SitePoint Sponsor

User Tag List

Results 1 to 20 of 20
  1. #1
    SitePoint Enthusiast chillz88's Avatar
    Join Date
    Sep 2004
    Location
    S'pore
    Posts
    41
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    ASP security login using cookies ...

    My login_process.asp ...

    <%
    Dim L_ID, L_Pass, conn, rs
    L_ID = Request.Form("member_id")
    L_Pass = Request.Form("member_pass")

    set conn=Server.CreateObject("ADODB.Connection")
    conn.Provider="Microsoft.Jet.OLEDB.4.0"
    conn.Open(Server.Mappath("Registration.mdb"))
    set rs=Server.CreateObject("ADODB.Recordset")

    rs.open "SELECT * from registration WHERE mem_id='"& L_ID & "' AND mem_pass='" & L_Pass & "'", conn

    if rs.EOF then
    Response.Cookies("LoginError")= "Wrong Member ID or Password"
    Response.Redirect("Login_Fail.asp")
    else
    Response.Cookies("login") = Request.Form("L_ID")
    Response.Redirect("Login_Success.asp")
    end if

    conn.Close
    %>


    I place this at the top of every page so that only those logged in can view the page ...

    <%
    if Request.Cookies("mem_id") <> "TRUE" then
    Response.Redirect ("Default.asp")
    end if
    %>


    CONCLUSION : IT'S NOT WORKING ... SOMEONE CAN HELP ???

  2. #2
    SitePoint Enthusiast
    Join Date
    Oct 2002
    Posts
    98
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Where is Cookies("mem_id") ??? where did you set that cookie?
    I noticed you set the Response.Cookies("login"), but I don't see it for mem_id .
    PM your type-in traffic domain names for sale!

  3. #3
    SitePoint Member
    Join Date
    Sep 2004
    Location
    BC
    Posts
    6
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    this cookie isn't defined anywhere:
    Request.Cookies("mem_id") <> "TRUE"

    Only value you've set in the cookie is:
    Response.Cookies("login") = Request.Form("L_ID")

    Try:
    Request.Cookies("login") <> "TRUE"

  4. #4
    SitePoint Enthusiast chillz88's Avatar
    Join Date
    Sep 2004
    Location
    S'pore
    Posts
    41
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    mem_id is from database ... where to define it ???

  5. #5
    SitePoint Enthusiast chillz88's Avatar
    Join Date
    Sep 2004
    Location
    S'pore
    Posts
    41
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    hey i got an error .. i type in

    <%
    Request.Cookies("login") <> "TRUE" then
    Response.Redirect ("Default.asp")
    end if
    %>

    Error Type:
    Microsoft VBScript compilation (0x800A0401)
    Expected end of statement
    /aDiBoY-UMS/Asp/Login_Success.asp, line 2, column 35
    Request.Cookies("login") <> "TRUE" then

  6. #6
    SitePoint Enthusiast chillz88's Avatar
    Join Date
    Sep 2004
    Location
    S'pore
    Posts
    41
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sorry typo ..

    <%
    IF Request.Cookies("Login") <> "TRUE" then
    Response.Redirect ("Default.asp")
    end if
    %>
    but i cannot proceed to Login_Success.asp .. it bring me back to Default.asp .. somewhere is not right ..

  7. #7
    Afrika
    Join Date
    Jul 2004
    Location
    Nigeria
    Posts
    1,737
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    why dont you try putting
    <%
    IF Request.Cookies("Login") = "TRUE" then
    response.redirect("login_success.asp")
    else Response.Redirect ("Default.asp")
    end if
    %>

  8. #8
    SitePoint Enthusiast chillz88's Avatar
    Join Date
    Sep 2004
    Location
    S'pore
    Posts
    41
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i will try ... gimme a few mins ... =)

  9. #9
    SitePoint Enthusiast chillz88's Avatar
    Join Date
    Sep 2004
    Location
    S'pore
    Posts
    41
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I've tried this ..

    <%
    If Request.Cookies("Login") = "TRUE" Then
    Response.Redirect("Login_Success.asp")
    Else
    Response.Redirect ("Default.asp")
    end if
    %>

    But it bring me back to default.asp asking me for my username and password again ..

  10. #10
    SitePoint Enthusiast chillz88's Avatar
    Join Date
    Sep 2004
    Location
    S'pore
    Posts
    41
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    this is my Login_Process.asp

    <%
    Dim L_ID, L_Pass, conn, rs
    L_ID = Request.Form("member_id")
    L_Pass = Request.Form("member_pass")

    set conn=Server.CreateObject("ADODB.Connection")
    conn.Provider="Microsoft.Jet.OLEDB.4.0"
    conn.Open(Server.Mappath("Registration.mdb"))
    set rs=Server.CreateObject("ADODB.Recordset")

    rs.open "SELECT * from registration WHERE mem_id='"& L_ID & "' AND mem_pass='" & L_Pass & "'", conn

    if rs.EOF then
    Response.Redirect("Login_Fail.asp")
    else
    Response.Cookies("Login") = Request.Form("L_ID")
    Response.Redirect("Login_Success.asp")
    end if

    conn.Close
    %>

  11. #11
    Learning... tahirjadoon's Avatar
    Join Date
    Jan 2003
    Posts
    775
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    do this first:

    Response.Write(Request.Cookies("login"))

    This will display the value in this Cookie, check if it upper case or lower case "true". and then check for that or use UCase()/LCase() functions to make both sides of the if condition same.
    The beauty of life is not dependent on how happy you are,
    but on how happy others can be because of you...

  12. #12
    Learning... tahirjadoon's Avatar
    Join Date
    Jan 2003
    Posts
    775
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    sorry, you are storing L_Id in this cookie, and you are checking it against "TRUE" string.

    You have the following:

    if rs.EOF then
    Response.Cookies("LoginError")= "Wrong Member ID or Password"
    Response.Redirect("Login_Fail.asp")
    else
    Response.Cookies("login") = Request.Form("L_ID")
    Response.Redirect("Login_Success.asp")
    end if


    from above code if first part executes then login cookie is blank or it is not there and if second part ececutes then loginError cookie is blank or not there.

    Instead of checking against "TRUE" either check that your cookie is not blank or check it like

    dim blnLogin = (Request.Cookies("Login") <> '')

    and then

    if(blnLogin)
    go to login ok page
    else
    go to login no ok page
    The beauty of life is not dependent on how happy you are,
    but on how happy others can be because of you...

  13. #13
    SitePoint Enthusiast chillz88's Avatar
    Join Date
    Sep 2004
    Location
    S'pore
    Posts
    41
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    hmm ...

    <%
    Dim blnLogin

    If("blnLogin") = Request.Cookies("Login") <> "" Then
    Response.Redirect("Login_Success.asp")
    Else
    Response.Redirect ("Default.asp")
    end if
    %>

    doesn't work .. =(

  14. #14
    Learning... tahirjadoon's Avatar
    Join Date
    Jan 2003
    Posts
    775
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    this is wrong syntex:

    If("blnLogin") = Request.Cookies("Login") <> "" Then

    as above i have 2 rows

    dim blnLogin = (Request.Cookies("Login") <> "")

    and then check

    if(blnLogin)
    The beauty of life is not dependent on how happy you are,
    but on how happy others can be because of you...

  15. #15
    Original Gangster silver trophy Thing's Avatar
    Join Date
    Oct 2000
    Location
    Philadelphia, PA
    Posts
    4,708
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Just do this:

    Login script:
    Code:
    <%
    Dim L_ID, L_Pass, conn, rs
    L_ID = REPLACE(Request.Form("member_id"), "'", "''")
    L_Pass = REPLACE(Request.Form("member_pass"), "'", "''")
     
    set conn=Server.CreateObject("ADODB.Connection")
    conn.Provider="Microsoft.Jet.OLEDB.4.0"
    conn.Open(Server.Mappath("Registration.mdb"))
    set rs=Server.CreateObject("ADODB.Recordset")
     
    rs.open "SELECT * from registration WHERE mem_id='"& L_ID & "' AND mem_pass='" & L_Pass & "'", conn
     
    if rs.EOF then
    Response.Cookies("LoginError")= "Wrong Member ID or Password"
    Response.Redirect("Login_Fail.asp")
    else 
    Response.Cookies("mem_id") = rs("mem_id")
    Response.Redirect("Login_Success.asp")
    end if
     
    conn.Close
    %>
     
    
    Top of every page:
    Code:
    <%
    if Request.Cookies("mem_id") = "" OR IsNull(Request.Cookies("mem_id")) = True then
    Response.Redirect ("Default.asp")
    end if
    %>
    Should work just fine. Notice I used REPLACE on your login ID and password variables to handle SQL Injection.

  16. #16
    SitePoint Enthusiast chillz88's Avatar
    Join Date
    Sep 2004
    Location
    S'pore
    Posts
    41
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    got error

    Error Type:
    Microsoft VBScript compilation (0x800A0401)
    Expected end of statement
    /aDiBoY-UMS/Asp/Login_Success.asp, line 2, column 13
    dim blnLogin = (Request.Cookies("Login") <> "")

    dim is use to declare isn't it ? cannot have = sign there ??

    my code ..

    <%
    dim blnLogin = (Request.Cookies("Login") <> "")
    if blnLogin then
    Response.Redirect("Login_Success.asp")
    Else
    Response.Redirect("Default.asp")
    End If
    %>

  17. #17
    SitePoint Enthusiast chillz88's Avatar
    Join Date
    Sep 2004
    Location
    S'pore
    Posts
    41
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey Mongoloid,
    Please explain this sentence to me please =)
    Why is the word REPLACE there ??

    L_ID = REPLACE(Request.Form("member_id"), "'", "''")
    L_Pass = REPLACE(Request.Form("member_pass"), "'", "''")

  18. #18
    SitePoint Enthusiast chillz88's Avatar
    Join Date
    Sep 2004
    Location
    S'pore
    Posts
    41
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    <%
    if Request.Cookies("mem_id") = "" OR IsNull(Request.Cookies("mem_id")) = True then
    Response.Redirect ("Default.asp")
    end if
    %>

    The code above is suppose to redirect me to Default.asp if user had not login. But when I type in http://localhost/Asp/Home.asp without logging in, it didn't redirect me back to Default.asp where i have to login first...

  19. #19
    Learning... tahirjadoon's Avatar
    Join Date
    Jan 2003
    Posts
    775
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Replace is used to replace one set of characters with some other. In above case if there is one ' in the string it will be replaced with two ''.

    Also if you are getting an error with

    dim blnLogin = (Request.Cookies("Login") <> "")

    use it as (i use javascript and have tried to translate that here, apperantely i think this is not working in vbscript) then

    dim blnLogin

    blnLogin = (Request.Cookies("Login") <> "")

    You should use Mongoloid code as you have to just copy and paste it and it should work for you without any problem.
    The beauty of life is not dependent on how happy you are,
    but on how happy others can be because of you...

  20. #20
    SitePoint Enthusiast chillz88's Avatar
    Join Date
    Sep 2004
    Location
    S'pore
    Posts
    41
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey it works! Sorry mate cos I didn't clear my cookies. =) Thanks for your help. But I do need explaination on this line

    L_ID = REPLACE(Request.Form("member_id"), "'", "''")
    L_Pass = REPLACE(Request.Form("member_pass"), "'", "''")

    Thanks!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •