Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Classic ASP:  Prevent new Member Verify Twice after clicking verification email

Posted on 2008-10-16
3
Medium Priority
?
231 Views
Last Modified: 2012-05-05
Hi I am building a member  based websit written on ASP- Vb Script and database driven SQL server 2000 . I  would have people signing in through a form.asp and then they will get an email to their entered adress so their account becomes active once they click on the  link and get to a thanks.asp page thath displays they have confirmed their email and their account is now verified.  My problem is that I don't know how to prevent someone who already set their verify status to true to get the same page thanks but I want to check somehow if they have clicked that liniked before and their account is already verified so they get the proper error page.  Also I want to make this page more secure and pass a challenge cod e along the verify link. Thanks in advance.
<%@ Language = "VBScript" %>
<% level="../"%>
<% Option Explicit
 
 
 
<!--#include file="../include/intialize.inc"-->
<!--#include file="../../Connections/sqlConn1.asp" -->
set RecsetRef = conSQL.execute("Select 1 From Players where verify= 1 and referenceno="&RefNumber&"")
If recordcount > 0 Then
  responce.redirect("SubmisionError.asp")
End If
%>
 
 
<html>
<head>
<title><%=PageTitle%></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="../style/style.css" rel="stylesheet" type="text/css">
</head>
<%
 
Dim RefNumer 
	RefNumber =  cint(Request.QueryString("refno"))
 
'psw="playerscores"	
	'strTemp = EnDeCrypt(RefNumber, psw)
	
	
	conSQL.execute("update Players set verify= 1 where referenceno="&RefNumber&"")
	conSQL.execute("update players set status=1 where referenceno="&RefNumber&"")
	
	' remove comment to add registered users to forum too 
	'con7.execute("update tblauthor set Active = 1 where username='"&request("SSN")&"'")
	  	    
	If Err.Number <> 0 Then
				Response.Write "Error: " & Err.Description
	end if
	End if 
	
%>

Open in new window

0
Comment
Question by:RickyGtz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 9

Expert Comment

by:deathtospam
ID: 22732141
I obviously can't test this code out from my end, but try using something like this:
<%@ Language = "VBScript" %>
<% level="../"%>
<% Option Explicit %>
 
<!--#include file="../include/intialize.inc"-->
<!--#include file="../../Connections/sqlConn1.asp" -->
 
<%	Dim iReferenceNo, rsVerifyInfo, bIsVerified
 
	iReferenceNo = cLng(Request.QueryString("refno"))
	bIsVerified = false
	
	'// Look up the reference number to see if the player has already been verified.
	Set rsVerifyInfo = conSQL.execute("SELECT verify FROM Players WHERE referenceno = " & RefNumber)	
 
	If rsVerifyInfo.EOF Then
		'// ERROR: A player corresponding to the reference number could not be found.
		Call Response.Redirect("SubmisionError.asp")
		Call Response.End()
	Else
		'// A player corresponding to the reference number was found.  See if they've been verified yet.
		bIsVerified = (cLng(rsVerifyInfo("verify")) = "1") %>
<html>
	<head>
		<title><%=PageTitle%></title>
		<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
		<link href="../style/style.css" rel="stylesheet" type="text/css">
	</head>
	<body>
<%		If bIsVerfied Then
			'// The player has already been verified once before. %>
			Your account has already been verified.
<%		Else
			'// The player has not yet been verified.  Verify them now and display a welcome message.
			Call conSQL.execute("UPDATE Players SET verify=1, status=1 WHERE referenceno = " & RefNumber) %>
			Your account is now verified.  Welcome!
<%		End If %>
	</body>
</html>
<%	End If
 
	Set rsVerifyInfo = Nothing %>

Open in new window

0
 

Author Comment

by:RickyGtz
ID: 22732251
Hi I just test that out . It seems logical but now I am having an error on

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC SQL Server Driver][SQL Server]Line 1: Incorrect syntax near '='.

/members/verify.asp, line 12

      '// Look up the reference number to see if the player has already been verified.
      Set rsVerifyInfo = conSQL.execute("SELECT verify FROM Players WHERE referenceno = " &RefNumber)      

0
 
LVL 9

Accepted Solution

by:
deathtospam earned 2000 total points
ID: 22736291
Woops... sorry.  I didn't consistently replace all of your old variable names.  Try the code below, or replace all instances of "RefNumber" with "iReferenceNo".
<%@ Language = "VBScript" %>
<% level="../"%>
<% Option Explicit %>
 
<!--#include file="../include/intialize.inc"-->
<!--#include file="../../Connections/sqlConn1.asp" -->
 
<%      Dim iReferenceNo, rsVerifyInfo, bIsVerified
 
        iReferenceNo = cLng(Request.QueryString("refno"))
        bIsVerified = false
        
        '// Look up the reference number to see if the player has already been verified.
        Set rsVerifyInfo = conSQL.execute("SELECT verify FROM Players WHERE referenceno = " & iReferenceNo)        
 
        If rsVerifyInfo.EOF Then
                '// ERROR: A player corresponding to the reference number could not be found.
                Call Response.Redirect("SubmisionError.asp")
                Call Response.End()
        Else
                '// A player corresponding to the reference number was found.  See if they've been verified yet.
                bIsVerified = (cLng(rsVerifyInfo("verify")) = "1") %>
<html>
        <head>
                <title><%=PageTitle%></title>
                <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
                <link href="../style/style.css" rel="stylesheet" type="text/css">
        </head>
        <body>
<%              If bIsVerfied Then
                        '// The player has already been verified once before. %>
                        Your account has already been verified.
<%              Else
                        '// The player has not yet been verified.  Verify them now and display a welcome message.
                        Call conSQL.execute("UPDATE Players SET verify=1, status=1 WHERE referenceno = " & iReferenceNo) %>
                        Your account is now verified.  Welcome!
<%              End If %>
        </body>
</html>
<%      End If
 
        Set rsVerifyInfo = Nothing %>

Open in new window

0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I would like to start this tip/trick by saying Thank You, to all who said that this could not be done, as it forced me to make sure that it could be accomplished. :) To start, I want to make sure everyone understands the importance of utilizing p…
I was asked about the differences between classic ASP and ASP.NET, so let me put them down here, for reference: Let's make the introductions... Classic ASP was launched by Microsoft in 1998 and dynamically generate web pages upon user interact…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question