Wrong ID and password should give error
hello i m working on asp 3.0
and have login screen and i m using the following code for userid and passwor
Code:
<!--#include file="Connection.inc"-->
<html>
<head>
<%
CheckLogin
Sub CheckLogin
if ( (Request.form("Login") <> "") and (Request.form("password") <> "")) then
SQL_query = "SELECT Admin.Login, Admin.Pwrd FROM Admin WHERE Admin.Login = '" & Request.form("Login") & "' AND Admin.pwrd = '" & Request.form("Password") & "'"
'dim b
Set RS = ChuckemConn.Execute(SQL_query)
WHILE NOT RS.EOF
if RS.fields("Login")= Request.form("Login") and RS.fields("pwrd")= Request.form("Password") then
'response.write("Welcome to Administrator Area")
Session("UserLoggedIn") = "true"
Response.redirect("Games.asp")
end if
RS.MoveNext
WEND
if (Session("UserLoggedIn") = "false") then
Response.write("In valid user name and password")
end if
RS.close
ChuckemConn.Close
end if
End Sub
%>
<script Language="JavaScript">
<!--
function Blank_TextField_Validator()
{
// Check the value of the element named text_name
// from the form named f1
if (f1.Login.value == "")
{
// If null display and alert box
alert("Enter Login Name.");
// Place the cursor on the field for revision
f1.Login.focus();
// return false to stop further processing
return (false);
}
// If Login is not null continue processing
else if (f1.Password.value == "")
{
// If null display and alert box
alert("Enter Password .");
// Place the cursor on the field for revision
f1.Password.focus();
// return false to stop further processing
return (false);
}
// If Login is not null continue processing
return (true);
}
-->
</script>
</head>
<body>
<table border=0 width=100% height=100%><tr><td>
<form method="Post" name="f1" action="Login.asp" onsubmit="return Blank_TextField_Validator()">
<table align="center">
<tr bgcolor="3399FF">
<td align=center colspan=2 color: navy;">
Admin Login</td>
</tr>
<tr bgcolor="99CCFF">
<td >Enter Login
</td>
<td><input type="text" name="Login" />
</td>
</tr>
<tr bgcolor="99CCFF">
<td>Enter Password
</td>
<td><input type="Password" name="Password" />
</td>
</tr>
<tr bgcolor="99CCFF">
<td align="center" colspan=2><input type="submit" value="Login" />
</td>
</tr>
</table>
</form></td></tr>
</table>
</body>
</html>
I want that if user input wrong userid and password the screen should prompt In valid userid and password..
i write these statemnet to check
Code:
if (Session("UserLoggedIn") = "false") then
Response.write("In valid user name and password")
end if
but its useless
could any one let me know how to show error mesage on same page
Re: Wrong ID and password should give error
Just because you haven't set UserLoggedIn to true does not mean its value will be false. If you haven't set it, it will return an empty string. Two ways to get around it. Either set UserLoggedIn to false before checking the username and password or check if UserLoggedIn = "". Your code is also very prone to a SQL injection attack. On your login form try entering this in your username and password boxes and see what happens.
bob or 1=1
