can someone help me fix this asp page?
This is supposed to be a basic logon verification page and everything works fine as long as a valid user name is entered. I can not seem to modify it so that it traps blank user names or usernames that are not in the user table. Ive tried all variations of if elseif endif etc. but can not get the right combination to make it work. Everything else works. If you put in a valid user name it will trap bad passwords/no passwords. But it MUST have a valid user name...
any help would be appreciated..
<%
'Save the entered username and password
'Username = Request.Form("txtUsername"
Password = Request.Form("txtPassword"
'Build connection with database
set conn = server.CreateObject ("ADODB.Connection"
conn.Open "Provider=MSDAORA;Data Source=Live;" &_
"User ID=xxx;Password=xxx;"
set rs = server.CreateObject ("ADODB.Recordset"
'Open recordset with selected username
sqlstring = "SELECT username, password, fullname FROM oms_owner.userlist where username='"& Username &"'"
set rs = conn.execute(sqlstring)
'If there is no record with the entered username, close connection
'and go back to login with QueryString
If rs.recordcount = 0 then
********************************************
rs.close
conn.close
set rs=nothing
set conn=nothing
Response.Redirect("login.asp?login=namefailed"
end if
****** here is where I though I had it covered***********
'If entered password is right, close connection and open mainpage
if rs("password" = Password then
Session("name" = rs("fullname"
rs.Close
conn.Close
set rs=nothing
set conn=nothing
Response.Redirect("default.asp"
'If entered password is wrong, close connection
'and return to login with QueryString
else
rs.Close
conn.Close
set rs=nothing
set conn=nothing
Response.Redirect("login.asp?login=passfailed"
end if
%>
This is supposed to be a basic logon verification page and everything works fine as long as a valid user name is entered. I can not seem to modify it so that it traps blank user names or usernames that are not in the user table. Ive tried all variations of if elseif endif etc. but can not get the right combination to make it work. Everything else works. If you put in a valid user name it will trap bad passwords/no passwords. But it MUST have a valid user name...
any help would be appreciated..
<%
'Save the entered username and password
'Username = Request.Form("txtUsername"
Password = Request.Form("txtPassword"
'Build connection with database
set conn = server.CreateObject ("ADODB.Connection"
conn.Open "Provider=MSDAORA;Data Source=Live;" &_
"User ID=xxx;Password=xxx;"
set rs = server.CreateObject ("ADODB.Recordset"
'Open recordset with selected username
sqlstring = "SELECT username, password, fullname FROM oms_owner.userlist where username='"& Username &"'"
set rs = conn.execute(sqlstring)
'If there is no record with the entered username, close connection
'and go back to login with QueryString
If rs.recordcount = 0 then
********************************************
rs.close
conn.close
set rs=nothing
set conn=nothing
Response.Redirect("login.asp?login=namefailed"
end if
****** here is where I though I had it covered***********
'If entered password is right, close connection and open mainpage
if rs("password"
= Password thenSession("name"
= rs("fullname"rs.Close
conn.Close
set rs=nothing
set conn=nothing
Response.Redirect("default.asp"
'If entered password is wrong, close connection
'and return to login with QueryString
else
rs.Close
conn.Close
set rs=nothing
set conn=nothing
Response.Redirect("login.asp?login=passfailed"
end if
%>