Woot!, another PN customer <g>
If you are simply wanting to verify authentication, and re-dir on success,
then change;
> If NOT rcSet.EOF Then
> response.cookies("validated_user") = frmUID
> response.write "<h1>Login successful!</h1>"
> '// Forget using rcSet.Fields, and just use rcSet
> '// directly
> response.write "<p>Welcome " & rcSet(1) & "</p>"
> else
> response.write "incorrect Username and/or Password"
> end if
To;
If NOT rcSet.EOF Then
Dim sRef: sRef = Request.ServerVariables("HTTP_REFERER")
Response.cookies("validated_user") = frmUID
Response.Redirect sRef
Else
Response.write "incorrect Username and/or Password"
End if
--
Regards
Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk
Keeping it FREE!
"malcolm" <malcolm.whyte [at] malcolmk.plus.com> wrote in message
news:444159c7$0$33896$ed2619ec [at] ptn-nntp-reader03.plus.net...
> Yes.
> I used that system to do just that Mike... Not sure waht to do now as it
> will not work!
>
>
> Malcolm
>
>
> "Mike Brind" <paxtonend [at] hotmail.com> wrote in message
> news:1145132830.519120.327380 [at] z34g2000cwc.googlegroups.com.. .
> You would only have to put [ ] brackets around the field name if you
> are using a reserved word, or have an embedded space in the field name.
> If "prefered_name" is the new name for that field, you can leave the
> brackets off.
>
> Wrt the new bit of code you just posted, what do you want it to
> actually do? It looks to me as if that was part of a system where
> people filled out a form on one page, it posted to another for
> processing, then if the login was successful, it sent them back to the
> first page again. Is that right? And if so, is that what you still
> want to happen?
>
> --
> Mike Brind
>
>
>
> malcolm wrote:
> > Thanks Mike,
> >
> > So if I change my code it would look like this
> >
> >
> >
> > "Select [prefered_name], UID From tblusers where UID = '" _
> >
> > & Request.Form("UID") & "' and PWD = '" & Request.Form("PWD") &
> > "'"
> >
> >
> >
> > The problem I now find with this code is the fact that my old code
worked
> > really well and would re-direct users to the referrer page?? How can I
do
> > that with this code??
> >
> >
> >
> > The code used in my old page was
> >
> >
> >
> > <% [at] language="vbscript" %>
> >
> >
> >
> > <%
> >
> > ' Was this page posted to?
> >
> > If UCase(Request.ServerVariables("HTTP_METHOD")) = "POST" Then
> >
> > ' If so, check the username/password that was entered.
> >
> > If ComparePassword(Request("UID"),Request("PWD")) Then
> >
> > ' If comparison was good, store the user name...
> >
> > Session("UID") = Request("UID")
> >
> > ' ...and redirect back to the original page.
> >
> > Response.Redirect Session("REFERRER")
> >
> > End If
> >
> > End If
> >
> > %>
> >
> >
> >
> > Regards
> >
> > Malcolm
> >
> >
> > "Mike Brind" <paxtonend [at] hotmail.com> wrote in message
> > news:1145127899.468752.169210 [at] e56g2000cwe.googlegroups.com.. .
> > Bad choice of field name. "Name" a reserved word in Access. Steve
> > Burns posted the correct answer to your question, but it would have
> > thrown up an error in this case.
> >
> > Change it if you can, but if not, your sqlStr will have to look like
> > this:
> >
> > "Select [name], UID From tblusers where UID = '"
> > _ & Request.Form("UID") & "' and PWD = '" & Request.Form("PWD") & "'"
> >
> > Even then, there are other problems with the approach you are taking.
> > If you copy and paste the following line into the user name and
> > password fields in your form:
> >
> > ' or ''='
> >
> > You will always log in successfully. This is a common SQL Injection
> > attack method. Also, if you have someone who's username contains an
> > apostophe, you will get errors. The best defence against this is to
> > use a saved parameter query in your Access database:
> >
> > http://www.xefteri.com/articles/show.cfm?id=6
> >
> > --
> > Mike Brind
> >
> >
> > malcolm wrote:
> > > Name is the name of the field and the database is MS access.
> > >
> > >
> > >
> > > "Mike Brind" <paxtonend [at] hotmail.com> wrote in message
> > > news:1145125091.697554.101780 [at] v46g2000cwv.googlegroups.com.. .
> > > Which field in the database holds the user's first name? And what
type
> > > of database are you using?
> > >
> > > --
> > > Mike Brind
> > >
> > >
> > > malcolm wrote:
> > > > Thanks Guys, i have now cleaned up the code and it is working ok.
Just
> > > > one
> > > > thing I want to ask! on the login successful page it shows the
> > > > username
> > > > aas
> > > > typed into the form UID field.. what I would like to do now is
actully
> > > > return another column from the database that stores the users 1st
name
> > > > :-)
> > > >
> > > > any tips
> > > >
> > > > here is the code I am using now. :-)
> > > >
> > > > <% [at] Language="VBScript"%>
> > > >
> > > > <!-- METADATA TYPE="typelib" FILE="C:\Program Files\Common
> > > > Files\System\ado\msado15.dll" -->
> > > > <!-- #include file="Connectionstring.asp" -->
> > > > <%
> > > >
> > > > ' variables
> > > > dim cnStr, rcSet, frmUID, frmPWD, sqlStr
> > > >
> > > > 'store form input into variables
> > > > frmUID = Request.Form("UID")
> > > > frmPWD = Request.Form("PWD")
> > > >
> > > > 'create connection and recordset objects
> > > > Set cnStr = Server.CreateObject("ADODB.Connection")
> > > >
> > > > ' defining database connection (connectionstring.asp)
> > > > cnStr.ConnectionString = path
> > > > cnStr.Provider = provider
> > > > cnStr.open
> > > >
> > > > ' execute sql and open as recordset
> > > >
> > > > sqlStr = "Select * From tblusers where UID = '" _
> > > > & Request.Form("UID") & "' and PWD = '" & Request.Form("PWD") &
> > > > "'"
> > > >
> > > > ' Opens the returned values from the SQL as a recordset,
> > > > ' ready for iteration by ASP
> > > > ' validate variables against database
> > > > // If (not rcSet.BOF) and (not rcSet.EOF) then
> > > >
> > > > If Len(frmUID) < 1 Then frmUID = "NULL"
> > > > If Len(frmPWD) < 1 Then frmPWD = "NULL"
> > > >
> > > > Set rcSet = cnStr.Execute(sqlStr)
> > > >
> > > > If NOT rcSet.EOF Then
> > > > response.cookies("validated_user") = frmUID
> > > > response.write "<h1>Login successful!</h1>"
> > > >
> > > > response.write "<p>Welcome " & rcSet(0) & "</p>"
> > > > else
> > > > response.write "Incorrect Username and/or Password"
> > > > end if
> > > >
> > > > cnStr.Close: Set cnStr = Nothing
> > > > Set rcSet = Nothing
> > > > %>
> > > >
> > > > I had to change this code
> > > > response.write "<p>Welcome " & rcSet(1) & "</p>"
> > > > to this code
> > > > response.write "<p>Welcome " & rcSet(0) & "</p>"
> > > > so that it would display the username and not the password ;-)
> > > > not bad for a guess. :-)
> > > >
> > > > Regards
> > > > Malcolm
> > > >
> > > >
> > > > "Steven Burn" <somewhere [at] in-time.invalid> wrote in message
> > > > news:e%237BQOLYGHA.3448 [at] TK2MSFTNGP04.phx.gbl...
> > > > > Change;
> > > > >
> > > > > sqlStr = "Select * From tblusers where UID = '" _
> > > > > & Request.Form("UID") & "' and PWD = '" & Request.Form("PWD")
&
> > > > > "'"
> > > > >
> > > > > ' Opens the returned values from the SQL as a recordset,
> > > > > ' ready for iteration by ASP
> > > > > '// <<< LINE 53 >>> set rcSet = cnStr.Execute(sqlStr)
> > > > > ' validate variables against database
> > > > > // If (not rcSet.BOF) and (not rcSet.EOF) then
> > > > >
> > > > > '// Check before processing
> > > > > If Len(frmUsername) < 1 Then frmUsername = "NULL"
> > > > > If Len(frmPassword) < 1 Then frmPassword = "NULL"
> > > > >
> > > > > To;
> > > > >
> > > > > '// Check before processing
> > > > > If Len(frmUsername) < 1 Then frmUsername = "NULL"
> > > > > If Len(frmPassword) < 1 Then frmPassword = "NULL"
> > > > > Response.Write "<b><i>DEBUG</i><b><br>Username: " _
> > > > > & frmUID & "<br>Password: " & frmPWD
> > > > > sqlStr = "Select * From tblusers where UID = '" _
> > > > > & frmUID & "' and PWD = '" & frmPWD & "'"
> > > > >
> > > > > ' Opens the returned values from the SQL as a recordset,
> > > > > ' ready for iteration by ASP
> > > > > '// <<< LINE 53 >>> set rcSet = cnStr.Execute(sqlStr)
> > > > > ' validate variables against database
> > > > > // If (not rcSet.BOF) and (not rcSet.EOF) then
> > > > >
> > > > > --
> > > > > Regards
> > > > >
> > > > > Steven Burn
> > > > > Ur I.T. Mate Group
> > > > > www.it-mate.co.uk
> > > > >
> > > > > Keeping it FREE!
> > > > >
> > > > > "malcolm" <malcolm.whyte [at] malcolmk.plus.com> wrote in message
> > > > > news:4441284e$0$23185$ed2e19e4 [at] ptn-nntp-reader04.plus.net...
> > > > >> I am now presented with incorrect Username and/or Password. I
have
> > > > >> double
> > > > >> checked this.
> > > > >>
> > > > >> I now have the following code in my page
> > > > >>
> > > > >> <% [at] Language="VBScript"%>
> > > > >>
> > > > >> <!-- METADATA TYPE="typelib" FILE="C:\Program Files\Common
> > > > >> Files\System\ado\msado15.dll" -->
> > > > >> <!-- #include file="Connectionstring.asp" -->
> > > > >> <%
> > > > >> ' /////////////////////////////////////
> > > > >> ' login validation script
> > > > >> ' © Matt Millross
> > > > >> ' www.designplace.org
> > > > >> ' free for use as long as copyright notice left intact
> > > > >> ' For more scripts, visit www.designplace.org
> > > > >> ' /////////////////////////////////////
> > > > >>
> > > > >> ' variables
> > > > >> dim cnStr, rcSet, frmUID, frmPWD, sqlStr
> > > > >>
> > > > >> 'store form input into variables
> > > > >> frmUID = Request.Form("UID")
> > > > >> frmPWD = Request.Form("PWD")
> > > > >>
> > > > >> 'create connection and recordset objects
> > > > >> Set cnStr = Server.CreateObject("ADODB.Connection")
> > > > >> '// THIS IS NOT NEEDED!
> > > > >> '// Set rcSet = Server.CreateObject("ADODB.Recordset")
> > > > >>
> > > > >> ' defining database connection (connectionstring.asp)
> > > > >> cnStr.ConnectionString = path
> > > > >> cnStr.Provider = provider
> > > > >> cnStr.open
> > > > >>
> > > > >> ' execute sql and open as recordset
> > > > >> '// sqlStr = "Select * From tblusers where username = '" _
> > > > >> '// & Request.Form("UID") & "' and password = '" &
> > > > >> Request.Form("PWD")
> > > > >> &
> > > > >> "'"
> > > > >> '// You've already stored the user/pass into a local var - use
> > > > >> them!
> > > > >> '// and NEVER use "Select * ..."
> > > > >> '//
> > > > >> '// http://aspfaq.com/show.asp?id 96
> > > > >>
> > > > >> sqlStr = "Select * From tblusers where UID = '" _
> > > > >> & Request.Form("UID") & "' and PWD = '" &
Request.Form("PWD")
> > > > >> &
> > > > >> "'"
> > > > >>
> > > > >> ' Opens the returned values from the SQL as a recordset,
> > > > >> ' ready for iteration by ASP
> > > > >> '// <<< LINE 53 >>> set rcSet = cnStr.Execute(sqlStr)
> > > > >> ' validate variables against database
> > > > >> // If (not rcSet.BOF) and (not rcSet.EOF) then
> > > > >>
> > > > >> '// Check before processing
> > > > >> If Len(frmUsername) < 1 Then frmUsername = "NULL"
> > > > >> If Len(frmPassword) < 1 Then frmPassword = "NULL"
> > > > >> '// Then go...
> > > > >> Set rcSet = cnStr.Execute(sqlStr)
> > > > >>
> > > > >> If NOT rcSet.EOF Then
> > > > >> response.cookies("validated_user") = frmUID
> > > > >> response.write "<h1>Login successful!</h1>"
> > > > >> '// Forget using rcSet.Fields, and just use rcSet
> > > > >> '// directly
> > > > >> response.write "<p>Welcome " & rcSet(1) & "</p>"
> > > > >> else
> > > > >> response.write "incorrect Username and/or Password"
> > > > >> end if
> > > > >>
> > > > >> '// Don't forget to cleanup after yourself
> > > > >> cnStr.Close: Set cnStr = Nothing
> > > > >> Set rcSet = Nothing
> > > > >> %>
> > > > >>
> > > > >>
> > > > >> Regards
> > > > >> Malcolm
> > > > >>
> > > > >>
> > > > >> "malcolm" <malcolm.whyte [at] malcolmk.plus.com> wrote in message
> > > > >> news:4441273b$0$23177$ed2e19e4 [at] ptn-nntp-reader04.plus.net...
> > > > >> > UID and PWD are the 2 fields in my database that hold the
> > > > >> > information.
> > > > >> >
> > > > >> > I have now changed the code
> > > > >> >
> > > > >> > "Mike Brind" <paxtonend [at] hotmail.com> wrote in message
> > > > >> > news:1145119070.271743.314040 [at] z34g2000cwc.googlegroups.com.. .
> > > > >> >>
> > > > >> >> malcolm wrote:
> > > > >> >>> Hi, while trying to validate username and password on login
> > > > >> >>> form
> > > > >> >>> I
> > > > >> >>> am
> > > > >> >>> presented with the following error message
> > > > >> >>>
> > > > >> >>>
> > > > >> >>> Microsoft JET Database Engine error '80040e10'
> > > > >> >>>
> > > > >> >>> No value given for one or more required parameters.
> > > > >> >>>
> > > > >> >>> /vdateUsr.asp, line 53
> > > > >> >>>
> > > > >> >>> The 2 fields within the database are text fields (UID) and
> > > > >> >>> (PWD)
> > > > >> >>> these
> > > > >> >>> are
> > > > >> >>> spelt correctly!
> > > > >> >>>
> > > > >> >>
> > > > >> >> <snip>
> > > > >> >>> sqlStr = "Select * From tblusers where username = '" _
> > > > >> >>> & Request.Form("UID") & "' and password = '" &
> > > > >> >>> Request.Form("PWD")
> > > > > &
> > > > >> >>> "'"
> > > > >> >>>
> > > > >> >>
> > > > >> >> No - they're not spelt correctly. In your SQL statement you
> > > > >> >> refer
> > > > >> >> to
> > > > >> >> two fields called username and password, yet you said they are
> > > > >> >> called
> > > > >> >> UID and PWD. Which is correct?
> > > > >> >>
> > > > >> >> --
> > > > >> >> Mike Brind
> > > > >> >>
> > > > >> >
> > > > >> >
> > > > >>
> > > > >>
> > > > >
> > > > >
>
>
