How do I unhide a login error message with this code?

I have the code below that handles the login.  If login fails, it just reloads the page so they can try again.  How do I have a message that displays on tha page only if their login fails?

<%@LANGUAGE="VBSCRIPT"%>
<!--#include file="Connections/st2.asp" -->
<%
response.cookies("st2")("logintime") = now()
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString <> "" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request.QueryString)
MM_valUsername = CStr(Request.Form("username"))
If MM_valUsername <> "" Then
  Dim MM_fldUserAuthorization
  Dim MM_redirectLoginSuccess
  Dim MM_redirectLoginFailed
  Dim MM_loginSQL
  Dim MM_rsUser
  Dim MM_rsUser_cmd
 
  MM_fldUserAuthorization = ""
  MM_redirectLoginSuccess = "main.asp"
  MM_redirectLoginFailed = "default.asp"

  MM_loginSQL = "SELECT UserName, Password"
  If MM_fldUserAuthorization <> "" Then MM_loginSQL = MM_loginSQL & "," & MM_fldUserAuthorization
  MM_loginSQL = MM_loginSQL & " FROM dbo.tbl_SM2 WHERE UserName = ? AND Password = ?"
  Set MM_rsUser_cmd = Server.CreateObject ("ADODB.Command")
  MM_rsUser_cmd.ActiveConnection = MM_st2_STRING
  MM_rsUser_cmd.CommandText = MM_loginSQL
  MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param1", 200, 1, 25, MM_valUsername) ' adVarChar
  MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param2", 200, 1, 20, Request.Form("password")) ' adVarChar
  MM_rsUser_cmd.Prepared = true
  Set MM_rsUser = MM_rsUser_cmd.Execute

  If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
    ' username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername
    If (MM_fldUserAuthorization <> "") Then
      Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
    Else
      Session("MM_UserAuthorization") = ""
    End If
    if CStr(Request.QueryString("accessdenied")) <> "" And false Then
      MM_redirectLoginSuccess = Request.QueryString("accessdenied")
    End If
    MM_rsUser.Close
    Response.Redirect(MM_redirectLoginSuccess)
  End If
  MM_rsUser.Close
  Response.Redirect(MM_redirectLoginFailed)
End If
Kevin SmithAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gman84Commented:
You could pass a parameter into the query string which you can then extract on the login page, "request.querystring!message"
MM_redirectLoginFailed = "default.asp?message=Login Failed"

Open in new window

0
sammySeltzerCommented:
I personally have some serious dislike for dreamweaver.

So, I would like to help but not with code you have above.

However, if you can integrate my code then great.

On your validation page; I suppose one above, I would have something like this:

  If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
    ' username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername
    If (MM_fldUserAuthorization <> "") Then
      Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
    Else
 Session("Message") = "<font color='#CC0000'>Invalid username or password. Please, try again.</font>"
    response.redirect "yourLoginPage.asp"
    ' Session("MM_UserAuthorization") = ""
    End If
    if CStr(Request.QueryString("accessdenied")) <> "" And false Then
      MM_redirectLoginSuccess = Request.QueryString("accessdenied")
    End If
    MM_rsUser.Close
    Response.Redirect(MM_redirectLoginSuccess)
  End If
  MM_rsUser.Close
  Response.Redirect(MM_redirectLoginFailed)
End If

Then on yourLoginPage.asp, you have the following:

top of page, enter this:

<%
Sub DrawPage
%>

Then have this anywhere you wish the bolded message above to appear:

<center><% = message %></center>

Finally, at the bottom of page after </html>, have this:
<%
End Sub

'------------------------------------------------
' END OF PROCEDURES AND START OF MAIN CODE
'------------------------------------------------

      dim message

      'Get any incoming message/title
      message = Session("message")

      'Then clear out the message Session variable
      Session("message") = ""

      'Draw the form
      Call DrawPage
%>

Now, when login fails for whatever reason, the user gets a nice "Invalid username or password. Please, try again." and the user gets redirected to your login page.

That's it!
0
Kevin SmithAuthor Commented:
gman...how do i hid the request until the user fails?
0
Become a CompTIA Certified Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

gman84Commented:
Not sure what you mean... According to your code my solution would work as the user would only be redirected to "default.asp?message=Login Failed" if the login failed for a user, so long as this is assigned to the variable "MM_redirectLoginFailed"
0
worthyking1CTOCommented:
Change your second to last line of code from:

Response.Redirect(MM_redirectLoginFailed)

to:

ErrorMsg = "Sorry, your login was not recognized..."

Then in the body of your page display the error message like so:

<% If ErrorMsg <> "" then %>
<p><%=ErrorMsg%></p>
<% End if %>

Style it with css of your choice. I usually put it right above the login box and use a bright yellow div with red text or something that catches the eye.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Kevin SmithAuthor Commented:
gman...I did yours but it didn't show up when failed.  worthy, your's worked perfectly.  thanks for the help gman, and maybe I was doing something wrong but it wouldn't work properly.
0
Kevin SmithAuthor Commented:
thanks for everyone's help!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP

From novice to tech pro — start learning today.