ultrabot90 -
Joined: 19 Jan 2008 Posts: 4
|
Posted: Mon Jan 28, 2008 4:26 pm Post subject: Login system bugs |
|
|
I made a login system in ASP for a project site. I want that
1. After login, the user can see his username in a statement "Welcome, <username>"...
2. and the total number of successful logins made in the site in the statement, "total login count - __"
I decided to use a Session variable (UserName) for the username display, and an application variable for the counter display.
Somehow, nothing works. The session and application variables do not appear in the index.asp, no matter what I do.
I have just posted the asp code here, and also note that the site is based on table formatting.
INDEX.ASP (In the main page (index.asp), this is the code which I think should make it work (and I intend to put this in every page))
Code: |
<%
if Session(name)=" " then
'If not, normal page title
Response.Write("<title>Income Tax Department Of India - Home</title>")
else
Response.Write("<title>Income Tax Department Of India - "&UserName&"</title>")
uname=Request.Form("x")
Response.Write("<tr><td colspan=3 align=center><hr><p class=p3>Welcome "&UserName &"Total login count - "&ctr&"<a href=logout.asp>Logout</a></p></td></tr>")
end if
%>
|
LOGIN.ASP (a link from index leads to this page, contains the form for login/registration)
Code: |
<%
Content = "" 'Clear the Content string
QStr = Request.QueryString("login") 'Save the login querystring to QStr
if ucase(left(QStr,6))="CREATE" then
Title = "Register"
else
Title = "Login"
end if
'The code below saves the contents the table must have in the variable Content
'The content depends on what's in the QueryString
if QStr="passfailed" then
Content=Content &"<tr><td align=center colspan=3><p class=alert>/!\ Wrong password. Type carefully, and password is cAsE sEnSiTiVe! /!\ </p><a href=Javascript:history.go(-1)>[Back]</a></td></tr>"
elseif QStr="createpassfailed" then
Content=Content & "<tr><td align=center colspan=3><p class=alert>/!\ Wrong password /!\ </p><a href=Javascript:history.go(-1)>[Back]</a><a href=login.asp>[Cancel registration]</a></td></tr>"
elseif QStr="namefailed" then
Content=Content & "<tr><td align=center colspan=3><p class=alert>/!\ Invalid username. Type again carefully! ;) /!\ </p><a href=login.asp?login=createnew>[Click here to create an acount]</a><a href=Javascript:history.go(-1)>[Back]</a></td></tr>"
elseif QStr="createnamefailed" then
Content=Content & "<tr><td align=center colspan=3><p class=alert>/!\ Invalid username. (Tip - It may be already in use) /!\</p></td></tr><tr colspan=3><td align=center><a href=Javascript:history.go(-1)>[Back]</a><a href=login.asp>[Cancel]</a></td></tr>"
elseif QStr="creatednew" then
Content=Content & "<tr><td align=center colspan=3><p class=p3>Success! Your account has been created</p><A HREF=login.asp>Login</A></td></tr>"
elseif QStr="createnew" then
Content=Content&"<form name=frmCreate method=POST action=create.asp>"
Content=Content&"<tr><td align=center colspan=3><p class=p3>Username: </p><input type=text name=txtUsername></td></tr>"
Content=Content&"<tr><td align=center colspan=3><p class=p3>Password: </p><input type=password name=txtPassword></td></tr>"
Content=Content&"<tr><td align=center colspan=3><p class=p3>Full name: </p><input type=text name=txtFullname></td></tr>"
Content=Content&"<tr><td align=center colspan=3><input type=submit name=cmdSubmit value=Register></td></tr>"
Content=Content&"</form>"
else
Content=Content&"<form name=frmMain method=POST action=verify.asp>"
Content=Content&"<tr><td align=center colspan=3><p class=p3>Username: </p><input type=text name=txtUsername></td></tr>"
Content=Content&"<tr><td align=center colspan=3><p class=p3>Password: </p><input type=password name=txtPassword></td></tr>"
Content=Content&"<tr><td align=center colspan=3><input type=submit name=cmdSubmit value=Login></td></tr>"
Content=Content&"</form>"
Content=Content&"<tr><td align=center colspan=3><A HREF=login.asp?login=createnew>Click here to create an account</A></td></tr>"
end if
%>
</tr>
<%
Response.Write("<tr><td colspan=3 align=center><b><h5>" & Title & "</h5></b></td></tr>")
Response.Write(Content) ' Paste the contents in the table
%>
|
VERIFY.ASP (verifies, like the name implies, the username and password of the details of the login/registration, and returns a query string to login.asp)
Code: |
<%
'Save the entered username and password
Username = Request.Form("txtUsername")
Password = Request.Form("txtPassword")
'Build connection with database
set conn = server.CreateObject ("ADODB.Connection")
conn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & server.MapPath ("users.mdb")
set rs = server.CreateObject ("ADODB.Recordset")
'Open record with entered username
rs.Open "SELECT * FROM userlist where username='"& Username &"'", conn, 1
'If there is no record with the entered username, close connection
'and go back to login with QueryString
If rs.recordcount = 0 then
rs.close
conn.close
set rs=nothing
set conn=nothing
Response.Redirect("login.asp?login=namefailed")
end if
'If entered password is right, close connection and open mainpage
if rs("password") = Password then
Session("name")= rs("fullname")
rs.Close
conn.Close
set rs=nothing
set conn=nothing
Response.Redirect("index.asp")
Session("UserName")=Request.Form("txtUsername")
set ctrobj=Server.CreateObject("MSWC.PageCounter")
ctr=ctrobj.Hits
PgCount.PageHit()
'If entered password is wrong, close connection
'and return to login with QueryString
else
rs.Close
conn.Close
set rs=nothing
set conn=nothing
Response.Redirect("login.asp?login=passfailed")
end if
%>
|
Sorry if this post is too long for forum standards, I'll upload the asp files somewhere if that is the case. |
|