asp help

P

Paul M

Hi
I have this form validation script. if the username or password is not
entered it asks for it if it is entered I would like the form field
information to be passed onto action.asp
Thanks
Paul M


<%
DIM strUsername, strPassword
strUsername = Request.Form("user_name")
strPassword = Request.Form("pass_word")


IF strEmail <> "" AND strSubject <> "" THEN

' Process the form as you like here
' For example enter form to your database or send it via email

Response.Redirect("action.asp")

ELSE

Response.Write "<p>Please click back on your browser and complete the
following fields:</p>"
IF strUsername <> "" THEN
ELSE
Response.Write "<b>. User name</b><br>"
END IF
IF strPassword<> "" THEN
ELSE
Response.Write "<b>. Password</b><br>"

END IF

END IF
%>
 
C

Chris Leeds, MVP-FrontPage

that wouldn't be part of the validation script it would be the form action.

HTH

--
Chris Leeds,
Microsoft MVP-FrontPage

ContentSeed: great tool for web masters,
a fantastic convenience for site owners.
http://contentseed.com/
 
B

Bob Lehmann

Where are these variables assigned values - strEmail, strSubject ?

And what is your question? Do you want someone to code the
' Process the form as you like here
' For example enter form to your database or send it via email
Click to expand...

parts for you?

Bob Lehmann
 
M

MikeR

This is not a form.
Response.Redirect("action.asp?UserName=" & strUserName & "&PW=" & strPasssword)
This tacks the variables onto the URL. Be warned they are plainly visible

Access them in action.asp like
UserNameIn = Request.Querystring("UserName")
PassWordIn = Request.Querystring("PW")

MikeR
 
P

p c

1. For your question
You don't show how you authenticate, but assuming all you are asking is
how to validate that the email and pwd are not empty in a respose page
submitted by a form oage, here's hou you could change it:

If strEmail <> "" AND strPassword <> "" THEN

' Process the form as you like here
' For example enter form to your database or send it via email

Response.Redirect("action.asp")
Else
Response.Write "<p>Please click back on your browser and complete the
following fields:</p>"
IF strUsername ="" THEN
Response.Write "<b>. User name</b><br>"
End If
If strPassword= "" THEN
Response.Write "<b>. Password</b><br>"
End If
End If

2. For simple form validation, it is easier to use client validation
with javacript or FP form validation if your site has FPSE installed and
enabled. The form will not be submitted for processing if it does not
validate. For jscript, you can find plenty of examples on the net
(google is your friend). For the second one, FP Help is your friend.

You can also do form validation on the server with code after the form
is submited. In your example, you combine form validation and
authentication in the same page.

In most cases I prefer the options mentioneed earlier.

....PC
 
K

Kevin Spencer

If the data validates, put a form into the page that receives the POST data.
Add a javascript to the page that runs when the page is loaded into the
browser. The form's ACTION is the URL of "action.asp." Put the email subject
and body into hidden form fields in the form. The javascript posts the form
as soon as the page loads. This way, no redirect is needed, and the data
doesn't show up in the address bar of the browser. In addition, if the email
body is long, it will not cause a problem with a URL that is too long for
the browser. Form POST data can be any length. If the data does not
validate, write your error message into the page instead.

--
HTH,

Kevin Spencer
Microsoft MVP
..Net Developer
Neither a follower nor a lender be.
 
S

Stefan B Rusynko

Bad security approach for any UserName & Password validation to expose them as page variables

The script should server side validate & clean the UserName & Password form fields and then If absolutely necessary (for processing)
pass the 2 variables as Session variables so they are not visible in the browser




| This is not a form.
| Response.Redirect("action.asp?UserName=" & strUserName & "&PW=" & strPasssword)
| This tacks the variables onto the URL. Be warned they are plainly visible
|
| Access them in action.asp like
| UserNameIn = Request.Querystring("UserName")
| PassWordIn = Request.Querystring("PW")
|
| MikeR
|
|
| Paul M wrote:
| > Hi
| > I have this form validation script. if the username or password is not
| > entered it asks for it if it is entered I would like the form field
| > information to be passed onto action.asp
| > Thanks
| > Paul M
| >
| >
| > <%
| > DIM strUsername, strPassword
| > strUsername = Request.Form("user_name")
| > strPassword = Request.Form("pass_word")
| >
| >
| > IF strEmail <> "" AND strSubject <> "" THEN
| >
| > ' Process the form as you like here
| > ' For example enter form to your database or send it via email
| >
| > Response.Redirect("action.asp")
| >
| > ELSE
| >
| > Response.Write "<p>Please click back on your browser and complete the
| > following fields:</p>"
| > IF strUsername <> "" THEN
| > ELSE
| > Response.Write "<b>. User name</b><br>"
| > END IF
| > IF strPassword<> "" THEN
| > ELSE
| > Response.Write "<b>. Password</b><br>"
| >
| > END IF
| >
| > END IF
| > %>
| >
| >
 
S

Stefan B Rusynko

Very Poor scripting

Basically you have
IF strEmail <> "" AND strSubject <> "" THEN
' Process the form w/o any further checking on username and password at action.asp
ELSE
' Check if the username and password are empty strings
END IF

Presuming somewhere (not shown in your code snippet) strEmail and strSubject get their values from a form sending to this page (so
they BOTH are not always = "" which is the case in your code snippet)
- you need to be checking for valid strUsername and strPassword Before you redirect and send them to the action page
- What if one (strEmail) is ="" and the other (strSubject) is not = "" ?
(you are using an AND not an OR in your IF)

If strEmail and strSubject do not get a value in your code they will always be ="" so you will always process the form and redirect
to action (even if there are no valid values for strUsername and strPassword)

I suspect your script needs to check for empty strUsername and strPassword first and then process the form before sending it to
action.asp (checking for strEmail and strSubject, After checking for strUsername and strPassword)

<%
DIM strUsername, strPassword, strEmail, strSubject
strUsername = Request.Form("user_name")
strPassword = Request.Form("pass_word")
strEmail = Request.Form("Email") 'Your real form field name here
strSubject = Request.Form("Subject") 'Your real form field name here
' Note: none of above from your code checks for sql injection any other hacking

IF strUsername = "" OR strPassword = "" THEN
Response.Write "<p>Please click back on your browser and complete the following:</p>"
IF strUsername = "" THEN Response.Write "<b>. User name</b><br>"
IF strPassword = "" THEN Response.Write "<b>. Password</b><br>"
ELSE
' If needed, check for empty strEmail and/or strSubject (or any other form fields required) similar to above before the below
' After all validation, Process your complete form here (not at action.asp) - authenticate or login in user here
' If you need Username and Password on any other pages (a bad practice) use Session variables
Session("UserName")=strUsername
Session(PassWord)=strPassword
' Finally you send them somplace After ALL form processing is done!
Response.Redirect "action.asp"
END IF
%>

On any other page (say action.asp) check/use UserName or Password session variables using

<%=Session("UserName")%> or <%=Session("Password")%>



| Hi
| I have this form validation script. if the username or password is not
| entered it asks for it if it is entered I would like the form field
| information to be passed onto action.asp
| Thanks
| Paul M
|
|
| <%
| DIM strUsername, strPassword
| strUsername = Request.Form("user_name")
| strPassword = Request.Form("pass_word")
|
|
| IF strEmail <> "" AND strSubject <> "" THEN
|
| ' Process the form as you like here
| ' For example enter form to your database or send it via email
|
| Response.Redirect("action.asp")
|
| ELSE
|
| Response.Write "<p>Please click back on your browser and complete the
| following fields:</p>"
| IF strUsername <> "" THEN
| ELSE
| Response.Write "<b>. User name</b><br>"
| END IF
| IF strPassword<> "" THEN
| ELSE
| Response.Write "<b>. Password</b><br>"
|
| END IF
|
| END IF
| %>
|
|
 
S

Stefan B Rusynko

You don't w/ ASP
- you set file "permissions in your folders using your logon validation script




| Hi
| How do you set folder permissions
| Paul M
| | > Hi
| > I have this form validation script. if the username or password is not
| > entered it asks for it if it is entered I would like the form field
| > information to be passed onto action.asp
| > Thanks
| > Paul M
| >
| >
| > <%
| > DIM strUsername, strPassword
| > strUsername = Request.Form("user_name")
| > strPassword = Request.Form("pass_word")
| >
| >
| > IF strEmail <> "" AND strSubject <> "" THEN
| >
| > ' Process the form as you like here
| > ' For example enter form to your database or send it via email
| >
| > Response.Redirect("action.asp")
| >
| > ELSE
| >
| > Response.Write "<p>Please click back on your browser and complete the
| > following fields:</p>"
| > IF strUsername <> "" THEN
| > ELSE
| > Response.Write "<b>. User name</b><br>"
| > END IF
| > IF strPassword<> "" THEN
| > ELSE
| > Response.Write "<b>. Password</b><br>"
| >
| > END IF
| >
| > END IF
| > %>
| >
| >
|
|
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

asp help please 4
Dynamic Naming of Form Button 3
error using asp and conditional SSI 4
What do we do with asp page? 1
password-protected web page 2
ASP Script to Send an email which generates into a HTML format 2
Logout Script 2
Problem with an .asp page displaying data based on a form field value. 5

Top