Jump to content

An asp signup/sign in page


Belzar

Recommended Posts

Hey Yahweh,This is in reply to you asking if I needed help on any signup/signin.asp pages. I would love to have your help :) Thanks in advanced.

Signup and Login pages are fundamentally no different from any other kind database action. Signup pages add a new record to your database, and Login pages are just a select statement. I'm going to show you just the simple signup method, as opposed to a system that requires email confirmation of new accounts.First step: You need to have a user table where you store user information. Usually, the table will look like this:
Users-----ID        Int, Not Null, Autoincrement }  These three fields are theUsername  Varchar 25, Not Null         }  the bare minimum you need for a Password  Varchar 25, Not Null         }  user table.IPAddress Varchar 15, NullEmail     Varchar 60, NullDateRegistered     DateTime, Not Null

For now, passwords are going to be stored in your database as plain text. Usually, itsa security risk to stored passwords as plain text, we'd normally use a one-way hash like MD5 to encrypt the passwords; but the code for that process is rather lengthy, and for the most part, it's pretty rare for a person to break into your database.Disclaimer: I've written the code below without testing it, so it may contain errors, so don't be worried if ASP doesn't work on the first try.Now, you can create a simple signup page, called signup.asp:

<% Option Explicit %><html><body><h1>Signup</h1><% Dim msgmsg = request("msg")if cstr(msg) <> "" then%><font color="red"><%=Server.HTMLEncode(msg)%></font><%end if%>    <form action="signup1.asp" method="post">    <input type="text" name="username" value=<%=Server.HTMLEncode(request("Username"))%>><br>    <input type="password" name="password"><br>    <input type="submit" value="Register"><br>    <small>(Cookie must be enabled to complete registration.)</small>    </form></body></html>

Notice that I have a little code embedded in the page. I've put that code there because, in case there is a problem during registration, the use can be forwarded back.For a page called signup1.asp, we are going to perform a couple of different processes: first, we are going to check that the username and password are non-empty strings, and then we are going to check that they there is no other user in the table with an identical username. Signup1.asp:

<% Option ExplicitFunction SQLSecurity(myStr)    'This eliminates the risk of SQL injection    SQLSecurity = Replace(myStr, "'", "''", 1, -1, vbBinaryCompare)End FunctionDim Username, PasswordUsername = cstr(request("username"))   'the cstr function explicitly casts thePassword = cstr(request("Password"))     'variable as a string.'Validating username and password.If Username = "" then    response.redirect "signup.asp?msg=Invalid username."elseif Password = "" then    response.redirect "signup.asp?msg=Invalid password.&username=" & username'elseif Len(username) < 3 then   'this checks to see that the username at least 3'       'characters long'    response.redirect "signup.asp?msg=Username must be at least" & _ '        "3 characters long.&username=" & username'elseif Len(password) < 3 then   'this checks to see that the password at least 3'       'characters long'    response.redirect "signup.asp?msg=Password must be at least" & _ '        "3 characters long.&username=" & usernameEnd ifelseif Len(username) > 25 then    response.redirect "signup.asp?msg=Username cannot be longer than" & _        "25 characters.&username=" & usernameelseif Len(password) > 25 then    response.redirect "signup.asp?msg=Password cannot be longer than" & _        "25 characters.&username=" & usernameEnd if'I've commented out the minimum username and password validations. Just'remove the apostrophes before the appropriate lines if you want to use those'validations.Dim Conn, RS, SQL, SuccessfulSet Conn = Server.CreateObject("ADODB.Connection")Set Conn = Server.CreateObject("ADODB.RecordSet")SQL = "Select Username, Password, IPAddress, Email, DateRegistered FROM Users WHERE " & _        "Username = '" & SQLSecurity(Username) & "' Limit 1;"Conn.Open your_connection_stringRS.Open SQL, Conn, 3, 3    If RS.EOF then        'RS.EOF means no results returned from the SQL query. In this case, since        'no results were returned the query executed above, then it means there        'is no user in the Users table with the same username. So, we can insert the        'new username.                'Adding new account to the Users table        RS.AddNew        RS("Username") = Username        RS("Password") = Password        RS("IPAddress") = Request.ServerVariables("REMOTE_ADDR")        RS("DateRegistered") = Now        RS.Update        'Setting cookies for the user. These cookies will expire in 1 year.        Response.Cookies("account")("username") = Username        Response.Cookies("account")("password") = Password        Response.Cookies("account").Expires = DateAdd("m", 12, Now())        Successful = True    else        'If a result is found for the query above, that means a user already exists        'with the chosen username, so we have to forward the user back to the        'signup page and ask him or her to choose another name.       Successful = False    End ifRS.CloseConn.CloseSet Conn = nothingSet RS = nothingIf Successful = True then%>    <html>    <body>    <h1>Congrats!</h1>    <p>Your account has been successfully created,     <%=Request.Cookies("account")("username")%> :)</p>     <p>Please go back to the <a href="default.asp">home page</a>, or for free to edit your <a href="profile.asp">profile</a>.</p>    </body>    </html><%else    response.redirect "signup.asp?msg=Username is already taken." & _        "&username=" & usernameEnd if%>

Profile pages are really simple. All they do is display and update data in a table. The do this in a few different stages:1. Validate userID. This example is set up to display profiles by userID, so that profile.asp?id=5 and profile.asp?id=252 show different profiles, so we have to check that the specified ID is a valid integer.2. If ID is a valid integer, then we execute a query to see that a user with the specified ID actually exists.3. If the user exists, we pull the information out of the database and store it into variables for later use.4. Display a page with the profile information in the correct positions. Checks are added so that, if a user doesn't exist, a "User doesn't exist" screen will be displayed instead.Profile.asp (this is set up to display profiles by userID, so that profile.asp?id=5 and profile.asp?id=252 show different profiles):

<% Option ExplicitFunction SQLSecurity(myStr)    'This eliminates the risk of SQL injection    SQLSecurity = Replace(myStr, "'", "''", 1, -1, vbBinaryCompare)End FunctionDim ID, UserFoundDim Username, Email, DateRegisteredDim Conn, RS, SQLID = request("ID")'Validating that ID is both non-empty and is a valid number. If the userID is 'invalid, it is set to 0. As a consequence of the user table's design, there is no'user in the table with an ID of 0, so no results will be returned by the query.If cst(ID) = "" then    ID = 0elseif IsNumeric(ID) = False then    ID = 0else    ID = cint(ID)    'Expliciting casting ID to integer    ShowProfile = TrueEnd ifSet Conn = Server.CreateObject("ADODB.Connection")Set RS = Server.CreateObject("ADODB.RecordSet")SQL = "SELECT Username, Email, DateRegistered FROM Users " & _        "WHERE ID = " & SQLSecurity(ID) & ";"Conn.Open your_connection_stringRS.Open SQL, Conn, 1, 1If not RS.EOF then    'If a record is found    Username = RS("Username")    Email = RS("Email")    DateRegistered = RS("DateRegistered")    UserFound = Trueelse    UserFound = FalseEnd ifRS.CloseConn.CloseSet Conn = nothingSet RS = nothingIf UserFound = True then%>    <html>    <head>        <title><%=Username%>'s profile</title>    </head>    <body>    <h1>Profile</h1>    Username: <b><%=Username%></b><br>    Email: <a href="mailto:<%=email%>"><%=email%><br>    Registered since <%=DateRegistered%>    </body>    </html><%else%>    <html>    <head>        <title>Oops!</title>    </head>    <body>    Profile not found.    </body>    </html><%End if%>

Note, sometimes pages can have a lot more than just profiles on them. For instance, you might have menus, headers, footers, and other information on your page. If this is the case, then you can boost ASP performance by creating your page like this:

    <html>    <head>        <title><% if UserFound = True then %>                            <%=Username%>'s profile                  <% else %>                            Profile not found                  <% end if %></title>    </head>    <body>    <!-- header here -->    <!-- menu here -->    <h1>Profile</h1>    <% if UserFound = True then %>    Username: <b><%=Username%></b><br>    Email: <a href="mailto:<%=email%>"><%=email%><br>    Registered since <%=DateRegistered%>    <% else %>    User not found.    <% end if %>     <!-- footer here -->    </body>    </html>

Finally, login pages are created in an almost identical fashion above: login.asp:

<% Option Explicit %><html><body><h1>Login</h1><% Dim msgmsg = request("msg")if cstr(msg) <> "" then%><font color="red"><%=Server.HTMLEncode(msg)%></font><%end if%>    <form action="login1.asp" method="post">    <input type="text" name="username" value=<%=Server.HTMLEncode(request("Username"))%>><br>    <input type="password" name="password"><br>    <input type="submit" value="Register"><br>    <small>(Cookie must be enabled to login.)</small>    </form></body></html>

Login1.asp:

<% Option ExplicitFunction SQLSecurity(myStr)    'This eliminates the risk of SQL injection    SQLSecurity = Replace(myStr, "'", "''", 1, -1, vbBinaryCompare)End FunctionDim Username, PasswordDim Conn, RS, SQLUsername = cstr(request("username"))Password = cstr(request("password"))'Notice that, unlike Signup1.asp, we don't have to validate the username or'password for correct length or type.Set Conn = Server.CreateObject("ADODB.Connection")Set RS = Server.CreateObject("ADODB.RecordSet")SQL = "Select ID, Username, Password From Users WHERE " & _          "Username = '" & SQLSecurity(Username) & "' AND " & _          "Password = '" & SQLSecurity(Password) & "';"RS.Open SQL, Conn, 1, 1    If not RS.EOF then       'Record found        'Setting cookies for the user. These cookies will expire in 1 year.        Response.Cookies("account")("username") = RS("Username")        Response.Cookies("account")("password") = RS("Password")        Response.Cookies("account").Expires = DateAdd("m", 12, Now())        response.redirect "profile.asp?id=" & RS("ID")    else        response.redirect "login.asp?msg=Username or password incorrect&" _            "username=" & username    End ifRS.CloseSet Conn = nothingSet RS = nothing%>

Notice that, on each page, the SQLSecurity function is included near the top of them. Its good to use that function for any user input to the database, but copying and pasting the same code over and over on each page isn't very smart, because if for some reason you need to make a change to the function, then you'd have to make identical changes on each page where the function exists. So instead, we just create an include file where the function sits. Include files are exactly like regular asp pages, except you don't put Option Explicit at the top of them. Example: functions.asp:

<%Function SQLSecurity(myStr)    'This eliminates the risk of SQL injection    SQLSecurity = Replace(myStr, "'", "''", 1, -1, vbBinaryCompare)End Function%>

Now, you just include that page into any other asp page like this: someotherpage.asp:

<% Option Explicit%><!--#include file="functions.asp"--><%'ASP code%>

Notice that the include file is outside between the two <% and %> delimeters.Include files are especially useful with headers and footers. Almost always, I create websites that use a standard template, so I don't have to reuse the same code over and over on all of my pages. I usually create a header.asp and footer.asp file like this:header.asp:

<% Option ExplicitDim Conn, RS, SQL%><html><head><title>Site Title</title></head><body><div align="center">    <a href="default.asp">    <img src="logo.gif" width="600" height="150" alt="Home">    </a></div><div align="left" style="width : 300px; background : #FF0000"><b>Menu</b><ul>    <li><a href="folder.asp?id=1">Kitties</a></li>    <li><a href="folder.asp?id=2">Bunnies</a></li>    <li><a href="folder.asp?id=3">About This Site</a></li></ul></div>

footer.asp:

<div align="center"><a href="folder.asp?id=3">About</a> |<a href="folder.asp?id=20">Contact Me</a><div align="center">Copyright © 2006 by Yahweh.</div></body></html>

For each new page, I create, I can reuse those templates over and over like this, somepage.asp:

<!--#include file="header.asp"-->Page content goes here.<!--#include file="footer.asp"-->

By using Option Explicit in my header.asp page, I don't have to add that statement to the top of any of my other pages. Similarly, by declaring my Conn, RS, and SQL variables, I don't have to redeclare them on any pages where header.asp is included. This saves me a lot of code (usually, I would put all of my functions and global variables in one include file called functions.asp, and put all of my HTML templates in other files like header.asp and footer.asp).And yes, you can have include files in your include files like this: functions.asp

<% Option ExplicitFunction SQLSecurity(myStr)    'This eliminates the risk of SQL injection    SQLSecurity = Replace(myStr, "'", "''", 1, -1, vbBinaryCompare)End Function%>

header.asp:

<!--#include file="functions.asp"-->HTML template goes here.

Anotherpage.asp:

<!--#include file="header.asp"-->

Link to comment
Share on other sites

I have been trying this, but i get a strange error when i click the register button. It tells me that the page is unable to be displayed for some reason. This, of course, is on signup1.asp. Any idea?

Link to comment
Share on other sites

I have been trying this, but i get a strange error when i click the register button. It tells me that the page is unable to be displayed for some reason. This, of course, is on signup1.asp. Any idea?

I can't troubleshoot the error without knowing what it is, so copy and paste the error exactly as it appears on the page, and I'll explain how to fix it. :)
Oh yea, and I am not sure how you wanted me to put in my connection string:
Conn.Open you_connection_string

How will I do this, make a Dim String maybe?

You don't have to use that code as-is. Just replace that line with the connection string you need to connect to your database. For example:
Conn.Open "PROVIDER=MSDASQL;" & _    "driver={MySQL ODBC 3.51 Driver};" & _    "server=localhost;" & _    "option=18475;" & _    "uid=username;pwd=password;database=databasename;"

Alternatively, you can create a variable holding your connection string somewhere else on your page, like this:

Dim ConnStringConnString = "PROVIDER=MSDASQL;" & _    "driver={MySQL ODBC 3.51 Driver};" & _    "server=localhost;" & _    "option=18475;" & _    "uid=username;pwd=password;database=databasename;"...Conn.Open ConnString

Link to comment
Share on other sites

My problem is, when I use the exact code with my connection string, it says that the page cannot be displayed. Last time I sent a reply with a link and telling my problem, I some how fixed it before you even looked. So, ill show you the code that I am using and I will show you the link to it at the same time.

<% Option ExplicitFunction SQLSecurity(myStr)   'This eliminates the risk of SQL injection   SQLSecurity = Replace(myStr, "'", "''", 1, -1, vbBinaryCompare)End FunctionDim Username, PasswordUsername = cstr(request("username"))   'the cstr function explicitly casts thePassword = cstr(request("Password"))     'variable as a string.'Validating username and password.If Username = "" then   response.redirect "signup.asp?msg=Invalid username."elseif Password = "" then   response.redirect "signup.asp?msg=Invalid password.&username=" & username'elseif Len(username) < 3 then   'this checks to see that the username at least 3'       'characters long'    response.redirect "signup.asp?msg=Username must be at least" & _'        "3 characters long.&username=" & username'elseif Len(password) < 3 then   'this checks to see that the password at least 3'       'characters long'    response.redirect "signup.asp?msg=Password must be at least" & _'        "3 characters long.&username=" & usernameEnd ifelseif Len(username) > 25 then   response.redirect "signup.asp?msg=Username cannot be longer than" & _       "25 characters.&username=" & usernameelseif Len(password) > 25 then   response.redirect "signup.asp?msg=Password cannot be longer than" & _       "25 characters.&username=" & usernameEnd if'I've commented out the minimum username and password validations. Just'remove the apostrophes before the appropriate lines if you want to use those'validations.Dim Conn, RS, SQL, SuccessfulSet Conn = Server.CreateObject("ADODB.Connection")Set Conn = Server.CreateObject("ADODB.RecordSet")SQL = "Select Username, Password, IPAddress, Email, DateRegistered FROM Users WHERE " & _       "Username = '" & SQLSecurity(Username) & "' Limit 1;Conn.Open "PROVIDER=MSDASQL;driver={MySQL ODBC 3.51 Driver}" & _"server=mysql14.ixwebhosting.com" & _"option=18475" & _"uid=scourge_scourge;pwd=mypass;database=scourge_Data"RS.Open SQL, Conn, 3, 3   If RS.EOF then       'RS.EOF means no results returned from the SQL query. In this case, since       'no results were returned the query executed above, then it means there       'is no user in the Users table with the same username. So, we can insert the       'new username.              'Adding new account to the Users table       RS.AddNew       RS("Username") = Username       RS("Password") = Password       RS("IPAddress") = Request.ServerVariables("REMOTE_ADDR")       RS("DateRegistered") = Now       RS.Update       'Setting cookies for the user. These cookies will expire in 1 year.       Response.Cookies("account")("username") = Username       Response.Cookies("account")("password") = Password       Response.Cookies("account").Expires = DateAdd("m", 12, Now())       Successful = True   else       'If a result is found for the query above, that means a user already exists       'with the chosen username, so we have to forward the user back to the       'signup page and ask him or her to choose another name.      Successful = False   End ifRS.CloseConn.CloseSet Conn = nothingSet RS = nothingIf Successful = True then%>   <html>   <body>   <h1>Congrats!</h1>   <p>Your account has been successfully created,   <%=Request.Cookies("account")("username")%> :)</p>    <p>Please go back to the <a href="default.asp">home page</a>, or for free to edit your <a href="profile.asp">profile</a>.</p>   </body>   </html><%else   response.redirect "signup.asp?msg=Username is already taken." & _       "&username=" & usernameEnd if%>

And this is the link to it: Signup hereI, trying to do it exactly correct, copied and pasted it and put my connection string in it to see if that would work, and its always the same thing. Anything I did?

Link to comment
Share on other sites

And this is the link to it: Signup hereI, trying to do it exactly correct, copied and pasted it and put my connection string in it to see if that would work, and its always the same thing. Anything I did?

The error says this:
Microsoft VBScript compilation error '800a0409' Unterminated string constant /signup1.asp, line 44 "Username = '" & SQLSecurity(Username) & "' Limit 1;----------------------------------------------------^

This is easy to fix. Just terminate the string constant. Add a quote to the end of that line like this:

"Username = '" & SQLSecurity(Username) & "' Limit 1;"

Also, you shouldn't post your connection string on the internet where anyone can read it, otherwise they can get into your database and destroy everything.

Link to comment
Share on other sites

hi cst for what we use ??
CStr converts a variable to the string datatype. If you don't do this, then you get incorrect results, such as:
Dim Bunny   'this is an unintialized variable, its set to NullIf Bunny <> "" then     'do somethingEnd if

Because the variable Bunny is Null, it doesn't make sense to say Bunny <> "". Its not technically an empty string because its a Null value.Similarly,

Dim BunnyBunny = 25If Bunny <> "" Then    'Do somethingEnd If

This will throw a syntax error, because bunny is set to the Integer datatype and the If statement is trying to perform a string comparison on it.The CStr function automatically converts Nulls to empty strings, and converts Numbers to a Strings.

Dim Bunny   'NullBunny = Cstr(Bunny)  'Bunny is ""Bunny = 25     'Bunny is 25Bunny = Cstr(Bunny)     'Bunny is "25"

are there a function check if the data just string thats mean the data sholudn't be like * / &^%$ ..etc ??

There are two ways you can do this: with regular expressions or with the IsNumeric function.Here is the IsNumeric method:
Dim BunnyBunny = 25Response.write IsNumeric(Bunny)   'Returns TrueBunny = "this is a string"Response.write IsNumeric(Bunny)    'Returns FalseBunny = "250284"Response.write IsNumeric(Bunny)    'Returns TrueBunny = "25%"Response.write IsNumeric(Bunny)    'Returns TrueBunny = "%25%"Reponse.write IsNumeric(Bunny)     'Returns False, because %25% isn't a valid numberBunny = "$0.99"Response.write IsNumeric(Bunny)    'Returns TrueBunny = "630^2 + 2"Response.write IsNumeric(Bunny)    'Returns false. Although it looks like a valid     'number, the IsNumeric function can't evaluate expressions

Anything that you can covert with the CInt(), CSng(), and CDbl() functions will return true with the IsNumeric() function.You can also check datatypes (and also perform pattern matching) using regular expressions. I prefer this method because I have a lot more control over the type of comparison that I'm performing, and I can do much more sophisticated pattern matches.

Dim Regex, BunnySet Regex = New RegexpRegex.Global = TrueRegex.Multiline = TrueRegex.IgnoreCase = TrueRegex.Pattern = "^\d+$"    'Matches a string of 1 or more digitsBunny = 25Response.write Regex.Test(Bunny)   'Returns trueBunny = 25.20Response.write Regex.Test(Bunny)    'Returns falseBunny = "Response.write Regex.Test(Bunny)    'Returns falseBunny = 25.20Response.write Regex.Test(Bunny)    'Returns falseBunny = "$2.00"Response.write Regex.Test(Bunny)    'Returns falseBunny = "02128751237249712900023948209481789571358120421345780124"Response.write Regex.Test(Bunny)    'Returns trueBunny = ""Response.write Regex.Test(Bunny)     'Returns falseBunny = 252Regex.Pattern = "^\d+\.\d{2}$"   'finds a pattern of any number of digits, followed           'by a ".", followed by exactly 2 more digitsResponse.write Regex.Test(Bunny)      'Returns falseBunny = "9925.58"Response.write Regex.Test(Bunny)      'Returns TrueBunny = "2525.680"Response.write Regex.Test(Bunny)      'Returns falseBunny = "2250A"Response.write Regex.Test(Bunny)    'Returns falseBunny = "#FF00CC"Regex.Pattern = "^(?:#|0x)?[0-9a-fA-F]{1,6}$"  'matches any valid           'hexadecimal pattern, such as 0xFFCC00, #AAAA99, 205, 29a. The            'hex value must be between 1 and 6 characters.Response.write Regex.Test(Bunny)    'Returns trueBunny = 25Response.write Regex.Test(Bunny)    'Returns trueBunny = "0x0260205934"Response.write Regex.Test(Bunny)    'Returns false, too many charactersBunny = "hello world"Response.write Regex.Test(Bunny)   'Returns false

As long as you know what pattern you're searching for, you can build a regex to find that pattern, so regular expressions are 1000 times more powerful than the IsNumeric function.

Link to comment
Share on other sites

hi i try this code <%Dim Regex, BunnySet Regex = New RegexpRegex.Global = TrueRegex.Multiline = TrueRegex.IgnoreCase = TrueRegex.Pattern = "^\d+$" Bunny = "matar^"if(bunny) thenResponse.write ("true")elseresponse.write("error")end if%>and i see this errorError Type:Microsoft VBScript runtime (0x800A000D)Type mismatch: '[string: "samer^"]'/test.asp, line 9

Link to comment
Share on other sites

hi i try this code <%Dim Regex, BunnySet Regex = New RegexpRegex.Global = TrueRegex.Multiline = TrueRegex.IgnoreCase = TrueRegex.Pattern = "^\d+$"    Bunny = "matar^"if(bunny) thenResponse.write ("true")elseresponse.write("error")end if%>and i see this errorError Type:Microsoft VBScript runtime (0x800A000D)Type mismatch: '[string: "samer^"]'/test.asp, line 9

I am never the ones with answers... but, in line 9 it saysif(bunny) then... you wouldnt need the () and if bunny what? it doesnt know what you are saying i think.But, like i said, i am not one with all the answers.. but it doesnt seem to make any since to me, not trying to be mean or anything. Since you are using Bunny as a variable, you shouldnt need to use the () and your not telling it anything.
Link to comment
Share on other sites

hi

I am never the ones with answers... but, in line 9 it saysif(bunny) then... you wouldnt need the () and if bunny what? it doesnt know what you are saying i think.But, like i said, i am not one with all the answers.. but it doesnt seem to make any since to me, not trying to be mean or anything. Since you are using Bunny as a variable, you shouldnt need to use the () and your not telling it anything.
if bunny = some value then[/coode]that would make more since.thats mean if true ;; its a basic in the programming lang take it in mind  
Link to comment
Share on other sites

hi i try this code <%Dim Regex, BunnySet Regex = New RegexpRegex.Global = TrueRegex.Multiline = TrueRegex.IgnoreCase = TrueRegex.Pattern = "^\d+$"    Bunny = "matar^"if(bunny) thenResponse.write ("true")elseresponse.write("error")end if%>and i see this errorError Type:Microsoft VBScript runtime (0x800A000D)Type mismatch: '[string: "samer^"]'/test.asp, line 9

The line in red is causing an error. The shorthand syntax If some_variable Then only works for numeric or boolean values. The variable Bunny is a string, not a number, so its going to give you a syntax error.
Link to comment
Share on other sites

Hey again, I am still having trouble with this code. It is like I get it so close to working then I run into another problem. Atleast now I am using a browser that lets me see where the error is, before it wouldnt tell me. I copied the code just to try to make it work and it is telling me that the ODBC Driver does not support this action. Here is the code.

<% Option ExplicitFunction SQLSecurity(myStr)   'This eliminates the risk of SQL injection   SQLSecurity = Replace(myStr, "'", "''", 1, -1, vbBinaryCompare)End FunctionDim Username, PasswordUsername = cstr(request("username"))   'the cstr function explicitly casts thePassword = cstr(request("Password"))     'variable as a string.'Validating username and password.If Username = "" then   response.redirect "signup.asp?msg=Invalid username."elseif Password = "" then   response.redirect "signup.asp?msg=Invalid password.&username=" & username'elseif Len(username) < 3 then   'this checks to see that the username at least 3'       'characters long'    response.redirect "signup.asp?msg=Username must be at least" & _'        "3 characters long.&username=" & username'elseif Len(password) < 3 then   'this checks to see that the password at least 3'       'characters long'    response.redirect "signup.asp?msg=Password must be at least" & _'        "3 characters long.&username=" & usernameEnd ifelseif Len(username) > 25 then   response.redirect "signup.asp?msg=Username cannot be longer than" & _       "25 characters.&username=" & usernameelseif Len(password) > 25 then   response.redirect "signup.asp?msg=Password cannot be longer than" & _       "25 characters.&username=" & usernameEnd if'I've commented out the minimum username and password validations. Just'remove the apostrophes before the appropriate lines if you want to use those'validations.Dim Conn, RS, SQL, Successful, DSNNameDSNName = "PROVIDER=MSDASQL;driver={MySQL ODBC 3.51 Driver};server=mysql14.ixwebhosting.com;option=18475"Set Conn = Server.CreateObject("ADODB.Connection")Set RS = Server.CreateObject("ADODB.RecordSet")Conn.Open DSNNameSQL = "Select Username, Password, IPAddress, Email, DateRegistered FROM Users WHERE " & _       "Username = '" & SQLSecurity(Username) & "' Limit 1;"RS.Open SQL, Conn, 3, 3      'This is line number 48, where the error is occuring   If RS.EOF then       'RS.EOF means no results returned from the SQL query. In this case, since       'no results were returned the query executed above, then it means there       'is no user in the Users table with the same username. So, we can insert the       'new username.              'Adding new account to the Users table       RS.AddNew       RS("Username") = Username       RS("Password") = Password       RS("IPAddress") = Request.ServerVariables("REMOTE_ADDR")       RS("DateRegistered") = Now       RS.Update       'Setting cookies for the user. These cookies will expire in 1 year.       Response.Cookies("account")("username") = Username       Response.Cookies("account")("password") = Password       Response.Cookies("account").Expires = DateAdd("m", 12, Now())       Successful = True   else       'If a result is found for the query above, that means a user already exists       'with the chosen username, so we have to forward the user back to the       'signup page and ask him or her to choose another name.      Successful = False   End ifRS.CloseConn.CloseSet Conn = nothingSet RS = nothingIf Successful = True then%>   <html>   <body>   <h1>Congrats!</h1>   <p>Your account has been successfully created,   <%=Request.Cookies("account")("username")%> :)</p>    <p>Please go back to the <a href="default.asp">home page</a>, or for free to edit your <a href="profile.asp">profile</a>.</p>   </body>   </html><%else   response.redirect "signup.asp?msg=Username is already taken." & _       "&username=" & usernameEnd if%>

I, of course took out the user, password and database name... but, this is the error it is giving me.

Microsoft OLE DB Provider for ODBC Drivers error '80040e21'ODBC driver does not support the requested properties./signup1.asp, line 48
I do not know why it is not working, please help me again :) Thanks.
Link to comment
Share on other sites

Guest JamshedAnsari
Hey Yahweh,This is in reply to you asking if I needed help on any signup/signin.asp pages. I would love to have your help :) Thanks in advanced.

my name is jamshed anasri and i want to know how i can build asp with login and log out page could u plz help me Tel. 91-9336112797Add. 11/30 Gwal toli kanpur-208001 up india
Link to comment
Share on other sites

Did you read this thread? If you have specific questions, feel free to ask, but Yahweh gave a good overall view of the process and there isn't much point to repeat everything again. Read what was already discussed here, and if you have specific questions, go ahead and ask.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...