Re: ASP Login Script not working

From: Wayne Smith (wayne.smith2004(NoSpam)_at_ntlworld.com)
Date: 06/21/04

Next message: IPT: "mySQL Connection String"
Previous message: Jeff Cochran: "Re: Access to mySQL db"
In reply to: IPT: "Re: ASP Login Script not working"
Messages sorted by: [ date ] [ thread ]

Date: Mon, 21 Jun 2004 15:40:19 +0100

I'm sure if I were more knowledgeable with ASP I would do just that, but alas I'm not and your reply helps me little
  "IPT" <iwan@swopt.com> wrote in message news:uvwzpFzVEHA.3472@TK2MSFTNGP09.phx.gbl...
  What a complicated scripts you have, with lotsa unneccesary codes. Throw
  that book away.

  "Wayne Smith" <wayne.smith2004(NoSpam)@ntlworld.com> wrote in message
  news:ur1o0ssVEHA.2544@TK2MSFTNGP10.phx.gbl...
  Applies to: Microsoft FrontPage 2000, Microsoft Access 2000, IIS 5.0
  Operating System: Microsoft Windows 2000 Professional

  I am trying to protect a portion of a web site by allowing users to register
  a username and password & then login with those details, but so far I am
  having only marginal success. I am far from an expert on ASP programming,
  indeed the code I am using comes from "Sams Teach Yourself E-Commerce
  Programming with ASP" but it is ideally suited for my purpose.

  In short, there are 3 .asp pages (register.asp, login.asp &
  checkpassword.asp - the code for each is below), a global.asa file was
  automatically created and by following the instructions in the book, I also
  created a small Access database called UserDB.mdb, which stores the username
  & password of each user when they register & also verify's those details
  when the user attempts to login again.

  The DNS connection has been setup within FrontPage and I have verified that
  this connection works by clicking "Tools", "Web Settings" & the "Database"
  tab, highlighting the DNS connection & clicking Verify.

  The problems seem to occur when I try to register a new username & password,
  for some strange reason the details I enter are not being saved in the
  database table, and to compound the problem further, if I register just a
  username, or a password but not both, the page simply refreshes itself with
  empty boxes instead of giving an error message to indicate that a "username"
  or "password" must be entered, which if I have read the code correctly on
  the "checkpassword.asp" page, should happen.

To further confuse the situation, if I manually enter a username & password
  into the database table and then attempt to click a hyperlink taking me to a
  "test.asp" page, with the INCLUDE FILE: , I am automatically taken to the login.asp,
  where if I enter the username & password that I manually put into the
  database table, it takes me to the selected "Protected" web page. In my mind
  that clearly shows the DNS connection is working but yet it won't store new
  registered details into the database table, which is extremely confusing.

  If anyone can see what I may be doing wrong, or point me in the right
  direction, your help & advice will be greatly appreciated. As I pointed out
  earlier I am far from an expert, so any help you can give would be ideally
  suited towards a newbie mentality.

Below is the code for the three .asp pages:

Many thanks in advance
Wayne Smith

<%
nextPage = Request( "nextPage" )

newUsername = Request( "newUsername" )

newPassword = Request( "newPassword" )

<HTML>

<HEAD><TITLE>Register"</TITLE></HEAD>

<BODY>

<P><B>USERNAME:</B>

<INPUT NAME="newUsername" SIZE=20 MAXLENGTH="20"

VALUE="<%=Server.HTMLEncode( newUsername )%>">

<P><B>PASSWORD:</B>

<INPUT NAME="newPassword" SIZE=20 MAXLENGTH="20"

VALUE="<%=Server.HTMLEncode( newPassword )%>">

</FORM>

</BODY>

</HTML>

----------------------------------------------------------------------------
------

<HTML>

<HEAD><TITLE>Login</TITLE></HEAD>

<BODY>

<%=loginMessage%>

<P><B>USERNAME:</B>

<INPUT NAME="username" SIZE=20 MAXLENGTH="20"

VALUE="<%=Server.HTMLEncode( username )%>">

<P><B>PASSWORD:</B>

<INPUT NAME="password" SIZE=20 MAXLENGTH="20"

VALUE="<%=Server.HTMLEncode( password )%>">

<p><INPUT NAME="addCookie" TYPE="Checkbox" VALUE="1"> Remember me with a
cookie

</FORM>

<p>

Click here to register</a>

</BODY>

</HTML>

-------------------------------------------------------------

checkpassword.asp

CONST useSession = TRUE

' Retrieve Form Variables

username = TRIM( Request( "username" ) )

password = TRIM( Request( "password" ) )

newUser = TRIM( Request( "newUser" ) )

newUsername = TRIM( Request( "newUsername" ) )

newPassword = TRIM( Request( "newPassword" ) )

addCookie = TRIM( Request( "addCookie" ) )

' Retrieve Current Page

nextPage = Request.ServerVariables( "SCRIPT_NAME" )

' Ready Database Connection

Set Con = Server.CreateObject( "ADODB.Connection" )

Con.Open "userDNS"

' Add New User

IF newUser <> "" THEN

IF newUsername = "" THEN

showError "You must enter a username"

END IF

IF newPassword = "" THEN

showError "You must enter a password"

END IF

IF usernameTaken( newUsername ) THEN

showError "The username you entered has already " &_

"been chosen by a previous user. Please select " &_

"a new username"

END IF

sqlString = "INSERT INTO userlist ( user_username, user_password ) " &_

"VALUES ('" & newUsername & "','" & newPassword & "')"

Con.Execute sqlString

username = newUsername

password = newPassword

IF useSession THEN Session( "loggedIn" ) = "Yes"

END IF

' Authenticate User

IF Session( "loggedIn" ) = "" THEN

IF username = "" OR password = "" THEN

loginMessage = "You must login before you can view this page."

showLogin

END IF

result = validateLogin( username, password )

IF result = 1 THEN

loginMessage = "You entered an unregistered username."

showLogin

END IF

IF result = 2 THEN

loginMessage = "You did not enter a valid password."

showLogin

END IF

IF useSession THEN Session( "loggedIn" ) = "Yes"

END IF

' Add a Cookie

IF addCookie <> "" THEN

Response.Cookies( "username" ) = username

Response.Cookies( "username" ).Expires = "12/25/2037"

Response.Cookies( "password" ) = password

Response.Cookies( "password" ).Expires = "12/25/2037"

END IF

' Create Security Query String Variable

sq = "username=" & Server.HTMLEncode( username ) & "&"

sq = sq & "password=" & Server.HTMLEncode( password )

' Create Security Form Variable

sf = "<input name=""username"" type=""hidden"" "

sf = sf & "value=""" & Server.HTMLEncode( username ) & """>"

sf = sf & "<input name=""password"" type=""hidden"" "

sf = sf & "value=""" & Server.HTMLEncode( password ) & """>"

' Check Username and Password

FUNCTION validateLogin( theUsername, thePassword )

sqlString = "SELECT user_password FROM userlist " &_

"WHERE user_username='" & fixQuotes( username ) & "'"

Set RS = Con.Execute( sqlString )

IF RS.EOF THEN

validateLogin = 1

ELSE

IF RS( "user_password" ) <> thePassword THEN

validateLogin = 2

ELSE

validateLogin = 0

END IF

END FUNCTION

' Check Whether Username Already Taken

FUNCTION usernameTaken( theUsername )

sqlString = "SELECT user_id FROM userlist " &_

"WHERE user_username='" & fixQuotes( theUsername ) & "'"

Set RS = Con.Execute( sqlString )

IF RS.EOF THEN

usernameTaken = FALSE

ELSE

usernameTaken = TRUE

END IF

RS.Close

Set RS = Nothing

END FUNCTION

' Show Error Page

SUB showError( theError )

<HTML>

<HEAD><TITLE>Problem</TITLE></HEAD>

<BODY>

<b>There was a problem with your registration information</b>

<INPUT NAME="nextpage" TYPE="hidden"

VALUE="<%=nextpage%>">

<INPUT NAME="newUsername" TYPE="hidden"

VALUE="<%=Server.HTMLEncode( newUsername )%>">

<INPUT NAME="newPassword" TYPE="hidden"

VALUE="<%=Server.HTMLEncode( newPassword )%>">

</FORM>

</BODY>

</HTML>

Response.End

END SUB

' Show the Login Page

SUB showLogin

Response.End

END SUB

FUNCTION fixQuotes( theString )

fixQuotes = REPLACE( theString, "'", "''" )

END FUNCTION

Next message: IPT: "mySQL Connection String"
Previous message: Jeff Cochran: "Re: Access to mySQL db"
In reply to: IPT: "Re: ASP Login Script not working"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: ASP Login Script not working
... Here is a pretty good code solution, however it uses sql server as the backend. ... Don't use a DNS connection...rather use an absolute path to the database. ... I'm sure if I were more knowledgeable with ASP I would do just that, but alas I'm not and your reply helps me little ... created a small Access database called UserDB.mdb, which stores the username ...
(microsoft.public.inetserver.asp.db)
Re: Can I pass ASP Basic Auth Credentials to an APS.NET Forms Authentication site?
... assuming I can get the Username and Password. ... > application which uses basic authentication and one asp.net applicaiton ... The user ID and password database is the ... > A (ASP), so we can get username and password in ASP web application first ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: ASP Login Script not working
... Microsoft FrontPage 2000, Microsoft Access 2000, IIS 5.0 ... I am trying to protect a portion of a web site by allowing users to register ... created a small Access database called UserDB.mdb, which stores the username ...
(microsoft.public.inetserver.asp.db)
Re: To hard to solve?
... stores the username & password of each user when they register & also verify's those details when the user attempts to login again. ... Settings" & the "Database" tab, highlighting the DNS connection & clicking Verify. ... newUsername = Request ...
(microsoft.public.frontpage.programming)
Re: Passing Data with Hidden Fields asp.net
... When u click on the SURVEY link it checks if the USER is in the Database ... -- You cannot register usernames already registered on the database ... select username from register where username = @username ...
(microsoft.public.dotnet.framework.aspnet)