ASP Java - Login - Username Retention via Cookie??? HELP!!!

StevenG · 29 Jul 2007 at 15:47

bascially im trying to get a login system to work. im using it with a database, so the login part works fine, i want to retain the username thats been entered in a cookie for use in a later query to display user info.

i want to be able to have a login page that will take the user to a page where their details will be displayed from the database. if you can think of a better way of doing it please let me know.

im not brilliant at ASP or Java but any help/info will be much appreciated. a simple working example would really help too.

so please anyone out there with some skillz in this area, i could really do with some help.

Extra Info///

i want to be able to display the information in a table, which can then be updated. its basically a user area for updating their details im trying to achieve here.

Thanks for your time.
StevenG

noob · 29 Jul 2007 at 16:07

Why are you using a cookie to store the username? Why not just use session variables?

StevenG · 30 Jul 2007 at 12:12

i cant get the session variable to take my form input. do you know how to do this?

marc_howarth · 30 Jul 2007 at 12:31

does the sessions variable close automatically once the browser has been closed or do i have to set it up so that after a certain period of time the session will destroy??

here's what i've got so far for my login script, no way near perfect but you can get the idea

i have a page - login.php - which contains a form that will run checklogin.php sending the variables myusername and mypassword

checklogin.php:

PHP:

<?php
// we must never forget to start the session
session_start();

$errorMessage = '';
if (isset($_POST['myusername']) && isset($_POST['mypassword'])) {
   include 'library/config.php';
   include 'library/opendb.php';

   $username = $_POST['myusername'];
   $password = $_POST['mypassword'];

   // check if the username and password combination exist in database
   $sql = "SELECT user_name
           FROM tbl_user
           WHERE user_name = '$username'
                 AND user_password = '$password'";

   $result = mysql_query($sql)
             or die('Query failed. ' . mysql_error());

   if (mysql_num_rows($result) == 1) {
      // the user id and password match,
      // set the session
      $_SESSION['logged_in'] = true;

      // after login we move to the main page
      header('Location: index.php');
      exit;
   } else {
      header('Location: login.php');
   }

   include 'library/closedb.php';
}
?>

then on the index.php i have:

PHP:

<?php
session_start();
// is the one accessing this page logged in or not?
if (!isset($_SESSION['logged_in']) 
		|| $_SESSION['logged_in'] !== true) 
{
   // not logged in, move to login page
   header('Location: login.php');
   exit;
}
?>
</script>
</head>
<body>
	
<form name="form" method="post" action="logout.php">
<table cellspacing="5" cellpadding="5" border="0">	
		 <tr>
			<td align="center"><div align="left">
			  <input name="submit" type="submit" value="Logout" />
		    </div>
			</td>
		</tr>
	</table>
</form>
</body>

marc2003 · 30 Jul 2007 at 12:33

marc_howarth said:
php stuff

you might want to start your own thread with that. look at the title of this one....

marc_howarth · 30 Jul 2007 at 12:36

oooooooops, i just saw sessions and php immediatly jumped into my head

StevenG · 30 Jul 2007 at 12:41

Code:

        <form action="changedetails.asp" method="get" name="login" id="login">
          <div align="center"><table width="32%"  border="0">
  <tr>
    <td width="23%"><div align="right">E-Mail</div></td>
    <td width="77%"><input name="email" type="text" id="email"></td>
  </tr>
  <tr>
    <td><div align="right">Surname</div></td>
    <td><input name="surname" type="text" id="surname"></td>
  </tr>
  <tr>
    <td colspan="2"><div align="center">
        <input type="submit" name="Submit" value="Submit">
        
        <input type="reset" name="Submit2" value="Reset">
    </div></td>
    </tr>
</table>
</form>

that's my form.. which send the email and surname to the second page for use there. but i wanted to be able to use a form to Login. which uses the

Code:

<%=MM_LoginAction%>

post action, so the variables arent sent to the second page.

i want to be able to duplicate the variables sent to the database, to be available on the second page for use there.

if you get what i mean. any further help would be much appreciated.

Thanks
StevenG

noob · 30 Jul 2007 at 14:39

StevenG said:
so the variables arent sent to the second page.

StevenG said:
i want to be able to duplicate the variables sent to the database, to be available on the second page for use there.

The above is confusing. Anyway, answering your second point, to be able to use the variable on the second page do this. In your changedetails.asp file.

Session("email") = Request.Form("email")
Session("surname") = Request.Form("surname")

You can call the Session variables anything you want.

Whatever page you are on to show / check in the information entered just do something like this: Response.Write (Session("email"))

StevenG · 30 Jul 2007 at 15:11

noob said:
Session("email") = Request.Form("email")
Session("surname") = Request.Form("surname")

i get the following error when i do that.

Error Type:
Session object, ASP 0168 (0x80004005)
An intrinsic object cannot be stored within the Session object.
/it training/login.asp, line 248.

okay i have a new question.

//changedetails.asp?email=[email protected]&surname=graham&Submit=Submit

So something like. If email=email(from database) and surname=surname(from database) then grant access
else deny
end if

I know its going to be more complicated than that but any help will be aprecitated.

i need the details in the URL to make my queries work on the second page.

again, any help given will be appreciated.

Thanks, StevenG

noob · 30 Jul 2007 at 15:37

Try this, the SQL string is probably slightly out as I haven't done this in a while. You get the idea though.

<%

'GET INFO FROM QUERYSTRING
DIM strSurname
strSurname = Request.QueryString("surname")

DIM strEmail
strEmail = Request.QueryString("email")

'SETUP CONNECTION
DIM objConn
Set objConn = Server.CreateObject("ADODB.Connection")
objConn.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & _
Server.MapPath ("/mydatabase.mdb") & ";"
objConn.Open

'SETUP SQL STRING
DIM mySQL

'tblSurname and tblEmail are the field in your DB
mySQL = "SELECT * FROM Users WHERE tblSurname = ' " & strSurname & " ' " & "AND" & "tblEmail = ' " & strEmail & " ' "

'OPEN UP CONNECTION
DIM objRS
Set objRS = Server.CreateObject("ADODB.Recordset")
objRS.Open mySQL, objConn

IF objRS.EOF Then
'Deny access as we can't find the user so send them to another page
Response.Redirect ("UserNotFound.asp")
Else
'Send them to the next page as this user exists
Response.Redirect("Page2.asp")
End If

%>