troubleshooting Question
Getting ID after log-in timed out - Classic asp
Hi all,
I have a conundrum for you that I can't get my head around. I have a task system where my customers create tasks and an admin appoints the task to someone. Works fine. However - Part of the webpages are protected by login. Sometimes the admins are working on something else, and the system stands idle for a while, forcing an automatic logout for security reasons. When they then try to click on a webpage pointing to an exact case (i.e. task_show.asp?id=32) they are asked to login - which they do - but in that process the id and the query for it gets lost, and my login-page doesn't seem to support this issue. They are simply redirected to show_task.asp, but as that page requires an ID in order to work, they get an error.
I think the issue is related to sPage, but possibly I need to add more code on the login page as well as page protected by login. Not the best of explanations, but there you go. I've posted my login code below:
I have a conundrum for you that I can't get my head around. I have a task system where my customers create tasks and an admin appoints the task to someone. Works fine. However - Part of the webpages are protected by login. Sometimes the admins are working on something else, and the system stands idle for a while, forcing an automatic logout for security reasons. When they then try to click on a webpage pointing to an exact case (i.e. task_show.asp?id=32) they are asked to login - which they do - but in that process the id and the query for it gets lost, and my login-page doesn't seem to support this issue. They are simply redirected to show_task.asp, but as that page requires an ID in order to work, they get an error.
I think the issue is related to sPage, but possibly I need to add more code on the login page as well as page protected by login. Not the best of explanations, but there you go. I've posted my login code below:
<!--#include file="./base.inc"--><!--#include file="db/database.inc"--><!--#include file="SqlCheckInclude.asp"--><!--#include file="close_access.inc"--><!--#include file="Include/link.inc"-->
<!--#include file="Include/meta.asp"-->
<%
Dim iStatus, conn, str, sPage
if IsEmpty(Request.form("page")) Then
sPage = Request("page")
else
sPage = Request.form("page")
End If
str = ""
If NOT IsEmpty(Request.Form("User")) Then
Open_Conn(sPath)
' Preparing values for validation
strUID = Trim(Replace(Request.Form("User"),"'"," "))
strPWD = Trim(Replace(Request.Form("Password"),"'",""))
iStatus = Check_Login(strUID,strPWD)
Session("User") = Request.Form("User")
If iStatus > 0 Then
Set psDATABASE = Server.CreateObject("ADODB.Connection")
psDATABASE.Mode = 3
psDATABASE.Open strConnect
userNow = Session("User")
userUpd = "'" & userNow & "'"
SQLStr = "SELECT * FROM Users WHERE Bruger = '" & userNow & "'"
Set RSDatabase = psDATABASE.Execute(SQLStr)
feltUser = RSDatabase("UserId")
feltDate = RSDatabase("Dato")
feltStat = RSDatabase("Stat")
feltfName = RSDatabase("Name")
felteClass = RSDatabase("Class")
newStat = feltStat + 1
d = year(now()) & "-" & month(now()) & "-" & day(now()) & " " & time()
IPadr = Request.ServerVariables("REMOTE_ADDR")
newIP = IPadr
psDATABASE.execute("UPDATE " &_
" Users " &_
" SET " &_
" Date = '" & d & "'," &_
" Stat = '" & newstat & "'," &_
" IPAdr = '" & newIP & "'" &_
" WHERE " &_
" Bruger = '" & userNow & "'" )
RSDatabase.Close
Set RSDatabase = Nothing
psDATABASE.Close
Set psDATABASE = Nothing
Session("login") = iStatus
Response.Redirect sPage
conn.close
set conn = nothing
Else
Session("login") = -1
str = "Wrong username orr password!<br>If the problem continues contact our admin @t <a href=mailto:email.dk>email</a>."
conn.close
set conn = nothing
End If
End If
%>
</head>
<body>
<div data-role="page" data-theme="<%= theme %>">
<div data-role="header">
<h1>Login</h1>
</div>
<div data-role="main" class="ui-content">
<p>
<div align="center"><BODY onLoad="document.forms.f.User.focus()" bgcolor="#ffffff">
<FORM NAME="f" ACTION="login.asp" METHOD=POST data-ajax="false">
<INPUT TYPE=hidden NAME="page" VALUE="<% =sPage %>">
<b>Username: </font>
<INPUT TYPE=TEXT NAME="User" SIZE=15 MAXLENGTH=15 VALUE="<% =Request.Form("User") %>">
<b>Password: </font>
<INPUT TYPE=PASSWORD NAME="Password" SIZE=15 MAXLENGTH=15>
<input type="Submit" name="Login" value="Login">
</FORM></p>
</div><%
If str <> "" Then
Response.Write "<button class='ui-btn'>" & vbCrLf
Response.Write "<center><H4>" & str & "</FONT></center>" & vbCrLf
Response.Write "</button>" & vbCrLf
End If
%><center><a href="forgot_password.asp" class="ui-btn ui-btn-inline" data-ajax="false">Forgot password?</a></center>
</div>
</body></html>
<%
Function Check_Login(sUser, sPass)
Dim rs, sql
sql = "SELECT * FROM Users WHERE User ='" & sUser & "' AND Password='" & sPass & "' "
Set rs = Server.CreateObject("ADODB.RecordSet")
rs.open sql, conn, 1, 1
If Rs.EOF Then
Check_Login = -1
Else
Check_Login = CInt(rs.Fields("StatusP"))
End If
rs.close
set rs = nothing
End Function
Function Open_Conn(sBase)
Set conn = Server.CreateObject("ADODB.Connection")
conn.open strConnect,"",""
End Function
%>
<div data-role="footer">
<h1><%= school %></h1>
</div>
</div>
Learn from the best
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 3 Answers and 23 Comments.
Try for 7 days”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.
Our community of experts have been thoroughly vetted for their expertise and industry experience.