Ok, im making a news updating panel for my bands site.

i have all of it down, exept the looging in part.

this is waht i have.




<html>
<head>
<%
username = Request.Form("username")
password = Request.Form("password")
Set Conn = Server.CreateObject("ADODB.Connection")
lpath = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath("main.mdb")
Conn.Open(lpath)
set RS = Server.CreateObject("ADODB.Recordset")
RS.Open "SELECT username, password, level FROM members WHERE username LIKE" & username & "AND password LIKE " & password & ";", Conn
If Not(RS.EOF) then
Session("username") = RS.fields.item("username")
Session("login") = 1
Session("level") = RS.fields.item("level")
if Session("login") = 1 AND Session("level") >1 then
Response.Redirect("default.asp?s=loggedin")
ELSE
Response.Redirect("default.asp?s=badinfo")
end if
RS.close
set Rs = nothing
end if
Conn.close
set Conn = nothing
%>
</head>
<body>
</body>
</html>



thats where i point the login from to. All i get is a 500 error. I really dont know whats going on with it.


thanks for any help

2 things

1. think you need single quotes in the SQL statement
SELECT username, password, level FROM members WHERE username LIKE '" & username & "' AND password LIKE '" & password & "';"

2. if rs.EOF is nothing then you don't have the page redirecting anywhere

try these changes and let me know how it goes :cool:

thanks for the help. I never really learned what "EOF" ment, and i could never find anything on the web that would tell me waht it is... so, i know this is really basic, but wahts "EOF"?

EOF means end of file...can't say much more than that.

oh, now i feel stupid, haha.

anyway, i looked over the code, and this is what i did...


<%
username = Request.Form("username")
password = Request.Form("password")

Set Conn = Server.CreateObject("ADODB.Connection")
lpath = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath("main.mdb")
Conn.Open(lpath)
set RS = Server.CreateObject("ADODB.Recordset")
RS.Open "SELECT username, password, level FROM members WHERE username LIKE" & username & ";", Conn
If RS.EOF then
Response.Redirect("defualt.asp?s=badinfo")
ELSE
Session("username") = RS.fields.item("username")
Session("login") = 1
Session("level") = RS.fields.item("level")
if Session("login") = 1 AND Session("level") >1 then
Response.Redirect("home.asp")

end if
RS.close
set RS = nothing
end if
Conn.close
set Conn = nothing
%>

does it work :puzzled:

no :(

OK, this is the WHOLE "logincheck.asp" page.....



<html>
<head>
<link rel="stylesheet" type="text/css" href="standard.css">
<%
username = Request.Form("username")
password = Request.Form("password")

Set Conn = Server.CreateObject("ADODB.Connection")
lpath = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath("main.mdb")
Conn.Open(lpath)
set RS = Server.CreateObject("ADODB.Recordset")
RS.Open "SELECT username, password, level FROM members WHERE username LIKE" & username & ";", Conn
If RS.EOF then
Response.Redirect("defualt.asp?s=badinfo")
ELSE
Session("username") = RS.fields.item("username")
Session("login") = 1
Session("level") = RS.fields.item("level")
if Session("login") = 1 AND Session("level") >1 then
Response.Write "Loggin in"
Response.Redirect("home.asp")

end if
RS.close
set RS = nothing
end if
Conn.close
set Conn = nothing
%>
</head>
</html>


i have tried it without any html or head tags, but i get the same result.

you can go to www.dinkumrocks.com/admin (http://www.dinkumrocks.com/admin) and see for yourself, use test, and test for username and pass.

thanks

ok, try this and let us know what it printed on the screen

<html>
<head>
<link rel="stylesheet" type="text/css" href="standard.css">
<%
username = Request.Form("username")
password = Request.Form("password")

Set Conn = Server.CreateObject("ADODB.Connection")
lpath = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath("main.mdb")
Conn.Open(lpath)
set RS = Server.CreateObject("ADODB.Recordset")
RS.Open "SELECT username, password, level FROM members WHERE username LIKE '%" & username & "%';", Conn
If RS.EOF then
response.write "STEP1"
Response.Redirect("defualt.asp?s=badinfo")
ELSE
response.write "STEP2 "
Session("username") = RS.fields.item("username")
Session("login") = 1
Session("level") = RS.fields.item("level")
if Session("login") = 1 AND Session("level") >1 then
Response.Write "STEP 3 "
' Response.Redirect("home.asp")
else
Response.Write "STEP 4 "
end if
RS.close
set RS = nothing
end if
Conn.close
set Conn = nothing
%>
</head>
</html>

OK, i upoaded it to the server, and opened admin/default.asp(where you sign in). i put in my username and pass. it send the info to logincheck.asp. it just turned up a 500 error.



then i put it in the abyss persinal web server thinger i downloaded, and i got this....






Microsoft OLE DB Provider for ODBC Drivers- Error '80040e14'

[Microsoft][ODBC Microsoft Access Driver] The LEVEL clause includes a reserved word or argument that is misspelled or missing, or the punctuation is incorrect. /admin/logincheck.asp, line 12


im sooooo confused.

thanks for the help

check your variables. Sounds like you mispelled it or used a reserved word for your variable. A good thing to try to do is "txt" in front of your variables if it is fed from a text field. like txtLevel. That way you prevent things like this. Could be "level" causing your problem....not sure.

!!!!! it wortkds!!!!!! woooooooooooooooooooo!!!!

it sends out step 2 and 3, which means everything is working.

THANKS SOOOO MUCH!
ive been spending 3 days on this hahaha.

thank you.

oh yea, one more thing..... Rab, can you explain why you put the...

'%" & username & "%';", Conn

'% before and after the username?

just curious

thanks

what was the problem? Rab's code looked good to me.

i know its not wrong, i just never saw the '% in hte sql string before, and i was wondering if it has a purpose for being there or something.


thanks

ahhhh!

It works if i log in with test. test has a level of 1, which is too low to pass, you get the right error message if you use the test account.

if you put a username and pass in that doesnt exist, you get the right error message too.

but if i put a real account in with the right level, i get a 500 error. now im really confused:(


i tested it. i told it to put "Loggin in..." if it reaches that step, sorta like what rab did. it writes "Logging in". then if i put the "Response.redirect", thats seems to be what is causing the 500 error.

any ideas?

i know its not wrong, i just never saw the '% in hte sql string before, and i was wondering if it has a purpose for being there or something.


thanks
it's a wildcard, you use them in SQL in searches

things like feeding in %eat% will look for the letters eat anywhere in a word, it works with * as well.

session variables called level too, try changing it

thanks alot rab. its all working now. now the big problem is making all the other pages work. im still having alot of troubles with the adding news page.

is there any resorouces that you would recomemd for connecting and adding to databases?

unless you would want to take a look at the coding.... which im sure you wouldnt haha.

thanks for all the help you given me

could point you towards some good ASP sites

http://www.asp101.com/

http://www.w3schools.com/asp/

http://www.aspin.com/

and http://www.aspfree.com/

hope they help :thumb: