Password Form critique - 3/20/2001 20:35:00
I have a password form that looks like this:<html>
<head>
<title>login.asp</title>
</head> <form method="POST" action="loginrespond.asp">
Name<input type=text name="username" size="20"><br>
Password<input type=password name="userpassword" size="20"><br>
<input type="submit"><input type="reset">
</form>
</html>
and a response page that looks like this:
<html>
<head>
<TITLE>loginrespond.asp</TITLE>
</head> <%
myname=request.form("username")
mypassword=request.form("userpassword") Set conntemp = Server.CreateObject("ADODB.Connection")
conntemp.open "DSN=AllianceV3;uid=DEVELOPER;pwd=lucky" sqltemp="Select * from LOGINS where LOGINID='"
sqltemp=sqltemp & myname & "'" Set rstemp=conntemp.execute(sqltemp)
If rstemp.eof then%>
We don't have a user named <strong><%=Myname%></strong> on file!<br>
Try <A href='login.asp'>Logging in</a> again
<%response.end
end if
If rstemp("UIPWD")=mypassword then
session("name")=rstemp("LOGINID")
session("reseller")=rstemp("RESELLER")
response.write "Reseller Number=" & session("reseller")
else%>
Password Unrecognized<br>
Try <A href='login.asp'>Logging in</a> again
<%response.end
end if
rstemp.close
conntemp.close
set rstemp=nothing
set conntemp=nothing
%>
</body>
</html>
The password table as you see is in a OBDC database in a table LOGINS. This table has three fields: LOGINID, UIPWD (both CHAR) and RESELLER (an INTEGER). The login is able to get the LOGINID correctly as a I get the right error message if I use an ID that's in the table. If I put in a valid ID, I always get a password error. I've double checked the spellings, capitalization, etc.
The RESELLER tag is added after a valid login to append to queries so that each reseller is getting their own info.
What am I missing??
| 
Printable Version 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread