Issues with Logon pages

Discussion in 'C#' started by markj005, Sep 3, 2009.

0
  1. #1
    I have created a Webfront end user ASPRunner although when you login the first time it doesn't let you login although the second time you try it does! here is the code below any thoughts?

    <!--#include file="include/dbcommon.asp"-->
    <%if request.form("a")="logout" or request.querystring("a")="logout" then
    session.Abandon()
    Response.Cookies("username")=""
    Response.Cookies("password")=""
    Response.Redirect "login.asp"
    response.end
    end if%>
    <!--#include file="libs/xtempl.asp"-->
    <%

    dim xt
    set xt = new XTempl


    dbConnection = ""
    db_connect()
    DoEvent "BeforeProcessLogin dbConnection"

    myurl=SESSION("MyURL")
    SESSION("MyURL")=""

    defaulturl=""
    defaulturl="menu.asp"





    strMessage=""

    pUsername=postvalue("username")
    pPassword=postvalue("password")

    rememberbox_checked=""
    rememberbox_attrs = "name=""remember_password"" value=""1"" "
    if request.Cookies("username")<>"" or request.Cookies("password")<>"" then rememberbox_checked=" checked"


    if request.form("btnSubmit") = "Login" then
    if request.form("remember_password") = 1 then
    Response.Cookies("username") = pUsername
    Response.Cookies("username").Expires = DateAdd("yyyy", 1, Now())
    Response.Cookies("password") = pPassword
    Response.Cookies("password").Expires = DateAdd("yyyy", 1, Now())
    rememberbox_checked=" checked"
    else
    Response.Cookies("username") = ""
    Response.Cookies("password") = ""
    rememberbox_checked=""
    end if
    ' username and password are stored in the database
    Set rs = server.CreateObject("ADODB.Recordset")


    strUsername = pUsername
    strPassword = pPassword

    Set rsTemp = server.CreateObject("ADODB.Recordset")
    rsTemp.Open "select * from [dbo].[Security] where 1=0",dbConnection,1,2

    if FieldNeedQuotes(rsTemp,cUserNameField) then
    strUsername="'" & db_addslashes(strUsername) & "'"
    else
    strUsername=my_numeric(strUsername)
    end if
    if FieldNeedQuotes(rsTemp,cPasswordField) then
    strPassword="'" & db_addslashes(strPassword) & "'"
    else
    strPassword=my_numeric(strPassword)
    end if
    rsTemp.close

    strSQL = "select * from [dbo].[Security] where " & AddFieldWrappers(cUserNameField) & _
    "=" & strUsername & " and " & AddFieldWrappers(cPasswordField) & "=" & strPassword
    RetVal = True
    DoEvent "RetVal = BeforeLogin(pUsername, pPassword)"
    if RetVal = False then strSQL="select * from [dbo].[Security] where 1<0"

    rs.Open strSQL,dbConnection, 1, 2
    'Call ReportError
    if not rs.EOF then
    strPassword = pPassword
    if CStr(rs(cUserNameField))=pUsername and CStr(rs(cPasswordField))=strPassword then
    SESSION("UserID") = pUsername
    SESSION("AccessLevel") = ACCESS_LEVEL_USER

    SESSION("GroupID") = dbvalue(rs("Username"))


    SESSION("OwnerID") = dbvalue(rs("ESR Directorate Number"))
    SESSION("_dbo.Staff_OwnerID") = dbvalue(rs("ESR Directorate Number"))


    DoEvent "AfterSuccessfulLogin pUsername,pPassword"
    if myurl<>"" then
    response.Redirect myurl
    else
    response.Redirect defaulturl
    end if
    response.End
    else
    DoEvent "AfterUnsuccessfulLogin pUsername,pPassword"
    strMessage = "Invalid Login"
    end if
    rs.MoveNext
    else
    DoEvent "AfterUnsuccessfulLogin pUsername,pPassword"
    strMessage = "Invalid Login"
    end if
    rs.close
    end if

    xt.assign "rememberbox_attrs",rememberbox_attrs & rememberbox_checked

    SESSION("MyURL")=myurl
    if myurl<>"" then
    xt.assign "guestlink_attrs","href=""" & myurl & """"
    else
    xt.assign "guestlink_attrs","href=""" & defaulturl & """"
    end if
    if request.form("username")<>"" or request.querystring("username")<>"" then
    xt.assign "username_attrs","value=""" & my_htmlspecialchars(pUsername) & """"
    else
    xt.assign "username_attrs","value=""" & my_htmlspecialchars(request.Cookies("username")) & """"
    end if

    password_attrs="onkeydown=""e=event; if(!e) e = window.event; if (e.keyCode != 13) return; e.cancel = true; e.cancelBubble=true; document.forms[0].submit(); return false;"""
    if request.form("password")<>"" then
    password_attrs=password_attrs & " value=""" & my_htmlspecialchars(pPassword)& """"
    else
    password_attrs=password_attrs & " value=""" & my_htmlspecialchars(request.Cookies("password")) & """"
    end if
    xt.assign "password_attrs",password_attrs

    if request.querystring("message")="expired" then strMessage = "Your session has expired. Please login again."


    if strMessage<>"" then
    xt.assign "message_block",true
    xt.assign "message",strMessage
    end if

    set sbody=CreateObject("Scripting.Dictionary")
    sbody("begin")="<form method=post action=""login.asp"" id=form1 name=form1><input type=hidden name=btnSubmit value=""Login"">"
    sbody("end")="</form><script>document.forms[0].elements['username'].focus();</script>"
    xt.assign "body",sbody

    templatefile = "login.htm"
    DoEvent "BeforeShowLogin xt,templatefile"
    xt.display templatefile

    %>
     
    markj005, Sep 3, 2009 IP
  2. ccoonen

    ccoonen Well-Known Member

    Messages:
    1,606
    Likes Received:
    71
    Best Answers:
    0
    Trophy Points:
    160
    #2
    I see you are using cookies directly, use session - and it doesn't matter when/if cookies expire - which it seems like is your issue.
     
    ccoonen, Sep 10, 2009 IP