Re: ASP Login Script not working

jason_at_catamaranco.com
Date: 08/02/04

• Next message: Brad: "Re:CONNECTION STRING PROB. HELP PSE??"
• Previous message: Brad: "Error Type: ADODB.Command (0x800A0BB9)???"
• Messages sorted by: [ date ] [ thread ]

Date: Mon, 2 Aug 2004 10:47:03 -0400

Hi Wayne,

I sympathize:

Quick suggestion:

1. Here is a pretty good code solution, however it uses sql server as the backend. Good background reading: http://www.siteexperts.com/tips/community/ts01/page1.asp

Don't use a DNS connection...rather use an absolute path to the database. Do a Google search for this.

2. Maybe try this solution: http://www.asp101.com/samples/login.asp

  "Wayne Smith" <wayne.smith2004(NoSpam)@ntlworld.com> wrote in message news:AiDBc.85$G72.11@newsfe3-win.server.ntli.net...
  I'm sure if I were more knowledgeable with ASP I would do just that, but alas I'm not and your reply helps me little
    "IPT" <iwan@swopt.com> wrote in message news:uvwzpFzVEHA.3472@TK2MSFTNGP09.phx.gbl...
    What a complicated scripts you have, with lotsa unneccesary codes. Throw
    that book away.

    "Wayne Smith" <wayne.smith2004(NoSpam)@ntlworld.com> wrote in message
    news:ur1o0ssVEHA.2544@TK2MSFTNGP10.phx.gbl...
    Applies to: Microsoft FrontPage 2000, Microsoft Access 2000, IIS 5.0
    Operating System: Microsoft Windows 2000 Professional

    I am trying to protect a portion of a web site by allowing users to register
    a username and password & then login with those details, but so far I am
    having only marginal success. I am far from an expert on ASP programming,
    indeed the code I am using comes from "Sams Teach Yourself E-Commerce
    Programming with ASP" but it is ideally suited for my purpose.

    In short, there are 3 .asp pages (register.asp, login.asp &
    checkpassword.asp - the code for each is below), a global.asa file was
    automatically created and by following the instructions in the book, I also
    created a small Access database called UserDB.mdb, which stores the username
    & password of each user when they register & also verify's those details
    when the user attempts to login again.

    The DNS connection has been setup within FrontPage and I have verified that
    this connection works by clicking "Tools", "Web Settings" & the "Database"
    tab, highlighting the DNS connection & clicking Verify.

    The problems seem to occur when I try to register a new username & password,
    for some strange reason the details I enter are not being saved in the
    database table, and to compound the problem further, if I register just a
    username, or a password but not both, the page simply refreshes itself with
    empty boxes instead of giving an error message to indicate that a "username"
    or "password" must be entered, which if I have read the code correctly on
    the "checkpassword.asp" page, should happen.

    To further confuse the situation, if I manually enter a username & password
    into the database table and then attempt to click a hyperlink taking me to a
    "test.asp" page, with the INCLUDE FILE: <!-- #INCLUDE
    FILE="checkpassword.asp" -->, I am automatically taken to the login.asp,
    where if I enter the username & password that I manually put into the
    database table, it takes me to the selected "Protected" web page. In my mind
    that clearly shows the DNS connection is working but yet it won't store new
    registered details into the database table, which is extremely confusing.

    If anyone can see what I may be doing wrong, or point me in the right
    direction, your help & advice will be greatly appreciated. As I pointed out
    earlier I am far from an expert, so any help you can give would be ideally
    suited towards a newbie mentality.

    Below is the code for the three .asp pages:

    Many thanks in advance
    Wayne Smith

    register.asp

    <%
    nextPage = Request( "nextPage" )

    newUsername = Request( "newUsername" )

    newPassword = Request( "newPassword" )

    %>

    <HTML>

    <HEAD><TITLE>Register"</TITLE></HEAD>

    <BODY>

    Register at this Web site by selecting a username and password:

    <FORM METHOD="post" ACTION="<%=nextPage%>">

    <INPUT NAME="newUser" TYPE="hidden" VALUE="1">

    <P><B>USERNAME:</B>

    <INPUT NAME="newUsername" SIZE=20 MAXLENGTH="20"

    VALUE="<%=Server.HTMLEncode( newUsername )%>">

    <P><B>PASSWORD:</B>

    <INPUT NAME="newPassword" SIZE=20 MAXLENGTH="20"

    VALUE="<%=Server.HTMLEncode( newPassword )%>">

    <P><INPUT TYPE="submit" VALUE="Register!">

    </FORM>

    </BODY>

    </HTML>

    ----------------------------------------------------------------------------
    ------

    login.asp

    <HTML>

    <HEAD><TITLE>Login</TITLE></HEAD>

    <BODY>

    <%=loginMessage%>

    <FORM METHOD="post" ACTION="<%=nextPage%>">

    <P><B>USERNAME:</B>

    <INPUT NAME="username" SIZE=20 MAXLENGTH="20"

    VALUE="<%=Server.HTMLEncode( username )%>">

    <P><B>PASSWORD:</B>

    <INPUT NAME="password" SIZE=20 MAXLENGTH="20"

    VALUE="<%=Server.HTMLEncode( password )%>">

    <p><INPUT NAME="addCookie" TYPE="Checkbox" VALUE="1"> Remember me with a
    cookie

    <P><INPUT TYPE="submit" VALUE="Login">

    </FORM>

    <p>

    <a href="register.asp?nextpage=<%Server.URLEncode( nextpage )%>">

    Click here to register</a>

    </BODY>

    </HTML>

    -------------------------------------------------------------

    checkpassword.asp

    <%

    CONST useSession = TRUE

    ' Retrieve Form Variables

    username = TRIM( Request( "username" ) )

    password = TRIM( Request( "password" ) )

    newUser = TRIM( Request( "newUser" ) )

    newUsername = TRIM( Request( "newUsername" ) )

    newPassword = TRIM( Request( "newPassword" ) )

    addCookie = TRIM( Request( "addCookie" ) )

    ' Retrieve Current Page

    nextPage = Request.ServerVariables( "SCRIPT_NAME" )

    ' Ready Database Connection

    Set Con = Server.CreateObject( "ADODB.Connection" )

    Con.Open "userDNS"

    ' Add New User

    IF newUser <> "" THEN

    IF newUsername = "" THEN

    showError "You must enter a username"

    END IF

    IF newPassword = "" THEN

    showError "You must enter a password"

    END IF

    IF usernameTaken( newUsername ) THEN

    showError "The username you entered has already " &_

    "been chosen by a previous user. Please select " &_

    "a new username"

    END IF

    sqlString = "INSERT INTO userlist ( user_username, user_password ) " &_

    "VALUES ('" & newUsername & "','" & newPassword & "')"

    Con.Execute sqlString

    username = newUsername

    password = newPassword

    IF useSession THEN Session( "loggedIn" ) = "Yes"

    END IF

    ' Authenticate User

    IF Session( "loggedIn" ) = "" THEN

    IF username = "" OR password = "" THEN

    loginMessage = "You must login before you can view this page."

    showLogin

    END IF

    result = validateLogin( username, password )

    IF result = 1 THEN

    loginMessage = "You entered an unregistered username."

    showLogin

    END IF

    IF result = 2 THEN

    loginMessage = "You did not enter a valid password."

    showLogin

    END IF

    IF useSession THEN Session( "loggedIn" ) = "Yes"

    END IF

    ' Add a Cookie

    IF addCookie <> "" THEN

    Response.Cookies( "username" ) = username

    Response.Cookies( "username" ).Expires = "12/25/2037"

    Response.Cookies( "password" ) = password

    Response.Cookies( "password" ).Expires = "12/25/2037"

    END IF

    ' Create Security Query String Variable

    sq = "username=" & Server.HTMLEncode( username ) & "&"

    sq = sq & "password=" & Server.HTMLEncode( password )

    ' Create Security Form Variable

    sf = "<input name=""username"" type=""hidden"" "

    sf = sf & "value=""" & Server.HTMLEncode( username ) & """>"

    sf = sf & "<input name=""password"" type=""hidden"" "

    sf = sf & "value=""" & Server.HTMLEncode( password ) & """>"

    ' Check Username and Password

    FUNCTION validateLogin( theUsername, thePassword )

    sqlString = "SELECT user_password FROM userlist " &_

    "WHERE user_username='" & fixQuotes( username ) & "'"

    Set RS = Con.Execute( sqlString )

    IF RS.EOF THEN

    validateLogin = 1

    ELSE

    IF RS( "user_password" ) <> thePassword THEN

    validateLogin = 2

    ELSE

    validateLogin = 0

    END IF

    END IF

    END FUNCTION

    ' Check Whether Username Already Taken

    FUNCTION usernameTaken( theUsername )

    sqlString = "SELECT user_id FROM userlist " &_

    "WHERE user_username='" & fixQuotes( theUsername ) & "'"

    Set RS = Con.Execute( sqlString )

    IF RS.EOF THEN

    usernameTaken = FALSE

    ELSE

    usernameTaken = TRUE

    END IF

    RS.Close

    Set RS = Nothing

    END FUNCTION

    ' Show Error Page

    SUB showError( theError )

    %>

    <HTML>

    <HEAD><TITLE>Problem</TITLE></HEAD>

    <BODY>

    <b>There was a problem with your registration information</b>

    <br><%=theError %>

    <FORM METHOD="POST" ACTION="register.asp">

    <INPUT NAME="nextpage" TYPE="hidden"

    VALUE="<%=nextpage%>">

    <INPUT NAME="newUsername" TYPE="hidden"

    VALUE="<%=Server.HTMLEncode( newUsername )%>">

    <INPUT NAME="newPassword" TYPE="hidden"

    VALUE="<%=Server.HTMLEncode( newPassword )%>">

    <INPUT TYPE="SUBMIT" VALUE="Continue">

    </FORM>

    </BODY>

    </HTML>

    <%

    Response.End

    END SUB

    ' Show the Login Page

    SUB showLogin

    %>

    <!-- #INCLUDE FILE="login.asp" -->

    <%

    Response.End

    END SUB

    FUNCTION fixQuotes( theString )

    fixQuotes = REPLACE( theString, "'", "''" )

    END FUNCTION

    %>

• Next message: Brad: "Re:CONNECTION STRING PROB. HELP PSE??"
• Previous message: Brad: "Error Type: ADODB.Command (0x800A0BB9)???"
• Messages sorted by: [ date ] [ thread ]

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint