G
Guest
Hi,
I have a login page. Where user enters an email and password. Then I;m
checking if user account is active or not. Before a user can login, he needs
to activate his account. If the account is active then Active field is set
to yes (1) otherwise to no (0).
If the user’s account is active then I check whether this is user’s first
visit or not. If it is user’s first visit then I redirect user to
‘newuser.asp’ page otherwise to ‘returnuser.asp’.
If the user’s account is not active then I send the user to login page with
‘default.asp?pw=0’
For some reason the SQL statement
strSQL = "SELECT * FROM testusers " & "WHERE E_Mail='" &
Request.Form("txtEmail") & "' AND Password = '" & Request.Form("txtUserPass")
& "' AND Active = 1 ;"
is not working because I can see that the user’s account is active, email
and password all exist in the database but the script keeps directing the
user to loginpage as if the record doesn’t exist.
The SQL query that above statemtn produces is,
SELECT * FROM testusers WHERE E_Mail='(e-mail address removed)' AND Password =
'joegreen' AND Active = 1 ;
I am not able to find the mistake I am making. Can someone help me please.
Thanks,
Joe
<%
'Using a DSN connection.
Dim objConn
Dim objRS
Set objConn = Server.CreateObject("ADODB.Connection")
'objConn.ConnectionString = "DSN=PKMSolutionEval"
objConn.Open "Provider=Microsoft.Jet.OLEDB.4.0;" & _
"Data Source=E:\ databases\test.mdb;"
Set objRS=Server.CreateObject("ADODB.Recordset")
'objRS.Open "testusers", objConn
strSQL = "SELECT * FROM testusers " & "WHERE E_Mail='" &
Request.Form("txtEmail") & "' AND Password = '" & Request.Form("txtUserPass")
& "' AND Active = 1 ;"
objRS.Open strSQL, objConn, adOpenForwardOnly, adLockReadOnly, adCmdText
If Not objRS.EOF And Not objRS.BOF Then
If objRS.Fields("First_Visit") = "True" Then
'first time visitor
strSQL = "UPDATE dndusers SET First_Visit = 0 WHERE E_Mail='" &
Request.Form("txtEmail") & "' AND Password = '" & Request.Form("txtUserPass")
& "';"
Set updateCmd = Server.CreateObject("ADODB.Command")
With updateCmd
.ActiveConnection = objConn
.CommandText = strSQL
.Execute
End With
objRS.Close()
objConn.Close()
Set objConn = Nothing
Response.Redirect("newuser.asp")
Else
'retruning user
objRS.Close()
objConn.Close()
Set objConn = Nothing
Response.Redirect("returnuser.asp")
End If
Else
'user don't exisit
objRS.Close()
objConn.Close()
Set objConn = Nothing
Response.Redirect("default.asp?pw=0")
End If
objConn.Close()
Set objConn = Nothing
%>
I have a login page. Where user enters an email and password. Then I;m
checking if user account is active or not. Before a user can login, he needs
to activate his account. If the account is active then Active field is set
to yes (1) otherwise to no (0).
If the user’s account is active then I check whether this is user’s first
visit or not. If it is user’s first visit then I redirect user to
‘newuser.asp’ page otherwise to ‘returnuser.asp’.
If the user’s account is not active then I send the user to login page with
‘default.asp?pw=0’
For some reason the SQL statement
strSQL = "SELECT * FROM testusers " & "WHERE E_Mail='" &
Request.Form("txtEmail") & "' AND Password = '" & Request.Form("txtUserPass")
& "' AND Active = 1 ;"
is not working because I can see that the user’s account is active, email
and password all exist in the database but the script keeps directing the
user to loginpage as if the record doesn’t exist.
The SQL query that above statemtn produces is,
SELECT * FROM testusers WHERE E_Mail='(e-mail address removed)' AND Password =
'joegreen' AND Active = 1 ;
I am not able to find the mistake I am making. Can someone help me please.
Thanks,
Joe
<%
'Using a DSN connection.
Dim objConn
Dim objRS
Set objConn = Server.CreateObject("ADODB.Connection")
'objConn.ConnectionString = "DSN=PKMSolutionEval"
objConn.Open "Provider=Microsoft.Jet.OLEDB.4.0;" & _
"Data Source=E:\ databases\test.mdb;"
Set objRS=Server.CreateObject("ADODB.Recordset")
'objRS.Open "testusers", objConn
strSQL = "SELECT * FROM testusers " & "WHERE E_Mail='" &
Request.Form("txtEmail") & "' AND Password = '" & Request.Form("txtUserPass")
& "' AND Active = 1 ;"
objRS.Open strSQL, objConn, adOpenForwardOnly, adLockReadOnly, adCmdText
If Not objRS.EOF And Not objRS.BOF Then
If objRS.Fields("First_Visit") = "True" Then
'first time visitor
strSQL = "UPDATE dndusers SET First_Visit = 0 WHERE E_Mail='" &
Request.Form("txtEmail") & "' AND Password = '" & Request.Form("txtUserPass")
& "';"
Set updateCmd = Server.CreateObject("ADODB.Command")
With updateCmd
.ActiveConnection = objConn
.CommandText = strSQL
.Execute
End With
objRS.Close()
objConn.Close()
Set objConn = Nothing
Response.Redirect("newuser.asp")
Else
'retruning user
objRS.Close()
objConn.Close()
Set objConn = Nothing
Response.Redirect("returnuser.asp")
End If
Else
'user don't exisit
objRS.Close()
objConn.Close()
Set objConn = Nothing
Response.Redirect("default.asp?pw=0")
End If
objConn.Close()
Set objConn = Nothing
%>