Wrong ID and password should give error

[ERUM]

hello i m working on asp 3.0

and have login screen and i m using the following code for userid and passwor

Code:

<!--#include file="Connection.inc"-->



<html>
<head>
<%


CheckLogin


Sub CheckLogin
if ( (Request.form("Login") <> "") and  (Request.form("password") <> ""))  then
SQL_query = "SELECT Admin.Login, Admin.Pwrd  FROM Admin WHERE Admin.Login = '" & Request.form("Login") & "' AND Admin.pwrd = '" & Request.form("Password") & "'"
'dim b
	Set RS = ChuckemConn.Execute(SQL_query)
	WHILE NOT RS.EOF
	if RS.fields("Login")= Request.form("Login")  and RS.fields("pwrd")= Request.form("Password") then
	 'response.write("Welcome to Administrator Area")
	Session("UserLoggedIn") = "true"
	Response.redirect("Games.asp")
	
	end if
     RS.MoveNext 
     WEND



if (Session("UserLoggedIn") = "false") then
Response.write("In valid user name and password")
end if

RS.close
ChuckemConn.Close

end if
End Sub


%>



<script Language="JavaScript">
<!-- 
function Blank_TextField_Validator()
{
// Check the value of the element named text_name
// from the form named f1
if (f1.Login.value == "")
{
// If null display and alert box
alert("Enter Login Name.");
// Place the cursor on the field for revision
f1.Login.focus();
// return false to stop further processing
return (false);
}
// If Login is not null continue processing


else if (f1.Password.value == "")
{
// If null display and alert box
alert("Enter Password .");
// Place the cursor on the field for revision
f1.Password.focus();
// return false to stop further processing
return (false);
}
// If Login is not null continue processing



return (true);
}
-->
</script>

</head>
<body>
 <table border=0 width=100% height=100%><tr><td>
<form method="Post" name="f1" action="Login.asp" onsubmit="return Blank_TextField_Validator()">
 

     <table  align="center">
            <tr bgcolor="3399FF">
                <td  align=center colspan=2  color: navy;">
                    &nbsp;Admin &nbsp;Login</td>
                
            </tr>
            <tr bgcolor="99CCFF">
                <td >Enter Login
                </td>
                <td><input type="text" name="Login" />

                </td>
            </tr>
            <tr bgcolor="99CCFF">
                <td>Enter Password
                </td>
                <td><input type="Password" name="Password" />

                </td>
            </tr>
            
          
            <tr bgcolor="99CCFF">
                <td align="center" colspan=2><input type="submit" value="Login" />

                </td>
                
            </tr>
         </table>
</form></td></tr>

</table>


</body>
</html>

I want that if user input wrong userid and password the screen should prompt In valid userid and password..

i write these statemnet to check

Code:

if (Session("UserLoggedIn") = "false") then
Response.write("In valid user name and password")
end if

but its useless
could any one let me know how to show error mesage on same page

[MarkT]

Just because you haven't set UserLoggedIn to true does not mean its value will be false. If you haven't set it, it will return an empty string. Two ways to get around it. Either set UserLoggedIn to false before checking the username and password or check if UserLoggedIn = "". Your code is also very prone to a SQL injection attack. On your login form try entering this in your username and password boxes and see what happens.

bob or 1=1