Why are you using the function call to ParseText?
- that is what is limiting you
In your script in the Function ComparePassword(Username,Password) in logon.inc
just change
strSQL = "SELECT * FROM " & USERS_TABLE & _
" WHERE (UID='" & ParseText(UID) & _
"' AND PWD='" & ParseText(PWD) & "');"
to eliminate the function ParseText call
strSQL = "SELECT * FROM " & USERS_TABLE & _
" WHERE (UID='" & UID & _
"' AND PWD='" & PWD & "');"
And delete the whole Function ParseText(TXT) section
PS
That script as is (w/o ParseText) does not protect you from sql injections or hacks
- that is why the parse text function was added
- it allows 0-9 (48-57), : (58) , A-Z (65-90) and a-z (97-122)
If you want to just allow periods in the User names or passwords just leave the Function ComparePassword alone and modify the
Function ParseText(TXT) to add the period character (46) as allowable in:
If (intText > 47 And intText < 59) Or _
(intText = 46) Or _
(intText > 64 And intText < 91) Or _
(intText > 96 And intText < 123) Then
strText = strText & Mid(TXT,intPos,1)
End if
--
| Yes it is in one line. The strSQL line we replaced looks like this:
|
| strSQL = "SELECT * FROM " & USERS_TABLE & _
| " WHERE (Username='" & ParseText(Username) & _
| "' AND Password='" & ParseText(Password) & "');"
|
| The one you suggest reads:
|
| strSQL = "SELECT * FROM USERS_TABLE WHERE UID='" & UID & "' AND PWD='" & PWD
| & "' "
|
| Are we missing quotes, colons or brackets?
| Thanks,
| EdH
|
| "Thomas A. Rowe" wrote:
|
| > Make sure the line I gave you is all on one line in your code.
| >
| > --
| > ==============================================
| > Thomas A. Rowe (Microsoft MVP - FrontPage)
| > ==============================================
| > If you feel your current issue is a results of installing
| > a Service Pack or security update, please contact
| > Microsoft Product Support Services:
| >
http://support.microsoft.com
| > If the problem can be shown to have been caused by a
| > security update, then there is usually no charge for the call.
| > ==============================================
| >
| > | > > Hi Thomas. I did what you suggest but I still get the message This page
| > > cannot be displayed.
| > >
| > > This is what my logon include page looks like: What am I missing?
| > >
| > > <%
| > > ' Do not cache this page.
| > > Response.CacheControl = "no-cache"
| > >
| > > ' Define the name of the users table.
| > > Const USERS_TABLE = "Users"
| > > ' Define the path to the logon page.
| > > Const LOGON_PAGE = "/logon.asp"
| > > ' Define the path to the logon database.
| > > Const MDB_URL = "/fpdb/morg1.mdb"
| > >
| > > ' Check to see whether you have a current user name.
| > > If Len(Session("Username")) = 0 Then
| > > ' Are you currently on the logon page?
| > > If LCase(LOGON_PAGE) <> LCase(Request.ServerVariables("URL")) Then
| > > ' If not, set a session variable for the page that made the request...
| > > Session("REFERRER") = Request.ServerVariables("URL")
| > > ' ...and redirect to the logon page.
| > > Response.Redirect LOGON_PAGE
| > > End If
| > > End If
| > >
| > > ' This function checks for a username/password combination.
| > > Function ComparePassword(Username,Password)
| > > ' Define your variables.
| > > Dim strSQL, objCN, objRS
| > > ' Set up your SQL string.
| > > strSQL = "SELECT * FROM USERS_TABLE WHERE UID='" & UID & "' AND PWD='" &
| > > PWD & "' "
| > > ' Create a database connection object.
| > > Set objCN = Server.CreateObject("ADODB.Connection")
| > > ' Open the database connection object.
| > > objCN.Open "driver={Microsoft Access Driver (*.mdb)}; dbq=" & _
| > > Server.MapPath(MDB_URL) & "; Username=admin; Password="
| > > ' Run the database query.
| > > Set objRS = objCN.Execute(strSQL)
| > > ' Set the status to true/false for the database lookup.
| > > ComparePassword = Not(objRS.EOF)
| > > ' Close your database objects.
| > > Set objRS = Nothing
| > > Set objCN = Nothing
| > > End Function
| > >
| > >
| > > %>
| > >
| > > "Thomas A. Rowe" wrote:
| > >
| > >> On the include page change:
| > >>
| > >> strSQL = "SELECT * FROM " & USERS_TABLE & _
| > >> " WHERE (UID='" & ParseText(UID) & _
| > >> "' AND PWD='" & ParseText(PWD) & "');"
| > >>
| > >> to:
| > >>
| > >> strSQL = "SELECT * FROM USERS_TABLE WHERE UID='" & UID & "' AND PWD='" & PWD & "' "
| > >>
| > >> --
| > >> ==============================================
| > >> Thomas A. Rowe (Microsoft MVP - FrontPage)
| > >> ==============================================
| > >> If you feel your current issue is a results of installing
| > >> a Service Pack or security update, please contact
| > >> Microsoft Product Support Services:
| > >>
http://support.microsoft.com
| > >> If the problem can be shown to have been caused by a
| > >> security update, then there is usually no charge for the call.
| > >> ==============================================
| > >>
| > >> | > >> > Thanks Thomas. Can you help me do this. Can yuo look at the article
| > >> >
| > >> >
http://support.microsoft.com/default.aspx?scid=kb;en-us;825498
| > >> >
| > >> > and guide me?
| > >> >
| > >> > In the logon include page I am deleting the ParseText function.
| > >> >
| > >> > Only other reference to it I see is in the ComparePassword function. How do
| > >> > I modify this function when ParseText is no longer there?
| > >> >
| > >> > Thanks,
| > >> > EdH
| > >> >
| > >> > "Thomas A. Rowe" wrote:
| > >> >
| > >> >> You need to look at each line of code and remove any references to the section your deleted.
| > >> >>
| > >> >> --
| > >> >> ==============================================
| > >> >> Thomas A. Rowe (Microsoft MVP - FrontPage)
| > >> >> ==============================================
| > >> >> If you feel your current issue is a results of installing
| > >> >> a Service Pack or security update, please contact
| > >> >> Microsoft Product Support Services:
| > >> >>
http://support.microsoft.com
| > >> >> If the problem can be shown to have been caused by a
| > >> >> security update, then there is usually no charge for the call.
| > >> >> ==============================================
| > >> >>
| > >> >> | > >> >> >I just deleted the alphanumeric requirement from the logon include page and
| > >> >> > republished the site. Then when I try to logon I get an error message - page
| > >> >> > cannot be found or something like that.
| > >> >> >
| > >> >> > What else do i need to clear to eliminate this alphanumeric restriction?
| > >> >> >
| > >> >> > Or else can I add some code to allow periods in the username? What is that
| > >> >> > code?
| > >> >> > Thanks for prompt response,
| > >> >> > EdH
| > >> >> >
| > >> >> > "Thomas A. Rowe" wrote:
| > >> >> >
| > >> >> >> Did you remove the alphanumeric requirement section from the Include file and any reference
| > >> >> >> to
| > >> >> >> it
| > >> >> >> from the other files?
| > >> >> >>
| > >> >> >> --
| > >> >> >> ==============================================
| > >> >> >> Thomas A. Rowe (Microsoft MVP - FrontPage)
| > >> >> >> ==============================================
| > >> >> >> If you feel your current issue is a results of installing
| > >> >> >> a Service Pack or security update, please contact
| > >> >> >> Microsoft Product Support Services:
| > >> >> >>
http://support.microsoft.com
| > >> >> >> If the problem can be shown to have been caused by a
| > >> >> >> security update, then there is usually no charge for the call.
| > >> >> >> ==============================================
| > >> >> >>
| > >> >> >> | > >> >> >> >I have a website where I use a member logon as described in the following MS
| > >> >> >> > article
| > >> >> >> >
| > >> >> >> >
http://support.microsoft.com/default.aspx?scid=kb;en-us;825498
| > >> >> >> >
| > >> >> >> > The problem is that many of the exisiting members have a username containing
| > >> >> >> > periods and the logon allows alphanumeric only for password. It is not
| > >> >> >> > practical to ask all members to change their password to alphanumeric.
| > >> >> >> >
| > >> >> >> > Can anyone help me to eliminate the alphanumeric requirement from the logon,
| > >> >> >> > or else to accept periods as well?
| > >> >> >> >
| > >> >> >> > Thanks,
| > >> >> >> > EdH
| > >> >> >> >
| > >> >> >> > PS I tried deleting the alphanumeric requirement from the logon but then the
| > >> >> >> > logon did not work.
| > >> >> >> > Tks
| > >> >> >> > EdH
| > >> >> >>
| > >> >> >>
| > >> >> >>
| > >> >>
| > >> >>
| > >> >>
| > >>
| > >>
| > >>
| >
| >
| >
