logon and alphanumeric only

E

EdH

I have a website where I use a member logon as described in the following MS
article

http://support.microsoft.com/default.aspx?scid=kb;en-us;825498

The problem is that many of the exisiting members have a username containing
periods and the logon allows alphanumeric only for password. It is not
practical to ask all members to change their password to alphanumeric.

Can anyone help me to eliminate the alphanumeric requirement from the logon,
or else to accept periods as well?

Thanks,
EdH

PS I tried deleting the alphanumeric requirement from the logon but then the
logon did not work.
Tks
EdH
 
T

Thomas A. Rowe

Did you remove the alphanumeric requirement section from the Include file and any reference to it
from the other files?

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
==============================================
If you feel your current issue is a results of installing
a Service Pack or security update, please contact
Microsoft Product Support Services:
http://support.microsoft.com
If the problem can be shown to have been caused by a
security update, then there is usually no charge for the call.
==============================================
 
E

EdH

I just deleted the alphanumeric requirement from the logon include page and
republished the site. Then when I try to logon I get an error message - page
cannot be found or something like that.

What else do i need to clear to eliminate this alphanumeric restriction?

Or else can I add some code to allow periods in the username? What is that
code?
Thanks for prompt response,
EdH
 
T

Thomas A. Rowe

You need to look at each line of code and remove any references to the section your deleted.

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
==============================================
If you feel your current issue is a results of installing
a Service Pack or security update, please contact
Microsoft Product Support Services:
http://support.microsoft.com
If the problem can be shown to have been caused by a
security update, then there is usually no charge for the call.
==============================================
 
T

Thomas A. Rowe

On the include page change:

strSQL = "SELECT * FROM " & USERS_TABLE & _
" WHERE (UID='" & ParseText(UID) & _
"' AND PWD='" & ParseText(PWD) & "');"

to:

strSQL = "SELECT * FROM USERS_TABLE WHERE UID='" & UID & "' AND PWD='" & PWD & "' "

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
==============================================
If you feel your current issue is a results of installing
a Service Pack or security update, please contact
Microsoft Product Support Services:
http://support.microsoft.com
If the problem can be shown to have been caused by a
security update, then there is usually no charge for the call.
==============================================
 
E

EdH

Hi Thomas. I did what you suggest but I still get the message This page
cannot be displayed.

This is what my logon include page looks like: What am I missing?

<%
' Do not cache this page.
Response.CacheControl = "no-cache"

' Define the name of the users table.
Const USERS_TABLE = "Users"
' Define the path to the logon page.
Const LOGON_PAGE = "/logon.asp"
' Define the path to the logon database.
Const MDB_URL = "/fpdb/morg1.mdb"

' Check to see whether you have a current user name.
If Len(Session("Username")) = 0 Then
' Are you currently on the logon page?
If LCase(LOGON_PAGE) <> LCase(Request.ServerVariables("URL")) Then
' If not, set a session variable for the page that made the request...
Session("REFERRER") = Request.ServerVariables("URL")
' ...and redirect to the logon page.
Response.Redirect LOGON_PAGE
End If
End If

' This function checks for a username/password combination.
Function ComparePassword(Username,Password)
' Define your variables.
Dim strSQL, objCN, objRS
' Set up your SQL string.
strSQL = "SELECT * FROM USERS_TABLE WHERE UID='" & UID & "' AND PWD='" &
PWD & "' "
' Create a database connection object.
Set objCN = Server.CreateObject("ADODB.Connection")
' Open the database connection object.
objCN.Open "driver={Microsoft Access Driver (*.mdb)}; dbq=" & _
Server.MapPath(MDB_URL) & "; Username=admin; Password="
' Run the database query.
Set objRS = objCN.Execute(strSQL)
' Set the status to true/false for the database lookup.
ComparePassword = Not(objRS.EOF)
' Close your database objects.
Set objRS = Nothing
Set objCN = Nothing
End Function


%>
 
T

Thomas A. Rowe

Make sure the line I gave you is all on one line in your code.

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
==============================================
If you feel your current issue is a results of installing
a Service Pack or security update, please contact
Microsoft Product Support Services:
http://support.microsoft.com
If the problem can be shown to have been caused by a
security update, then there is usually no charge for the call.
==============================================
 
E

EdH

Yes it is in one line. The strSQL line we replaced looks like this:

strSQL = "SELECT * FROM " & USERS_TABLE & _
" WHERE (Username='" & ParseText(Username) & _
"' AND Password='" & ParseText(Password) & "');"

The one you suggest reads:

strSQL = "SELECT * FROM USERS_TABLE WHERE UID='" & UID & "' AND PWD='" & PWD
& "' "

Are we missing quotes, colons or brackets?
Thanks,
EdH
 
T

Thomas A. Rowe

What is the actual error you are getting?

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
==============================================
If you feel your current issue is a results of installing
a Service Pack or security update, please contact
Microsoft Product Support Services:
http://support.microsoft.com
If the problem can be shown to have been caused by a
security update, then there is usually no charge for the call.
==============================================
 
E

EdH

When trying to logon the typical explorer page comes saying:

The page cannot be displayed.

HTTP 500 - Internal server error
Internet Explorer

Thanks,
EdH
 
T

Thomas A. Rowe

Ok, if you are getting a 500 server error, then you need to contact your web host as the server is
generating the error, not the script, at least not directly.

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
==============================================
If you feel your current issue is a results of installing
a Service Pack or security update, please contact
Microsoft Product Support Services:
http://support.microsoft.com
If the problem can be shown to have been caused by a
security update, then there is usually no charge for the call.
==============================================
 
E

EdH

OK, I'll contact them.

But for your info, if I put back the ParseText function in the logon include
page, the logon works perfectly well (of course for usernames without
periods).

So my feeling is that the server is not at fault... Could it be something
else?
EdH
 
T

Thomas A. Rowe

Yes, it could be something else, but I can't tell without actually using the building the
application per the MS KB. Hopefully someone else can look at and determine the problem.

The line of code I provide is exactly in the format that I write all of my code.

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
==============================================
If you feel your current issue is a results of installing
a Service Pack or security update, please contact
Microsoft Product Support Services:
http://support.microsoft.com
If the problem can be shown to have been caused by a
security update, then there is usually no charge for the call.
==============================================
 
E

EdH

OK thanks. I will try to type the line of code you gave me instead of cut
and paste. Question: do I put a space at the end of the line or not?
Thanks again,
EdH
 
T

Thomas A. Rowe

Ed:

Here it is again:

strSQL = "SELECT * FROM USERS_TABLE WHERE UID = '" & UID & "' AND PWD = '" & PWD & "' "

Paste into Notepad first, then into your page.

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
==============================================
If you feel your current issue is a results of installing
a Service Pack or security update, please contact
Microsoft Product Support Services:
http://support.microsoft.com
If the problem can be shown to have been caused by a
security update, then there is usually no charge for the call.
==============================================
 
R

Ronx

I have built the pages following the article, and using the line:
strSQL = "Select * FROM " & USERS_TABLE & " WHERE Author='" & UID &
"' AND Password='" & PWD & "'"
(my userIds are stored in the Author column of the Access table)
This works without any errors with userIDs containing a period, and
without.
However, it would probably be safer to use the parsetext function as
in the article:
change

(intText > 64 And intText < 91) Or _
(intText > 96 And intText < 123) Then

to

(intText > 64 And intText < 91) Or _
(intText = 46) Or _
(intText > 96 And intText < 123) Then

The extra line adds the period chr(46) to the allowable characters
list.
 
S

Stefan B Rusynko

Why are you using the function call to ParseText?
- that is what is limiting you

In your script in the Function ComparePassword(Username,Password) in logon.inc
just change

strSQL = "SELECT * FROM " & USERS_TABLE & _
" WHERE (UID='" & ParseText(UID) & _
"' AND PWD='" & ParseText(PWD) & "');"

to eliminate the function ParseText call

strSQL = "SELECT * FROM " & USERS_TABLE & _
" WHERE (UID='" & UID & _
"' AND PWD='" & PWD & "');"

And delete the whole Function ParseText(TXT) section

PS
That script as is (w/o ParseText) does not protect you from sql injections or hacks
- that is why the parse text function was added
- it allows 0-9 (48-57), : (58) , A-Z (65-90) and a-z (97-122)

If you want to just allow periods in the User names or passwords just leave the Function ComparePassword alone and modify the
Function ParseText(TXT) to add the period character (46) as allowable in:

If (intText > 47 And intText < 59) Or _
(intText = 46) Or _
(intText > 64 And intText < 91) Or _
(intText > 96 And intText < 123) Then
strText = strText & Mid(TXT,intPos,1)
End if







| Yes it is in one line. The strSQL line we replaced looks like this:
|
| strSQL = "SELECT * FROM " & USERS_TABLE & _
| " WHERE (Username='" & ParseText(Username) & _
| "' AND Password='" & ParseText(Password) & "');"
|
| The one you suggest reads:
|
| strSQL = "SELECT * FROM USERS_TABLE WHERE UID='" & UID & "' AND PWD='" & PWD
| & "' "
|
| Are we missing quotes, colons or brackets?
| Thanks,
| EdH
|
| "Thomas A. Rowe" wrote:
|
| > Make sure the line I gave you is all on one line in your code.
| >
| > --
| > ==============================================
| > Thomas A. Rowe (Microsoft MVP - FrontPage)
| > ==============================================
| > If you feel your current issue is a results of installing
| > a Service Pack or security update, please contact
| > Microsoft Product Support Services:
| > http://support.microsoft.com
| > If the problem can be shown to have been caused by a
| > security update, then there is usually no charge for the call.
| > ==============================================
| >
| > | > > Hi Thomas. I did what you suggest but I still get the message This page
| > > cannot be displayed.
| > >
| > > This is what my logon include page looks like: What am I missing?
| > >
| > > <%
| > > ' Do not cache this page.
| > > Response.CacheControl = "no-cache"
| > >
| > > ' Define the name of the users table.
| > > Const USERS_TABLE = "Users"
| > > ' Define the path to the logon page.
| > > Const LOGON_PAGE = "/logon.asp"
| > > ' Define the path to the logon database.
| > > Const MDB_URL = "/fpdb/morg1.mdb"
| > >
| > > ' Check to see whether you have a current user name.
| > > If Len(Session("Username")) = 0 Then
| > > ' Are you currently on the logon page?
| > > If LCase(LOGON_PAGE) <> LCase(Request.ServerVariables("URL")) Then
| > > ' If not, set a session variable for the page that made the request...
| > > Session("REFERRER") = Request.ServerVariables("URL")
| > > ' ...and redirect to the logon page.
| > > Response.Redirect LOGON_PAGE
| > > End If
| > > End If
| > >
| > > ' This function checks for a username/password combination.
| > > Function ComparePassword(Username,Password)
| > > ' Define your variables.
| > > Dim strSQL, objCN, objRS
| > > ' Set up your SQL string.
| > > strSQL = "SELECT * FROM USERS_TABLE WHERE UID='" & UID & "' AND PWD='" &
| > > PWD & "' "
| > > ' Create a database connection object.
| > > Set objCN = Server.CreateObject("ADODB.Connection")
| > > ' Open the database connection object.
| > > objCN.Open "driver={Microsoft Access Driver (*.mdb)}; dbq=" & _
| > > Server.MapPath(MDB_URL) & "; Username=admin; Password="
| > > ' Run the database query.
| > > Set objRS = objCN.Execute(strSQL)
| > > ' Set the status to true/false for the database lookup.
| > > ComparePassword = Not(objRS.EOF)
| > > ' Close your database objects.
| > > Set objRS = Nothing
| > > Set objCN = Nothing
| > > End Function
| > >
| > >
| > > %>
| > >
| > > "Thomas A. Rowe" wrote:
| > >
| > >> On the include page change:
| > >>
| > >> strSQL = "SELECT * FROM " & USERS_TABLE & _
| > >> " WHERE (UID='" & ParseText(UID) & _
| > >> "' AND PWD='" & ParseText(PWD) & "');"
| > >>
| > >> to:
| > >>
| > >> strSQL = "SELECT * FROM USERS_TABLE WHERE UID='" & UID & "' AND PWD='" & PWD & "' "
| > >>
| > >> --
| > >> ==============================================
| > >> Thomas A. Rowe (Microsoft MVP - FrontPage)
| > >> ==============================================
| > >> If you feel your current issue is a results of installing
| > >> a Service Pack or security update, please contact
| > >> Microsoft Product Support Services:
| > >> http://support.microsoft.com
| > >> If the problem can be shown to have been caused by a
| > >> security update, then there is usually no charge for the call.
| > >> ==============================================
| > >>
| > >> | > >> > Thanks Thomas. Can you help me do this. Can yuo look at the article
| > >> >
| > >> > http://support.microsoft.com/default.aspx?scid=kb;en-us;825498
| > >> >
| > >> > and guide me?
| > >> >
| > >> > In the logon include page I am deleting the ParseText function.
| > >> >
| > >> > Only other reference to it I see is in the ComparePassword function. How do
| > >> > I modify this function when ParseText is no longer there?
| > >> >
| > >> > Thanks,
| > >> > EdH
| > >> >
| > >> > "Thomas A. Rowe" wrote:
| > >> >
| > >> >> You need to look at each line of code and remove any references to the section your deleted.
| > >> >>
| > >> >> --
| > >> >> ==============================================
| > >> >> Thomas A. Rowe (Microsoft MVP - FrontPage)
| > >> >> ==============================================
| > >> >> If you feel your current issue is a results of installing
| > >> >> a Service Pack or security update, please contact
| > >> >> Microsoft Product Support Services:
| > >> >> http://support.microsoft.com
| > >> >> If the problem can be shown to have been caused by a
| > >> >> security update, then there is usually no charge for the call.
| > >> >> ==============================================
| > >> >>
| > >> >> | > >> >> >I just deleted the alphanumeric requirement from the logon include page and
| > >> >> > republished the site. Then when I try to logon I get an error message - page
| > >> >> > cannot be found or something like that.
| > >> >> >
| > >> >> > What else do i need to clear to eliminate this alphanumeric restriction?
| > >> >> >
| > >> >> > Or else can I add some code to allow periods in the username? What is that
| > >> >> > code?
| > >> >> > Thanks for prompt response,
| > >> >> > EdH
| > >> >> >
| > >> >> > "Thomas A. Rowe" wrote:
| > >> >> >
| > >> >> >> Did you remove the alphanumeric requirement section from the Include file and any reference
| > >> >> >> to
| > >> >> >> it
| > >> >> >> from the other files?
| > >> >> >>
| > >> >> >> --
| > >> >> >> ==============================================
| > >> >> >> Thomas A. Rowe (Microsoft MVP - FrontPage)
| > >> >> >> ==============================================
| > >> >> >> If you feel your current issue is a results of installing
| > >> >> >> a Service Pack or security update, please contact
| > >> >> >> Microsoft Product Support Services:
| > >> >> >> http://support.microsoft.com
| > >> >> >> If the problem can be shown to have been caused by a
| > >> >> >> security update, then there is usually no charge for the call.
| > >> >> >> ==============================================
| > >> >> >>
| > >> >> >> | > >> >> >> >I have a website where I use a member logon as described in the following MS
| > >> >> >> > article
| > >> >> >> >
| > >> >> >> > http://support.microsoft.com/default.aspx?scid=kb;en-us;825498
| > >> >> >> >
| > >> >> >> > The problem is that many of the exisiting members have a username containing
| > >> >> >> > periods and the logon allows alphanumeric only for password. It is not
| > >> >> >> > practical to ask all members to change their password to alphanumeric.
| > >> >> >> >
| > >> >> >> > Can anyone help me to eliminate the alphanumeric requirement from the logon,
| > >> >> >> > or else to accept periods as well?
| > >> >> >> >
| > >> >> >> > Thanks,
| > >> >> >> > EdH
| > >> >> >> >
| > >> >> >> > PS I tried deleting the alphanumeric requirement from the logon but then the
| > >> >> >> > logon did not work.
| > >> >> >> > Tks
| > >> >> >> > EdH
| > >> >> >>
| > >> >> >>
| > >> >> >>
| > >> >>
| > >> >>
| > >> >>
| > >>
| > >>
| > >>
| >
| >
| >
 
E

EdH

Hi Ron. Thanks very much for your help. I added the line allowing the period
(ch 46) in the username and it did the trick.

Thanks again
EdH
 
E

EdH

Hi Stefan. Thanks for your help. I added the line allowing the period
(character 46) in the ParseText function and problem solved!

Thanks again,
EdH
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top