«

Hi,

I'm pretty new with ASP-coding, but I got a simple login working. I let
the user enter a username and password and through a SQL-statement I
check if there is a corresponding password in the database (Yes I know,
not very good security but for the moment it's enough). Problem is that
when I enter a false user/password, I want the code to redirect to
another .asp-page which states the user is not valid. Problem lies
within the statement "if rsMOS is nothing then response.redirect
"VWGloginAgain.asp" ". Somehow, the code does not return 'nothing' but
something else.

How do I figure out what it returns? Or, how can I make sure it returns
a 'nothing' when no such password is found in the database?

Here's my code snippet ('usr' and 'ww' are defined earlier; furthermore
I've left out the redirects, but I've tested the first
if-then-conditions and they work fine... Just the 'nothing' does not
work):

<%
dim dsn
dim conn
dim rsMOS
dim strSQL

dsn="dsn=VWG"

set Conn = Server.CreateObject("ADODB.connection")
Set rsMOS = Server.CreateObject("ADODB.Recordset")
Conn.Open dsn
strSQL = "SELECT usr FROM VWGusr WHERE pw='"&ww&"'"
rsMOS.Open strSQL,Conn

if (not rsMOS is nothing) and (Not (rsMOS.BOF And rsMOS.EOF)) and usr
= "admin" then
response.write("User is admin<br>")
end if

if (not rsMOS is nothing) and (Not (rsMOS.BOF And rsMOS.EOF)) Then
response.write("User is present in DB<br>")
end if

if rsMOS is nothing Then
response.write("Usernot present, should redirect to
VWGloginAgain...<br>")
end if

rsMOS.close
set rsMOS = nothing
conn.close
set conn = nothing

%>

Avlan wrote:
> Hi,
>
> I'm pretty new with ASP-coding, but I got a simple login working. I
> let the user enter a username and password and through a
> SQL-statement I check if there is a corresponding password in the
> database (Yes I know, not very good security but for the moment it's
> enough). Problem is that when I enter a false user/password, I want
> the code to redirect to another .asp-page which states the user is
> not valid. Problem lies within the statement "if rsMOS is nothing
> then response.redirect "VWGloginAgain.asp" ". Somehow, the code does
> not return 'nothing' but something else.

rsMOS will probably not be "nothing". Its EOF property will be true if it
did not receive any records from the sql statement you used. The only thing
you need to check for is EOF

Bob Barrows

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

Thx, that did the trick.

>I'm pretty new with ASP-coding, but I got a simple login working. I let
>the user enter a username and password and through a SQL-statement I
>check if there is a corresponding password in the database (Yes I know,
>not very good security but for the moment it's enough).

Seems like normal login security to me unless of course you want the
login page to use SSL and thus start with https:// instead of http://
and that of course would require a certificate.

And for a related link:

Classic ASP Design Tips - Login Page
http://www.bullschmidt.com/devtip-loginpage.asp

Best regards,
J. Paul Schmidt, Freelance Web and Database Developer
http://www.Bullschmidt.com
Access Database Sample, Web Database Sample, ASP Design Tips

Well it WOULD be normal security if I would actually check the
username-password combination... At this point I only check the if the
submitted password is in the DB, regardless of username