code execution order

Hi there
I am using windows xp and SQL server 2000 as database and trying to run one
application on localhost...
I have got default.asp (which is basically login page) and then veripwd.asp
and then redirects to index.asp on successfull login.
On veripwd.asp, First I'm validating user login details...If its
successfull, then I store his Last login date (in session variable) and then
updates his login date with current system date...
Now when I check the store value in index.asp it always shows the last
updated login date...which is always current date..
I have updated date so many times in db for trial purpose and whenever i run
i got the same result...

I also debugged veripwd.asp step by step (by response.end) and tht shows
correct value i.e. users last login date...
but when i put code all in sequence it doesnot work properly...
I have been trying to sort out this problem since last two weeks but nothing
came up so far..I also double checked tht its not picking up from cache and
have also put code so page doesnt get cached.
What all I am thinking is code is not executing in synchronised order...It
could be because of first it updates last login date and then it executes
select statement..

Below is my code outline for veripwd.asp

first it cheks user login name and pwd..
If its true then
store login date in session variable as last login date
update login date with current date
redirect to index.asp
else
redirect to default.asp
end if

Has anyone encounterd same problem?
I would really appreciate if someone get out me from this problem..I'm
totally lost...

Rgds
dave

Re: code execution order

dave wrote:
> Hi there
> I am using windows xp and SQL server 2000 as database and trying to
> run one application on localhost...
> I have got default.asp (which is basically login page) and then
> veripwd.asp and then redirects to index.asp on successfull login.
> On veripwd.asp, First I'm validating user login details...If its
> successfull, then I store his Last login date (in session variable)
> and then updates his login date with current system date...
> Now when I check the store value in index.asp it always shows the last
> updated login date...which is always current date..
> I have updated date so many times in db for trial purpose and
> whenever i run i got the same result...
>
> I also debugged veripwd.asp step by step (by response.end) and tht
> shows correct value i.e. users last login date...
> but when i put code all in sequence it doesnot work properly...
> I have been trying to sort out this problem since last two weeks but
> nothing came up so far..I also double checked tht its not picking up
> from cache and have also put code so page doesnt get cached.
> What all I am thinking is code is not executing in synchronised
> order...It could be because of first it updates last login date and
> then it executes select statement..
>
> Below is my code outline for veripwd.asp
>
> first it cheks user login name and pwd..
> If its true then
> store login date in session variable as last login date
> update login date with current date
> redirect to index.asp
> else
> redirect to default.asp
> end if
>
> Has anyone encounterd same problem?
> I would really appreciate if someone get out me from this problem..I'm
> totally lost...
>


In the absence of real code, the only suggestion I can make is to use SQL
Profiler to verify that the expected sql statements are being sent to the
database.

Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"

Re: code execution order

Thnx Bob
Below is my code veripwd.asp

<% Response.CacheControl = "no-cache" %>
<% Response.AddHeader "Pragma", "no-cache" %>
<% Response.Expires = -1 %>



<%
login=Request.Form("txtlogin")
password=Request.Form("txtpassword")

sql="select
UserLogOn,UserFirstName,UserLastName,userpassword,userdealer code,usertype,ABN,tradingname,UserEmail,UserManagerid,Lo_dat e,Disable
From tblExtranetUsers where userlogon='"&login&"' and userpassword
='"&password&"' and Disable=0"

session.LCID = 3081
set rs = nothing
set rs=database.executequery(sql)

if not rs.eof then
if rs("Disable") = -1 Then
Response.Redirect "logout.asp?wrong=truel"
End If
session("login")=rs("UserLogOn")
session("firstname")=rs("UserFirstName")
session("lastname")=rs("UserLastName")
session("password")=rs("userpassword")
session("Lastdate") = rs("Lo_date")
response.write session("Lastdate") 'this shows updated current date if i
dont put response.End() under this statement
'response.End() works fine if i put response.End()
session("userdealercode")=rs("userdealercode")
session("usertype")=rs("usertype")
session("ABN")=rs("ABN")
session("tradingname")=rs("tradingname")
session("emailid")=rs("UserEmail")

sql4="select * from tblExtranetUsers where userlogon='"&login&"' and
userpassword ='"&password&"' and Disable=0"
set temp4 = database.executequery(sql4)
'updating login date with current date
Sql2 = "UPDATE tblExtraNetUsers SET Lo_date = getdate(), Lo_time = '" &
Time & "' , Lo_count = " & temp4("Lo_count") + 1 & " WHERE UserLogOn = '" &
session("login") &"'"
set temp = database.executequery(Sql2)
set temp = Nothing
set temp4 = nothing

response.Redirect "index.asp?tx_date="&session("Lastdate")
'index.asp is always redirect with current date...even i updated my last
login date in db manually and tested..
else
Response.Redirect "logout.asp?wrong=truel"
end if
set rs = Nothing
%>


"Bob Barrows [MVP]" wrote in message
news:eMsiZSg9FHA.2676@TK2MSFTNGP15.phx.gbl...
> dave wrote:
>> Hi there
>> I am using windows xp and SQL server 2000 as database and trying to
>> run one application on localhost...
>> I have got default.asp (which is basically login page) and then
>> veripwd.asp and then redirects to index.asp on successfull login.
>> On veripwd.asp, First I'm validating user login details...If its
>> successfull, then I store his Last login date (in session variable)
>> and then updates his login date with current system date...
>> Now when I check the store value in index.asp it always shows the last
>> updated login date...which is always current date..
>> I have updated date so many times in db for trial purpose and
>> whenever i run i got the same result...
>>
>> I also debugged veripwd.asp step by step (by response.end) and tht
>> shows correct value i.e. users last login date...
>> but when i put code all in sequence it doesnot work properly...
>> I have been trying to sort out this problem since last two weeks but
>> nothing came up so far..I also double checked tht its not picking up
>> from cache and have also put code so page doesnt get cached.
>> What all I am thinking is code is not executing in synchronised
>> order...It could be because of first it updates last login date and
>> then it executes select statement..
>>
>> Below is my code outline for veripwd.asp
>>
>> first it cheks user login name and pwd..
>> If its true then
>> store login date in session variable as last login date
>> update login date with current date
>> redirect to index.asp
>> else
>> redirect to default.asp
>> end if
>>
>> Has anyone encounterd same problem?
>> I would really appreciate if someone get out me from this problem..I'm
>> totally lost...
>>
>
>
> In the absence of real code, the only suggestion I can make is to use SQL
> Profiler to verify that the expected sql statements are being sent to the
> database.
>
> Bob Barrows
> --
> Microsoft MVP - ASP/ASP.NET
> Please reply to the newsgroup. This email account is my spam trap so I
> don't check it very often. If you must reply off-line, then remove the
> "NO SPAM"
>

Re: code execution order

dave wrote:
> Thnx Bob
> Below is my code veripwd.asp
>
> <%
> login=Request.Form("txtlogin")
> password=Request.Form("txtpassword")

I would start with:
session("Lastdate") = ""

>
> sql="select
> UserLogOn,UserFirstName,UserLastName,userpassword,userdealer code,usertype,ABN,tradingname,UserEmail,UserManagerid,Lo_dat e,Disable
> From tblExtranetUsers where userlogon='"&login&"' and userpassword
> ='"&password&"' and Disable=0"
>

Dynamic sql for verifying a password??? I guess you've mever heard of
SQL Injection. If not, please read:
http://mvp.unixwiz.net/techtips/sql-injection.html
http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23

My recommendation is to pass parameters to a stored procedure:
http://tinyurl.com/jyy0

But if you have some sort of phobia about using stored procedures, at least
use parameter markers in your sql string and use a Command object to pass
parameter values to the sql statement:
http://groups-beta.google.com/group/microsoft.public.inetser ver.asp.db/msg/72e36562fee7804e


> session.LCID = 3081
> set rs = nothing
> set rs=database.executequery(sql)

I prefer:
set rs=database.executequery(sql,,1)

The 1 is enumerated by adCmdText which tells ADO that you are executing a
string containing a sql statement. Don't make ADO guess about this. It
usually guesses correctly, but when it makes a wrong guess, you will have a
very hard-to-debug problem.

>
> if not rs.eof then

Your sql statement has "and Disable=0" in it. What is the point of the
following if statement? rs("Disable") will never be -1

> if rs("Disable") = -1 Then
> Response.Redirect "logout.asp?wrong=truel"
> End If



> session("login")=rs("UserLogOn")
> session("firstname")=rs("UserFirstName")
> session("lastname")=rs("UserLastName")
> session("password")=rs("userpassword")
> session("Lastdate") = rs("Lo_date")
> response.write session("Lastdate") 'this shows updated current date

It does???

> if i dont put response.End() under this statement
> 'response.End() works fine if i put response.End()

Why would Lo_date/session("Lastdate") contain the current date and time at
this point? You have not updated it yet as far as I can see.


> session("userdealercode")=rs("userdealercode")
> session("usertype")=rs("usertype")
> session("ABN")=rs("ABN")
> session("tradingname")=rs("tradingname")
> session("emailid")=rs("UserEmail")
>
> sql4="select * from tblExtranetUsers where userlogon='"&login&"' and

http://www.aspfaq.com/show.asp?id=2096

> userpassword ='"&password&"' and Disable=0"
> set temp4 = database.executequery(sql4)

What is the point of this extra trip to the database?

> 'updating login date with current date
> Sql2 = "UPDATE tblExtraNetUsers SET Lo_date = getdate(), Lo_time = '"
> & Time

Why store date and time in separate columns? Getdate() returns both the
current date and time ...

> & "' , Lo_count = " & temp4("Lo_count") + 1 & " WHERE UserLogOn
> = '" & session("login") &"'"
> set temp = database.executequery(Sql2)

Don't force ADO to create a recordset when executing a query that does not
return records. Tell it that you are not expecting any records back:
database.executequery(Sql2,,129)

The 129 is the combination of adCmdText (1) and adExecuteNoRecords (128)

Again, everything you did in the above three trips to the database could
have been accomplished in a single trip by using a stored procedure.

> set temp = Nothing
> set temp4 = nothing
>
> response.Redirect "index.asp?tx_date="&session("Lastdate")

You still have not updated session("Lastdate") to the current date and time.
Why would it not contain the original value of rs("Lo_date")?

Bob Barrows

--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"

Re: code execution order

You should check out a product like www.aspprotect.com or search
www.aspin.com for login software.
You have a few somewhat iffy things going on in there as far as security
goes.


"dave" wrote in message
news:ejyxqXg9FHA.476@TK2MSFTNGP15.phx.gbl...
> Thnx Bob
> Below is my code veripwd.asp
>
> <% Response.CacheControl = "no-cache" %>
> <% Response.AddHeader "Pragma", "no-cache" %>
> <% Response.Expires = -1 %>
>
>
>
> <%
> login=Request.Form("txtlogin")
> password=Request.Form("txtpassword")
>
> sql="select
> UserLogOn,UserFirstName,UserLastName,userpassword,userdealer code,usertype,ABN,tradingname,UserEmail,UserManagerid,Lo_dat e,Disable
> From tblExtranetUsers where userlogon='"&login&"' and userpassword
> ='"&password&"' and Disable=0"
>
> session.LCID = 3081
> set rs = nothing
> set rs=database.executequery(sql)
>
> if not rs.eof then
> if rs("Disable") = -1 Then
> Response.Redirect "logout.asp?wrong=truel"
> End If
> session("login")=rs("UserLogOn")
> session("firstname")=rs("UserFirstName")
> session("lastname")=rs("UserLastName")
> session("password")=rs("userpassword")
> session("Lastdate") = rs("Lo_date")
> response.write session("Lastdate") 'this shows updated current date if i
> dont put response.End() under this statement
> 'response.End() works fine if i put response.End()
> session("userdealercode")=rs("userdealercode")
> session("usertype")=rs("usertype")
> session("ABN")=rs("ABN")
> session("tradingname")=rs("tradingname")
> session("emailid")=rs("UserEmail")
>
> sql4="select * from tblExtranetUsers where userlogon='"&login&"' and
> userpassword ='"&password&"' and Disable=0"
> set temp4 = database.executequery(sql4)
> 'updating login date with current date
> Sql2 = "UPDATE tblExtraNetUsers SET Lo_date = getdate(), Lo_time = '" &
> Time & "' , Lo_count = " & temp4("Lo_count") + 1 & " WHERE UserLogOn = '"
> & session("login") &"'"
> set temp = database.executequery(Sql2)
> set temp = Nothing
> set temp4 = nothing
>
> response.Redirect "index.asp?tx_date="&session("Lastdate")
> 'index.asp is always redirect with current date...even i updated my last
> login date in db manually and tested..
> else
> Response.Redirect "logout.asp?wrong=truel"
> end if
> set rs = Nothing
> %>
>
>
> "Bob Barrows [MVP]" wrote in message
> news:eMsiZSg9FHA.2676@TK2MSFTNGP15.phx.gbl...
>> dave wrote:
>>> Hi there
>>> I am using windows xp and SQL server 2000 as database and trying to
>>> run one application on localhost...
>>> I have got default.asp (which is basically login page) and then
>>> veripwd.asp and then redirects to index.asp on successfull login.
>>> On veripwd.asp, First I'm validating user login details...If its
>>> successfull, then I store his Last login date (in session variable)
>>> and then updates his login date with current system date...
>>> Now when I check the store value in index.asp it always shows the last
>>> updated login date...which is always current date..
>>> I have updated date so many times in db for trial purpose and
>>> whenever i run i got the same result...
>>>
>>> I also debugged veripwd.asp step by step (by response.end) and tht
>>> shows correct value i.e. users last login date...
>>> but when i put code all in sequence it doesnot work properly...
>>> I have been trying to sort out this problem since last two weeks but
>>> nothing came up so far..I also double checked tht its not picking up
>>> from cache and have also put code so page doesnt get cached.
>>> What all I am thinking is code is not executing in synchronised
>>> order...It could be because of first it updates last login date and
>>> then it executes select statement..
>>>
>>> Below is my code outline for veripwd.asp
>>>
>>> first it cheks user login name and pwd..
>>> If its true then
>>> store login date in session variable as last login date
>>> update login date with current date
>>> redirect to index.asp
>>> else
>>> redirect to default.asp
>>> end if
>>>
>>> Has anyone encounterd same problem?
>>> I would really appreciate if someone get out me from this problem..I'm
>>> totally lost...
>>>
>>
>>
>> In the absence of real code, the only suggestion I can make is to use SQL
>> Profiler to verify that the expected sql statements are being sent to the
>> database.
>>
>> Bob Barrows
>> --
>> Microsoft MVP - ASP/ASP.NET
>> Please reply to the newsgroup. This email account is my spam trap so I
>> don't check it very often. If you must reply off-line, then remove the
>> "NO SPAM"
>>
>
>

Re: code execution order

Bob Barrows [MVP] wrote:
> set rs=database.executequery(sql,,1)
>

Oh wait. "executequery"? I guess you're not showing us all the code ...


> records back: database.executequery(Sql2,,129)
>
This obviously won't work with your custom class and function. You should
probably rewrite that function to incorporate the use of these arguments.

Bob Barrows
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.