I have inherited an .asp web site that has a section that is password protected. The login info (and other data) are located in a password-protected Access database. The table that holds the login info has the following fields:
uname, pwd, lastlog, fname,lname,empid,level, active.
The login works perfectly,and I can access the database with its' password but I need to change the login user name (uname)and password(pwd)The problem is this: If I change any of the above listed fields, the login fails.
The relevant code is as follows:
login page:
if session("loggedin") = true then
response.Redirect("/aom/admin/logged/index.asp")
end if
if request("logout") = "true" then
session("loggedin") = false
response.Redirect("/aom/index.asp")
end if
if request("uname") <> "" then
strsql = "select uname, fname, lname, empid from aomadmin where uname='" & request("uname") & "' and pwd='" & request("pwd") & "' and active=true"
set objrs = server.CreateObject("adodb.recordset")
objrs.open strsql, strconn
if objrs.eof and objrs.bof then
strr = "login failed. please retry"
lognewsession = false
objrs.close
set objrs = nothing
else
session("username") = objrs("fname") & " " & objrs("lname")
session("empid") = objrs("empid")
session("loggedin") = true
objrs.close
response.Redirect("/aom/admin/logged/index.asp")
end if
end if
%>
The "success-redirect" page is:
if session("sessionlogged") <> true then
strsql = "update aomadmin set lastlog='" & now() & "' where empid='" & session("empid") & "'"
set objrs = server.CreateObject("adodb.recordset")
objrs.open strsql, strconn
set objrs=nothing
session("sessionlogged") = true
end if
if request("logout")="true" then
session("loggedin") = false
session.Contents.RemoveAll()
session("sessionlogged") = false
response.Redirect("/aom/admin/index.asp?logout=true")
end if
The answer is probably obvious, but I am not understanding why I can't make any change to any of the fields. I believe it hassomething to do with the empid. Through my tests, I found that the database password is somehow related to the empid (in fact ,the empid is included in the database password) If i remove the password completely, it fails and if I change both the number in the empid field(which is a primary key) and the number in the database password, it fails. It seems that no comb works. Any help would be GREATLY appreciated!
Thanks!
uname, pwd, lastlog, fname,lname,empid,level, active.
The login works perfectly,and I can access the database with its' password but I need to change the login user name (uname)and password(pwd)The problem is this: If I change any of the above listed fields, the login fails.
The relevant code is as follows:
login page:
if session("loggedin") = true then
response.Redirect("/aom/admin/logged/index.asp")
end if
if request("logout") = "true" then
session("loggedin") = false
response.Redirect("/aom/index.asp")
end if
if request("uname") <> "" then
strsql = "select uname, fname, lname, empid from aomadmin where uname='" & request("uname") & "' and pwd='" & request("pwd") & "' and active=true"
set objrs = server.CreateObject("adodb.recordset")
objrs.open strsql, strconn
if objrs.eof and objrs.bof then
strr = "login failed. please retry"
lognewsession = false
objrs.close
set objrs = nothing
else
session("username") = objrs("fname") & " " & objrs("lname")
session("empid") = objrs("empid")
session("loggedin") = true
objrs.close
response.Redirect("/aom/admin/logged/index.asp")
end if
end if
%>
The "success-redirect" page is:
if session("sessionlogged") <> true then
strsql = "update aomadmin set lastlog='" & now() & "' where empid='" & session("empid") & "'"
set objrs = server.CreateObject("adodb.recordset")
objrs.open strsql, strconn
set objrs=nothing
session("sessionlogged") = true
end if
if request("logout")="true" then
session("loggedin") = false
session.Contents.RemoveAll()
session("sessionlogged") = false
response.Redirect("/aom/admin/index.asp?logout=true")
end if
The answer is probably obvious, but I am not understanding why I can't make any change to any of the fields. I believe it hassomething to do with the empid. Through my tests, I found that the database password is somehow related to the empid (in fact ,the empid is included in the database password) If i remove the password completely, it fails and if I change both the number in the empid field(which is a primary key) and the number in the database password, it fails. It seems that no comb works. Any help would be GREATLY appreciated!
Thanks!
