URGENT HELP!

From: Athmaus (c0llegeguy99@yahoo.com)
Date: 02/26/03 

From: "Athmaus" <c0llegeguy99@yahoo.com>
Date: Tue, 25 Feb 2003 19:05:15 -0800

I cant get this login script to work:

OK, below is my entire login script. The person needs to
input their first name, lastname, and password correctly
ebvfore they can go to next page. So far it doesnt do
that. And i dont think it is secure, meaning that as long
as the person knows a valid first name, last name, and
password, they can get in.

ANyone know of any fixes for this?

THANK YOU SOOOOOOOOOOOO MUCH!!!!!!!

<html>
<head>
<title>Login Page</title>
</head>

<body bgcolor="#FFFFFF" text="#000000">
<blockquote>
<p>
<%
Response.Expires = -1000 'Make sure the browser doesnt
cache this page
Response.Buffer = True 'enables our response.redirect to
work

Dim myconn, rs, SQL, last, first, serial
Set myconn = Server.CreateObject("ADODB.Connection")
myconn.Open "Provider=SQLOLEDB;Data
Source=XXXXX;UID=XXXXX;PWD=XXXXX;DATABASE=XXXXX"
Set rs = Server.CreateObject("ADODB.Recordset")
SQL = "SELECT * FROM Login"

'SQL = "SELECT fname, lname, serial FROM User Where
UserName = '" & UN & "'"

rs.Open SQl, myConn

last = "SELECT fname FROM Login"
first = "SELECT lname FROM Login"
serial = "SELECT serial FROM Login"

'set recordSet = Server.CreateObject("ADODB.Recordset")
'recordSet.Open "SELECT * FROM

If Request.Form("valuepassed") ="true" Then
CheckLoginForm
Else
ShowLoginForm
End If

Sub CheckLoginForm
'check if the value of the text field 'password' is
correct
If Request.Form("fname") = first AND Request.Form
("lname") = last AND Request.Form("password") = serial
Then
Session("BlnLoggedIn") = True
Response.Redirect "http://www.yahoo.com"
Else
Response.Write("Password, please try again.<br>")
ShowLoginForm
End If
End Sub

%>

<% Sub ShowLoginForm %>
</p>
</blockquote>
<!-- start the html login form -->
</p>
<form name="form" action="test.asp" method="post">
<input type="hidden" name="valuepassed" value="true">
<table width="344" border="0" cellspacing="0"
cellpadding="0" align="left">
<tr>
<td height="24"><font size="2" face="Verdana, Arial,
Helvetica, sans-serif">First Name:</font></td>
<td><input type="fname" id="fname"></td>
<td>&nbsp;</td>
</tr>
<tr>
<td><font size="2" face="Verdana, Arial, Helvetica, sans-
serif">Last Name:</font></td>
<td><input type="lname" id="lname"></td>
<td>&nbsp;</td>
</tr>
<tr>
<td width="88"><font size="2" face="Verdana, Arial,
Helvetica, sans-serif">Password: </font></td>
<td width="151">
<input type="password" name="password">
</td>
<td width="105">
<div align="center">
<input type=submit value="Login" name="submit">
</div>
</td>
</tr>
</table>
<div align="left"> </div>
</form>
<!-- end the html login form -->
</div>
<% End Sub %>
</body>
</html>

Relevant Pages

  • Re: Permission question - another one
    ... If I add an Sql Login it does add the TRAVAC\ in front of the names, ... seems to be users that were setup to use SQL Server Authentication. ... RAPTOR is the Server that has SQL Server running on it. ... > " I could think I am taking permissions away from someone, ...
    (microsoft.public.sqlserver.programming)
  • Re: Renamed Windows login not found in SQL Server 2000
    ... It's almost like SQL tuck some knowledge away in an area ... of memory that only gets released on Windows stop. ... > I am running SQL Server 2000 SP2 with Windows ... > login gets corrupted) I am unable to add the new login to ...
    (microsoft.public.sqlserver.security)
  • Re: SQL Server on XP Home Network
    ... The sa account is the system administrator "God" account witihin SQL ... This account is a SQL-Server login. ... You might be able to use Enterprise Manager to go in and create a new SQL ... Select the "SQL Server Authentication" ...
    (microsoft.public.sqlserver.setup)
  • RE: Getting Challenged when using SQL connection on .aspx page
    ... What would happen if i removed integrated security=sspi from the connection ... Just want the login token to be passed, ... Have webpage with following connection in the ... I have account to the database on the SQL server. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Logging in irrespective of database access
    ... My problem is that in the Login section of Enterprise Manger I have to ... like there used to be in SQL 6.5. ... What's the point in having the Database Access section if the System Admin ... SQL Server MVP ...
    (microsoft.public.sqlserver.server)