Login system bugs

 
Post new topic   Reply to topic    Aprelium Forum Index -> Classic ASP
View previous topic :: View next topic  
Author Message
ultrabot90
-


Joined: 19 Jan 2008
Posts: 4

PostPosted: Mon Jan 28, 2008 4:26 pm    Post subject: Login system bugs Reply with quote

I made a login system in ASP for a project site. I want that
1. After login, the user can see his username in a statement "Welcome, <username>"...
2. and the total number of successful logins made in the site in the statement, "total login count - __"

I decided to use a Session variable (UserName) for the username display, and an application variable for the counter display.
Somehow, nothing works. The session and application variables do not appear in the index.asp, no matter what I do.

I have just posted the asp code here, and also note that the site is based on table formatting.
INDEX.ASP (In the main page (index.asp), this is the code which I think should make it work (and I intend to put this in every page))
Code:

      <%
         if Session(name)=" " then
            'If not, normal page title
            Response.Write("<title>Income Tax Department Of India - Home</title>")
         else
            Response.Write("<title>Income Tax Department Of India - "&UserName&"</title>")
            uname=Request.Form("x")
            Response.Write("<tr><td colspan=3 align=center><hr><p class=p3>Welcome "&UserName&nbsp&"Total login count - "&ctr&"<a href=logout.asp>Logout</a></p></td></tr>")
      end if
      %>

LOGIN.ASP (a link from index leads to this page, contains the form for login/registration)
Code:

<%
            Content = ""            'Clear the Content string
            QStr = Request.QueryString("login")      'Save the login querystring to QStr

            if ucase(left(QStr,6))="CREATE" then
               Title = "Register"
            else
               Title = "Login"
            end if
   
            'The code below saves the contents the table must have in the variable Content
            'The content depends on what's in the QueryString
      
            if QStr="passfailed" then            
               Content=Content &"<tr><td align=center colspan=3><p class=alert>/!\ Wrong password. Type carefully, and password is cAsE sEnSiTiVe! /!\ </p><a href=Javascript:history.go(-1)>[Back]</a></td></tr>"
            elseif QStr="createpassfailed" then      
               Content=Content & "<tr><td align=center colspan=3><p class=alert>/!\ Wrong password /!\ </p><a href=Javascript:history.go(-1)>[Back]</a><a href=login.asp>[Cancel registration]</a></td></tr>"
            elseif QStr="namefailed" then
               Content=Content & "<tr><td align=center colspan=3><p class=alert>/!\ Invalid username. Type again carefully! ;) /!\ </p><a href=login.asp?login=createnew>[Click here to create an acount]</a><a href=Javascript:history.go(-1)>[Back]</a></td></tr>"
            elseif QStr="createnamefailed" then
               Content=Content & "<tr><td align=center colspan=3><p class=alert>/!\ Invalid username. (Tip - It may be already in use) /!\</p></td></tr><tr colspan=3><td align=center><a href=Javascript:history.go(-1)>[Back]</a><a href=login.asp>[Cancel]</a></td></tr>"
            elseif QStr="creatednew" then
               Content=Content & "<tr><td align=center colspan=3><p class=p3>Success! Your account has been created</p><A HREF=login.asp>Login</A></td></tr>"
            elseif QStr="createnew" then
               Content=Content&"<form name=frmCreate method=POST action=create.asp>"
               Content=Content&"<tr><td align=center colspan=3><p class=p3>Username: </p><input type=text name=txtUsername></td></tr>"
               Content=Content&"<tr><td align=center colspan=3><p class=p3>Password: </p><input type=password name=txtPassword></td></tr>"
               Content=Content&"<tr><td align=center colspan=3><p class=p3>Full name: </p><input type=text name=txtFullname></td></tr>"
               Content=Content&"<tr><td align=center colspan=3><input type=submit name=cmdSubmit value=Register></td></tr>"
               Content=Content&"</form>"
            else
               Content=Content&"<form name=frmMain method=POST action=verify.asp>"
               Content=Content&"<tr><td align=center colspan=3><p class=p3>Username: </p><input type=text name=txtUsername></td></tr>"
               Content=Content&"<tr><td align=center colspan=3><p class=p3>Password: </p><input type=password name=txtPassword></td></tr>"
               Content=Content&"<tr><td align=center colspan=3><input type=submit name=cmdSubmit value=Login></td></tr>"
               Content=Content&"</form>"
               Content=Content&"<tr><td align=center colspan=3><A HREF=login.asp?login=createnew>Click here to create an account</A></td></tr>"
            end if
         %>
      </tr>
         <%
            Response.Write("<tr><td colspan=3 align=center><b><h5>" & Title & "</h5></b></td></tr>")
            Response.Write(Content)    ' Paste the contents in the table
         %>

VERIFY.ASP (verifies, like the name implies, the username and password of the details of the login/registration, and returns a query string to login.asp)
Code:

         <%
            'Save the entered username and password
            Username = Request.Form("txtUsername")   
            Password = Request.Form("txtPassword")
   
            'Build connection with database
            set conn = server.CreateObject ("ADODB.Connection")
            conn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & server.MapPath ("users.mdb")
            set rs = server.CreateObject ("ADODB.Recordset")      
            'Open record with entered username
            rs.Open "SELECT * FROM userlist where username='"& Username &"'", conn, 1
   
            'If there is no record with the entered username, close connection
            'and go back to login with QueryString
            If rs.recordcount = 0 then
               rs.close
               conn.close
               set rs=nothing
               set conn=nothing
               Response.Redirect("login.asp?login=namefailed")
            end if
   
            'If entered password is right, close connection and open mainpage
            if rs("password") = Password then
               Session("name")= rs("fullname")
               rs.Close
               conn.Close
               set rs=nothing
               set conn=nothing
               Response.Redirect("index.asp")
               Session("UserName")=Request.Form("txtUsername")

               set ctrobj=Server.CreateObject("MSWC.PageCounter")
               ctr=ctrobj.Hits
               PgCount.PageHit()
            
            'If entered password is wrong, close connection
            'and return to login with QueryString
            else
               rs.Close
               conn.Close
               set rs=nothing
               set conn=nothing
               Response.Redirect("login.asp?login=passfailed")
            end if   
         %>

Sorry if this post is too long for forum standards, I'll upload the asp files somewhere if that is the case.
Back to top View user's profile Send private message
aprelium
-


Joined: 22 Mar 2002
Posts: 6800

PostPosted: Thu Jan 31, 2008 5:42 pm    Post subject: Re: Login system bugs Reply with quote

ultrabot90,

Are you sure your code is being executed? Is ASP support installed in Abyss Web Server as explained in http://www.aprelium.com/abyssws/asp.html ?

Have you tried adding some Response.Write() debugging statements to check the content of key variables in your code as well as your session?

Have you monitored the content of cookies generated by your page in your web browser?
_________________
Support Team
Aprelium - http://www.aprelium.com
Back to top View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> Classic ASP All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group