CSharpGuru
asked on
New ASP login problems
I need to change this login, it's just flat out terrible. It won't let me login site wide. It just authenticates the user to access one part of the site and I just want it to last for everything site wide.
In Login.php
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request.QueryString)
MM_valUsername=CStr(Request.Form("userName"))
If MM_valUsername <> "" Then
MM_fldUserAuthorization=""
MM_redirectLoginSuccess="welcome.asp"
MM_redirectLoginFailed="login.asp?valid=1"
MM_flag="ADODB.Recordset"
set MM_rsUser = Server.CreateObject(MM_flag)
MM_rsUser.ActiveConnection = MM_connBastech_STRING
MM_rsUser.Source = "SELECT users_email, users_password"
If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization
MM_rsUser.Source = MM_rsUser.Source & " FROM bastechc.users WHERE users_email='" & Replace(MM_valUsername,"'","''") &"' AND users_password='" & Replace(Request.Form("password"),"'","''") & "'"
MM_rsUser.CursorType = 0
MM_rsUser.CursorLocation = 2
MM_rsUser.LockType = 3
MM_rsUser.Open
If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
' username and password match - this is a valid user
Session("MM_Username") = MM_valUsername
If (MM_fldUserAuthorization <> "") Then
Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
Else
Session("MM_UserAuthorization") = ""
End If
if CStr(Request.QueryString("accessdenied")) <> "" And false Then
MM_redirectLoginSuccess = Request.QueryString("accessdenied")
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginSuccess)
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginFailed)
End If
%>
Authentication Script stored in each page (which after you access that page you only for some reason can access that authentication restricted page then login again)
<%
' *** Restrict Access To Page: Grant or deny access to this page
MM_authorizedUsers=""
MM_authFailedURL="login.asp"
MM_grantAccess=false
If Session("MM_Username") <> "" Then
If (true Or CStr(Session("MM_UserAuthorization"))="") Or _
(InStr(1,MM_authorizedUsers,Session("MM_UserAuthorization"))>=1) Then
MM_grantAccess = true
End If
End If
If Not MM_grantAccess Then
MM_qsChar = "?"
If (InStr(1,MM_authFailedURL,"?") >= 1) Then MM_qsChar = "&"
MM_referrer = Request.ServerVariables("URL")
if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?" & Request.QueryString()
MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" & Server.URLEncode(MM_referrer)
Response.Redirect(MM_authFailedURL)
End If
%>
ASKER
thank you so much. This looks great, but how would I map it to my companies database? Yours runs off your database. Below is the login script currently.
<!--#include file="../Connections/connBt.asp" -->
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request.QueryString)
MM_valUsername=CStr(Request.Form("userName"))
If MM_valUsername <> "" Then
MM_fldUserAuthorization=""
MM_redirectLoginSuccess="welcome.asp"
MM_redirectLoginFailed="login.asp?valid=1"
MM_flag="ADODB.Recordset"
set MM_rsUser = Server.CreateObject(MM_flag)
MM_rsUser.ActiveConnection = MM_connBt_STRING
MM_rsUser.Source = "SELECT users_email, users_password"
If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization
MM_rsUser.Source = MM_rsUser.Source & " FROM bt.users WHERE users_email='" & Replace(MM_valUsername,"'","''") &"' AND users_password='" & Replace(Request.Form("password"),"'","''") & "'"
MM_rsUser.CursorType = 0
MM_rsUser.CursorLocation = 2
MM_rsUser.LockType = 3
MM_rsUser.Open
If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
' username and password match - this is a valid user
Session("MM_Username") = MM_valUsername
If (MM_fldUserAuthorization <> "") Then
Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
Else
Session("MM_UserAuthorization") = ""
End If
if CStr(Request.QueryString("accessdenied")) <> "" And false Then
MM_redirectLoginSuccess = Request.QueryString("accessdenied")
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginSuccess)
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginFailed)
End If
%>
CSharpGuru:
Send me over a demo of your companies database.
With at least 3 dummy users in it.
I will implement the database to work with my Validation system.
Carrzkiss
Send me over a demo of your companies database.
With at least 3 dummy users in it.
I will implement the database to work with my Validation system.
Carrzkiss
ASKER
Here are the columns and their details if that helps. I will have to contact the owner of my company to get more if you need it. Thanks.
COLUMNS:
users_ID (int identitycol), users_firstName (nvarchar(50)), users_lastName (nvarchar(50)), users_jobTitle (nvarchar(50)), users_company (nvarchar(50)), users_address1 (nvarchar(50)), users_address2 (nvarchar(50)), users_city (nvarchar(50)), users_state (nvarchar(50)), users_zip (nvarchar(50)), users_country (nvarchar(MAX)), users_phone (nvarchar(50)), users_fax (nvarchar(50)), users_email (nvarchar(75)), users_comments (nvarchar(MAX)), users_challengeQuestion (nvarchar(MAX)), users_challengeAnswer (nvarchar(MAX)), users_password (nvarchar(50)), users_lastUpdate (datetime), users_ipAddress (nvarchar(50))
COLUMNS:
users_ID (int identitycol), users_firstName (nvarchar(50)), users_lastName (nvarchar(50)), users_jobTitle (nvarchar(50)), users_company (nvarchar(50)), users_address1 (nvarchar(50)), users_address2 (nvarchar(50)), users_city (nvarchar(50)), users_state (nvarchar(50)), users_zip (nvarchar(50)), users_country (nvarchar(MAX)), users_phone (nvarchar(50)), users_fax (nvarchar(50)), users_email (nvarchar(75)), users_comments (nvarchar(MAX)), users_challengeQuestion (nvarchar(MAX)), users_challengeAnswer (nvarchar(MAX)), users_password (nvarchar(50)), users_lastUpdate (datetime), users_ipAddress (nvarchar(50))
I see that there is no [Username].
Are you using the [Users_Email] as the [Username]?
Are you using the [Users_Email] as the [Username]?
ASKER
yes I'm sorry I didn't make that clear.
OK. No problem.
I will make you up a demo here in a few, I have 2 others here on EE that I am helping as well.
So I will add yours into the bunch and have you something within the next hour or so.
I will make you up a demo here in a few, I have 2 others here on EE that I am helping as well.
So I will add yours into the bunch and have you something within the next hour or so.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks :) I'm testing it now. I will try it and then accept it as a solution. Thank you so much for all your help you've been simply amazing. If there is any other way to boost your rating or make you look better please let me know.
ASKER
It works :) thank you very much.
ASKER
This expert was just that, very knowledgeable and very quick to give me the solution. They even went out of their way to customize their current script to match my needs. A+++++++++++++
ASKER
one more problem though, the old dreamweaver login runs off sessions, is there anyway of creating the session to make this work:
<%
Dim rsUser__MMColParam
rsUser__MMColParam = "1"
If (Session("MM_Username") <> "") Then
rsUser__MMColParam = Session("MM_Username")
? Thanks.
<%
Dim rsUser__MMColParam
rsUser__MMColParam = "1"
If (Session("MM_Username") <> "") Then
rsUser__MMColParam = Session("MM_Username")
? Thanks.
You made my day with that comment. Thank you so very much.
Below is the code "CHANGE" for it to work in your site.
Also everywhere you have this in your site
<%=Session("MM_Username")%
Change to
<%=strUserName%>
Making sure that were every you have <%=strUserName%> at that you have
<!--#include file="IsLoggedIn.asp"-->
In the head of the page.
If you have something like this
<%
If Session("MM_Username") <> "" Then
%>
Change it to
<%
If strUserName <> "" Then
%>
That should cover it as well as the code change(s) below.
It was a pleasure working with you, and if you need further assistance, let me know.
Carrzkiss
Author Comments:
This expert was just that, very knowledgeable and very quick to give me the solution. They even went out of their way to customize their current script to match my needs. A+++++++++++++
=-=-=-=-=-Change this code in all page(s)=-=-=-=-=-
In Login.php
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request.QueryString)
MM_valUsername=CStr(Request.Form("userName"))
If MM_valUsername <> "" Then
MM_fldUserAuthorization=""
MM_redirectLoginSuccess="welcome.asp"
MM_redirectLoginFailed="login.asp?valid=1"
MM_flag="ADODB.Recordset"
set MM_rsUser = Server.CreateObject(MM_flag)
MM_rsUser.ActiveConnection = MM_connBastech_STRING
MM_rsUser.Source = "SELECT users_email, users_password"
If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization
MM_rsUser.Source = MM_rsUser.Source & " FROM bastechc.users WHERE users_email='" & Replace(MM_valUsername,"'","''") &"' AND users_password='" & Replace(Request.Form("password"),"'","''") & "'"
MM_rsUser.CursorType = 0
MM_rsUser.CursorLocation = 2
MM_rsUser.LockType = 3
MM_rsUser.Open
If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
' username and password match - this is a valid user
Session("MM_Username") = MM_valUsername
If (MM_fldUserAuthorization <> "") Then
Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
Else
Session("MM_UserAuthorization") = ""
End If
if CStr(Request.QueryString("accessdenied")) <> "" And false Then
MM_redirectLoginSuccess = Request.QueryString("accessdenied")
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginSuccess)
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginFailed)
End If
%>
Authentication Script stored in each page (which after you access that page you only for some reason can access that authentication restricted page then login again)
<%
' *** Restrict Access To Page: Grant or deny access to this page
MM_authorizedUsers=""
MM_authFailedURL="login.asp"
MM_grantAccess=false
If Session("MM_Username") <> "" Then
If (true Or CStr(Session("MM_UserAuthorization"))="") Or _
(InStr(1,MM_authorizedUsers,Session("MM_UserAuthorization"))>=1) Then
MM_grantAccess = true
End If
End If
If Not MM_grantAccess Then
MM_qsChar = "?"
If (InStr(1,MM_authFailedURL,"?") >= 1) Then MM_qsChar = "&"
MM_referrer = Request.ServerVariables("URL")
if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?" & Request.QueryString()
MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" & Server.URLEncode(MM_referrer)
Response.Redirect(MM_authFailedURL)
End If
%>
=-=-=-=-=-Replace all of the above code(s) in all page(s) with=-=-=-=-=-
<!--#include file="IsLoggedIn.asp"-->
sorry.
In the code view above.
Replace all the BULK code with what is on line #64 of the code view.
Carrzkiss
In the code view above.
Replace all the BULK code with what is on line #64 of the code view.
Carrzkiss
ASKER
Thanks for all your help. Do you know why everything would work in Firefox but not in IE?
Everything works beautifully in Firefox, but it won't work properly in IE for some reason...kind of odd b/c I was under the impression cookies and ASP were not based off certain browsers.
Everything works beautifully in Firefox, but it won't work properly in IE for some reason...kind of odd b/c I was under the impression cookies and ASP were not based off certain browsers.
Made in IE6
Tested IE7
Firefox, Opera, Chrome, Safari
What is the problem that you are experiancing?
As it works perfect across all platforms. There is nothing in the code that can break in the other
Browsers, except maybe the css coding.
Let me know, and I will help as much as I can.
Carrzkiss
Tested IE7
Firefox, Opera, Chrome, Safari
What is the problem that you are experiancing?
As it works perfect across all platforms. There is nothing in the code that can break in the other
Browsers, except maybe the css coding.
Let me know, and I will help as much as I can.
Carrzkiss
ASKER
nevermind. It works great. I don't know what happened. But thanks :)
Not a problem.
Have a good one.
Carrzkiss
Have a good one.
Carrzkiss
In Login.asp
Not
In Login.php
If you are interested in a good ASP Login script then have a look at:
http://ee.cffcs.com/Q_24252782/login.asp
code
http://ee.cffcs.com/Q_24252782/Q_24252782.zip
Username = logincookie
password = 12345678
Let me know if you have any questions.
Carrzkiss