Ask a Question related to ASP Database, Design and Development.
-
Wayne Smith #1
ASP Login Script not working
Applies to: Microsoft FrontPage 2000, Microsoft Access 2000, IIS 5.0
Operating System: Microsoft Windows 2000 Professional
I am trying to protect a portion of a web site by allowing users to register a username and password & then login with those details, but so far I am having only marginal success. I am far from an expert on ASP programming, indeed the code I am using comes from "Sams Teach Yourself E-Commerce Programming with ASP" but it is ideally suited for my purpose.
In short, there are 3 .asp pages (register.asp, login.asp & checkpassword.asp - the code for each is below), a global.asa file was automatically created and by following the instructions in the book, I also created a small Access database called UserDB.mdb, which stores the username & password of each user when they register & also verify's those details when the user attempts to login again.
The DNS connection has been setup within FrontPage and I have verified that this connection works by clicking "Tools", "Web Settings" & the "Database" tab, highlighting the DNS connection & clicking Verify.
The problems seem to occur when I try to register a new username & password, for some strange reason the details I enter are not being saved in the database table, and to compound the problem further, if I register just a username, or a password but not both, the page simply refreshes itself with empty boxes instead of giving an error message to indicate that a "username" or "password" must be entered, which if I have read the code correctly on the "checkpassword.asp" page, should happen.
To further confuse the situation, if I manually enter a username & password into the database table and then attempt to click a hyperlink taking me to a "test.asp" page, with the INCLUDE FILE: <!-- #INCLUDE FILE="checkpassword.asp" -->, I am automatically taken to the login.asp, where if I enter the username & password that I manually put into the database table, it takes me to the selected "Protected" web page. In my mind that clearly shows the DNS connection is working but yet it won't store new registered details into the database table, which is extremely confusing.
If anyone can see what I may be doing wrong, or point me in the right direction, your help & advice will be greatly appreciated. As I pointed out earlier I am far from an expert, so any help you can give would be ideally suited towards a newbie mentality.
Below is the code for the three .asp pages:
Many thanks in advance
Wayne Smith
register.asp
<%
nextPage = Request( "nextPage" )
newUsername = Request( "newUsername" )
newPassword = Request( "newPassword" )
%>
<HTML>
<HEAD><TITLE>Register"</TITLE></HEAD>
<BODY>
Register at this Web site by selecting a username and password:
<FORM METHOD="post" ACTION="<%=nextPage%>">
<INPUT NAME="newUser" TYPE="hidden" VALUE="1">
<P><B>USERNAME:</B>
<INPUT NAME="newUsername" SIZE=20 MAXLENGTH="20"
VALUE="<%=Server.HTMLEncode( newUsername )%>">
<P><B>PASSWORD:</B>
<INPUT NAME="newPassword" SIZE=20 MAXLENGTH="20"
VALUE="<%=Server.HTMLEncode( newPassword )%>">
<P><INPUT TYPE="submit" VALUE="Register!">
</FORM>
</BODY>
</HTML>
----------------------------------------------------------------------------------
login.asp
<HTML>
<HEAD><TITLE>Login</TITLE></HEAD>
<BODY>
<%=loginMessage%>
<FORM METHOD="post" ACTION="<%=nextPage%>">
<P><B>USERNAME:</B>
<INPUT NAME="username" SIZE=20 MAXLENGTH="20"
VALUE="<%=Server.HTMLEncode( username )%>">
<P><B>PASSWORD:</B>
<INPUT NAME="password" SIZE=20 MAXLENGTH="20"
VALUE="<%=Server.HTMLEncode( password )%>">
<p><INPUT NAME="addCookie" TYPE="Checkbox" VALUE="1"> Remember me with a cookie
<P><INPUT TYPE="submit" VALUE="Login">
</FORM>
<p>
<a href="register.asp?nextpage=<%Server.URLEncode( nextpage )%>">
Click here to register</a>
</BODY>
</HTML>
-------------------------------------------------------------
checkpassword.asp
<%
CONST useSession = TRUE
' Retrieve Form Variables
username = TRIM( Request( "username" ) )
password = TRIM( Request( "password" ) )
newUser = TRIM( Request( "newUser" ) )
newUsername = TRIM( Request( "newUsername" ) )
newPassword = TRIM( Request( "newPassword" ) )
addCookie = TRIM( Request( "addCookie" ) )
' Retrieve Current Page
nextPage = Request.ServerVariables( "SCRIPT_NAME" )
' Ready Database Connection
Set Con = Server.CreateObject( "ADODB.Connection" )
Con.Open "userDNS"
' Add New User
IF newUser <> "" THEN
IF newUsername = "" THEN
showError "You must enter a username"
END IF
IF newPassword = "" THEN
showError "You must enter a password"
END IF
IF usernameTaken( newUsername ) THEN
showError "The username you entered has already " &_
"been chosen by a previous user. Please select " &_
"a new username"
END IF
sqlString = "INSERT INTO userlist ( user_username, user_password ) " &_
"VALUES ('" & newUsername & "','" & newPassword & "')"
Con.Execute sqlString
username = newUsername
password = newPassword
IF useSession THEN Session( "loggedIn" ) = "Yes"
END IF
' Authenticate User
IF Session( "loggedIn" ) = "" THEN
IF username = "" OR password = "" THEN
loginMessage = "You must login before you can view this page."
showLogin
END IF
result = validateLogin( username, password )
IF result = 1 THEN
loginMessage = "You entered an unregistered username."
showLogin
END IF
IF result = 2 THEN
loginMessage = "You did not enter a valid password."
showLogin
END IF
IF useSession THEN Session( "loggedIn" ) = "Yes"
END IF
' Add a Cookie
IF addCookie <> "" THEN
Response.Cookies( "username" ) = username
Response.Cookies( "username" ).Expires = "12/25/2037"
Response.Cookies( "password" ) = password
Response.Cookies( "password" ).Expires = "12/25/2037"
END IF
' Create Security Query String Variable
sq = "username=" & Server.HTMLEncode( username ) & "&"
sq = sq & "password=" & Server.HTMLEncode( password )
' Create Security Form Variable
sf = "<input name=""username"" type=""hidden"" "
sf = sf & "value=""" & Server.HTMLEncode( username ) & """>"
sf = sf & "<input name=""password"" type=""hidden"" "
sf = sf & "value=""" & Server.HTMLEncode( password ) & """>"
' Check Username and Password
FUNCTION validateLogin( theUsername, thePassword )
sqlString = "SELECT user_password FROM userlist " &_
"WHERE user_username='" & fixQuotes( username ) & "'"
Set RS = Con.Execute( sqlString )
IF RS.EOF THEN
validateLogin = 1
ELSE
IF RS( "user_password" ) <> thePassword THEN
validateLogin = 2
ELSE
validateLogin = 0
END IF
END IF
END FUNCTION
' Check Whether Username Already Taken
FUNCTION usernameTaken( theUsername )
sqlString = "SELECT user_id FROM userlist " &_
"WHERE user_username='" & fixQuotes( theUsername ) & "'"
Set RS = Con.Execute( sqlString )
IF RS.EOF THEN
usernameTaken = FALSE
ELSE
usernameTaken = TRUE
END IF
RS.Close
Set RS = Nothing
END FUNCTION
' Show Error Page
SUB showError( theError )
%>
<HTML>
<HEAD><TITLE>Problem</TITLE></HEAD>
<BODY>
<b>There was a problem with your registration information</b>
<br><%=theError %>
<FORM METHOD="POST" ACTION="register.asp">
<INPUT NAME="nextpage" TYPE="hidden"
VALUE="<%=nextpage%>">
<INPUT NAME="newUsername" TYPE="hidden"
VALUE="<%=Server.HTMLEncode( newUsername )%>">
<INPUT NAME="newPassword" TYPE="hidden"
VALUE="<%=Server.HTMLEncode( newPassword )%>">
<INPUT TYPE="SUBMIT" VALUE="Continue">
</FORM>
</BODY>
</HTML>
<%
Response.End
END SUB
' Show the Login Page
SUB showLogin
%>
<!-- #INCLUDE FILE="login.asp" -->
<%
Response.End
END SUB
FUNCTION fixQuotes( theString )
fixQuotes = REPLACE( theString, "'", "''" )
END FUNCTION
%>
Wayne Smith Guest
-
advanced login script
Hi I recently acquired in the exchange area the advanced login action script for DW. Actually I'm having some problems, everytime I run the script... -
6.1 script not working on 7.0 server. Script used towork!
I've a problem with some coldfusion 6.1 scripts running on a server with coldfusion 7. It seems that it isn't accepting the hidden type for the tag... -
Need Login Script Help
I need this exact setup. can someone please please please provide me with code for something just like this and tell me how you add it to my page... -
User Login Script
I've got a user login file, but if I want to add more than one user how do I go about doing that? Here's the code of the Login button. Thanks! on... -
Login Script
Hi there all, im new to this newsgroup, and also new to php. Anyway, im after a php login script, but i want it so it can have lots of different... -
IPT #2 Re: ASP Login Script not working
What a complicated scripts you have, with lotsa unneccesary codes. Throw
that book away.
"Wayne Smith" <wayne.smith2004(NoSpam)@ntlworld.com> wrote in message
news:ur1o0ssVEHA.2544@TK2MSFTNGP10.phx.gbl...
Applies to: Microsoft FrontPage 2000, Microsoft Access 2000, IIS 5.0
Operating System: Microsoft Windows 2000 Professional
I am trying to protect a portion of a web site by allowing users to register
a username and password & then login with those details, but so far I am
having only marginal success. I am far from an expert on ASP programming,
indeed the code I am using comes from "Sams Teach Yourself E-Commerce
Programming with ASP" but it is ideally suited for my purpose.
In short, there are 3 .asp pages (register.asp, login.asp &
checkpassword.asp - the code for each is below), a global.asa file was
automatically created and by following the instructions in the book, I also
created a small Access database called UserDB.mdb, which stores the username
& password of each user when they register & also verify's those details
when the user attempts to login again.
The DNS connection has been setup within FrontPage and I have verified that
this connection works by clicking "Tools", "Web Settings" & the "Database"
tab, highlighting the DNS connection & clicking Verify.
The problems seem to occur when I try to register a new username & password,
for some strange reason the details I enter are not being saved in the
database table, and to compound the problem further, if I register just a
username, or a password but not both, the page simply refreshes itself with
empty boxes instead of giving an error message to indicate that a "username"
or "password" must be entered, which if I have read the code correctly on
the "checkpassword.asp" page, should happen.
To further confuse the situation, if I manually enter a username & password
into the database table and then attempt to click a hyperlink taking me to a
"test.asp" page, with the INCLUDE FILE: <!-- #INCLUDE
FILE="checkpassword.asp" -->, I am automatically taken to the login.asp,
where if I enter the username & password that I manually put into the
database table, it takes me to the selected "Protected" web page. In my mind
that clearly shows the DNS connection is working but yet it won't store new
registered details into the database table, which is extremely confusing.
If anyone can see what I may be doing wrong, or point me in the right
direction, your help & advice will be greatly appreciated. As I pointed out
earlier I am far from an expert, so any help you can give would be ideally
suited towards a newbie mentality.
Below is the code for the three .asp pages:
Many thanks in advance
Wayne Smith
register.asp
<%
nextPage = Request( "nextPage" )
newUsername = Request( "newUsername" )
newPassword = Request( "newPassword" )
%>
<HTML>
<HEAD><TITLE>Register"</TITLE></HEAD>
<BODY>
Register at this Web site by selecting a username and password:
<FORM METHOD="post" ACTION="<%=nextPage%>">
<INPUT NAME="newUser" TYPE="hidden" VALUE="1">
<P><B>USERNAME:</B>
<INPUT NAME="newUsername" SIZE=20 MAXLENGTH="20"
VALUE="<%=Server.HTMLEncode( newUsername )%>">
<P><B>PASSWORD:</B>
<INPUT NAME="newPassword" SIZE=20 MAXLENGTH="20"
VALUE="<%=Server.HTMLEncode( newPassword )%>">
<P><INPUT TYPE="submit" VALUE="Register!">
</FORM>
</BODY>
</HTML>
----------------------------------------------------------------------------
------
login.asp
<HTML>
<HEAD><TITLE>Login</TITLE></HEAD>
<BODY>
<%=loginMessage%>
<FORM METHOD="post" ACTION="<%=nextPage%>">
<P><B>USERNAME:</B>
<INPUT NAME="username" SIZE=20 MAXLENGTH="20"
VALUE="<%=Server.HTMLEncode( username )%>">
<P><B>PASSWORD:</B>
<INPUT NAME="password" SIZE=20 MAXLENGTH="20"
VALUE="<%=Server.HTMLEncode( password )%>">
<p><INPUT NAME="addCookie" TYPE="Checkbox" VALUE="1"> Remember me with a
cookie
<P><INPUT TYPE="submit" VALUE="Login">
</FORM>
<p>
<a href="register.asp?nextpage=<%Server.URLEncode( nextpage )%>">
Click here to register</a>
</BODY>
</HTML>
-------------------------------------------------------------
checkpassword.asp
<%
CONST useSession = TRUE
' Retrieve Form Variables
username = TRIM( Request( "username" ) )
password = TRIM( Request( "password" ) )
newUser = TRIM( Request( "newUser" ) )
newUsername = TRIM( Request( "newUsername" ) )
newPassword = TRIM( Request( "newPassword" ) )
addCookie = TRIM( Request( "addCookie" ) )
' Retrieve Current Page
nextPage = Request.ServerVariables( "SCRIPT_NAME" )
' Ready Database Connection
Set Con = Server.CreateObject( "ADODB.Connection" )
Con.Open "userDNS"
' Add New User
IF newUser <> "" THEN
IF newUsername = "" THEN
showError "You must enter a username"
END IF
IF newPassword = "" THEN
showError "You must enter a password"
END IF
IF usernameTaken( newUsername ) THEN
showError "The username you entered has already " &_
"been chosen by a previous user. Please select " &_
"a new username"
END IF
sqlString = "INSERT INTO userlist ( user_username, user_password ) " &_
"VALUES ('" & newUsername & "','" & newPassword & "')"
Con.Execute sqlString
username = newUsername
password = newPassword
IF useSession THEN Session( "loggedIn" ) = "Yes"
END IF
' Authenticate User
IF Session( "loggedIn" ) = "" THEN
IF username = "" OR password = "" THEN
loginMessage = "You must login before you can view this page."
showLogin
END IF
result = validateLogin( username, password )
IF result = 1 THEN
loginMessage = "You entered an unregistered username."
showLogin
END IF
IF result = 2 THEN
loginMessage = "You did not enter a valid password."
showLogin
END IF
IF useSession THEN Session( "loggedIn" ) = "Yes"
END IF
' Add a Cookie
IF addCookie <> "" THEN
Response.Cookies( "username" ) = username
Response.Cookies( "username" ).Expires = "12/25/2037"
Response.Cookies( "password" ) = password
Response.Cookies( "password" ).Expires = "12/25/2037"
END IF
' Create Security Query String Variable
sq = "username=" & Server.HTMLEncode( username ) & "&"
sq = sq & "password=" & Server.HTMLEncode( password )
' Create Security Form Variable
sf = "<input name=""username"" type=""hidden"" "
sf = sf & "value=""" & Server.HTMLEncode( username ) & """>"
sf = sf & "<input name=""password"" type=""hidden"" "
sf = sf & "value=""" & Server.HTMLEncode( password ) & """>"
' Check Username and Password
FUNCTION validateLogin( theUsername, thePassword )
sqlString = "SELECT user_password FROM userlist " &_
"WHERE user_username='" & fixQuotes( username ) & "'"
Set RS = Con.Execute( sqlString )
IF RS.EOF THEN
validateLogin = 1
ELSE
IF RS( "user_password" ) <> thePassword THEN
validateLogin = 2
ELSE
validateLogin = 0
END IF
END IF
END FUNCTION
' Check Whether Username Already Taken
FUNCTION usernameTaken( theUsername )
sqlString = "SELECT user_id FROM userlist " &_
"WHERE user_username='" & fixQuotes( theUsername ) & "'"
Set RS = Con.Execute( sqlString )
IF RS.EOF THEN
usernameTaken = FALSE
ELSE
usernameTaken = TRUE
END IF
RS.Close
Set RS = Nothing
END FUNCTION
' Show Error Page
SUB showError( theError )
%>
<HTML>
<HEAD><TITLE>Problem</TITLE></HEAD>
<BODY>
<b>There was a problem with your registration information</b>
<br><%=theError %>
<FORM METHOD="POST" ACTION="register.asp">
<INPUT NAME="nextpage" TYPE="hidden"
VALUE="<%=nextpage%>">
<INPUT NAME="newUsername" TYPE="hidden"
VALUE="<%=Server.HTMLEncode( newUsername )%>">
<INPUT NAME="newPassword" TYPE="hidden"
VALUE="<%=Server.HTMLEncode( newPassword )%>">
<INPUT TYPE="SUBMIT" VALUE="Continue">
</FORM>
</BODY>
</HTML>
<%
Response.End
END SUB
' Show the Login Page
SUB showLogin
%>
<!-- #INCLUDE FILE="login.asp" -->
<%
Response.End
END SUB
FUNCTION fixQuotes( theString )
fixQuotes = REPLACE( theString, "'", "''" )
END FUNCTION
%>
IPT Guest
-
Wayne Smith #3 Re: ASP Login Script not working
I'm sure if I were more knowledgeable with ASP I would do just that, but alas I'm not and your reply helps me little
"IPT" <iwan@swopt.com> wrote in message news:uvwzpFzVEHA.3472@TK2MSFTNGP09.phx.gbl...
What a complicated scripts you have, with lotsa unneccesary codes. Throw
that book away.
"Wayne Smith" <wayne.smith2004(NoSpam)@ntlworld.com> wrote in message
news:ur1o0ssVEHA.2544@TK2MSFTNGP10.phx.gbl...
Applies to: Microsoft FrontPage 2000, Microsoft Access 2000, IIS 5.0
Operating System: Microsoft Windows 2000 Professional
I am trying to protect a portion of a web site by allowing users to register
a username and password & then login with those details, but so far I am
having only marginal success. I am far from an expert on ASP programming,
indeed the code I am using comes from "Sams Teach Yourself E-Commerce
Programming with ASP" but it is ideally suited for my purpose.
In short, there are 3 .asp pages (register.asp, login.asp &
checkpassword.asp - the code for each is below), a global.asa file was
automatically created and by following the instructions in the book, I also
created a small Access database called UserDB.mdb, which stores the username
& password of each user when they register & also verify's those details
when the user attempts to login again.
The DNS connection has been setup within FrontPage and I have verified that
this connection works by clicking "Tools", "Web Settings" & the "Database"
tab, highlighting the DNS connection & clicking Verify.
The problems seem to occur when I try to register a new username & password,
for some strange reason the details I enter are not being saved in the
database table, and to compound the problem further, if I register just a
username, or a password but not both, the page simply refreshes itself with
empty boxes instead of giving an error message to indicate that a "username"
or "password" must be entered, which if I have read the code correctly on
the "checkpassword.asp" page, should happen.
To further confuse the situation, if I manually enter a username & password
into the database table and then attempt to click a hyperlink taking me to a
"test.asp" page, with the INCLUDE FILE: <!-- #INCLUDE
FILE="checkpassword.asp" -->, I am automatically taken to the login.asp,
where if I enter the username & password that I manually put into the
database table, it takes me to the selected "Protected" web page. In my mind
that clearly shows the DNS connection is working but yet it won't store new
registered details into the database table, which is extremely confusing.
If anyone can see what I may be doing wrong, or point me in the right
direction, your help & advice will be greatly appreciated. As I pointed out
earlier I am far from an expert, so any help you can give would be ideally
suited towards a newbie mentality.
Below is the code for the three .asp pages:
Many thanks in advance
Wayne Smith
register.asp
<%
nextPage = Request( "nextPage" )
newUsername = Request( "newUsername" )
newPassword = Request( "newPassword" )
%>
<HTML>
<HEAD><TITLE>Register"</TITLE></HEAD>
<BODY>
Register at this Web site by selecting a username and password:
<FORM METHOD="post" ACTION="<%=nextPage%>">
<INPUT NAME="newUser" TYPE="hidden" VALUE="1">
<P><B>USERNAME:</B>
<INPUT NAME="newUsername" SIZE=20 MAXLENGTH="20"
VALUE="<%=Server.HTMLEncode( newUsername )%>">
<P><B>PASSWORD:</B>
<INPUT NAME="newPassword" SIZE=20 MAXLENGTH="20"
VALUE="<%=Server.HTMLEncode( newPassword )%>">
<P><INPUT TYPE="submit" VALUE="Register!">
</FORM>
</BODY>
</HTML>
----------------------------------------------------------------------------
------
login.asp
<HTML>
<HEAD><TITLE>Login</TITLE></HEAD>
<BODY>
<%=loginMessage%>
<FORM METHOD="post" ACTION="<%=nextPage%>">
<P><B>USERNAME:</B>
<INPUT NAME="username" SIZE=20 MAXLENGTH="20"
VALUE="<%=Server.HTMLEncode( username )%>">
<P><B>PASSWORD:</B>
<INPUT NAME="password" SIZE=20 MAXLENGTH="20"
VALUE="<%=Server.HTMLEncode( password )%>">
<p><INPUT NAME="addCookie" TYPE="Checkbox" VALUE="1"> Remember me with a
cookie
<P><INPUT TYPE="submit" VALUE="Login">
</FORM>
<p>
<a href="register.asp?nextpage=<%Server.URLEncode( nextpage )%>">
Click here to register</a>
</BODY>
</HTML>
-------------------------------------------------------------
checkpassword.asp
<%
CONST useSession = TRUE
' Retrieve Form Variables
username = TRIM( Request( "username" ) )
password = TRIM( Request( "password" ) )
newUser = TRIM( Request( "newUser" ) )
newUsername = TRIM( Request( "newUsername" ) )
newPassword = TRIM( Request( "newPassword" ) )
addCookie = TRIM( Request( "addCookie" ) )
' Retrieve Current Page
nextPage = Request.ServerVariables( "SCRIPT_NAME" )
' Ready Database Connection
Set Con = Server.CreateObject( "ADODB.Connection" )
Con.Open "userDNS"
' Add New User
IF newUser <> "" THEN
IF newUsername = "" THEN
showError "You must enter a username"
END IF
IF newPassword = "" THEN
showError "You must enter a password"
END IF
IF usernameTaken( newUsername ) THEN
showError "The username you entered has already " &_
"been chosen by a previous user. Please select " &_
"a new username"
END IF
sqlString = "INSERT INTO userlist ( user_username, user_password ) " &_
"VALUES ('" & newUsername & "','" & newPassword & "')"
Con.Execute sqlString
username = newUsername
password = newPassword
IF useSession THEN Session( "loggedIn" ) = "Yes"
END IF
' Authenticate User
IF Session( "loggedIn" ) = "" THEN
IF username = "" OR password = "" THEN
loginMessage = "You must login before you can view this page."
showLogin
END IF
result = validateLogin( username, password )
IF result = 1 THEN
loginMessage = "You entered an unregistered username."
showLogin
END IF
IF result = 2 THEN
loginMessage = "You did not enter a valid password."
showLogin
END IF
IF useSession THEN Session( "loggedIn" ) = "Yes"
END IF
' Add a Cookie
IF addCookie <> "" THEN
Response.Cookies( "username" ) = username
Response.Cookies( "username" ).Expires = "12/25/2037"
Response.Cookies( "password" ) = password
Response.Cookies( "password" ).Expires = "12/25/2037"
END IF
' Create Security Query String Variable
sq = "username=" & Server.HTMLEncode( username ) & "&"
sq = sq & "password=" & Server.HTMLEncode( password )
' Create Security Form Variable
sf = "<input name=""username"" type=""hidden"" "
sf = sf & "value=""" & Server.HTMLEncode( username ) & """>"
sf = sf & "<input name=""password"" type=""hidden"" "
sf = sf & "value=""" & Server.HTMLEncode( password ) & """>"
' Check Username and Password
FUNCTION validateLogin( theUsername, thePassword )
sqlString = "SELECT user_password FROM userlist " &_
"WHERE user_username='" & fixQuotes( username ) & "'"
Set RS = Con.Execute( sqlString )
IF RS.EOF THEN
validateLogin = 1
ELSE
IF RS( "user_password" ) <> thePassword THEN
validateLogin = 2
ELSE
validateLogin = 0
END IF
END IF
END FUNCTION
' Check Whether Username Already Taken
FUNCTION usernameTaken( theUsername )
sqlString = "SELECT user_id FROM userlist " &_
"WHERE user_username='" & fixQuotes( theUsername ) & "'"
Set RS = Con.Execute( sqlString )
IF RS.EOF THEN
usernameTaken = FALSE
ELSE
usernameTaken = TRUE
END IF
RS.Close
Set RS = Nothing
END FUNCTION
' Show Error Page
SUB showError( theError )
%>
<HTML>
<HEAD><TITLE>Problem</TITLE></HEAD>
<BODY>
<b>There was a problem with your registration information</b>
<br><%=theError %>
<FORM METHOD="POST" ACTION="register.asp">
<INPUT NAME="nextpage" TYPE="hidden"
VALUE="<%=nextpage%>">
<INPUT NAME="newUsername" TYPE="hidden"
VALUE="<%=Server.HTMLEncode( newUsername )%>">
<INPUT NAME="newPassword" TYPE="hidden"
VALUE="<%=Server.HTMLEncode( newPassword )%>">
<INPUT TYPE="SUBMIT" VALUE="Continue">
</FORM>
</BODY>
</HTML>
<%
Response.End
END SUB
' Show the Login Page
SUB showLogin
%>
<!-- #INCLUDE FILE="login.asp" -->
<%
Response.End
END SUB
FUNCTION fixQuotes( theString )
fixQuotes = REPLACE( theString, "'", "''" )
END FUNCTION
%>
Wayne Smith Guest
-
Re: ASP Login Script not working
Hi Wayne,
I sympathize:
Quick suggestion:
1. Here is a pretty good code solution, however it uses sql server as the backend. Good background reading: [url]http://www.siteexperts.com/tips/community/ts01/page1.asp[/url]
Don't use a DNS connection...rather use an absolute path to the database. Do a Google search for this.
2. Maybe try this solution: [url]http://www.asp101.com/samples/login.asp[/url]
"Wayne Smith" <wayne.smith2004(NoSpam)@ntlworld.com> wrote in message news:AiDBc.85$G72.11@newsfe3-win.server.ntli.net...
I'm sure if I were more knowledgeable with ASP I would do just that, but alas I'm not and your reply helps me little
"IPT" <iwan@swopt.com> wrote in message news:uvwzpFzVEHA.3472@TK2MSFTNGP09.phx.gbl...
What a complicated scripts you have, with lotsa unneccesary codes. Throw
that book away.
"Wayne Smith" <wayne.smith2004(NoSpam)@ntlworld.com> wrote in message
news:ur1o0ssVEHA.2544@TK2MSFTNGP10.phx.gbl...
Applies to: Microsoft FrontPage 2000, Microsoft Access 2000, IIS 5.0
Operating System: Microsoft Windows 2000 Professional
I am trying to protect a portion of a web site by allowing users to register
a username and password & then login with those details, but so far I am
having only marginal success. I am far from an expert on ASP programming,
indeed the code I am using comes from "Sams Teach Yourself E-Commerce
Programming with ASP" but it is ideally suited for my purpose.
In short, there are 3 .asp pages (register.asp, login.asp &
checkpassword.asp - the code for each is below), a global.asa file was
automatically created and by following the instructions in the book, I also
created a small Access database called UserDB.mdb, which stores the username
& password of each user when they register & also verify's those details
when the user attempts to login again.
The DNS connection has been setup within FrontPage and I have verified that
this connection works by clicking "Tools", "Web Settings" & the "Database"
tab, highlighting the DNS connection & clicking Verify.
The problems seem to occur when I try to register a new username & password,
for some strange reason the details I enter are not being saved in the
database table, and to compound the problem further, if I register just a
username, or a password but not both, the page simply refreshes itself with
empty boxes instead of giving an error message to indicate that a "username"
or "password" must be entered, which if I have read the code correctly on
the "checkpassword.asp" page, should happen.
To further confuse the situation, if I manually enter a username & password
into the database table and then attempt to click a hyperlink taking me to a
"test.asp" page, with the INCLUDE FILE: <!-- #INCLUDE
FILE="checkpassword.asp" -->, I am automatically taken to the login.asp,
where if I enter the username & password that I manually put into the
database table, it takes me to the selected "Protected" web page. In my mind
that clearly shows the DNS connection is working but yet it won't store new
registered details into the database table, which is extremely confusing.
If anyone can see what I may be doing wrong, or point me in the right
direction, your help & advice will be greatly appreciated. As I pointed out
earlier I am far from an expert, so any help you can give would be ideally
suited towards a newbie mentality.
Below is the code for the three .asp pages:
Many thanks in advance
Wayne Smith
register.asp
<%
nextPage = Request( "nextPage" )
newUsername = Request( "newUsername" )
newPassword = Request( "newPassword" )
%>
<HTML>
<HEAD><TITLE>Register"</TITLE></HEAD>
<BODY>
Register at this Web site by selecting a username and password:
<FORM METHOD="post" ACTION="<%=nextPage%>">
<INPUT NAME="newUser" TYPE="hidden" VALUE="1">
<P><B>USERNAME:</B>
<INPUT NAME="newUsername" SIZE=20 MAXLENGTH="20"
VALUE="<%=Server.HTMLEncode( newUsername )%>">
<P><B>PASSWORD:</B>
<INPUT NAME="newPassword" SIZE=20 MAXLENGTH="20"
VALUE="<%=Server.HTMLEncode( newPassword )%>">
<P><INPUT TYPE="submit" VALUE="Register!">
</FORM>
</BODY>
</HTML>
----------------------------------------------------------------------------
------
login.asp
<HTML>
<HEAD><TITLE>Login</TITLE></HEAD>
<BODY>
<%=loginMessage%>
<FORM METHOD="post" ACTION="<%=nextPage%>">
<P><B>USERNAME:</B>
<INPUT NAME="username" SIZE=20 MAXLENGTH="20"
VALUE="<%=Server.HTMLEncode( username )%>">
<P><B>PASSWORD:</B>
<INPUT NAME="password" SIZE=20 MAXLENGTH="20"
VALUE="<%=Server.HTMLEncode( password )%>">
<p><INPUT NAME="addCookie" TYPE="Checkbox" VALUE="1"> Remember me with a
cookie
<P><INPUT TYPE="submit" VALUE="Login">
</FORM>
<p>
<a href="register.asp?nextpage=<%Server.URLEncode( nextpage )%>">
Click here to register</a>
</BODY>
</HTML>
-------------------------------------------------------------
checkpassword.asp
<%
CONST useSession = TRUE
' Retrieve Form Variables
username = TRIM( Request( "username" ) )
password = TRIM( Request( "password" ) )
newUser = TRIM( Request( "newUser" ) )
newUsername = TRIM( Request( "newUsername" ) )
newPassword = TRIM( Request( "newPassword" ) )
addCookie = TRIM( Request( "addCookie" ) )
' Retrieve Current Page
nextPage = Request.ServerVariables( "SCRIPT_NAME" )
' Ready Database Connection
Set Con = Server.CreateObject( "ADODB.Connection" )
Con.Open "userDNS"
' Add New User
IF newUser <> "" THEN
IF newUsername = "" THEN
showError "You must enter a username"
END IF
IF newPassword = "" THEN
showError "You must enter a password"
END IF
IF usernameTaken( newUsername ) THEN
showError "The username you entered has already " &_
"been chosen by a previous user. Please select " &_
"a new username"
END IF
sqlString = "INSERT INTO userlist ( user_username, user_password ) " &_
"VALUES ('" & newUsername & "','" & newPassword & "')"
Con.Execute sqlString
username = newUsername
password = newPassword
IF useSession THEN Session( "loggedIn" ) = "Yes"
END IF
' Authenticate User
IF Session( "loggedIn" ) = "" THEN
IF username = "" OR password = "" THEN
loginMessage = "You must login before you can view this page."
showLogin
END IF
result = validateLogin( username, password )
IF result = 1 THEN
loginMessage = "You entered an unregistered username."
showLogin
END IF
IF result = 2 THEN
loginMessage = "You did not enter a valid password."
showLogin
END IF
IF useSession THEN Session( "loggedIn" ) = "Yes"
END IF
' Add a Cookie
IF addCookie <> "" THEN
Response.Cookies( "username" ) = username
Response.Cookies( "username" ).Expires = "12/25/2037"
Response.Cookies( "password" ) = password
Response.Cookies( "password" ).Expires = "12/25/2037"
END IF
' Create Security Query String Variable
sq = "username=" & Server.HTMLEncode( username ) & "&"
sq = sq & "password=" & Server.HTMLEncode( password )
' Create Security Form Variable
sf = "<input name=""username"" type=""hidden"" "
sf = sf & "value=""" & Server.HTMLEncode( username ) & """>"
sf = sf & "<input name=""password"" type=""hidden"" "
sf = sf & "value=""" & Server.HTMLEncode( password ) & """>"
' Check Username and Password
FUNCTION validateLogin( theUsername, thePassword )
sqlString = "SELECT user_password FROM userlist " &_
"WHERE user_username='" & fixQuotes( username ) & "'"
Set RS = Con.Execute( sqlString )
IF RS.EOF THEN
validateLogin = 1
ELSE
IF RS( "user_password" ) <> thePassword THEN
validateLogin = 2
ELSE
validateLogin = 0
END IF
END IF
END FUNCTION
' Check Whether Username Already Taken
FUNCTION usernameTaken( theUsername )
sqlString = "SELECT user_id FROM userlist " &_
"WHERE user_username='" & fixQuotes( theUsername ) & "'"
Set RS = Con.Execute( sqlString )
IF RS.EOF THEN
usernameTaken = FALSE
ELSE
usernameTaken = TRUE
END IF
RS.Close
Set RS = Nothing
END FUNCTION
' Show Error Page
SUB showError( theError )
%>
<HTML>
<HEAD><TITLE>Problem</TITLE></HEAD>
<BODY>
<b>There was a problem with your registration information</b>
<br><%=theError %>
<FORM METHOD="POST" ACTION="register.asp">
<INPUT NAME="nextpage" TYPE="hidden"
VALUE="<%=nextpage%>">
<INPUT NAME="newUsername" TYPE="hidden"
VALUE="<%=Server.HTMLEncode( newUsername )%>">
<INPUT NAME="newPassword" TYPE="hidden"
VALUE="<%=Server.HTMLEncode( newPassword )%>">
<INPUT TYPE="SUBMIT" VALUE="Continue">
</FORM>
</BODY>
</HTML>
<%
Response.End
END SUB
' Show the Login Page
SUB showLogin
%>
<!-- #INCLUDE FILE="login.asp" -->
<%
Response.End
END SUB
FUNCTION fixQuotes( theString )
fixQuotes = REPLACE( theString, "'", "''" )
END FUNCTION
%>
Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
