Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 Development Tools
 ASP.NET
 Login Session Verification

Author  Topic 

MarkGG
Yak Posting Veteran

53 Posts
Posted - 2005-07-27 : 09:22:11
Hi,

I am having some problems with login verification on this asp system I have here.

To begin here is the code for the login screen:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
	<title>Login</title>
</head>
<BODY bgcolor=#133F54 onLoad="document.login.user.focus()">
<body>
<%
Session("userN") = ""
Session("passW") = ""
%>

<font color = #CCFFFF>You Must Log In to Access/Update certain Features</font>

<form name = "login" action="checkLog.asp" method="post">

<table>
<tr>
<td>
<font color=#3399AA>User Name: <input type="text" name = "user" value = "" ONFOCUS="if (this.value==this.defaultValue) this.select()">
</td>
<td>
<font color=#3399AA>Password: <input type="password" name = "password" value = "" ONFOCUS="if (this.value==this.defaultValue) this.select()">
</font>
</td>
</tr>
<tr>
<td>
<br>
<input type = "submit" value = "Submit" name = "submit">
<input type="button" name = "main" value = "Home" onClick = "window.location = 'main_page.asp';">
</td>
</tr>

</table>
<br>
<br>

</form>



</body>
</html>


Next is the code for the page CheckLog:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
	<title>Untitled</title>
</head>

<input type="text" value="<%=request.form("user")%>">
<input type="text" value="<%=request.form("password")%>">

<body bg color=133f54>
<!--#include file= "loggedIn.ssi"-->
<%
'response.redirect "Index2.asp"
%>




</body>
</html>


(the input boxes are just to test that the strings were carrying over)

And finally the ssi I use to check the login:

<%
'This is used at the top of every search page that doesnt require Admin Access
user = Session("userN")
password = Session("passW")
if user = "" or password = "" then
	user = request.form("user")
	password = request.form("password")
end if

if user = "" or password = "" then
	response.redirect "login.asp"
end if
%>


<!--#include file="dbConnectAll.ssi" -->

<%
strSQL = "select * from logins"
rs.Open strSQL, adoCon
verified = 0
do until rs.eof
	if user = rs.fields("username") and password = rs.fields("password") then
		Session("userN") = user
		Session("passW") = password
		verified = 1
		rs.movenext
	else
		rs.movenext
	end if
loop

if verified = 0 then
	Session ("userN") = ""
	response.redirect "login.asp"
end if
%>


The problem seems to be that it isn't setting verified to 1(near end of code verify check) even though I am entering the right password and username and have check this many times. Every time I try to submit the verift loop doesn't work so the session ID is set to null and goes back to the login screen.

Thoughts?

jhermiz

3564 Posts
Posted - 2005-07-27 : 11:50:59
Im no asp guy more of an asp.net guy just because asp looks hideous :)...either case I would definately change this code. You dont need a loop for one, that is bad code, what happens when you have 4000 users in the system, do you plan to loop for each person and check the name and password?

Write one SQL SELECT, and please dont use SELECT *, the sql should be
"SELECT UserName, Password FROM Login WHERE UserName='" & theTextBoxUserName & "' AND Password= '" & theTextBoxPassword & "'"

If this returns a row you know your user is valid, if the rowset returns nothing then you display an error message. So change your code so that you get rid of that do while loop.

Jon


Keeping the web experience alive -- [url]http://www.web-impulse.com[/url]
Imperfection living for perfection -- [url]http://jhermiz.blogspot.com/[/url]
Go to Top of Page

MarkGG
Yak Posting Veteran

53 Posts
Posted - 2005-07-27 : 12:37:31
I will look into making the changes but since the system will only ever have 50 (at absolute maximum) users who require login it isn't something I have to watch for. I will try it now

-Mark
Go to Top of Page

jhermiz

3564 Posts
Posted - 2005-07-27 : 13:09:53
But still it is an ineffective solution, you dont need any looping at all.


Keeping the web experience alive -- [url]http://www.web-impulse.com[/url]
Imperfection living for perfection -- [url]http://jhermiz.blogspot.com/[/url]
Go to Top of Page

jhermiz

3564 Posts
Posted - 2005-07-27 : 13:14:13
Even if you used a loop why dont you break out of the loop after the user is found? In your code even if the user is found you keep looping (rs.movenext). So what is the point of continuing the loop and checking more users when you have found the user? Break the loop out...but again you don't need any of this...if you use that one sql statement you will either get a row or you wont.


Keeping the web experience alive -- [url]http://www.web-impulse.com[/url]
Imperfection living for perfection -- [url]http://jhermiz.blogspot.com/[/url]
Go to Top of Page

MarkGG
Yak Posting Veteran

53 Posts
Posted - 2005-07-29 : 13:49:13
Switching it around so it doesn't use the loop worked, thanks now for my new problem :)
Go to Top of Page

Kristen
Test

22859 Posts
Posted - 2005-07-29 : 14:34:46
MarkGG:

I've just spent 15 minutes researching your TOPIC_ID=53022 ["Refresh entire page (not just window)"] and when I came to post my findings I got "Post no longer exists" - have you deleted it?

Kristen
Go to Top of Page

MarkGG
Yak Posting Veteran

53 Posts
Posted - 2005-08-10 : 09:34:55
Haven't deleted it, but the problem is solved, thanks anyway :)
Go to Top of Page

Kristen
Test

22859 Posts
Posted - 2005-08-10 : 14:49:31
Glad to hear that!

http://www.sqlteam.com/forums/topic.asp?TOPIC_ID=53022

still comes up with no posts ... Ho!Hum!

Kristen
Go to Top of Page
   

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources

Articles

Forums

Blogs

Contact Us

About the Site