response.Redirect(strReferer & "?Login=Accepted")
				End If
			Else
				If blnActiveMember = False Then
					Response.Redirect("http://www.hammerfist.net/?Login=Suspended")
				ElseIf blnLoggedInUserEmail = False Then
					Response.Redirect("http://www.hammerfist.net/?Login=Inactive")
				Else
					Response.Redirect("http://www.hammerfist.net/?Login=Accepted")
				End If
			End If
			Response.Redirect("http://www.hammerfist.net/?Login=Accepted")
		Else
			blnIncorrectLogin = true
			Response.Redirect("http://www.hammerfist.net/?Login=Denied")
		End If
	End If
End If

If Request.Form("QUIK") OR blnSecurityCodeOK = false Then
	strUsername = Replace(strUsername, "''", "'")
	strPassword = Replace(strPassword, "''", "'")
Else
	strUsername = ""
	strPassword = ""
End If
Response.Redirect("http://www.hammerfist.net/?Login=ExecFailed")
%>