Solved

How do I unhide a login error message with this code?

Posted on 2012-03-29
7
493 Views
Last Modified: 2012-03-30
I have the code below that handles the login.  If login fails, it just reloads the page so they can try again.  How do I have a message that displays on tha page only if their login fails?

<%@LANGUAGE="VBSCRIPT"%>
<!--#include file="Connections/st2.asp" -->
<%
response.cookies("st2")("logintime") = now()
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString <> "" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request.QueryString)
MM_valUsername = CStr(Request.Form("username"))
If MM_valUsername <> "" Then
  Dim MM_fldUserAuthorization
  Dim MM_redirectLoginSuccess
  Dim MM_redirectLoginFailed
  Dim MM_loginSQL
  Dim MM_rsUser
  Dim MM_rsUser_cmd
 
  MM_fldUserAuthorization = ""
  MM_redirectLoginSuccess = "main.asp"
  MM_redirectLoginFailed = "default.asp"

  MM_loginSQL = "SELECT UserName, Password"
  If MM_fldUserAuthorization <> "" Then MM_loginSQL = MM_loginSQL & "," & MM_fldUserAuthorization
  MM_loginSQL = MM_loginSQL & " FROM dbo.tbl_SM2 WHERE UserName = ? AND Password = ?"
  Set MM_rsUser_cmd = Server.CreateObject ("ADODB.Command")
  MM_rsUser_cmd.ActiveConnection = MM_st2_STRING
  MM_rsUser_cmd.CommandText = MM_loginSQL
  MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param1", 200, 1, 25, MM_valUsername) ' adVarChar
  MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param2", 200, 1, 20, Request.Form("password")) ' adVarChar
  MM_rsUser_cmd.Prepared = true
  Set MM_rsUser = MM_rsUser_cmd.Execute

  If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
    ' username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername
    If (MM_fldUserAuthorization <> "") Then
      Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
    Else
      Session("MM_UserAuthorization") = ""
    End If
    if CStr(Request.QueryString("accessdenied")) <> "" And false Then
      MM_redirectLoginSuccess = Request.QueryString("accessdenied")
    End If
    MM_rsUser.Close
    Response.Redirect(MM_redirectLoginSuccess)
  End If
  MM_rsUser.Close
  Response.Redirect(MM_redirectLoginFailed)
End If
0
Comment
Question by:Kevin Smith
7 Comments
 
LVL 5

Expert Comment

by:gman84
ID: 37782916
You could pass a parameter into the query string which you can then extract on the login page, "request.querystring!message"
MM_redirectLoginFailed = "default.asp?message=Login Failed"

Open in new window

0
 
LVL 28

Expert Comment

by:sammySeltzer
ID: 37782917
I personally have some serious dislike for dreamweaver.

So, I would like to help but not with code you have above.

However, if you can integrate my code then great.

On your validation page; I suppose one above, I would have something like this:

  If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
    ' username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername
    If (MM_fldUserAuthorization <> "") Then
      Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
    Else
 Session("Message") = "<font color='#CC0000'>Invalid username or password. Please, try again.</font>"
    response.redirect "yourLoginPage.asp"
    ' Session("MM_UserAuthorization") = ""
    End If
    if CStr(Request.QueryString("accessdenied")) <> "" And false Then
      MM_redirectLoginSuccess = Request.QueryString("accessdenied")
    End If
    MM_rsUser.Close
    Response.Redirect(MM_redirectLoginSuccess)
  End If
  MM_rsUser.Close
  Response.Redirect(MM_redirectLoginFailed)
End If

Then on yourLoginPage.asp, you have the following:

top of page, enter this:

<%
Sub DrawPage
%>

Then have this anywhere you wish the bolded message above to appear:

<center><% = message %></center>

Finally, at the bottom of page after </html>, have this:
<%
End Sub

'------------------------------------------------
' END OF PROCEDURES AND START OF MAIN CODE
'------------------------------------------------

      dim message

      'Get any incoming message/title
      message = Session("message")

      'Then clear out the message Session variable
      Session("message") = ""

      'Draw the form
      Call DrawPage
%>

Now, when login fails for whatever reason, the user gets a nice "Invalid username or password. Please, try again." and the user gets redirected to your login page.

That's it!
0
 

Author Comment

by:Kevin Smith
ID: 37783126
gman...how do i hid the request until the user fails?
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 5

Expert Comment

by:gman84
ID: 37786090
Not sure what you mean... According to your code my solution would work as the user would only be redirected to "default.asp?message=Login Failed" if the login failed for a user, so long as this is assigned to the variable "MM_redirectLoginFailed"
0
 
LVL 6

Accepted Solution

by:
worthyking1 earned 500 total points
ID: 37786927
Change your second to last line of code from:

Response.Redirect(MM_redirectLoginFailed)

to:

ErrorMsg = "Sorry, your login was not recognized..."

Then in the body of your page display the error message like so:

<% If ErrorMsg <> "" then %>
<p><%=ErrorMsg%></p>
<% End if %>

Style it with css of your choice. I usually put it right above the login box and use a bright yellow div with red text or something that catches the eye.
0
 

Author Comment

by:Kevin Smith
ID: 37787751
gman...I did yours but it didn't show up when failed.  worthy, your's worked perfectly.  thanks for the help gman, and maybe I was doing something wrong but it wouldn't work properly.
0
 

Author Closing Comment

by:Kevin Smith
ID: 37787753
thanks for everyone's help!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ASP.Net to Oracle Connectivity Recently I had to develop an ASP.NET application connecting to an Oracle database.As I am doing it first time ,I had to solve several problems. This article will help to such developers  to develop an ASP.NET client…
Adobe Dreamweaver CS5 is a WYSIWYG web page editor that has advanced HTML, CSS, and Javascript rendering functionality and is probably the most well-known HTML editor available. Much of Dreamweaver's appeal centers around the Design View interfac…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now