Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Loosing Username and password somewhere 1

Status
Not open for further replies.
northernbeaver

northernbeaver

Programmer
Jul 9, 2001
164
CA
I have two asp Pages, first one is pretty straight forward, it askes the user for username, password and a few Others with a submit button which is supposed to submit the form and pass the variables to the second asp page that is supposed to validate the data given by the user and depending upon if the username and password is good it redirects the user to the page required. I dont want to put the username and password into the querry string for security reasons. so I am using the request.form command to get the data but I cant get it to work. please check out the code and see what you think

BTW it just connect to an ODBC connection to a Access 2000 MDB.

Thanks

***First Pages Code****

<%

' =====================================================================
' Open a connection to the database if one is not already present
If IsObject(Session(sConnName)) Then
Set conn = Session(sConnName)
Else
Set conn = Server.CreateObject(&quot;ADODB.Connection&quot;)
conn.open sDSName,sUsrName,sUsrPassWord
Set Session(sConnName) = conn
End If
Set rs = Server.CreateObject(&quot;ADODB.Recordset&quot;)
Set rs2 = Server.CreateObject(&quot;ADODB.Recordset&quot;)

' =====================================================================
dim varProdId
varprodid = Request.querystring(&quot;prodid&quot;)

dim varSessionId
varSessionId = Session.SessionID

dim sdate
sdate = int(date())
sdate = replace(sdate,&quot;/&quot;,&quot;7&quot;)

dim sTime
sTime = FormatNumber(time())
sTime = replace(sTime,&quot;.&quot;,&quot;6&quot;)

dim sOrderNumber
'sOrderNumber = sdate & sTime

dim varprice
dim sysid

'dim sPageMode
'sPageMode = Request.querystring(&quot;pagemode&quot;)

dim sOrderid
Dim tblName
dim varLineitem
dim varInstalledin
dim varTotal
varTotal = 0

dim varGoPage
varGoPage = Request.QueryString(&quot;gopage&quot;)

dim validationstring
dim varUserid
varUserid = Request.QueryString(&quot;userid&quot;)

sql = &quot;SELECT orderid, ordate, orderNum,userID,status,ModDate,terminate, orSessionid FROM tblOrder &quot;
sql = sql & &quot; WHERE orSessionId = '&quot; & varSessionId & &quot;'&quot;
rs.Open sql, conn, adOpenStatic, adLockPessimistic
if not(rs.EOF or rs.BOF) then
rs.MoveFirst
rs.Fields(&quot;userid&quot;) = varUserid
rs.Fields(&quot;status&quot;) = &quot;ORDERED&quot;
rs.Update
sordernumber = rs(&quot;ordernum&quot;)
sorderid= rs(&quot;orderid&quot;)

else
sorderid = 0
sordernumber = 0
'error has occured
end if
rs.Close
%>
<html>

<head>
<meta name=&quot;GENERATOR&quot; content=&quot;Microsoft FrontPage 3.0&quot;>
<title>User Sign Up</title>
<script LANGUAGE=&quot;JavaScript&quot;>
<!--
function PageReDirect(target)
{
document.forms[0].action = target;
document.forms[0].submit();
}

//-->
</script>
</head>

<body bgcolor=&quot;#FFFFFF&quot; topmargin=&quot;0&quot; leftmargin=&quot;0&quot; text=&quot;#000000&quot; marginheight=&quot;0&quot;>
<%
'Response.Write &quot;Your SessionID is &quot; & Session.SessionID
'Response.Write sOrderNumber
'Response.Write spagemode

%>
<table border=&quot;1&quot; width=&quot;100%&quot;>
<form method=&quot;POST&quot;>
<tr><td align=&quot;center&quot; valign=&quot;Top&quot; width=&quot;75%&quot;colspan = &quot;2&quot;><img src=&quot;images/STGBeveled.gif&quot; alt=&quot;Synergenics New User Sign up Form&quot; align = &quot;center&quot;><br><br><font face=&quot;verdana&quot; size=&quot;5&quot; color=&quot;#0066CC&quot;>New User Sign Up Form</form></tr>
<tr><td align=&quot;Left&quot; valign=&quot;Top&quot; width=&quot;40%&quot;>Please Enter Your Name </td><td align=&quot;Left&quot; valign=&quot;Top&quot; width=&quot;25%&quot;><input type = &quot;Text&quot; Name=&quot;UserName&quot;tabindex=&quot;1&quot;> </td></tr>
<tr><td align=&quot;Left&quot; valign=&quot;Top&quot; width=&quot;50%&quot;>Please Enter Your Phone Number: Please note, This is the Number you will be contacted by.</td><td align=&quot;Left&quot; valign=&quot;Top&quot; width=&quot;25%&quot;> <input type = &quot;Text&quot; Name=&quot;phone&quot;tabindex=&quot;2&quot;> </td></tr>
<tr><td align=&quot;Left&quot; valign=&quot;Top&quot; width=&quot;50%&quot;>Please Enter the Desired <b>User Name:</b> This will be what you logon with. </td><td align=&quot;Left&quot; valign=&quot;Top&quot; width=&quot;25%&quot;>
<br>Here I am <input type = &quot;Text&quot; Name=&quot;usrAccountName&quot; tabindex = &quot;3&quot;> </td></tr>
<tr><td align=&quot;Left&quot; valign=&quot;Top&quot; width=&quot;50%&quot;>Please Enter Your Password</td><td width=&quot;50%&quot; valign=&quot;top&quot; align=&quot;left&quot; height=&quot;26&quot;><font face=&quot;Verdana&quot; size=&quot;2&quot;><br>here I am<input type =&quot;password&quot; name = &quot;usrPassword&quot; tabindex=&quot;4&quot; ></font></td>
<tr><td align=&quot;Left&quot; valign=&quot;Top&quot; width=&quot;50%&quot;>Please Enter Your Shipping Address: </td><td align=&quot;Left&quot; valign=&quot;Top&quot; width=&quot;25%&quot;><TEXTAREA NAME=&quot;ship&quot; ROWS=5 COLS=35 tabindex=&quot;5&quot;></textarea><BR> </td></tr>
<tr><td align=&quot;Left&quot; valign=&quot;Top&quot; width=&quot;50%&quot;></td><td align=&quot;Right&quot; valign=&quot;Top&quot; width=&quot;100%&quot;colspan = &quot;2&quot;>
<%

Response.Write &quot;<input type = &quot;&quot;button&quot;&quot; value = &quot; & chr(34) & &quot;Create Account&quot; & chr(34) & &quot; name = &quot; & chr(34) & &quot;subbutton&quot; & chr(34) & &quot; onclick =&quot;& chr(34) &&quot;PageReDirect('adduser.asp?gopage=&quot;& vargopage &&quot;')&quot; & chr(34) & &quot;>&quot;

%>
<input type=&quot;Reset&quot; value=&quot;Clear Changes&quot; name=&quot;B3&quot;>
</table>
<%

Response.Write &quot;<input type=&quot;&quot;hidden&quot;&quot; name=&quot;&quot;gotopage&quot;&quot; value=&quot; & chr(34) & varGoPage & chr(34) & &quot;>&quot;
if request.querystring(&quot;MSG&quot;)<>&quot;&quot; then
response.write &quot;<HR size=&quot;&quot;1&quot;&quot; color=&quot;&quot;#c0c0c0&quot;&quot;>&quot;
sMsg = request.querystring(&quot;MSG&quot;)
sMsg = replace(sMsg,&quot;%20&quot;,&quot; &quot;)
response.write &quot;<font face=&quot;&quot;verdana&quot;&quot; size=&quot;&quot;4&quot;&quot; color=&quot;&quot;red&quot;&quot;>&quot; & sMsg & &quot;</font>&quot;
response.write &quot;<hr size=&quot;&quot;1&quot;&quot; color=&quot;&quot;#c0c0c0&quot;&quot;>&quot;

end if
%>

</form>
</td>
</tr>
</table>
</body>
</html>
***END FIRST PAGE

*** START SECOND PAGE****
<%

' =====================================================================
' Open a connection to the database if one is not already present
If IsObject(Session(sConnName)) Then
Set conn = Session(sConnName)
Else
Set conn = Server.CreateObject(&quot;ADODB.Connection&quot;)
conn.open sDSName,sUsrName,sUsrPassWord
Set Session(sConnName) = conn
End If
Set rs = Server.CreateObject(&quot;ADODB.Recordset&quot;)
Set rs2 = Server.CreateObject(&quot;ADODB.Recordset&quot;)

' =====================================================================
dim varProdId
varprodid = Request.querystring(&quot;prodid&quot;)

dim varSessionId
varSessionId = Session.SessionID

dim sdate
sdate = int(date())
sdate = replace(sdate,&quot;/&quot;,&quot;7&quot;)

dim sTime
sTime = FormatNumber(time())
sTime = replace(sTime,&quot;.&quot;,&quot;6&quot;)

dim sOrderNumber
'sOrderNumber = sdate & sTime

dim varprice
dim sysid

'dim sPageMode
'sPageMode = Request.querystring(&quot;pagemode&quot;)
dim varUrl
dim sOrderid
Dim tblName
dim varLineitem
dim varInstalledin
dim varTotal
varTotal = 0

dim varGoPage
varGoPage = Request.QueryString(&quot;gopage&quot;)

dim validationstring

dim varname
varname = Request.Form(&quot;usrAccountName&quot;)

dim varpass
varpass = Request.Form(&quot;usrPassword&quot;)

'dim varphone
'varphone = Request.Form(&quot;phone&quot;)

'dim varship
'varship = Request.Form(&quot;ship&quot;)

'dim varusrName
'varusrName = Request.Form(&quot;UserName&quot;)

dim sErr
sErr = &quot;&quot;
Response.Write &quot;vargopage&quot; & vargopage


if request.form(&quot;usrAccountName&quot;)<>&quot;&quot; or request.form(&quot;usrPassword&quot;)<> &quot;&quot; then

else

if Request.Form(&quot;usrAccountName&quot;)= &quot;&quot; then
serr = &quot;Your username is blank pass&quot;& Request.Form(&quot;usrPassword&quot;)
if Request.Form(&quot;usrPassword&quot;) = &quot;&quot; then
serr = serr + &quot; Your password is blank&quot;
end if
else
if Request.Form(&quot;usrAccountname&quot;) > &quot;&quot; and Request.Form(&quot;usrPassword&quot;) = &quot;&quot; then
serr = &quot;just your password is blank &quot;
end if
end if

'sErr = &quot;Either the user name or password, or both, were not entered. Please try again.&quot;
response.redirect &quot;newuser.asp?gopage=&quot; & vargopage &&quot;&MSG=&quot; & sErr
end if

sql = &quot;SELECT UserId, UserName, usrPassword, Login, Terminate, Phone, ship FROM tblUser&quot;
sql = sql & &quot; WHERE Login = '&quot; & varname & &quot;'AND terminate = false&quot;
rs.Open sql, conn, adOpenStatic, adLockPessimistic
on error resume next
rs.movefirst
rs.RecordCount
'Response.Write rs.RecordCount & &quot;<br><br>&quot;
'Response.Write sql

If rs.RecordCount <> 0 Then
sErr = &quot;That UserName is already in use. Please select another user name&quot;' Username and Password already exsists.

varUrl = &quot;newuser.asp?gopage=&quot;& vargopage &&quot;&MSG=&quot;& sERR
Response.Redirect(varUrl)
Else
rs.AddNew
rs.Fields(&quot;UserName&quot;) = Request.Form(&quot;usrAccountName&quot;)
rs.Fields(&quot;login&quot;) = varname
rs.Fields(&quot;usrPassword&quot;) = Request.Form(&quot;usrPassword&quot;)
rs.Fields(&quot;ship&quot;) = varship
rs.Fields(&quot;phone&quot;) = varphone
rs.Update
rs.Close

varUrl = &quot;usrlogon.asp?gopage=&quot;& vargopage &&quot;&MSG=&quot;&chr(34)&&quot;Please Logon with your new User Name and password to verify it was typed in correctly &quot;& chr(34) &&quot;name&quot;& varname & &quot; pass&quot; & Request.Form(&quot;usrPassword&quot;)
Response.Redirect(varUrl)
End if
rs.Close
%>
<html>

<head>
<meta name=&quot;GENERATOR&quot; content=&quot;Microsoft FrontPage 3.0&quot;>
<title>The User Account has Been Made</title>
<script LANGUAGE=&quot;JavaScript&quot;>
<!--
function PageReDirect(target)
{
document.forms[0].action = target;
document.forms[0].submit();
}

//-->
</script>
</head>

<body background=&quot;images\homepc2.jpg&quot; bgcolor=&quot;#FFFFFF&quot; topmargin=&quot;0&quot; leftmargin=&quot;0&quot; text=&quot;#000000&quot; marginheight=&quot;0&quot;>
<%
'Response.Write &quot;Your SessionID is &quot; & Session.SessionID
'Response.Write sOrderNumber
'Response.Write spagemode

%>
<table border=&quot;1&quot; width=&quot;75%&quot;>
<form method=&quot;post&quot; action=&quot;_vti_bin/shtml.dll/UsrLogon.asp&quot; webbot-action=&quot;--WEBBOT-SELF--&quot; id=form1 name=form1>


<%
If len(sErr) = 0 then
Response.Write &quot;<tr><td align=&quot;&quot;Left&quot;&quot; valign=&quot;&quot;Top&quot;&quot; width=&quot;&quot;30%&quot;&quot;>The Following account has been made:<br><br>&quot;
Response.Write &quot;Username: &quot; & varUsrName & &quot;<br><br>&quot;
Response.Write &quot;Phone Number: &quot; &varphone & &quot;<br><br>&quot;
Response.Write &quot;Shiping Address&quot; & varship & &quot;<br><br>&quot;
Response.Write &quot;Please make sure to write this information down as well as your password.<br><br>&quot;
Select Case varGoPage
Case &quot;orderconfirm&quot;
Response.Write &quot;</td></tr><tr><td align=&quot;&quot;Left&quot;&quot; valign=&quot;&quot;Top&quot;&quot; width=&quot;&quot;10%&quot;&quot;><input type = &quot;&quot;button&quot;&quot; value=&quot;&quot;Continue&quot;&quot; name=&quot;&quot;DetailsButton&quot;&quot; onclick =&quot;&quot;PageReDirect('orderconfirm.asp?userid=&quot;& varUsrName & &quot;')&quot;&quot;&quot;
Case &quot;view&quot;
end select
'Response.Write &quot;error:&quot; & sErr
Else
Response.Write sErr
end if
%>

</form>
</td>
</tr>
</table>
</body>
</html>
 
Sort by date Sort by votes
You have 2 </form> tags
Remove the first after New User Sign Up Form in the code below


<form method=&quot;POST&quot;>
<tr><td align=&quot;center&quot; valign=&quot;Top&quot; width=&quot;75%&quot;colspan = &quot;2&quot;><img src=&quot;images/STGBeveled.gif&quot; alt=&quot;Synergenics New User Sign up Form&quot; align = &quot;center&quot;><br><br><font face=&quot;verdana&quot; size=&quot;5&quot; color=&quot;#0066CC&quot;>New User Sign Up Form</form>
 
Upvote 0 Downvote
Also it appears the first (login) page has no form action set to tell it to go to the next page.

On a side note, I think the only was you can pass QueryString AND Form vars at the same time is to add the QS vars to the form action. codestorm
Fire bad. Tree pretty. - Buffy
Hey, I'm operating on a limited mental budget here.
<insert witticism here>
 
Upvote 0 Downvote
Best advice, dump the javascript command that sends it to the next page, and simply add the URL into the action tag of the form. Then it should work for you.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

penguinspeaks
  • Locked
  • Question
Parse a database field that is comma delimited and input the results into another table
Replies
0
Views
369
penguinspeaks
penguinspeaks
leifoet
  • Locked
  • Question
First execute an input command and only then proceed with displaying the next record of the table
Replies
0
Views
336
leifoet
leifoet
JScannell
  • Locked
  • Question
Border issue with Google Chrome on an Android phone
Replies
0
Views
383
JScannell
JScannell
Swi
  • Locked
  • Question
JQUERY AJAX POST and how to receive data via Classic ASP
Replies
0
Views
568
Swi
Swi
GriffMG
  • Locked
  • Question
Classic ASP - Comm object sometimes doesn't return data and I have to requery
Replies
1
Views
195
GriffMG
GriffMG

Part and Inventory Search

Sponsor

Back
Top