Welcome to WebmasterWorld Guest from 3.80.4.76

Forum Moderators: ocean10000

Message Too Old, No Replies

Classic ASP issue

     
2:50 pm on Jan 12, 2010 (gmt 0)

Junior Member

10+ Year Member

joined:Sept 11, 2009
posts:108
votes: 0


Can anyone tell me if there is something wrong with this script? I've been testing it for hours. I can't see anything wrong with it but the page won't go to logged.asp it just keeps kicking back to login.asp

<%
dim strMsg, userName, pass, hdnSaveValue

userName = Request.Form("username")
userName = replace(userName, "'", "''")
pass = Request.Form("password")
pass = replace(pass, "'", "''")
hdnSaveValue = Request.Form("hdnSaveValue")
strMsge=""
if(hdnSaveValue="1") then
sql = "SELECT * from MyTable WHERE cUser = '" & userName & "' AND cPass = '" & pass & "'"
Set rsOuter = Server.CreateObject("ADODB.RecordSet")
Set cnn = Server.CreateObject("ADODB.Connection")
cnn.open dBaseCon
counter = 0
rsOuter.Open sql,cnn,0,1
if NOT rsOuter.EOF then
session("sessUser") = rsOuter("cUser")
session("sessPass") = rsOuter("cPass")
response.redirect("logged.asp")
else
strMsg = "***Error: Invalid Username or password, Please retry***"
end if
end if

%>

6:56 pm on Jan 12, 2010 (gmt 0)

Administrator

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month

joined:Jan 14, 2004
posts:864
votes: 3


Does it return the error message? if it doesn't I think it has to do with the hdnSaveValue not being set to what you are expecting it to be. And if hdnSaveValue not equal to "1" then it bypass's your login checking code.

P.S
I think you might want to read up how to protect your site from SQL Injection Attacks. The link below should provide a start to help you protect your site.
[4guysfromrolla.com...]

11:28 am on Jan 13, 2010 (gmt 0)

Preferred Member

10+ Year Member

joined:Nov 20, 2007
posts:588
votes: 0


Your code looks fine. Put some response.writes in to ckeck that the varibles have the values your expecting.
11:38 am on Jan 13, 2010 (gmt 0)

Junior Member

10+ Year Member

joined:Sept 11, 2009
posts:108
votes: 0


Thanks for the response guys. Yes, I've worked with stored proceedures before and I'm going to sort out the database as soon as I get the code working.

I also have this javascript checking code as part of it. So that fixes up the hdnSaveValue... doesn't it?

<script language="javascript" type="text/javascript" >
function CheckValidForm()
{
var userName = document.getElementById("username");
var pass = document.getElementById("password");
var hdnSaveValue = document.getElementById("hdnSaveValue");
hdnSaveValue.value="0";
var canPost = false;

if(userName.value=="")
{
alert("Please enter user name");
userName.focus();
userName.select();
return false;
}
if(!checkEmail(userName))
return false;

if(pass.value=="")
{
alert("Please enter your password");
pass.focus();
pass.select();
return false;
}
else
canPost = true;

if(canPost)
{
hdnSaveValue.value="1";
document.frmLogin.submit();
}
}

</script>

3:46 pm on Jan 13, 2010 (gmt 0)

Preferred Member

10+ Year Member

joined:Nov 20, 2007
posts:588
votes: 0


This is what I ment by outputing some values.

<%
dim strMsg, userName, pass, hdnSaveValue

userName = Request.Form("username")
userName = replace(userName, "'", "''")
pass = Request.Form("password")
pass = replace(pass, "'", "''")
hdnSaveValue = Request.Form("hdnSaveValue")
strMsge=""

'''' debug '''
RESPONSE.WRITE "<fieldset>User:"& userName &"<br>Pass:"& pass &"<br>Hidden:"& hdnSaveValue &"</fieldset>"

if(hdnSaveValue="1") then
sql = "SELECT * from MyTable WHERE cUser = '" & userName & "' AND cPass = '" & pass & "'"
Set rsOuter = Server.CreateObject("ADODB.RecordSet")
Set cnn = Server.CreateObject("ADODB.Connection")
cnn.open dBaseCon
counter = 0
rsOuter.Open sql,cnn,0,1
if NOT rsOuter.EOF then
session("sessUser") = rsOuter("cUser")
session("sessPass") = rsOuter("cPass")
response.redirect("logged.asp")
else
strMsg = "***Error: Invalid Username or password, Please retry***"
end if
end if

%>

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members