Dear Someone who can help me,

I have a problem. Whenever I input a correct username and password, the "car.asp" page appears. But whenever I put the wrong
username and password, the "car.asp" still appears. what's wrong with my codes?..

Here's my Code:


<script type = "text/javascript">



<%
Sub CheckLogin
Dim Conn, rs, sql


set Conn = server.createobject("adodb.connection")
Conn = "Provider=sqloledb;Data Source=datasource;" & _
"Initial Catalog=catalog;User Id=user;Password=password;"
Set rs = Server.CreateObject( "ADODB.Recordset" )

sql = "SELECT * FROM CarInfo WHERE EmpID = '"&username&"'"

rs.Open sql, Conn
Session("UserLoggedIn") = "false"
Do While Not rs.EOF
If Request.myform("username") = rs("EmpID") And Request.myform("pword") = rs("Password") Then
Session("UserLoggedIn") = "true"
Exit Do
End If
rs.MoveNext
Loop
rs.Close
Conn.Close



If Session("UserLoggedIn") = "true" Then
Response.Redirect ("car.asp")
Else
Response.Write("Login Failed.<br><br>")
ShowLogin
End If

:(
End Sub

%>



</script>
<body background="back.jpg">

<form action= "car.asp" method="post" name="login" id="login>

<h1><center> Company Name </center></h1>
<h2><center> Project System </center></h2>
<br/><br/><br/><p> <Center> Enter Username and Password </center> </p> <br/>
<p><center> USER NAME <input type="text" name="username"> <br/><br/> PASSWORD <input type="password" name="pword"><br/><br/>
<input type="submit" value="Login" onclick= "UserLoggedIn()">
</center> </p>

</form>


</body>


Kindly help me.. I really need help.

Thank you,
Paula

Could you add your files as attachments please?

It's hard from what you've shown to understand how any of it works.

You have no runat="server" tags, you're using a lot of depreciated code and you're trying to parse VB as Javascript and treating VB as a non-explicit language.

Which version of Visual Studio are you using as an IDE and what ASP.NET Framework are you working to?

If you have the connection strings and authentication sorted in Web.config and the database set up correctly in the correct, protected, folder (Right-Click on project->Add ASP.NET Folder->App_Data) then that entire code block you posted can be reduced down to a single line.


<asp:Login ID="LoginPanel" runat="server" DestinationPageUrl="~/car.aspx" />

Hi.. thank you for your reply..

I now changed my whole codes..

what happens is..
My GUI appears on page load. I tried to type a correct username and password but it is directing on the same login page..

here's my codes..


<%
Response.Expires = -1000 'Makes the browser not cache this page
Response.Buffer = True 'Buffers the content so our Response.Redirect will work
Session("UserLoggedIn") = ""
If Request.Form("username")<>"" AND Request.Form("pword")<>"" Then
CheckLogin
Else
ShowLogin
End If

Sub ShowLogin
%>



<body background="back.jpg">

<form name="login" id="login>

<h1><center> Company Name </center></h1>
<h2><center> Project</center></h2>
<br/><br/><br/><p> <Center> Enter Username and Password </center> </p> <br/>
<p><center> USER NAME <input type="text" name="username"> <br/><br/> PASSWORD <input type="password" name="pword"><br/><br/>
<input type="submit" value="Login">
</center> </p>

</form>


</body>



<%
End Sub

Sub CheckLogin
Dim Conn, rs, sql


set Conn = server.createobject("adodb.connection")
Conn = "Provider=sqloledb;Data Source=datasource;" & _
"Initial Catalog=catalog;User Id=user;Password=password;"
Set rs = Server.CreateObject( "ADODB.Recordset" )

sql = "SELECT * FROM CarInfo WHERE EmpID = '"&username&"'"

Set rs = conn.execute(sql)

rs.Open sql, Conn
Session("UserLoggedIn") = "false"
Do While Not rs.EOF
If Request.form("username") = rs("EmpID") And Request.form("pword") = rs("Password") Then
Session("UserLoggedIn") = "true"
Exit Do
End If
rs.MoveNext
Loop
rs.Close
Conn.Close



If Session("UserLoggedIn") = "true" Then
Response.Redirect "protectedpage.asp"
Else
Response.Write("Login Failed.<br><br>")
ShowLogin
End If


End Sub

%>

Help me please...

Thank you so much,
Paula

Hi,

Within the editor on this forum, we have some handy tools to help display code.

When posting code, could you please wrap it within
or
tags. This will preserve the indenting for your code and add syntax highlighting.

Thank you.

From first inspection with the code that you've posted, you have 9 errors, 15 warnings and 2 messages. You have mis-declared variables, malformed code and you have no DOCTYPE, html or head tags on the page. The <center></center> tags have now been depreciated, you should align your code using CSS; they also can't be nested within <p></p> or <h(x)></h(x)> tags.

Visual Studio should tell you all this and shouldn't allow you to deploy the site in this condition.

For best practice, you should use code-behind scripts with ASP.NET.

Try setting up the page like this:

Login.aspx:

<%@ Page Language="VB" AutoEventWireup="false" CodeFile="Login.aspx.vb" Inherits="_Login" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!-- Page Title -->
<title>Login Page</title>
<!-- Meta Block -->
<meta content="text/html; charset=iso-8859-1" http-equiv="content-type" />
<meta content="Login Page" name="description" />
<meta content="login, page" name="keywords" />
<meta content="all,index,follow" name="robots" />
<meta content="noodp" name="msnbot" />
<meta content="global" name="distribution" />
<!-- CSS Stylesheet Links -->
<link href="default.css" rel="stylesheet" type="text/css" />
</head>
<body>
<form id="pagewide_form" runat="server">
<div id="page">
<form id="login" action="<%= Request.ServerVariables("SCRIPT_NAME") %>" runat="server">
<h1 class="centreText">
Company Name
</h1>
<h2 class="centreText">
Project
</h2>
<br />
<br />
<br />
<p class="centreText">
Enter Username and Password
</p>
<br />
<p class="centreText">
USER NAME
<input type="text" id="txtUser" runat="server" />
<br />
<br />
PASSWORD
<input type="password" id="txtPass" runat="server" /><br />
<br />
<input type="submit" id="btnGo" value="Login" runat="server" />
</p>
</form>
</div>
</form>
</body>
</html>


Login.aspx.vb:

Option Explicit On
Option Strict On

Partial Class _Login
Inherits System.Web.UI.Page

Protected Sub Page_Load(sender As Object, e As System.EventArgs) Handles Me.Load
Response.Expires = -1000 'Makes the browser not cache this page
Response.Buffer = True 'Buffers the content so our Response.Redirect will work
Session("UserLoggedIn") = ""
If Request.Form("txtUser") <> "" And Request.Form("txtPass") <> "" Then
CheckLogin()
End If
End Sub

Sub CheckLogin()
Dim db As New ADODB.Connection
Dim cmd As New ADODB.Command
Dim rs As New ADODB.Recordset

db.ConnectionString = "Provider=sqloledb;Data Source=datasource;Initial Catalog=catalog;User Id=user;Password=password;"
Dim sql As String = "SELECT * FROM CarInfo WHERE EmpID = '" & txtUser.Value & "'"

db.Open()
rs = db.Execute(sql)

Session("UserLoggedIn") = "false"
Do While Not rs.EOF
If Request.Form("txtUser") Is rs("EmpID") And Request.Form("txtPass") Is rs("Password") Then
Session("UserLoggedIn") = "true"
Exit Do
End If
rs.MoveNext()
Loop
db.Close()

If Session("UserLoggedIn") Is "True" Then
Response.Redirect("protectedpage.asp")
Else
Response.Write("Login Failed.<br /><br />")
End If

End Sub
End Class


default.css:

*, html
{
padding: 0;
margin: 0;
}

body
{
background: #ffffff url( 'back.jpg' ) no-repeat;
}

.centreText
{
text-align: center;
margin: auto;
}

From first inspection with the code that you've posted, you have 9 errors, 15 warnings and 2 messages. You have mis-declared variables, malformed code and you have no DOCTYPE, html or head tags on the page. The <center></center> tags have now been depreciated, you should align your code using CSS; they also can't be nested within <p></p> or <h(x)></h(x)> tags.

[/PHP]

Indeed, we really do need to set up a forum for coding practices, just as an extension to what apache said, you should be using CSS in order to position as well as backgrounds, which you've put in the body tag. Also, you can just use


text-align: center;

As an alternative for <center>