Solved

How do I unhide a login error message with this code?

Posted on 2012-03-29
7
492 Views
Last Modified: 2012-03-30
I have the code below that handles the login.  If login fails, it just reloads the page so they can try again.  How do I have a message that displays on tha page only if their login fails?

<%@LANGUAGE="VBSCRIPT"%>
<!--#include file="Connections/st2.asp" -->
<%
response.cookies("st2")("logintime") = now()
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString <> "" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request.QueryString)
MM_valUsername = CStr(Request.Form("username"))
If MM_valUsername <> "" Then
  Dim MM_fldUserAuthorization
  Dim MM_redirectLoginSuccess
  Dim MM_redirectLoginFailed
  Dim MM_loginSQL
  Dim MM_rsUser
  Dim MM_rsUser_cmd
 
  MM_fldUserAuthorization = ""
  MM_redirectLoginSuccess = "main.asp"
  MM_redirectLoginFailed = "default.asp"

  MM_loginSQL = "SELECT UserName, Password"
  If MM_fldUserAuthorization <> "" Then MM_loginSQL = MM_loginSQL & "," & MM_fldUserAuthorization
  MM_loginSQL = MM_loginSQL & " FROM dbo.tbl_SM2 WHERE UserName = ? AND Password = ?"
  Set MM_rsUser_cmd = Server.CreateObject ("ADODB.Command")
  MM_rsUser_cmd.ActiveConnection = MM_st2_STRING
  MM_rsUser_cmd.CommandText = MM_loginSQL
  MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param1", 200, 1, 25, MM_valUsername) ' adVarChar
  MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param2", 200, 1, 20, Request.Form("password")) ' adVarChar
  MM_rsUser_cmd.Prepared = true
  Set MM_rsUser = MM_rsUser_cmd.Execute

  If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
    ' username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername
    If (MM_fldUserAuthorization <> "") Then
      Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
    Else
      Session("MM_UserAuthorization") = ""
    End If
    if CStr(Request.QueryString("accessdenied")) <> "" And false Then
      MM_redirectLoginSuccess = Request.QueryString("accessdenied")
    End If
    MM_rsUser.Close
    Response.Redirect(MM_redirectLoginSuccess)
  End If
  MM_rsUser.Close
  Response.Redirect(MM_redirectLoginFailed)
End If
0
Comment
Question by:Kevin Smith
7 Comments
 
LVL 5

Expert Comment

by:gman84
ID: 37782916
You could pass a parameter into the query string which you can then extract on the login page, "request.querystring!message"
MM_redirectLoginFailed = "default.asp?message=Login Failed"

Open in new window

0
 
LVL 28

Expert Comment

by:sammySeltzer
ID: 37782917
I personally have some serious dislike for dreamweaver.

So, I would like to help but not with code you have above.

However, if you can integrate my code then great.

On your validation page; I suppose one above, I would have something like this:

  If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
    ' username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername
    If (MM_fldUserAuthorization <> "") Then
      Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
    Else
 Session("Message") = "<font color='#CC0000'>Invalid username or password. Please, try again.</font>"
    response.redirect "yourLoginPage.asp"
    ' Session("MM_UserAuthorization") = ""
    End If
    if CStr(Request.QueryString("accessdenied")) <> "" And false Then
      MM_redirectLoginSuccess = Request.QueryString("accessdenied")
    End If
    MM_rsUser.Close
    Response.Redirect(MM_redirectLoginSuccess)
  End If
  MM_rsUser.Close
  Response.Redirect(MM_redirectLoginFailed)
End If

Then on yourLoginPage.asp, you have the following:

top of page, enter this:

<%
Sub DrawPage
%>

Then have this anywhere you wish the bolded message above to appear:

<center><% = message %></center>

Finally, at the bottom of page after </html>, have this:
<%
End Sub

'------------------------------------------------
' END OF PROCEDURES AND START OF MAIN CODE
'------------------------------------------------

      dim message

      'Get any incoming message/title
      message = Session("message")

      'Then clear out the message Session variable
      Session("message") = ""

      'Draw the form
      Call DrawPage
%>

Now, when login fails for whatever reason, the user gets a nice "Invalid username or password. Please, try again." and the user gets redirected to your login page.

That's it!
0
 

Author Comment

by:Kevin Smith
ID: 37783126
gman...how do i hid the request until the user fails?
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 5

Expert Comment

by:gman84
ID: 37786090
Not sure what you mean... According to your code my solution would work as the user would only be redirected to "default.asp?message=Login Failed" if the login failed for a user, so long as this is assigned to the variable "MM_redirectLoginFailed"
0
 
LVL 6

Accepted Solution

by:
worthyking1 earned 500 total points
ID: 37786927
Change your second to last line of code from:

Response.Redirect(MM_redirectLoginFailed)

to:

ErrorMsg = "Sorry, your login was not recognized..."

Then in the body of your page display the error message like so:

<% If ErrorMsg <> "" then %>
<p><%=ErrorMsg%></p>
<% End if %>

Style it with css of your choice. I usually put it right above the login box and use a bright yellow div with red text or something that catches the eye.
0
 

Author Comment

by:Kevin Smith
ID: 37787751
gman...I did yours but it didn't show up when failed.  worthy, your's worked perfectly.  thanks for the help gman, and maybe I was doing something wrong but it wouldn't work properly.
0
 

Author Closing Comment

by:Kevin Smith
ID: 37787753
thanks for everyone's help!
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Just a quick little trick I learned recently.  Now that I'm using jQuery with abandon in my asp.net applications, I have grown tired of the following syntax:      (CODE) I suppose it just offends my sense of decency to put inline VBScript on a…
IntroductionWhile developing web applications, a single page might contain many regions and each region might contain many number of controls with the capability to perform  postback. Many times you might need to perform some action on an ASP.NET po…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now