Solved

Dreamweaver User Authentication Problem

Posted on 2013-10-31
13
684 Views
Last Modified: 2013-11-25
It has just been brought to my attention that the Dreamweaver "log in user" feature that I'm using is not working properly. I have a separate login page for adding an event and updating an event. The code is generated by Dreamweaver.

It works perfectly for adding event. For updating an event, I need to verify the login and then pass a record ID to the next page. It works if the user name and password are verified against a database table. If an invalid name or password are entered, I get an error:

Event Update Login

Enter Login Information 

 User ID:  

 Password:  
 
ADODB.Field error '800a0bcd' 

Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record. 

/racing/calendar/eventupdateLogin.asp, line 247

Here's the "log in user" generated code:
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString <> "" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request.QueryString)
MM_valUsername = CStr(Request.Form("userID"))
If MM_valUsername <> "" Then
  Dim MM_fldUserAuthorization
  Dim MM_redirectLoginSuccess
  Dim MM_redirectLoginFailed
  Dim MM_loginSQL
  Dim MM_rsUser
  Dim MM_rsUser_cmd
  
  MM_fldUserAuthorization = ""
  MM_redirectloginSuccess="eventUpdate.asp?ID=" & MM_recordId 
  MM_redirectLoginFailed = "eventupdateLogin.asp"

  MM_loginSQL = "SELECT [last], password"
  If MM_fldUserAuthorization <> "" Then MM_loginSQL = MM_loginSQL & "," & MM_fldUserAuthorization
  MM_loginSQL = MM_loginSQL & " FROM Members WHERE [Last] = ? AND password = ?"
  Set MM_rsUser_cmd = Server.CreateObject ("ADODB.Command")
  MM_rsUser_cmd.ActiveConnection = MM_ilcaData_STRING
  MM_rsUser_cmd.CommandText = MM_loginSQL
  MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param1", 200, 1, 24, MM_valUsername) ' adVarChar
  MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param2", 200, 1, 100, Request.Form("userPassword")) ' adVarChar
  MM_rsUser_cmd.Prepared = true
  Set MM_rsUser = MM_rsUser_cmd.Execute

  If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then 
    ' username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername
    If (MM_fldUserAuthorization <> "") Then
      Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
    Else
      Session("MM_UserAuthorization") = ""
    End If
    if CStr(Request.QueryString("accessdenied")) <> "" And false Then
      MM_redirectLoginSuccess = Request.QueryString("accessdenied")
    End If
    MM_rsUser.Close
    Response.Redirect(MM_redirectLoginSuccess)
  End If
  MM_rsUser.Close
  Response.Redirect(MM_redirectLoginFailed)
End If
%> 
Here is the simple form:
    <form id="verifyPass" name="verifyPass" method="POST" action="<%=MM_LoginAction%>">
      <fieldset id="loginInfo">
      <legend class="legend">Enter Login Information</legend>
    <div id="login">
          <label for="contact"><br />
          User ID:</label>
          <input name="userID" type="text" id="userID" tabindex="15" size="24" maxlength="24" />
          <br />
          <label for="contact"><br />
          Password:</label>
          <input name="userPassword" type="text" id="userPassword" tabindex="15" size="72" maxlength="76" />
          <br />
          <br />
          <input type="submit" name="submit" id="submit" value="Login" />
    </div>
      </fieldset>
    </form>
      <p>&nbsp; </p>
      <input type="hidden" name="MM_recordId" value="<%=rsEvent.Fields.Item("ID").Value %>" />

Open in new window

The error refers to the last line above.

I can't figure out why it isn't going to the page specified in  MM_redirectLoginFailed.
0
Comment
Question by:slegy
  • 7
  • 6
13 Comments
 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
ID: 39615239
Your error is referring to the recordset rsEvent.

It either does not exist or has no data.

Make sure your validation script is towards the top of the page.  (above the html tag).  Then any recordset should be below the validation script.  

It is hard to say by the way you posted your code.
0
 

Author Comment

by:slegy
ID: 39617081
For some reason, my post didn't make it through yesterday. Anyway, here is the code I didn't post yesterday:
<%
Dim rsEvent__MMColParam
rsEvent__MMColParam = "1"
If (Request.QueryString("ID") <> "") Then
  rsEvent__MMColParam = Request.QueryString("ID")
End If
%>
<%
Dim rsEvent
Dim rsEvent_cmd
Dim rsEvent_numRows

Set rsEvent_cmd = Server.CreateObject ("ADODB.Command")
rsEvent_cmd.ActiveConnection = MM_eventCalendar_STRING
rsEvent_cmd.CommandText = "SELECT [ID] FROM [eventCalendar] WHERE ID=?"
rsEvent_cmd.Prepared = true
rsEvent_cmd.Parameters.Append rsEvent_cmd.CreateParameter("param1", 5, 1, -1, rsEvent__MMColParam) ' adDouble

Set rsEvent = rsEvent_cmd.Execute
rsEvent_numRows = 0
%>

There is always data. It is an update to an event previously created. As I indicated, it works perfectly if the user name and password are verified. If they can't be verified, it should just go to: MM_redirectLoginFailed = "eventupdateLogin.asp"
Why would :<input type="hidden" name="MM_recordId" value="<%=rsEvent.Fields.Item("ID").Value %>" />
even come into play?
0
 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
ID: 39617337
You have to look at your entire code.  The error means there is no data.

Make sure that your code that checks for a verified users is above all of the code for rsEvent similar to the sample below.
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString <> "" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request.QueryString)
MM_valUsername = CStr(Request.Form("userID"))
If MM_valUsername <> "" Then
  Dim MM_fldUserAuthorization
  Dim MM_redirectLoginSuccess
  Dim MM_redirectLoginFailed
  Dim MM_loginSQL
  Dim MM_rsUser
  Dim MM_rsUser_cmd
  
  MM_fldUserAuthorization = ""
  MM_redirectloginSuccess="eventUpdate.asp?ID=" & MM_recordId 
  MM_redirectLoginFailed = "eventupdateLogin.asp"

  MM_loginSQL = "SELECT [last], password"
  If MM_fldUserAuthorization <> "" Then MM_loginSQL = MM_loginSQL & "," & MM_fldUserAuthorization
  MM_loginSQL = MM_loginSQL & " FROM Members WHERE [Last] = ? AND password = ?"
  Set MM_rsUser_cmd = Server.CreateObject ("ADODB.Command")
  MM_rsUser_cmd.ActiveConnection = MM_ilcaData_STRING
  MM_rsUser_cmd.CommandText = MM_loginSQL
  MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param1", 200, 1, 24, MM_valUsername) ' adVarChar
  MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param2", 200, 1, 100, Request.Form("userPassword")) ' adVarChar
  MM_rsUser_cmd.Prepared = true
  Set MM_rsUser = MM_rsUser_cmd.Execute

  If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then 
    ' username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername
    If (MM_fldUserAuthorization <> "") Then
      Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
    Else
      Session("MM_UserAuthorization") = ""
    End If
    if CStr(Request.QueryString("accessdenied")) <> "" And false Then
      MM_redirectLoginSuccess = Request.QueryString("accessdenied")
    End If
    MM_rsUser.Close
    Response.Redirect(MM_redirectLoginSuccess)
  End If
  MM_rsUser.Close
  Response.Redirect(MM_redirectLoginFailed)
End If
%> 
<%
Dim rsEvent__MMColParam
rsEvent__MMColParam = "1"
If (Request.QueryString("ID") <> "") Then 
  rsEvent__MMColParam = Request.QueryString("ID")
End If
%>
<%
Dim rsEvent
Dim rsEvent_cmd
Dim rsEvent_numRows

Set rsEvent_cmd = Server.CreateObject ("ADODB.Command")
rsEvent_cmd.ActiveConnection = MM_eventCalendar_STRING
rsEvent_cmd.CommandText = "SELECT [ID] FROM [eventCalendar] WHERE ID=?" 
rsEvent_cmd.Prepared = true
rsEvent_cmd.Parameters.Append rsEvent_cmd.CreateParameter("param1", 5, 1, -1, rsEvent__MMColParam) ' adDouble

Set rsEvent = rsEvent_cmd.Execute
rsEvent_numRows = 0
%>
    <form id="verifyPass" name="verifyPass" method="POST" action="<%=MM_LoginAction%>">
      <fieldset id="loginInfo">
      <legend class="legend">Enter Login Information</legend>
    <div id="login">
          <label for="contact"><br />
          User ID:</label>
          <input name="userID" type="text" id="userID" tabindex="15" size="24" maxlength="24" />
          <br />
          <label for="contact"><br />
          Password:</label>
          <input name="userPassword" type="text" id="userPassword" tabindex="15" size="72" maxlength="76" />
          <br />
          <br />
          <input type="submit" name="submit" id="submit" value="Login" />
    </div>
      </fieldset>
    </form>
      <p>&nbsp; </p>
      <input type="hidden" name="MM_recordId" value="<%=rsEvent.Fields.Item("ID").Value %>" />

Open in new window


Beyond that, I would suggest changing your code that reads the querystring.  You currently have
<%
Dim rsEvent__MMColParam
rsEvent__MMColParam = "1"
If (Request.QueryString("ID") <> "") Then 
  rsEvent__MMColParam = Request.QueryString("ID")
End If
%>

Open in new window

I would suggest making sure the data is what you expect. In this case you want a number so it is easy.

<%
' seperate asp tags so you can still use drag and drop in dreamweaver
dim eventID
eventID=0 ' make default zero.
if Request.QueryString("ID")<>"" then ' check for querystring data
    if isnumeric(Request.QueryString("ID")) then ' verify we have a number
           eventID=Request.QueryString("ID") ' we have a good number
    end if
end if
' if you are expecting text, you would want to either convert single quotes and less than/greater than signs to html entities or get rid of them.  The reason is to prevent sql injection.
' You would either replace
' eventID=replace(eventID,"<","&lt;") 
' or remove
' eventID=replace(eventID,"<","") 

%>
<%
Dim rsEvent__MMColParam
rsEvent__MMColParam = "1"
If (eventID <> "") Then 
  rsEvent__MMColParam = eventID
End If
%>

Open in new window

0
 

Author Comment

by:slegy
ID: 39620443
I really appreciate your time, but it has nothing to do with there being no data. As I said, when the user name and password are entered correctly, the Record ID (stored in:
<input type="hidden" name="MM_recordId" value="<%=rsEvent.Fields.Item("ID").Value %>" />
is correctly passed to the detail display page.

I did notice something today that I'd missed earlier. If you hover over the login button, the link shows as: /racing/calendar/eventupdateLogin.asp?ID=999
where 999 = the record ID. I've been racking my brain trying to figure out where that would be coming from.

If the login is successful the link is: eventUpdate.asp?ID=999
If the login is not successful the link is supposed to be:  eventupdateLogin.asp
I can't see anything in the code that would cause the Record ID to be attached to the eventupdateLogin page. It is returning to itself as specified, but it is also passing the ID, which is what is causing the error.

You could go to the following link: www.lightningclass.org/racing/calendat/eventSelect.asp. Click on any one of the edit links. That takes you to the login page. You will also see that a record ID is being passed.

This whole process is a Dreamweaver construct but apparently is flawed - or maybe it just works when there is no parameter to be passed.
0
 

Author Comment

by:slegy
ID: 39620447
0
 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
ID: 39620526
Post your asp code.

Eof or bof error means there is no data in the recordset
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:slegy
ID: 39622282
<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<!--#include file="../../Connections/ilcaData.asp" -->
<!--#include file="../../Connections/eventCalendar.asp" -->
<%
Dim rsEvent__MMColParam
rsEvent__MMColParam = "1"
If (Request.QueryString("ID") <> "") Then
  rsEvent__MMColParam = Request.QueryString("ID")
End If
%>
<%
Dim rsEvent
Dim rsEvent_cmd
Dim rsEvent_numRows

Set rsEvent_cmd = Server.CreateObject ("ADODB.Command")
rsEvent_cmd.ActiveConnection = MM_eventCalendar_STRING
rsEvent_cmd.CommandText = "SELECT [ID] FROM  [eventCalendar] WHERE ID=?"
rsEvent_cmd.Prepared = true
rsEvent_cmd.Parameters.Append rsEvent_cmd.CreateParameter("param1", 5, 1, -1, rsEvent__MMColParam) ' adDouble

Set rsEvent = rsEvent_cmd.Execute
rsEvent_numRows = 0
%>
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString <> "" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request.QueryString)
MM_valUsername = CStr(Request.Form("userID"))
If MM_valUsername <> "" Then
  Dim MM_fldUserAuthorization
  Dim MM_redirectLoginSuccess
  Dim MM_redirectLoginFailed
  Dim MM_loginSQL
  Dim MM_rsUser
  Dim MM_rsUser_cmd
 
  MM_fldUserAuthorization = ""
  MM_redirectloginSuccess="eventUpdate.asp?ID=" & (rsEvent.Fields.Item("ID").Value)
  MM_redirectLoginFailed = "eventupdateLogin.asp"

  MM_loginSQL = "SELECT [last], password"
  If MM_fldUserAuthorization <> "" Then MM_loginSQL = MM_loginSQL & "," & MM_fldUserAuthorization
  MM_loginSQL = MM_loginSQL & " FROM ilcaMembers WHERE [last] = ? AND password = ?"
  Set MM_rsUser_cmd = Server.CreateObject ("ADODB.Command")
  MM_rsUser_cmd.ActiveConnection = MM_ilcaData_STRING
  MM_rsUser_cmd.CommandText = MM_loginSQL
  MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param1", 200, 1, 24, MM_valUsername) ' adVarChar
  MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param2", 200, 1, 100, Request.Form("userPassword")) ' adVarChar
  MM_rsUser_cmd.Prepared = true
  Set MM_rsUser = MM_rsUser_cmd.Execute

  If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
    ' username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername
    If (MM_fldUserAuthorization <> "") Then
      Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
    Else
      Session("MM_UserAuthorization") = ""
    End If
    if CStr(Request.QueryString("accessdenied")) <> "" And false Then
      MM_redirectLoginSuccess = Request.QueryString("accessdenied")
    End If
    MM_rsUser.Close
    Response.Redirect(MM_redirectLoginSuccess)
  End If
  MM_rsUser.Close
  Response.Redirect(MM_redirectLoginFailed)
End If
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/mainLayout.dwt" codeOutsideHTMLIsLocked="false" -->
.
.
.
    <form id="verifyPass" name="verifyPass" method="POST" action="<%=MM_LoginAction%>">
      <fieldset id="loginInfo">
      <legend class="legend">Enter Login Information</legend>
    <div id="login">
          <label for="contact"><br />
          User ID:</label>
          <input name="userID" type="text" id="userID" tabindex="15" size="24" maxlength="24" />
          <br />
          <label for="contact"><br />
          Password:</label>
          <input name="userPassword" type="text" id="userPassword" tabindex="15" size="72" maxlength="76" />
          <br />
          <br />
          <input type="submit" name="submit" id="submit" value="Login" />
    </div>
      </fieldset>
    </form>
      <p>&nbsp; </p>
      <input type="hidden" name="MM_recordId" value="<%=rsEvent.Fields.Item("ID").Value %>" />

The record ID is passed from a selection list and stored in MM_recordId. Everything works perfectly if the un/pw are validated (the recordId is passed to the detail display program). If they are invalid, the page is supposed to return to itself. Instead, the link executed is:
/racing/calendar/eventupdateLogin.asp?ID=999 (where 999 is the event ID). The mystery is why the "?ID+999" is being attached to the link.
0
 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
ID: 39622415
Change to code below.  Remember to remove the current code at the very bottom of your page that closes the recordset.  It will look like
<%
rsEvent.Close()
Set rsEvent = Nothing
%>

Open in new window

Instead, I am closing the recordset at the top of the page. This is a better way to code anyway. It insures the rs is closed prior to you redirecting to another page.  Best is to get the variables you need right away, then close your db.

<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<!--#include file="../../Connections/ilcaData.asp" -->
<!--#include file="../../Connections/eventCalendar.asp" -->
<%
Dim rsEvent__MMColParam
rsEvent__MMColParam = "1"
If (Request.QueryString("ID") <> "") Then 
  rsEvent__MMColParam = Request.QueryString("ID")
End If
%>
<%
Dim rsEvent
Dim rsEvent_cmd
Dim rsEvent_numRows

Set rsEvent_cmd = Server.CreateObject ("ADODB.Command")
rsEvent_cmd.ActiveConnection = MM_eventCalendar_STRING
rsEvent_cmd.CommandText = "SELECT [ID] FROM  [eventCalendar] WHERE ID=?" 
rsEvent_cmd.Prepared = true
rsEvent_cmd.Parameters.Append rsEvent_cmd.CreateParameter("param1", 5, 1, -1, rsEvent__MMColParam) ' adDouble

Set rsEvent = rsEvent_cmd.Execute
rsEvent_numRows = 0
%>
<%
dim eventID
eventID=0
if not rsEvent.bof or not rsEvent.eof Then
  eventID=rsEvent.Fields.Item("ID").Value
end if
%>
<%
rsEvent.Close()
Set rsEvent = Nothing
%>

<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString <> "" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request.QueryString)
MM_valUsername = CStr(Request.Form("userID"))
If MM_valUsername <> "" Then
  Dim MM_fldUserAuthorization
  Dim MM_redirectLoginSuccess
  Dim MM_redirectLoginFailed
  Dim MM_loginSQL
  Dim MM_rsUser
  Dim MM_rsUser_cmd
  
  MM_fldUserAuthorization = ""
  MM_redirectloginSuccess="eventUpdate.asp?ID=" & eventID '** removed (rsEvent.Fields.Item("ID").Value) 
  MM_redirectLoginFailed = "eventupdateLogin.asp"

  MM_loginSQL = "SELECT [last], password"
  If MM_fldUserAuthorization <> "" Then MM_loginSQL = MM_loginSQL & "," & MM_fldUserAuthorization
  MM_loginSQL = MM_loginSQL & " FROM ilcaMembers WHERE [last] = ? AND password = ?"
  Set MM_rsUser_cmd = Server.CreateObject ("ADODB.Command")
  MM_rsUser_cmd.ActiveConnection = MM_ilcaData_STRING
  MM_rsUser_cmd.CommandText = MM_loginSQL
  MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param1", 200, 1, 24, MM_valUsername) ' adVarChar
  MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param2", 200, 1, 100, Request.Form("userPassword")) ' adVarChar
  MM_rsUser_cmd.Prepared = true
  Set MM_rsUser = MM_rsUser_cmd.Execute

  If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then 
    ' username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername
    If (MM_fldUserAuthorization <> "") Then
      Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
    Else
      Session("MM_UserAuthorization") = ""
    End If
    if CStr(Request.QueryString("accessdenied")) <> "" And false Then
      MM_redirectLoginSuccess = Request.QueryString("accessdenied")
    End If
    MM_rsUser.Close
    Response.Redirect(MM_redirectLoginSuccess)
  End If
  MM_rsUser.Close
  Response.Redirect(MM_redirectLoginFailed)
End If
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/mainLayout.dwt" codeOutsideHTMLIsLocked="false" -->
.
.
.
    <form id="verifyPass" name="verifyPass" method="POST" action="<%=MM_LoginAction%>">
      <fieldset id="loginInfo">
      <legend class="legend">Enter Login Information</legend>
    <div id="login">
          <label for="contact"><br />
          User ID:</label>
          <input name="userID" type="text" id="userID" tabindex="15" size="24" maxlength="24" />
          <br />
          <label for="contact"><br />
          Password:</label>
          <input name="userPassword" type="text" id="userPassword" tabindex="15" size="72" maxlength="76" />
          <br />
          <br />
          <input type="submit" name="submit" id="submit" value="Login" />
    </div>
      </fieldset>
    </form>
      <p>&nbsp; </p>
      <input type="hidden" name="MM_recordId" value="<%=eventID 'removed rsEvent.Fields.Item("ID").Value %>" />

Open in new window


Not directly related to the question but a couple of security issues. It looks like you have parent paths turned on.  This is a security issue with iis and asp.  You should turn off parent paths, then once you do that, this code will not work
<!--#include file="../../Connections/ilcaData.asp" -->

Open in new window

but this will
<!--#include virtual="/Connections/ilcaData.asp" -->

Open in new window


Lastly, never trust data input.  Where you have
<%
Dim rsEvent__MMColParam
rsEvent__MMColParam = "1"
If (Request.QueryString("ID") <> "") Then 
  rsEvent__MMColParam = Request.QueryString("ID")
End If
%>

Open in new window

would be safer to use
<%
eventID=0 ' if we have nothing, set eventID to zero
if Request.QueryString("ID") <> "" then
   if isnumeric(Request.QueryString("ID")) then 'we have good data
       eventID=Request.QueryString("ID")
   end if
end if
%>
<%
Dim rsEvent__MMColParam
rsEvent__MMColParam = "1"
If (eventID <> "") Then 
  rsEvent__MMColParam = eventID
End If
%>

Open in new window

Using the above code, you are ensuring you are only passing a number to your db.  Since it is a number, we don't have to clean it anymore.  If you are expecting text, then the text should at least be stripped of any single quotes or <,>.    
x=replace(x,"'") ' removes single quotes

Open in new window

0
 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
ID: 39622453
Oops

Change
<form id="verifyPass" name="verifyPass" method="POST" action="<%=MM_LoginAction%>">

Open in new window

to

<form id="verifyPass" name="verifyPass" method="POST" action="eventupdateLogin.asp?iD=<%=eventID%>">

Open in new window

0
 

Author Comment

by:slegy
ID: 39624716
Thank you very much again. I think there may be a misunderstanding here. The user is not entering the event ID. The event ID is a pass through value from the previous page (list of events with the record key of the selected event being passed - located in eventCalendar). The user is entering two text values: their user name and password. Those are verified against a table in another database called ilcaMembers.

Your solution solved the initial problem but if the user enters an incorrect user name or password, the record key being passed is lost (set to zero).

It's clear to me that the Dreamweaver user authentication is not geared to handle what I'm trying to do and that I should have used a different method. We are currently evaluating using social media login, but we have multiple login pages on the site that would have to be worked out, and the organization has not yet decided what it wants to do.
0
 

Accepted Solution

by:
slegy earned 0 total points
ID: 39624940
It works if I pass the eventID in a cookie.
0
 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
ID: 39662972
The dreamwweaver authentication can do what you want.  The issue is your structure or how you are explaining things.  In the case of the user being set to zero, that means a problem and you simply have to account for that problem.    

I suggest getting out a pen and  paper and sketching out a flowchart of events for yourself, it will be a huge help.  From there, sketch out a wireframe of the page(s).  Doing this will help you and us see what you want to do more clearly.  

When you get into social log in, you can do this using dreamweaver or any dev tool. However, there is no special wizard for this (at least up through 5.5) and you will need to study up on oAuth2.  It will be more complex for you then what you are trying to do now although it may very well help your user experience.
0
 

Author Closing Comment

by:slegy
ID: 39674080
I want to thank everyone who responded to this question. I believe I used the wrong approach in trying to pass the ID value, but it also appears there could be issues with the Dreamweaver authentication process. Using a cookie appears to be the easiest solution.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

This article is a continuation or rather an extension from Cascading Combos (http://www.experts-exchange.com/A_5949.html) and builds on examples developed in detail there. It should be understandable alone, but I recommend reading the previous artic…
In Debugging – Part 1, you learned the basics of the debugging process. You learned how to avoid bugs, as well as how to utilize the Immediate window in the debugging process. This article takes things to the next level by showing you how you can us…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Familiarize people with the process of utilizing SQL Server views from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Access…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now