I was given some help on here a while ago setting up an authentication for users to log onto a site. I have used this code to successfully set up a number of sites but i seem to be having a problem with this site in particular. Granted this is using a slightly more sophisticated menu system and it has breadcrumbs but the pages that seem to be affected were based on the original page.
Bascially the error im getting is a database erorr stating that a variable is undefined. I had this problem before which i ran through with the last expert that helped me - and i found the problem - i have done the same investigating but cant seem to find it anywhere. Can anyone help me?
The site is at
www.emmagale.info - the username is testuser the password is testuser. By the way the current content does not reflect the final use - i have just cobbled together information from a few sites i have done in the past.
Here is the authlib code:
<%
' This points to your login page. It will be used in automatic redirections
Const C_LOGIN_PAGE_URL = "../logon.asp"
' --------------------------
----------
--
' -- Login User
' --------------------------
----------
--
Function LoginUser
Dim objConn
Dim objCmd
Dim objRecSet
Dim objParam
Dim objErr
Dim strUsername
Dim strPassword
Dim strMemberID
Dim strError
' Default to failure
strError = "ERR_INVALID"
strUsername = Request.Form("username")
strPassword = Request.Form("password")
' If for some reason this user is logged in, close the session
Session.Contents.RemoveAll
()
If (strUsername = "") OR (strPassword = "") Then Exit Function
' Ignore errors when they happen so that we can detect them manually
On Error Resume Next
' Initialize the Connection and Command objects
'
' Use a command object instead of a RecordSet object.
' The command object will return a recordset.
Set objConn = Server.CreateObject("ADODB
.Connectio
n")
Set objCmd = Server.CreateObject("ADODB
.Command" )
' Initialize the connection
' -----
' NOTE: I assume MM_conFamily_STRING is a valid connection string
' -----
objConn.CursorLocation = adUseServer
objConn.ConnectionString = MM_conPHIN_STRING
objConn.ConnectionTimeout = 30
objConn.CommandTimeout = 30
objConn.Open MM_conPHIN_STRING
' Continue if the connection is active
If (objConn.State <> adStateClosed) Then
' Initialize the command
objCmd.ActiveConnection = objConn
objCmd.CommandText = "SELECT * FROM tblMembers WHERE Username=? AND Password=?"
' Initialize the parameters
' Username
Set objParam = objCmd.CreateParameter("Us
ername")
objParam.Type = adVarChar
objParam.Value = strUsername
objParam.Direction = adParamInput
objParam.Size = Len(strUsername)
objCmd.Parameters.Append objParam
' Password
Set objParam = objCmd.CreateParameter("Pa
ssword")
objParam.Type = adVarChar
objParam.Value = strPassword
objParam.Direction = adParamInput
objParam.Size = Len(strPassword)
objCmd.Parameters.Append objParam
Set objParam = Nothing
' Execute the query and get the record set
objCmd.Prepared = True
Set objRecSet = objCmd.Execute( , , adCmdText)
' Check to see if there were any errors
If (Err.Number <> 0) OR (objConn.Errors.Count > 0) Then
' and error occurred! handle it!
' you may want to loop through the Errors
' collection to discover them
strError = "ERR_DBCMD"
'This is commented out now and only should be used if there is an error
Response.Write "ASP ERROR:[" & Err.Description & "]<br>"
Response.Write "DB ERROR:[" & objConn.Errors(0).Descript
ion & "]<br>"
ElseIf NOT (objRecSet.BOF AND objRecSet.EOF) Then
strMemberID = objRecSet("MemberID")
If (strMemberID <> "") Then
' We found the user!
strError = ""
' Initialize the Authorized Session.
' You may want to store other user information here
Session("AUTH_USER") = strMemberID
' Preferrably, you would store an encrypted token
' which would then be also sent as a cookie and
' then validated on each request.
End if
End If
objRecSet.Close()
objConn.Close()
Else
' You may want to log these errors.
strError = "ERR_DBCONN"
End If
set objRecSet = Nothing
set objCmd = Nothing
set objConn = Nothing
' Disable ignore errors
On Error Goto 0
LoginUser = strError
End Function
' --------------------------
----------
--
' -- Logout User
' --------------------------
----------
-
Sub LogoutUser
' If you set an Auth Cookie, you should delete it here
' Clear the session
Session.Abandon()
RedirToLogin "ERR_LOGOUT"
End Sub
' --------------------------
----------
--
' -- Redirect to Login Screen
' --------------------------
----------
--
Sub RedirToLogin(ByVal strErrCode)
'DEBUG: This line has now been commented
Response.Redirect(C_LOGIN_
PAGE_URL & "?error=" & strErrCode)
End Sub
' --------------------------
----------
--
' -- Authenticate Session
' --------------------------
----------
--
Sub AuthenticateSession
Dim strAuthUser
strAuthUser = Session("AUTH_USER")
' If you set an Auth Cookie you should decrypt it and
' validate it here against the token stored in the session.
If (strAuthUser = "") Then
Session.Abandon()
RedirToLogin "ERR_SESSION"
End If
End Sub
%>
Here is the logon page code:
<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>
<% Option Explicit %>
<!--#include file="Connections/conPHIN.
asp" -->
<% Session.LCID = 2057 'English regional setttings %>
<!-- #include virtual="auth_lib.asp" -->
<%
Dim ERROR_CODE : ERROR_CODE = ""
' Check if the login form was submitted (i.e. the button was clicked)
If Request.Form("btnLogin") <> "" Then
ERROR_CODE = LoginUser()
' Login succeeded, redirect to main page!
If ERROR_CODE = "" Then
Response.Redirect("index.a
sp")
End If
Else
' Get the error code from the query string (if any)
ERROR_CODE = Request.QueryString("error
")
End If
%>
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="
http://www.w3.org/1999/xhtml"
><!-- #BeginTemplate "/Templates/template.dwt" --><!-- DW6 -->
<head>
<!-- #BeginEditable "title" -->
<title>Healthcare Inside | Supporting the delivery of Prison Healthcare</title>
<meta name="Keywords" content="Healthcare Inside, PHIN, Centre of Innovation, Prison, Prisoners, Healthcare" lang="en" xml:lang="en" />
<meta name="Description" content="Healthcare Inside supports the delivery of Prison healthcare" />
<meta name="DC.subject" content="Healthcare Inside brought to you by the Prison Health Innovation Network" lang="en" xml:lang="en" />
<meta name="DC.description" content="Healthcare Inside supports the delivery of Prison healthcare" lang="en" xml:lang="en" />
<!-- #EndEditable -->
<!-- #include virtual="incs/head.htm" -->
<!-- #include virtual="incs/breadcrumb.a
sp" -->
</head>
<body>
<div id="container">
<h1>Healthcare Inside</h1>
<!-- #include virtual="incs/search.htm" -->
<!-- #include virtual="incs/menu.htm" -->
<!-- Begin Content on the RIGHT -->
<div id="content"><a name="skipnav" id="skipnav" />
<div id="crumbs"><% = BreadCrumb(Replace(Request
.ServerVar
iables("PA
TH_INFO"),
"main/",""
)) %></div>
<!-- #BeginEditable "heading" -->
<h2>Logon Page</h2>
<!-- #EndEditable -->
<!-- #BeginEditable "content" -->
<p align="center">
<%
Dim strErrorMsg
' After authentication, dispay an error if necessary
If ERROR_CODE <> "" Then
' Display user-friendly errors based on the error code
Select Case ERROR_CODE
Case "ERR_INVALID"
strErrorMsg = "Invalid username or password. Please try again."
Case "ERR_DBCMD"
strErrorMsg = "A database error occurred."
Case "ERR_DBCONN"
strErrorMsg = "Error connecting to the database."
Case "ERR_SESSION"
strErrorMsg = "Invalid or expired session. Please log in."
Case "ERR_LOGOUT"
strErrorMsg = "Your session has been terminated. Enter your username and password to log-in again"
Case Else
strErrorMsg = "Unknown error. Please contact administrator."
End Select
' Display the error message
Response.write ("<font color='red'><b>" & strErrorMsg & "</b></font>")
End If
%>
</p>
<p align="center">Please enter your username and password below: </p>
<form action="logon.asp" method="POST">
<table width="500" border="0" align="center" cellpadding="4" cellspacing="0">
<tr>
<td><strong>Login</strong>
:</td>
<td><input type="text" name="username" value=""></td>
</tr>
<tr>
<td><strong>Password</stro
ng>:</td>
<td><input type="password" name="password" value=""></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="btnLogin" value="Login"></td>
</tr>
</table>
</form>
<!-- #EndEditable --></div>
<!-- End Content on the RIGHT -->
</div>
<!-- #include virtual="incs/footer.htm" -->
</body>
<!-- #EndTemplate --></html>
Is there anything else i should provide?
Start Free Trial
