1. Home
  2. Forums Index
  3. Server Side / Microsoft IIS Web Server and ASP.NET 3:51 pm Apr 28, 2026

Forum Moderators: open

Message Too Old, No Replies

Classic ASP issue

         

KRMwebdesign

2:50 pm on Jan 12, 2010 (gmt 0)

10+ Year Member



Can anyone tell me if there is something wrong with this script? I've been testing it for hours. I can't see anything wrong with it but the page won't go to logged.asp it just keeps kicking back to login.asp

<%
dim strMsg, userName, pass, hdnSaveValue

userName = Request.Form("username")
userName = replace(userName, "'", "''")
pass = Request.Form("password")
pass = replace(pass, "'", "''")
hdnSaveValue = Request.Form("hdnSaveValue")
strMsge=""
if(hdnSaveValue="1") then
sql = "SELECT * from MyTable WHERE cUser = '" & userName & "' AND cPass = '" & pass & "'"
Set rsOuter = Server.CreateObject("ADODB.RecordSet")
Set cnn = Server.CreateObject("ADODB.Connection")
cnn.open dBaseCon
counter = 0
rsOuter.Open sql,cnn,0,1
if NOT rsOuter.EOF then
session("sessUser") = rsOuter("cUser")
session("sessPass") = rsOuter("cPass")
response.redirect("logged.asp")
else
strMsg = "***Error: Invalid Username or password, Please retry***"
end if
end if

%>

Ocean10000

6:56 pm on Jan 12, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Does it return the error message? if it doesn't I think it has to do with the hdnSaveValue not being set to what you are expecting it to be. And if hdnSaveValue not equal to "1" then it bypass's your login checking code.

P.S
I think you might want to read up how to protect your site from SQL Injection Attacks. The link below should provide a start to help you protect your site.
[4guysfromrolla.com...]

Seb7

11:28 am on Jan 13, 2010 (gmt 0)

10+ Year Member



Your code looks fine. Put some response.writes in to ckeck that the varibles have the values your expecting.

KRMwebdesign

11:38 am on Jan 13, 2010 (gmt 0)

10+ Year Member



Thanks for the response guys. Yes, I've worked with stored proceedures before and I'm going to sort out the database as soon as I get the code working.

I also have this javascript checking code as part of it. So that fixes up the hdnSaveValue... doesn't it?

<script language="javascript" type="text/javascript" >
function CheckValidForm()
{
var userName = document.getElementById("username");
var pass = document.getElementById("password");
var hdnSaveValue = document.getElementById("hdnSaveValue");
hdnSaveValue.value="0";
var canPost = false;

if(userName.value=="")
{
alert("Please enter user name");
userName.focus();
userName.select();
return false;
}
if(!checkEmail(userName))
return false;

if(pass.value=="")
{
alert("Please enter your password");
pass.focus();
pass.select();
return false;
}
else
canPost = true;

if(canPost)
{
hdnSaveValue.value="1";
document.frmLogin.submit();
}
}

</script>

Seb7

3:46 pm on Jan 13, 2010 (gmt 0)

10+ Year Member



This is what I ment by outputing some values.

<%
dim strMsg, userName, pass, hdnSaveValue

userName = Request.Form("username")
userName = replace(userName, "'", "''")
pass = Request.Form("password")
pass = replace(pass, "'", "''")
hdnSaveValue = Request.Form("hdnSaveValue")
strMsge=""

'''' debug '''
RESPONSE.WRITE "<fieldset>User:"& userName &"<br>Pass:"& pass &"<br>Hidden:"& hdnSaveValue &"</fieldset>"

if(hdnSaveValue="1") then
sql = "SELECT * from MyTable WHERE cUser = '" & userName & "' AND cPass = '" & pass & "'"
Set rsOuter = Server.CreateObject("ADODB.RecordSet")
Set cnn = Server.CreateObject("ADODB.Connection")
cnn.open dBaseCon
counter = 0
rsOuter.Open sql,cnn,0,1
if NOT rsOuter.EOF then
session("sessUser") = rsOuter("cUser")
session("sessPass") = rsOuter("cPass")
response.redirect("logged.asp")
else
strMsg = "***Error: Invalid Username or password, Please retry***"
end if
end if

%>

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Microsoft IIS Web Server and ASP.NET 3:51 pm Apr 28, 2026