Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

classic asp password validation sql

Tags:

html

sql

passwords

asp-classic

vbscript

If i had a login page that got user input for username and password, how would i post that information to another page that is gonna be used to store subs and procedures so other pages will include that page so I can minimise the amount of times i type up a connection string.

So I have login.asp which i want to post login credentials to include.asp which will never be opened by if users login details are correct it would then be directed to table.asp. If incorrect it should show an error message in the login.asp page.

I've provided the code for include.asp file which will never be seen by a user below

Dim objCon, SQL, objRS

'Connect to Database
sub connect()

    Set objCon = CreateObject("ADODB.Connection")
    Set objRS = CreateObject("ADODB.Recordset")
    objCon.Open "Provider=SQLOLEDB.1;Password=xxxx;Persist Security Info=True;User ID=xxxx;Initial Catalog=Customer;Data Source=xxxx"   
    SQL = "SELECT * FROM Customer"  
    objRS.open SQL, objCon

end sub


sub connectionClose()

    objRS.close
    objCon.close   

end sub
like image 661
kurupt_89 Avatar asked May 12 '26 02:05

kurupt_89

1 Answers

let me post with code tag so it helps.

so u got login.asp,validateLogin.asp, table.asp ( they all got include.asp)

Login.asp post the credentials to validatelogin.asp

once in validatelogin.asp

dim username : username = request.form("username")
dim password: password = request.form("password")
'here for security purpose u will want to replace all the single quote in username and password with 2x single quote (you do that to avoid SQL injection form bots / hackers
username = replace(username ,"'","''")
password = replace(password,"'","''")
sqlValidateUser = "SELECT top 1 * FROM Customer where username='"&&"' and password = ''"
set rsValidateUser = objCon.execute(sqlValidateUser)
if not rsValidateUser.eof then
   session("authentified") = "1"
   response.redirect("table.asp")
   response.end()
else
   response.redirect("YOUR_ERROR_PAGE.asp")
   response.end()
end if
rsValidateUser.close

then in your include.asp u will want something like :

'Validating if your NOT on login.asp or loginvalidate.asp ... if not Check if your logged in ... if not redirect to error page or login form
    if not instr(lcase(request.servervariable("url")),"login.asp") > 0 and not instr(lcase(request.servervariable("url")),"validatelogin.asp") > 0 then
       if session("authentified") = "1" then
          response.redirect("your_Error_page.asp")
       end if
    end if

not 100% sure about the include.asp code i did not validate any of it but it should look like that

like image 153
Lil'Monkey Avatar answered May 14 '26 17:05

Lil'Monkey
Sign in to Comment

Related questions

How to add a default value if empty?
How to block or ignore a specific color in the HTML input type color picker?
Firefox isn't choosing username/email field when remembering form inputs
HTML 5 localstorage

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!