PDA

View Full Version : how about this login page


SBUH
September 13th, 2003, 10:08 AM
hello, I have this login page using asp and ms sql server 2000, but there is error message when running. I am beginner with asp. Could anyone give some detailed suggestion about modifing the code? Thanks very much in advance!



<%
set conn=Server.CreateObject("ADODB.Connection")
conn.Open "Project"
dim username,password
username=Request.Form("user")
password=Request.Form("pass")

set rs = Server.CreateObject("ADODB.recordset")
sql="select * from customer where username='"&username&"'"
rs.Open sql, conn
'If there is no record with the entered username, close connection
'and go back to login with QueryString
If rs.recordcount = "" then
rs.close
conn.close
set rs=nothing
set conn=nothing
Response.Redirect("login.asp?login=namefailed")
end if

'If entered password is right, close connection and open mainpage

'If entered password is wrong, close connection
'and return to login with QueryString
if rs("password") = password then-----Error Type (0x80020009)
Exception occurred
'Session("ID") = rs("username")
rs.Close
conn.Close
set rs=nothing
set conn=nothing
Response.Redirect("productpage_user.asp")
else
rs.Close
conn.Close
set rs=nothing
set conn=nothing
Response.Redirect("login.asp?login=passfailed")
end if

%>


<form name="form" method="post" action="login.asp">
<p><font color="#0066FF" size="2" face="Verdana, Arial, Helvetica, sans-serif"><strong>Username:
</strong></font>
<input type="text" name="user">
</p>
<p> <font color="#0066FF" size="2" face="Verdana, Arial, Helvetica, sans-serif"><strong>
Password: </strong></font>
<input type="password" name="pass">
</p>
<input name="Submit" type="submit" value="login">
<input type="reset" name="Cancel" value="Clear">
</form>
Digitalosophy
September 13th, 2003, 02:41 PM
eh? what's the error message
SBUH
September 14th, 2003, 04:35 AM
Error Type (0x80020009)
Exception occurred

And could u suggest one way for making this login page. I tried but not able do it. Thanks very much in advance!
abzoid
September 14th, 2003, 09:47 AM
Why specify whether it was the username or password that failed, that only gives hackers more info. The code below uses one IF...THEN...ELSE instead of the multiple IF...THEN statements you were using.


<%
set conn=Server.CreateObject("ADODB.Connection")
conn.Open "Project"
dim username,password
username=Request.Form("user")
password=Request.Form("pass")

set rs = Server.CreateObject("ADODB.recordset")
sql="select * from customer where username='"&username&"' AND password='"&password&"'"
rs.Open sql, conn
' recordset empty = failed login
If rs.recordcount = "" then
rs.close
conn.close
set rs=nothing
set conn=nothing
Response.Redirect("login.asp?login=loginfailed")
else
' recordset not empty = login successful
Session("ID") = rs("username")
rs.Close
conn.Close
set rs=nothing
set conn=nothing
Response.Redirect("productpage_user.asp")
end if
%>
SBUH
September 14th, 2003, 10:44 AM
hello, thanks for your code. But after I change mine in your way. when I click the login button for opening this login page, it directly loading the productpage_user.asp page and it is just blinking there not fully downloaded. I wonder why it is like this. And the login page is never shown then. Could u give some suggestion to run the asp code after the user enter the username and password and press the submit button. Thanks very much in advance!
abzoid
September 14th, 2003, 10:51 AM
I always place my asp code to verify login on a separate page from the login form. It keeps things much simpler.

The other option is to set a value in a hidden form variable, then check for that value before executing the verify code.
SBUH
September 14th, 2003, 11:48 AM
Thanks and It works now, but when I tried worng username and pass, it got error like :

Error Type:
ADODB.Field (0x80020009)
Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record.
(it pointed to the session=rs("username"))

Do you have any idea about it?
abzoid
September 14th, 2003, 11:57 AM
Hmmm, when the login isn't valid that statement shouldn't even be getting executed since it's within the ELSE clause.

Make sure you don't also have it within the THEN clause.

Also, do you actually use that Session variable elsewhere. I notice now that in your original script it was only a comment not an executed statement.
SBUH
September 14th, 2003, 12:08 PM
I placed your asp code to verify login on a separate page from the login form now.

It works only when the username and password are exactly the same as in the database. If either of it is wrong or both are wrong, the page of verifylogin give the error message like
ADODB.Field (0x80020009)
Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record.
(it pointed to the session=rs("username") in this verifylogin page)

I do need this session variable in my following pages for certain user. Do u have any idea? Thanks indeed and wait for your reply
abzoid
September 14th, 2003, 12:14 PM
OK, the IF statement is evaluating to false EVERY time. Try this

Replace
If rs.recordcount = "" then

with
If Not rs.EOF Or Not rs.BOF Then
SBUH
September 17th, 2003, 04:26 AM
Thanks and it works now!

Thanks again!