#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2012
    Posts
    6
    Rep Power
    0

    Website Password System, ASP, Javascript and SQL (How to get working?)


    Hi, I am actually new to ASP, and haven't used any javascript for years. However I have inherited some code from someone else (yes they passed this on happily and willingly).
    Bascially I have a web front end, which requires a password system.

    1.On the home page of the site, the user is greeted and there is a text box to enter a username and password before clicking a "login" button.

    2.There is also an "email password" button to click. If the user clicks this and has entered a valid username (which will be their email address) into the username textbox, then some code would run to select the password that corresponds to the username in the SQL Server Database that is being used with the site. The code would then create a new random password, replace the previous password with this new one in the database, and also email this new password to the user.

    I believe that I actually have quite a bit of the code that would require this system to be set up, and that from looking at it (i know i'm only new to ASP) I don't get the feeling it would take too much to get it working..hopefully i'm right.

    anyway I'm going to have to show some code here so this is the form code that is used on my homepage, the form data is passed to a page called "login.asp" which deals with the authentication / necessary database transactions:

    Code:
    <FORM ACTION="website/login.asp" METHOD="post">
    Welcome, Please log in<BR>
    Username:<INPUT type="test" name="username"/><BR>
    Password:<INPUT type="password" name="password"/><BR>
    <INPUT Type="hidden" name="key" value="*****"/>
    <INPUT Type="submit" name="RequestPassword" value="EmailPassword" onClick="clickFuntion">
    <INPUT Type="submit" value="log in"/>
    </FORM>

    Here is the code that is in "login.asp", i was only going to post parts of this code, but figure that it is better for anyone interested on here to be able to see it all, and since I'm not completely up to speed with this, I may overlook something if I try to pick certain parts out. i do however have an overalll understanding of which sections of code are supposed to be doing what (hope that makes some sense). My apologies, as I have the feeling quite a few pieces of code in this will not be needed, but if guys on here would be able and kind enough to pick out which parts are needed / not neeeded, why the code might not be working, what changes must be made to get it to work then that would be fantastic! i am learning how to use ASP myself at the moment of course. The worst part about this I actually don't have to environment to test out any changes to this code available to me at the moment.


    Code:
    <%@LANGUAGE="JSCript" %>
    <HTML>
    <HEAD>
    <TITLE>LOGIN</TITLE>
    </HEAD>
    <BODY>
    
    <%
    
     var c_un=Request.Form("username").Count;
     var c_pw=Request.Form("password").Count;
     var c_ky=Request.Form("key").Count;
     var c_requestPassword = Request.Form("request").Count;
     var c_requestLogin = Request.Form("logon").Count;
    
    if (c_un  == 0)
    {
    
    Response.Write("<BR>");
    Response.Write("You have failed to log in<BR>");
    Response.Write('<FORM ACTION="../Default.htm">');
    Response.Write('<INPUT TYPE="submit" VALUE="Try Again"/>');
    Response.Write('</FORM>');
    }
    else
    if (c_requestPassword == 1)
    {
    
    var readrequest=Request.Form("username")(1);
    var unrequest=readrequest.toLowerCase();
    
    var newpassword;
    
    var oConnR=Server.CreateObject("ADODB.Connection");
    var oCmdR=Server.CreateObject("ADODB.Command");
    
    
    
    var strConnR="Provider=SQLOLEDB.2;Password=IIS_Account;User ID=IIS_Account;Persist Security Info=False;Initial Catalog=analysis;Data Source=tcp:128.0.1.1,1432";
    
    oConnR.Open(strConnR);
    
    
    
    oCmdR.ActiveConnection=oConnR;
    oCmdR.CommandText="SELECT password from systemusers where username='" + unrequest + "'" ;
    var oRsR=oCmdR.Execute();
    if (oRsR.EOF)
    {
    newpassword="password";
    
    var consts=['b','c','d','f','g','h','j','k','l','m','n','p','q','r','s','t','v','w','x','y','z'];
    var vals=['a','e','i','o','u'];
    
    newpassword =
    consts[Math.floor(Math.random()*21)] +
    vals[Math.floor(Math.random()*5)] +
    consts[Math.floor(Math.random()*21)] +
    consts[Math.floor(Math.random()*21)] +
    vals[Math.floor(Math.random()*5)] +
    consts[Math.floor(Math.random()*21)] +
    consts[Math.floor(Math.random()*21)] +
    vals[Math.floor(Math.random()*5)] +
    consts[Math.floor(Math.random()*21)]
    
    oCmdR.CommandText="INSERT INTO systemusers (username,password,roles) VALUES ('" + unrequest + "','" + newpassword +"','generalrole')" ;
    oCmdR.Execute();
    
    
    }
    else
    {
    newpassword=oRsR(0).value;
    }
    oRsR.close();
    
    
    var myMail;
    
    myMail=Server.CreateObject("CDO.Message");
    myMail.Configuration.Fields.Item('http://schemas.microsoft.com/cdo/configuration/sendusing')=2;
    myMail.Configuration.Fields.Item('http://schemas.microsoft.com/cdo/configuration/smtpserver')='ASSP1TO.AD.A.MUL.USA';
    myMail.Configuration.Fields.Update();
    
    
    myMail.Subject="Requested Password";
    myMail.From="admin@webfrontend.info";
    myMail.To=unrequest + "@email.info";
    myMail.TextBody="Your password is: " + newpassword;
    myMail.Send();
    
    Response.Write("<BR>");
    Response.Write("Your password has been emailed to " + unrequest +"@email.info<BR>");
    Response.Write('<FORM ACTION="../NewDefault.htm">');
    Response.Write('<INPUT TYPE="submit" VALUE="Go back to logon page"/>');
    Response.Write('</FORM>');
    
    }
    else
    {
    
     var readun=Request.Form("username")(1);
     var un=readun.toLowerCase();
     var pw=Request.Form("password");
     var ky=Request.Form("key");
    
    
    
    
     var oConn;
     var oCmd;
     var oRs;
     var strConn;
    
     var wrongkey = "wrongpasswordkey"
     var thenewkey = wrongkey;
    
     oConn=Server.CreateObject("ADODB.Connection");
     oCmd=Server.CreateObject("ADODB.Command");
    
    
    
    strConn="Provider=SQLOLEDB.2;Password=IIS_Account;User ID=IIS_Account;Persist Security Info=False;Initial Catalog=analysis;Data Source=tcp:128.0.1.1,1432";
    
    oConn.Open(strConn);
    
    
    
    oCmd.ActiveConnection=oConn;
    oCmd.CommandText="SELECT roles from systemusers where username='" + un + "' and password = '" + pw + "'" ;
    oRs=oCmd.Execute();
    
    if (oRs.EOF) 
    {
    thenewkey = wrongkey;
    }
    else
    {
       thenewkey = un + "rightkey";
       oCmd.CommandText=	"UPDATE usersessions SET status='R'" + 
    		 " WHERE username ='" + un + "' and session_id='" + Session.SessionID + 
    		 "' and remote_addr='" + Request.ServerVariables('REMOTE_ADDR') + 
    		 "' and status='Y'";
       oCmd.Execute();
       oCmd.CommandText=	"UPDATE usersessions SET status='F'" + 
    		 " WHERE username <>'" + un + "' and session_id='" + Session.SessionID + 
    		 "' and remote_addr='" + Request.ServerVariables('REMOTE_ADDR') + 
    		 "' and status='Y'";
       oCmd.Execute();
    
       oCmd.CommandText=	"INSERT INTO usersessions (username,session_id,logon,remote_addr,status,sessionroles) " + 
    			"VALUES ( '" + un + "','" + Session.SessionID + "',getdate(),'" +
    		         Request.ServerVariables('REMOTE_ADDR') + "','Y','" +  oRs(0) + "')";
       oCmd.Execute();
    
    
    }
    
    
    
    oRs.close();
    oConn.close();
    
    
    
    if (thenewkey == wrongkey)
    {
    
    Response.Write("<BR>");
    Response.Write("You have failed to log in<BR>");
    Response.Write('<FORM ACTION="../Default.htm">');
    Response.Write('<INPUT TYPE="submit" VALUE="Try Again"/>');
    Response.Write('</FORM>');
    }
    else
    {
    Response.Write("<BR>");
    Response.Write("You have logged in<BR>");
    Response.Write("Welcome " + un + "<BR>");
    
    Response.Write('<FORM ACTION="frontpage.asp">');
    Response.Write('<INPUT TYPE="submit" VALUE="Continue"/>');
    Response.Write('</FORM>');
    }
    
    } 
    %>
    </BODY>
    </HTML>
    Any help very much appreciated guys!
  2. #2
  3. No Profile Picture
    Stumpier old Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jun 2003
    Posts
    14,409
    Rep Power
    4538
    The worst part about this I actually don't have to environment to test out any changes to this code available to me at the moment.
    Many versions of windows include a free asp-enabled web server. You should set up a test and debug server for yourself.
    ======
    Doug G
    ======
    It is a truism of American politics that no man who can win an election deserves to. --Trevanian, from the novel Shibumi
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2012
    Posts
    6
    Rep Power
    0
    cool thanks, well at the moment i'm using windows7....... the thing is i would need sql server 2005 set up aswell, anyone know of a convenient bundle that would install this aswell?

    but before this i'd greatly appreciate any help re the code, does it look like this should work? what parts are needed/not needed, is this a good way to go about my system, is this a common way to set up such a password system?

    when i do have chance to test this code, i want to have messed around with it first so that i am at least half confident that when i try to use it, it will work or only require a few very small changes to get it working.

    many thanks, any help really is appreciated very much
  6. #4
  7. No Profile Picture
    Stumpier old Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jun 2003
    Posts
    14,409
    Rep Power
    4538
    You don't need windows server, you can run a full IIS/asp webserver in windows 7. You may have a full IIS available, depending on your version of W7, or you can download IIS 7.5 express which is supposed to support classic asp applications (I haven't used IIS express 7.5 tho).

    Your sample code is using server-side JScript, which is pretty unusual. 90%+ of classic asp uses server-side VBScript (my guesstimate).

    Things that typically need review/recoding between servers are database connections, email code, any hard-coded links, any 3rd party objects that require server installation, etc.
    ======
    Doug G
    ======
    It is a truism of American politics that no man who can win an election deserves to. --Trevanian, from the novel Shibumi
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2012
    Posts
    6
    Rep Power
    0
    Thank you Doug_G, this code was actually written for the environment i am trying to use it in, its just that it was written but never worked, so theres obviously some reason for this, and unfortunately i am not in a position at the moment to say what this is...

    so most people haven't seen code like this before as this would normally be done in VBscript not javascript?

    has anyone actually done it like this before in javascript? or know of a good tutorial that will explain exactly how to code this / give sample code for this task in VBscript or another language I would be able to use in my environment?

    its sort of getting urgent, thanks!
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2012
    Posts
    6
    Rep Power
    0
    anyone?
  12. #7
  13. No Profile Picture
    Stumpier old Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jun 2003
    Posts
    14,409
    Rep Power
    4538
    http://www.w3schools.com might have some examples of asp using server side javascript. ASP objects have the same properties, methods and events regardless of the scripting language used.

    Maybe if you posted some actual error message you get when trying to run your code it would help identify a problem.
    ======
    Doug G
    ======
    It is a truism of American politics that no man who can win an election deserves to. --Trevanian, from the novel Shibumi
  14. #8
  15. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2012
    Posts
    6
    Rep Power
    0
    Ok thankyou, i will continue to look at this system in javascript.

    However, I would be interested in any tutorial that explains how to do this kind of thing in VBscript (or in any classic asp language at all for that matter). If I was to start from scratch and do this in VBscript, would the environment allowing the execution of the javascript be fine to use vbscript in? or would there be something else i need to do.

    This is a pretty simple/common thing to want to do, am I right? I don't seem to be able to find any tutorials on it however, you would think there would be step by step intructions out there, whereby I would only need to change things in the code such as db table names etc.

    Help?? many thanks
  16. #9
  17. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2007
    Location
    Charlotte
    Posts
    412
    Rep Power
    144
    Originally Posted by meesha
    Ok thankyou, i will continue to look at this system in javascript.

    However, I would be interested in any tutorial that explains how to do this kind of thing in VBscript (or in any classic asp language at all for that matter). If I was to start from scratch and do this in VBscript, would the environment allowing the execution of the javascript be fine to use vbscript in? or would there be something else i need to do.

    This is a pretty simple/common thing to want to do, am I right? I don't seem to be able to find any tutorials on it however, you would think there would be step by step intructions out there, whereby I would only need to change things in the code such as db table names etc.

    Help?? many thanks
    You don't need a tutorial on "logging in".

    You need a tutorial on dealing with forms (the login form).

    You need to know how to retrieve data from the database
    (Select password from UserTable where loginname = [variable]).

    You need code that can compare the value retrieved from the page (form) against what was retrieved from the DB.

    In general, I'd say the things I listed above are fairly simple. You just need to put the 3 things together into one feature. If you can't do these very simple things, then you are way over your head anyway.
  18. #10
  19. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2007
    Location
    Charlotte
    Posts
    412
    Rep Power
    144
    Originally Posted by meesha
    If I was to start from scratch and do this in VBscript, would the environment allowing the execution of the javascript be fine to use vbscript in? or would there be something else i need to do.
    To answer this part of your question....

    JavaScript is code that runs on the CLIENT (in the browser). It might do validation such as insuring every field on a form is filled out.

    VBScript runs on the SERVER and would do things such as interact with the database, taking the value(s) from the form and storing them to the DB for example.

    So yes, obviously javascript and vbscript can live together, that is indeed the typical design in Classic ASP.

    You're going to have to dig it out yourself. If you want me to do it, it's going to cost you. But pretty much everything you would need to learn yourself is online. I taught myself Classic ASP years ago, and even then did it professionally. Google is your friend.

    Don't try to find a one place solution to your problems. Instead, think about breaking the problem into its individual pieces (like I described in previous post), and learn the basics individually and then put them together to come up with your solution (ie, learn how to retrieve data from a DB).

    For your SQL DB, there are versions that just run on your local machine.
  20. #11
  21. No Profile Picture
    Stumpier old Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jun 2003
    Posts
    14,409
    Rep Power
    4538
    JavaScript is code that runs on the CLIENT (in the browser). It might do validation such as insuring every field on a form is filled out.
    VBScript runs on the SERVER and would do things such as interact with the database, taking the value(s) from the form and storing them to the DB for example.
    Not always. The code posted in this question uses server-side javascript, not vbscript.
    ======
    Doug G
    ======
    It is a truism of American politics that no man who can win an election deserves to. --Trevanian, from the novel Shibumi
  22. #12
  23. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2012
    Posts
    6
    Rep Power
    0
    Originally Posted by Doug G
    Not always. The code posted in this question uses server-side javascript, not vbscript.
    Yes thats what I was thinking.

    Thanks for your reply/advice though Ronster. I will break the problem down into separate chuncks and google eash chunk, trying to tackle it a step at a time.

    The reason I posted this code really though, is because I could tell/had a strong feeling it was very near to working correctly anyway though, and thought it would be a waste to abandon it and start from scratch since it was nearly there.
    However it seems that people on this forum (which sadly doesn't seem to be used that much) aren't that familiar with classic ASP/the server side javascript that is being used, or with how to write a system like the one I am looking for in VB script. And this is, I guess what I would expect, since these are probably pretty old methods now, but are still ones that I have to work with, because of the code/environment I have inherited.
  24. #13
  25. No Profile Picture
    Stumpier old Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jun 2003
    Posts
    14,409
    Rep Power
    4538
    maybe finding and downloading some asp applications that include login code could help. There used to be a site www.aspin.com that was good for classic asp application downloads, something like an as forum app or something will have login with emails normally and may prove helpful in figuring how to interpret your code.

    I'm no javascript expert, but js or vbs will use asp objects in the same manner. Look here http://msdn.microsoft.com/en-us/libr...=vs.90%29.aspx and also locate the ADO object reference in the msdn and you should be able to find the information you need.
    ======
    Doug G
    ======
    It is a truism of American politics that no man who can win an election deserves to. --Trevanian, from the novel Shibumi

IMN logo majestic logo threadwatch logo seochat tools logo