How do I unhide a login error message with this code?

I have the code below that handles the login.  If login fails, it just reloads the page so they can try again.  How do I have a message that displays on tha page only if their login fails?

<%@LANGUAGE="VBSCRIPT"%>
<!--#include file="Connections/st2.asp" -->
<%
response.cookies("st2")("logintime") = now()
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString <> "" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request.QueryString)
MM_valUsername = CStr(Request.Form("username"))
If MM_valUsername <> "" Then
  Dim MM_fldUserAuthorization
  Dim MM_redirectLoginSuccess
  Dim MM_redirectLoginFailed
  Dim MM_loginSQL
  Dim MM_rsUser
  Dim MM_rsUser_cmd
 
  MM_fldUserAuthorization = ""
  MM_redirectLoginSuccess = "main.asp"
  MM_redirectLoginFailed = "default.asp"

  MM_loginSQL = "SELECT UserName, Password"
  If MM_fldUserAuthorization <> "" Then MM_loginSQL = MM_loginSQL & "," & MM_fldUserAuthorization
  MM_loginSQL = MM_loginSQL & " FROM dbo.tbl_SM2 WHERE UserName = ? AND Password = ?"
  Set MM_rsUser_cmd = Server.CreateObject ("ADODB.Command")
  MM_rsUser_cmd.ActiveConnection = MM_st2_STRING
  MM_rsUser_cmd.CommandText = MM_loginSQL
  MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param1", 200, 1, 25, MM_valUsername) ' adVarChar
  MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param2", 200, 1, 20, Request.Form("password")) ' adVarChar
  MM_rsUser_cmd.Prepared = true
  Set MM_rsUser = MM_rsUser_cmd.Execute

  If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
    ' username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername
    If (MM_fldUserAuthorization <> "") Then
      Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
    Else
      Session("MM_UserAuthorization") = ""
    End If
    if CStr(Request.QueryString("accessdenied")) <> "" And false Then
      MM_redirectLoginSuccess = Request.QueryString("accessdenied")
    End If
    MM_rsUser.Close
    Response.Redirect(MM_redirectLoginSuccess)
  End If
  MM_rsUser.Close
  Response.Redirect(MM_redirectLoginFailed)
End If
Kevin SmithAsked:
Who is Participating?
 
worthyking1Connect With a Mentor Commented:
Change your second to last line of code from:

Response.Redirect(MM_redirectLoginFailed)

to:

ErrorMsg = "Sorry, your login was not recognized..."

Then in the body of your page display the error message like so:

<% If ErrorMsg <> "" then %>
<p><%=ErrorMsg%></p>
<% End if %>

Style it with css of your choice. I usually put it right above the login box and use a bright yellow div with red text or something that catches the eye.
0
 
gman84Commented:
You could pass a parameter into the query string which you can then extract on the login page, "request.querystring!message"
MM_redirectLoginFailed = "default.asp?message=Login Failed"

Open in new window

0
 
sammySeltzerCommented:
I personally have some serious dislike for dreamweaver.

So, I would like to help but not with code you have above.

However, if you can integrate my code then great.

On your validation page; I suppose one above, I would have something like this:

  If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
    ' username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername
    If (MM_fldUserAuthorization <> "") Then
      Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
    Else
 Session("Message") = "<font color='#CC0000'>Invalid username or password. Please, try again.</font>"
    response.redirect "yourLoginPage.asp"
    ' Session("MM_UserAuthorization") = ""
    End If
    if CStr(Request.QueryString("accessdenied")) <> "" And false Then
      MM_redirectLoginSuccess = Request.QueryString("accessdenied")
    End If
    MM_rsUser.Close
    Response.Redirect(MM_redirectLoginSuccess)
  End If
  MM_rsUser.Close
  Response.Redirect(MM_redirectLoginFailed)
End If

Then on yourLoginPage.asp, you have the following:

top of page, enter this:

<%
Sub DrawPage
%>

Then have this anywhere you wish the bolded message above to appear:

<center><% = message %></center>

Finally, at the bottom of page after </html>, have this:
<%
End Sub

'------------------------------------------------
' END OF PROCEDURES AND START OF MAIN CODE
'------------------------------------------------

      dim message

      'Get any incoming message/title
      message = Session("message")

      'Then clear out the message Session variable
      Session("message") = ""

      'Draw the form
      Call DrawPage
%>

Now, when login fails for whatever reason, the user gets a nice "Invalid username or password. Please, try again." and the user gets redirected to your login page.

That's it!
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
Kevin SmithAuthor Commented:
gman...how do i hid the request until the user fails?
0
 
gman84Commented:
Not sure what you mean... According to your code my solution would work as the user would only be redirected to "default.asp?message=Login Failed" if the login failed for a user, so long as this is assigned to the variable "MM_redirectLoginFailed"
0
 
Kevin SmithAuthor Commented:
gman...I did yours but it didn't show up when failed.  worthy, your's worked perfectly.  thanks for the help gman, and maybe I was doing something wrong but it wouldn't work properly.
0
 
Kevin SmithAuthor Commented:
thanks for everyone's help!
0
All Courses

From novice to tech pro — start learning today.