Inserting Random Passwords into Database

[Miranda]

Hi, I have a ASP/vbscript program that generates random passwords. The
problem is I need to insert those passwords into an Access database of
327 clients.

I have the random password program generating the 327 passwords, but
have had no luck inserting them.
===============================================
Here is the code that generates the passwords:
===============================================
<% Option Explicit %>
<%
Dim X
Response.Write "<HTML>" & vbCrLf
Response.Write "<HEAD>" & vbCrLf
Response.Write "<TITLE> ASP Random Password Generator v1.1 - by Carl
Mercier ([email protected])</TITLE>" & vbCrLf
Response.Write "</HEAD>" & vbCrLf
Response.Write "<BODY>" & vbCrLf
Response.Write "<FONT FACE=COURIER>" & vbCrLf

Response.Write "<B>Fixed length (5 character) passwords</B><BR>" &
vbCrLf

For X = 0 To 326
'Response.Write RandomPW(5) & "<br>" & vbCrLf
Next

Response.Write "</FONT>" & vbCrLf
Response.Write "</BODY>" & vbCrLf
Response.Write "</HTML>" & vbCrLf



Function RandomPW(myLength)
'These constant are the minimum and maximum length for random
'length passwords. Adjust these values to your needs.
Const minLength = 5
Const maxLength = 5

Dim X, Y, strPW

If myLength = 0 Then
Randomize
myLength = Int((maxLength * Rnd) + minLength)
End If


For X = 1 To myLength
'Randomize the type of this character
Y = Int((3 * Rnd) + 1) '(1) Numeric, (2) Uppercase, (3) Lowercase

Select Case Y
Case 1
'Numeric character
Randomize
strPW = strPW & CHR(Int((9 * Rnd) + 48))
Case 2
'Uppercase character
Randomize
strPW = strPW & CHR(Int((25 * Rnd) + 65))
Case 3
'Lowercase character
Randomize
strPW = strPW & CHR(Int((25 * Rnd) + 97))

End Select
Next

RandomPW = strPW

End Function

%>
===============================================
I tried:
===============================================
Response.Write "<B>Fixed length (5 character) passwords</B><BR>" &
vbCrLf
Response.Write "<form method='post'
action='insertPasswordsADMIN.asp'>" & vbCrLf
For X = 0 To 326
'Response.Write RandomPW(5) & "<br>" & vbCrLf
Response.Write "<input type='text' name='GenPassWord'
value='RandomPW(5)'>"& vbCrLf

Next
Response.Write "<input type='submit' name='update' value='Update'>"&
vbCrLf
Response.Write "</form>" & vbCrLf
===============================================
....with no luck.
===============================================
===============================================
Here is my code for 'insertPasswordsADMIN.asp':
===============================================

<%@LANGUAGE="JAVASCRIPT" CODEPAGE="1252"%>
<!--#include file="../adojavas.inc"-->

<%
var conn;
var rs;
var sSQL;

rs=Server.CreateObject("ADODB.Recordset");
conn = Server.CreateObject("ADODB.connection");
conn.Open("mydata");

sSQL = "SELECT InvestPassword ";
sSQL += " FROM invest ; "

rs.Open(sSQL,conn);
//Response.write(sSQL);


if (!rs.eof) {
while (!rs.eof){

sSQL += " Insert INTO invest ";
sSQL += " (InvestPassword)";

//expecting values

sSQL += " VALUES ("
sSQL += " '" + Request.form("GenPassWord") + "');"

rs = conn.Execute(sSQL);
rs.MoveNext();
}
}

%>
===============================================
....This line 'rs = conn.Execute(sSQL);' is coughing up an error??
===============================================
Now, one of my problems is that the password generator is in VBScript,
and I code in JavaScript. Although I have some understanding of
VBscript from having to translate it into JavaScript - I am definately
not a pro.
My alternative to figuring this out is inserting the passwords into
the database manually, I'd REALLY rather not do that!

Any Suggestions would be greatly appreciated!!
Thank you in advance for anybody who would like to help me tackle this
problem!

Miranda Johnsen

 

[Aaron Bertrand - MVP]

Why do you need two pages and a form to do this? Also, even though you code
in JavaScript, since you have a method in VBScript (and I assume this is
just an admin, one-off page that only needs to be run once), why can't the
whole page be in VBScript? And in a one-off page, why does the length
passed into the randomPW function have to be variable? Why are you using a
DSN (see http://www.aspfaq.com/2126)? Finally, what's with the "my" prefix
all over the place... should I expect to find prefixes on other functions
and variable names, like his, her, Bob's, etc?

<%
function randomPW(length)
randomize
...
randomPW = whatever
end function

set conn = CreateObject("ADODB.connection")
conn.open "mydata"
for x = 0 to 326
sql = "INSERT invest (InvestPassword)" & _
" VALUES('" & randomPW(5) & "')"
conn.execute sql, , 129
next
conn.close: set conn = nothing
%>

That's it. Just hit the page, get a coffee, and when you come back, you
will have 327 randomized passwords in the table invest. Note: I did not
inspect the RandomPW function to see if it could be optimized, nor did I do
anything to prevent multiple passwords from being identical.

 

[Miranda johnsen]

Aaron,
Thank you for your previous response.
Just to let you know the myWhatevers were already in the code when I got
it (I did'nt write it). And I only used 'myData' for an example for a
DSN, that's not what I've really named it. I know I should be using
DSN-less connections, right now it works so...

I did what you recomended and it worked, but it is not inserting the
passwords into the right rows. I already have several other columns in
this table that have info regarding the 200+ clients (some clients have
more than one row, so I guess I should be testing for clientID and only
inserting one password value per clientID). I've added the password
colum to the table and now I need to insert the passwords into the empty
records for the clients.


What is happening when I run the program as it is, is that it insert the
300+ passwords before the clients and I end up with 600+ rows, but still
no passwords for the clients. Am I making sense?
Do you know how to fix this??

Thanks again,
Miranda

 

[Aaron Bertrand [MVP]]

I did what you recomended and it worked, but it is not inserting the

passwords into the right rows. I already have several other columns in
this table that have info regarding the 200+ clients (some clients have
more than one row, so I guess I should be testing for clientID and only
inserting one password value per clientID). I've added the password
colum to the table and now I need to insert the passwords into the empty
records for the clients.

Then you need an update statement, not an insert statement!

However, before I can tell you how to proceed, I need to know what your
primary key is.

A

 

[Miranda johnsen]

I was wondering about that :s
The table I'm working in is called Investors, there is no primary key in
there, but the InvestorId is the Key to Investors File.
-Miranda

 

[Aaron Bertrand [MVP]]

Okay, so you would do this:

<%
function randomPW(length)
'... blah ...
end function

set conn = CreateObject("ADODB.connection")
conn.open "mydata"

set rs = conn.execute("SELECT InvestorID FROM Invest")
do while not rs.eof
' assuming InvestorID is an integer!
sql = "UPDATE invest SET password = " & _
"'" & randomPW(5) & "'" & _
" WHERE InvestorID = " & InvestorID
conn.execute sql, , 129
rs.movenext
loop

rs.close: set rs = nothing
conn.close: set conn = nothing
%>

This certainly isn't very efficient. I'm also curious what you're going to
do when another investor gets added to the table...

If you were using MSDE or another flavor of SQL Server, this would be far,
far easier.

 

[Aaron Bertrand [MVP]]

there is no primary key in there,

Why not? How do you plan to ensure data integrity?

 

[Miranda johnsen]

The Access Database I am using from extracted tables from the main
company database. Because there are so many clients, he exported
pertinent tables into a seperate web database so when content on the
main database changes, like a new client is added and so forth, he will
not have to enter redundant information online, he just re-exports the
tables to the web database and re-uploads the database.
Probably not the best way to go about it, but it works.

I have a seperate access database for non-client related data for
content that is only online.

As for generating a password for a new client, I don't think (I hope) I
will have too much troubel writing a page for him to generate a password
for a new user online. I could have it so he selects the member to add a
password for and run the script to generate it and update that record.

Ironically, I've spent more time trying to figure out how to do this
automatically than if I had of just put the values in manually!

This is one of the last steps in my project and I'm almost at my
deadline so I really the advice/help you have given me.
I'll let you know how it goes!
Cheers,
Miranda

 

[Miranda johnsen]

there is no primary key in there,

Why not? How do you plan to ensure data integrity?

hm, well I have a database with 6 tables.
3 of these tables contain a Primary Key.
TableA and TableB have certificateNumber as their PrimaryKey. They also
have InvestorID in them. The Table I need, the InvestorsTable,where I
inserted the Password column, and also has the InvestorID in it.

I don't believe this convoluted explaination is helping to answer your
question. I guess my answer is I don't know :s
I didn't realize my integrity was at risk!
-miranda

 

[Aaron Bertrand [MVP]]

I don't believe this convoluted explaination is helping to answer your

question. I guess my answer is I don't know :s
I didn't realize my integrity was at risk!

First I'll state the disclaimer that this does not apply to every last
situation in the world. I have some tables without primary keys, and I can
explain why if you'd like.

However.

A table is meant to represent a set of unique entities. A primary key
enforces the fact that, whatever makes those entities unique, cannot be
repeated (and will always *uniquely* define that entity, or in simpler
terms, row). If you don't have a primary key (or a unique constraint,
though I'm not sure those are supported in Access) then it's difficult to
prevent your data from becoming corrupt. Depending on the complexity of
your schema, this corruption (e.g. having two investorIDs in your investors
table, for example) could be anywhere from mildly annoying, to downright
disastrous.

 

[Miranda johnsen]

Aaron? Still around?

I've created a new table in the database for the clients
username, password and email.
It consists of:

1) MemberID
(this is the primaryKey and Not an integer, value is
CP00010 and increases from there).

2) MemberPW
(random generated password, client will have the
option to change this password if they choose)

3) ClientEmail
(not always present and not required yet)

I've altered the SQL statement to reflect these changes
and MemberID is coming up as undefined, more
specific, this is the error:
Variable is undefined: 'MemberID'

I am assuming this is because MemberID is not an
integer.I may be wrong (It would'nt be the first time!). Is
there a way around this? The MemberID is used
throughout the database to connect the data to the
members.

If you have a solution to this, I thank you in advance.
Sincerely,
Miranda Johnsen

 

[Aaron Bertrand - MVP]

I've altered the SQL statement to reflect these changes

and MemberID is coming up as undefined, more
specific, this is the error:
Variable is undefined: 'MemberID'

I am assuming this is because MemberID is not an
integer.I may be wrong (It would'nt be the first time!). Is
there a way around this?

I can't see your code. You're going to have to show the code that produces
this error if you expect anyone to be able to troubleshoot it.

 

[Bob Barrows]

Show the relevant bit of code, please.

Bob Barrows

 

[Aaron Bertrand - MVP]

Hey, get out of here for a minute and check your e-mail!

 

[Bob Barrows]

Hey, get out of here for a minute and check your e-mail!

Done