Limiting Database Records on Password Protected SubWeb

[Brooks Clayton]

I have followed Microsoft article 321503 (HOW TO: How to Use a
Database for User Names and Passwords in FrontPage 2000) to provide
user names and passwords for a "Customers Only" subweb. It works
fine. (I use FP 2000)

Now I want to pull records from a second MS Access (order status)
database in the subweb, where the User Name and Password match those
entered when logging on to the subweb. I believe that they are saved
as Session("UID") and Session("PWD").

Using the Database Results Wizard, I have made the following query:

SELECT OrderStatus.*
FROM OrderStatus
WHERE ((OrderStatus.[CustomerID] ="::Session('UID')::") AND
(OrderStatus.INetPassword ="::Session('PWD')::"))

There is a problem with this query as I get error messages in the
browser when I try to run it. (The query does verify OK in the wizard)
If I delete the WHERE clause, I see all records in the database. The
most recent error is:

Database Results Error Description: [Microsoft][ODBC Microsoft Access
Driver] Too few parameters. Expected 1.
Number: -2147217904 (0x80040E10)
Source: Microsoft OLE DB Provider for ODBC Drivers


Please tell me what I might be doing wrong.

Thanks,

Brooks

 

[Jon Spivey]

Hi Brooks,
The FP wizard won't accept session variables in the db results - it takes
either form values or query strings. So this is one of those jobs thats very
easy if you're writing your own asp code but hard to do with FP.

If I had to do this using just the FP wizard here's how I'd do it.
1/ Build your database results page the way you want it but make the where
clause thus
WHERE ((OrderStatus.[CustomerID] ='::UID::')
AND (OrderStatus.INetPassword =':WD::'))
2/ Now make a second page with just this code (ie NO <html><head><body> tags
etc

<%
set xmlhttp = server.CreateObject("MSXML2.ServerXMLHTTP")
xmlhttp.open "POST", http://you.com/YourDBResultsPage.asp, false
xmlhttp.setRequestHeader "Content-Type",
"application/x-www-form-urlencoded"
xmlhttp.send "uid=" & session("uid") & "&pwd=" & session("pwd")
Response.write xmlhttp.responseText
set xmlhttp = nothing
%>
Save this page as GetResults.asp

Now to call up your results link to GetResults.asp - it will send the
session variables to your database results page and return the results.

Jon
Microsoft MVP - FP

 

[Brooks Clayton]

Hi Jon,

Thanks for your help. I have done as you suggested and have an error.
Maybe you could take a look at the code that I have and give me
further instruction.

Here is the GetResults.asp code

<%
set xmlhttp = server.CreateObject("MSXML2.ServerXMLHTTP")
xmlhttp.open "POST",
http://midsouthcolor.com/logon/2000results1.asp,false
xmlhttp.setRequestHeader
"Content-Type","application/x-www-form-urlencoded"
xmlhttp.send "UID=" & Session("UID") & "&PWD=" & Session("PWD")
Response.write xmlhttp.responseText
set xmlhttp = nothing
%>

When I link to the GetResuts.asp page I get this error message:

msxml3.dll error '80070057'

The parameter is incorrect.

/logon/GetResults.asp, line 4

It looks like the error is in calling the GetResults.asp page? What
do you suggest? Thanks!!!

Brooks

Hi Brooks,
The FP wizard won't accept session variables in the db results - it takes
either form values or query strings. So this is one of those jobs thats very
easy if you're writing your own asp code but hard to do with FP.

If I had to do this using just the FP wizard here's how I'd do it.
1/ Build your database results page the way you want it but make the where
clause thus
WHERE ((OrderStatus.[CustomerID] ='::UID::')
AND (OrderStatus.INetPassword =':WD::'))
2/ Now make a second page with just this code (ie NO <html><head><body> tags
etc

<%
set xmlhttp = server.CreateObject("MSXML2.ServerXMLHTTP")
xmlhttp.open "POST", http://you.com/YourDBResultsPage.asp, false
xmlhttp.setRequestHeader "Content-Type",
"application/x-www-form-urlencoded"
xmlhttp.send "uid=" & session("uid") & "&pwd=" & session("pwd")
Response.write xmlhttp.responseText
set xmlhttp = nothing
%>
Save this page as GetResults.asp

Now to call up your results link to GetResults.asp - it will send the
session variables to your database results page and return the results.

Jon
Microsoft MVP - FP

I have followed Microsoft article 321503 (HOW TO: How to Use a
Database for User Names and Passwords in FrontPage 2000) to provide
user names and passwords for a "Customers Only" subweb. It works
fine. (I use FP 2000)

Now I want to pull records from a second MS Access (order status)
database in the subweb, where the User Name and Password match those
entered when logging on to the subweb. I believe that they are saved
as Session("UID") and Session("PWD").

Using the Database Results Wizard, I have made the following query:

SELECT OrderStatus.*
FROM OrderStatus
WHERE ((OrderStatus.[CustomerID] ="::Session('UID')::") AND
(OrderStatus.INetPassword ="::Session('PWD')::"))

There is a problem with this query as I get error messages in the
browser when I try to run it. (The query does verify OK in the wizard)
If I delete the WHERE clause, I see all records in the database. The
most recent error is:

Database Results Error Description: [Microsoft][ODBC Microsoft Access
Driver] Too few parameters. Expected 1.
Number: -2147217904 (0x80040E10)
Source: Microsoft OLE DB Provider for ODBC Drivers


Please tell me what I might be doing wrong.

Thanks,

Brooks

 

[Jon]

ahhhh...my fault. The url needs to be in quotes
xmlhttp.open "POST","http://midsouthcolor.com/logon/2000results1.asp", false

when you type a url in quotes into Outlook Express it takes the quotes
away - normally I remember to put them back but obviously not this time
Sorry

Jon

Hi Jon,

Thanks for your help. I have done as you suggested and have an error.
Maybe you could take a look at the code that I have and give me
further instruction.

Here is the GetResults.asp code

<%
set xmlhttp = server.CreateObject("MSXML2.ServerXMLHTTP")
xmlhttp.open "POST",
http://midsouthcolor.com/logon/2000results1.asp,false
xmlhttp.setRequestHeader
"Content-Type","application/x-www-form-urlencoded"
xmlhttp.send "UID=" & Session("UID") & "&PWD=" & Session("PWD")
Response.write xmlhttp.responseText
set xmlhttp = nothing
%>

When I link to the GetResuts.asp page I get this error message:

msxml3.dll error '80070057'

The parameter is incorrect.

/logon/GetResults.asp, line 4

It looks like the error is in calling the GetResults.asp page? What
do you suggest? Thanks!!!

Brooks

Hi Brooks,
The FP wizard won't accept session variables in the db results - it takes
either form values or query strings. So this is one of those jobs thats very
easy if you're writing your own asp code but hard to do with FP.

If I had to do this using just the FP wizard here's how I'd do it.
1/ Build your database results page the way you want it but make the where
clause thus
WHERE ((OrderStatus.[CustomerID] ='::UID::')
AND (OrderStatus.INetPassword =':WD::'))
2/ Now make a second page with just this code (ie NO <html><head><body> tags
etc

<%
set xmlhttp = server.CreateObject("MSXML2.ServerXMLHTTP")
xmlhttp.open "POST", http://you.com/YourDBResultsPage.asp, false
xmlhttp.setRequestHeader "Content-Type",
"application/x-www-form-urlencoded"
xmlhttp.send "uid=" & session("uid") & "&pwd=" & session("pwd")
Response.write xmlhttp.responseText
set xmlhttp = nothing
%>
Save this page as GetResults.asp

Now to call up your results link to GetResults.asp - it will send the
session variables to your database results page and return the results.

Jon
Microsoft MVP - FP

I have followed Microsoft article 321503 (HOW TO: How to Use a
Database for User Names and Passwords in FrontPage 2000) to provide
user names and passwords for a "Customers Only" subweb. It works
fine. (I use FP 2000)

Now I want to pull records from a second MS Access (order status)
database in the subweb, where the User Name and Password match those
entered when logging on to the subweb. I believe that they are saved
as Session("UID") and Session("PWD").

Using the Database Results Wizard, I have made the following query:

SELECT OrderStatus.*
FROM OrderStatus
WHERE ((OrderStatus.[CustomerID] ="::Session('UID')::") AND
(OrderStatus.INetPassword ="::Session('PWD')::"))

There is a problem with this query as I get error messages in the
browser when I try to run it. (The query does verify OK in the wizard)
If I delete the WHERE clause, I see all records in the database. The
most recent error is:

Database Results Error Description: [Microsoft][ODBC Microsoft Access
Driver] Too few parameters. Expected 1.
Number: -2147217904 (0x80040E10)
Source: Microsoft OLE DB Provider for ODBC Drivers


Please tell me what I might be doing wrong.

Thanks,

Brooks

 

[Brooks Clayton]

Jon,

Think we are getting there. Got down to line 8. Here is the error
message:

msxml3.dll error '80072ee7'

The server name or address could not be resolved

/logon/GetResults.asp, line 8


Thanks,

Brooks

ahhhh...my fault. The url needs to be in quotes
xmlhttp.open "POST","http://midsouthcolor.com/logon/2000results1.asp", false

when you type a url in quotes into Outlook Express it takes the quotes
away - normally I remember to put them back but obviously not this time
Sorry

Jon

Hi Jon,

Thanks for your help. I have done as you suggested and have an error.
Maybe you could take a look at the code that I have and give me
further instruction.

Here is the GetResults.asp code

<%
set xmlhttp = server.CreateObject("MSXML2.ServerXMLHTTP")
xmlhttp.open "POST",
http://midsouthcolor.com/logon/2000results1.asp,false
xmlhttp.setRequestHeader
"Content-Type","application/x-www-form-urlencoded"
xmlhttp.send "UID=" & Session("UID") & "&PWD=" & Session("PWD")
Response.write xmlhttp.responseText
set xmlhttp = nothing
%>

When I link to the GetResuts.asp page I get this error message:

msxml3.dll error '80070057'

The parameter is incorrect.

/logon/GetResults.asp, line 4

It looks like the error is in calling the GetResults.asp page? What
do you suggest? Thanks!!!

Brooks

Hi Brooks,
The FP wizard won't accept session variables in the db results - it takes
either form values or query strings. So this is one of those jobs thats very
easy if you're writing your own asp code but hard to do with FP.

If I had to do this using just the FP wizard here's how I'd do it.
1/ Build your database results page the way you want it but make the where
clause thus
WHERE ((OrderStatus.[CustomerID] ='::UID::')
AND (OrderStatus.INetPassword =':WD::'))
2/ Now make a second page with just this code (ie NO <html><head><body> tags
etc

<%
set xmlhttp = server.CreateObject("MSXML2.ServerXMLHTTP")
xmlhttp.open "POST", http://you.com/YourDBResultsPage.asp, false
xmlhttp.setRequestHeader "Content-Type",
"application/x-www-form-urlencoded"
xmlhttp.send "uid=" & session("uid") & "&pwd=" & session("pwd")
Response.write xmlhttp.responseText
set xmlhttp = nothing
%>
Save this page as GetResults.asp

Now to call up your results link to GetResults.asp - it will send the
session variables to your database results page and return the results.

Jon
Microsoft MVP - FP

I have followed Microsoft article 321503 (HOW TO: How to Use a
Database for User Names and Passwords in FrontPage 2000) to provide
user names and passwords for a "Customers Only" subweb. It works
fine. (I use FP 2000)

Now I want to pull records from a second MS Access (order status)
database in the subweb, where the User Name and Password match those
entered when logging on to the subweb. I believe that they are saved
as Session("UID") and Session("PWD").

Using the Database Results Wizard, I have made the following query:

SELECT OrderStatus.*
FROM OrderStatus
WHERE ((OrderStatus.[CustomerID] ="::Session('UID')::") AND
(OrderStatus.INetPassword ="::Session('PWD')::"))

There is a problem with this query as I get error messages in the
browser when I try to run it. (The query does verify OK in the wizard)
If I delete the WHERE clause, I see all records in the database. The
most recent error is:

Database Results Error Description: [Microsoft][ODBC Microsoft Access
Driver] Too few parameters. Expected 1.
Number: -2147217904 (0x80040E10)
Source: Microsoft OLE DB Provider for ODBC Drivers


Please tell me what I might be doing wrong.

Thanks,

Brooks

 

[Brooks Clayton]

Jon,

Let me correct an error in my last post.

The error occured in line 6, not line 8. Hope this helps. Thanks!

Brooks

Jon,

Think we are getting there. Got down to line 8. Here is the error
message:

msxml3.dll error '80072ee7'

The server name or address could not be resolved

/logon/GetResults.asp, line 8


Thanks,

Brooks

ahhhh...my fault. The url needs to be in quotes
xmlhttp.open "POST","http://midsouthcolor.com/logon/2000results1.asp", false

when you type a url in quotes into Outlook Express it takes the quotes
away - normally I remember to put them back but obviously not this time
Sorry

Jon

Hi Jon,

Thanks for your help. I have done as you suggested and have an error.
Maybe you could take a look at the code that I have and give me
further instruction.

Here is the GetResults.asp code

<%
set xmlhttp = server.CreateObject("MSXML2.ServerXMLHTTP")
xmlhttp.open "POST",
http://midsouthcolor.com/logon/2000results1.asp,false
xmlhttp.setRequestHeader
"Content-Type","application/x-www-form-urlencoded"
xmlhttp.send "UID=" & Session("UID") & "&PWD=" & Session("PWD")
Response.write xmlhttp.responseText
set xmlhttp = nothing
%>

When I link to the GetResuts.asp page I get this error message:

msxml3.dll error '80070057'

The parameter is incorrect.

/logon/GetResults.asp, line 4

It looks like the error is in calling the GetResults.asp page? What
do you suggest? Thanks!!!

Brooks


On Sat, 7 Feb 2004 22:42:38 -0000, "Jon Spivey"

Hi Brooks,
The FP wizard won't accept session variables in the db results - it takes
either form values or query strings. So this is one of those jobs thats very
easy if you're writing your own asp code but hard to do with FP.

If I had to do this using just the FP wizard here's how I'd do it.
1/ Build your database results page the way you want it but make the where
clause thus
WHERE ((OrderStatus.[CustomerID] ='::UID::')
AND (OrderStatus.INetPassword =':WD::'))
2/ Now make a second page with just this code (ie NO <html><head><body> tags
etc

<%
set xmlhttp = server.CreateObject("MSXML2.ServerXMLHTTP")
xmlhttp.open "POST", http://you.com/YourDBResultsPage.asp, false
xmlhttp.setRequestHeader "Content-Type",
"application/x-www-form-urlencoded"
xmlhttp.send "uid=" & session("uid") & "&pwd=" & session("pwd")
Response.write xmlhttp.responseText
set xmlhttp = nothing
%>
Save this page as GetResults.asp

Now to call up your results link to GetResults.asp - it will send the
session variables to your database results page and return the results.

Jon
Microsoft MVP - FP

I have followed Microsoft article 321503 (HOW TO: How to Use a
Database for User Names and Passwords in FrontPage 2000) to provide
user names and passwords for a "Customers Only" subweb. It works
fine. (I use FP 2000)

Now I want to pull records from a second MS Access (order status)
database in the subweb, where the User Name and Password match those
entered when logging on to the subweb. I believe that they are saved
as Session("UID") and Session("PWD").

Using the Database Results Wizard, I have made the following query:

SELECT OrderStatus.*
FROM OrderStatus
WHERE ((OrderStatus.[CustomerID] ="::Session('UID')::") AND
(OrderStatus.INetPassword ="::Session('PWD')::"))

There is a problem with this query as I get error messages in the
browser when I try to run it. (The query does verify OK in the wizard)
If I delete the WHERE clause, I see all records in the database. The
most recent error is:

Database Results Error Description: [Microsoft][ODBC Microsoft Access
Driver] Too few parameters. Expected 1.
Number: -2147217904 (0x80040E10)
Source: Microsoft OLE DB Provider for ODBC Drivers


Please tell me what I might be doing wrong.

Thanks,

Brooks

 

[Brooks Clayton]

Jon,

I have found an error in the http address; I had failed to include
"www."

However, once I corrected that there is another error:

Response object error 'ASP 0158 : 80004005'

Missing URL

/logon/logon.asp, line 13

A URL is required.

The code for logon.asp is below. I have noted line 13.

<% @language="vbscript" %>
<!--#include virtual="/logon/_private/logon.inc"-->
<%
' Was this page posted to?
If UCase(Request.ServerVariables("HTTP_METHOD")) = "POST" Then
' If so, verify the username/password that was entered.
If ComparePassword(Request("UID"),Request("PWD")) Then
' If comparison was good, store the user name...
Session("UID") = Request("UID")
Session("PWD")= Request("PWD") ' bc added
' ..and redirect back to the original page.
Response.Redirect Session("REFERRER") ' LINE 13
End If
End If
%>
<html>
<head><title>Logon Page</title>
<style>
body { font-family: arial, helvetica }
table { background-color: #cccccc; font-size: 9pt; padding: 3px }
td { color: #000000; background-color: #cccccc; border-width: 0px }
th { color: #ffffff; background-color: #0000cc; border-width: 0px }
</style>
</head>
<body bgcolor="#000000" text="#ffffff">
<h3 align="center"> </h3>
<div align="center"><center>
<form action="<%=LOGON_PAGE%>" method="POST">
<table border="2" cellpadding="2" cellspacing="2">
<tr>
<th colspan="4" align="left">Enter User Name and Password</th>
</tr>
<tr>
<td> </td>
<td colspan="2" align="left">Please type your user name and
password.</td>
<td> </td>
</tr>
<tr>
<td> </td>
<td align="left">Site</td>
<td align="left"><%=Request.ServerVariables("SERVER_NAME")%>
 </td>
<td> </td>
</tr>
<tr>
<td> </td>
<td align="left">User Name</td>
<td align="left"><input name="UID" type="text" size="20"></td>
<td> </td>
</tr>
<tr>
<td> </td>
<td align="left">Password</td>
<td align="left"><input name="PWD" type="password" size="20"></td>
<td> </td>
</tr>
<tr>
<td> </td>
<td colspan="2" align="center"><input type="submit"
value="LOGON"></td>
<td> </td>
</tr>
</table>
</form>
</center></div>
</body>
</html>

This is code from the Microsoft example referred to in my original
post.

Any clues?

Thanks for your help.

Brooks

Jon,

Let me correct an error in my last post.

The error occured in line 6, not line 8. Hope this helps. Thanks!

Brooks

Jon,

Think we are getting there. Got down to line 8. Here is the error
message:

msxml3.dll error '80072ee7'

The server name or address could not be resolved

/logon/GetResults.asp, line 8


Thanks,

Brooks

ahhhh...my fault. The url needs to be in quotes
xmlhttp.open "POST","http://midsouthcolor.com/logon/2000results1.asp", false

when you type a url in quotes into Outlook Express it takes the quotes
away - normally I remember to put them back but obviously not this time
Sorry

Jon

Hi Jon,

Thanks for your help. I have done as you suggested and have an error.
Maybe you could take a look at the code that I have and give me
further instruction.

Here is the GetResults.asp code

<%
set xmlhttp = server.CreateObject("MSXML2.ServerXMLHTTP")
xmlhttp.open "POST",
http://midsouthcolor.com/logon/2000results1.asp,false
xmlhttp.setRequestHeader
"Content-Type","application/x-www-form-urlencoded"
xmlhttp.send "UID=" & Session("UID") & "&PWD=" & Session("PWD")
Response.write xmlhttp.responseText
set xmlhttp = nothing
%>

When I link to the GetResuts.asp page I get this error message:

msxml3.dll error '80070057'

The parameter is incorrect.

/logon/GetResults.asp, line 4

It looks like the error is in calling the GetResults.asp page? What
do you suggest? Thanks!!!

Brooks


On Sat, 7 Feb 2004 22:42:38 -0000, "Jon Spivey"

Hi Brooks,
The FP wizard won't accept session variables in the db results - it takes
either form values or query strings. So this is one of those jobs thats
very
easy if you're writing your own asp code but hard to do with FP.

If I had to do this using just the FP wizard here's how I'd do it.
1/ Build your database results page the way you want it but make the
where
clause thus
WHERE ((OrderStatus.[CustomerID] ='::UID::')
AND (OrderStatus.INetPassword =':WD::'))
2/ Now make a second page with just this code (ie NO <html><head><body>
tags
etc

<%
set xmlhttp = server.CreateObject("MSXML2.ServerXMLHTTP")
xmlhttp.open "POST", http://you.com/YourDBResultsPage.asp, false
xmlhttp.setRequestHeader "Content-Type",
"application/x-www-form-urlencoded"
xmlhttp.send "uid=" & session("uid") & "&pwd=" & session("pwd")
Response.write xmlhttp.responseText
set xmlhttp = nothing
%>
Save this page as GetResults.asp

Now to call up your results link to GetResults.asp - it will send the
session variables to your database results page and return the results.

Jon
Microsoft MVP - FP

I have followed Microsoft article 321503 (HOW TO: How to Use a
Database for User Names and Passwords in FrontPage 2000) to provide
user names and passwords for a "Customers Only" subweb. It works
fine. (I use FP 2000)

Now I want to pull records from a second MS Access (order status)
database in the subweb, where the User Name and Password match those
entered when logging on to the subweb. I believe that they are saved
as Session("UID") and Session("PWD").

Using the Database Results Wizard, I have made the following query:

SELECT OrderStatus.*
FROM OrderStatus
WHERE ((OrderStatus.[CustomerID] ="::Session('UID')::") AND
(OrderStatus.INetPassword ="::Session('PWD')::"))

There is a problem with this query as I get error messages in the
browser when I try to run it. (The query does verify OK in the wizard)
If I delete the WHERE clause, I see all records in the database. The
most recent error is:

Database Results Error Description: [Microsoft][ODBC Microsoft Access
Driver] Too few parameters. Expected 1.
Number: -2147217904 (0x80040E10)
Source: Microsoft OLE DB Provider for ODBC Drivers


Please tell me what I might be doing wrong.

Thanks,

Brooks

 

[Brooks Clayton]

Jon,

I think I have found a solution. On the default page of my subweb, I
added a one line form with only a submit button. I set two hidden
fields ( UID and PWD) and set the values to <%=Session("UID")%> and
<%=Session("PWD")%>. I post the results to 2000results1.asp.

This probably isn't the best way, but it works. Thanks for your help
and suggestions.

Brooks