Get ready for BLACK FRIDAY shopping starting in

Forums

This topic is locked

Basic UDev cookie confusion

Posted 07 Feb 2002 10:00:49
1
has voted
07 Feb 2002 10:00:49 Dennis van Galen posted:
Hi everyone,

I'm trying to use Basic UDev's remember me cookie server behaviour but it raises a question.

I was under the impression this was meant to incorporate auto-login through cookies, but all it does is remember my user name, still have to type my password and finish the login procedure by hand.

I doubt that's the true usage for the server behaviour and upon looking in the cookie I can read my username and password.

Can anyone clear this up for me or is this behaviour meant to only do part of the job ?
It had no documentation other then have a username / password field and check box, so it's confusing.

Maybe UDev 5 can have a better login behaviour, one where we can say: remember the darned user's settings just like every decent website greets me with my username, that's the purpose of cookies, right ?

Just in case someone asks, here's the code of my login page:

<%@LANGUAGE="JAVASCRIPT"%>
<%
var TFM_setCookie = String(Request.Form("UserName");
if (TFM_setCookie != "undefined" {
if (Request.Form("Remember"=="1" {
Response.Cookies("SPGusername" = String(Request("UserName");
Response.Cookies("SPGpassword" = String(Request("Password");
Response.Cookies("SPGremember" = "1";
var expdate = new Date();
expdate.setTime (expdate.getTime() + (365 * 24 * 60 * 60 * 1000)); // 365 days from now
var newExpdate = parseInt(expdate.getMonth()+1)+'/'+ expdate.getDate() + '/' + expdate.getFullYear();
Response.Cookies("SPGusername".expires = newExpdate;
Response.Cookies("SPGpassword".expires = newExpdate;
Response.Cookies("SPGremember".expires = newExpdate;
}else{
Response.Cookies("SPGusername" = ""
Response.Cookies("SPGpassword" = ""
Response.Cookies("SPGremember" = ""
}
}
%>
<!--#include file="Connections/connContent.asp" -->
<%
// *** Validate request to log in to this site.
var MM_LoginAction = Request.ServerVariables("URL";
if (Request.QueryString!="" MM_LoginAction += "?" + Request.QueryString;
var MM_valUsername=String(Request.Form("UserName");
if (MM_valUsername != "undefined" {
var MM_fldUserAuthorization="AccessLevel";
var MM_redirectLoginSuccess="admin_page.asp";
var MM_redirectLoginFailed="login.asp";
var MM_flag="ADODB.Recordset";
var MM_rsUser = Server.CreateObject(MM_flag);
MM_rsUser.ActiveConnection = MM_connContent_STRING;
MM_rsUser.Source = "SELECT username, password";
if (MM_fldUserAuthorization != "" MM_rsUser.Source += "," + MM_fldUserAuthorization;
MM_rsUser.Source += " FROM Users WHERE username='" + MM_valUsername + "' AND password='" + String(Request.Form("Password") + "'";
MM_rsUser.CursorType = 0;
MM_rsUser.CursorLocation = 2;
MM_rsUser.LockType = 3;
MM_rsUser.Open();
if (!MM_rsUser.EOF || !MM_rsUser.BOF) {
// username and password match - this is a valid user
Session("MM_Username" = MM_valUsername;
if (MM_fldUserAuthorization != "" {
Session("MM_UserAuthorization" = String(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value);
} else {
Session("MM_UserAuthorization" = "";
}
if (String(Request.QueryString("accessdenied") != "undefined" && false) {
MM_redirectLoginSuccess = Request.QueryString("accessdenied";
}
MM_rsUser.Close();
Response.Redirect(MM_redirectLoginSuccess);
}
MM_rsUser.Close();
Response.Redirect(MM_redirectLoginFailed);
}
%>
<html>
<head>
<title>SPG Content Management</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<table width="100%" border="1" cellpadding="2">
<tr>
<td width="20%"> </td>
<td>
<div align="center"><b><font face="Verdana, Arial, Helvetica, sans-serif">SPG
Financiën Content Management System.</font></b></div>
</td>
<td width="20%"> </td>
</tr>
<tr>
<td width="20%"> </td>
<td>
<p><font face="Verdana, Arial, Helvetica, sans-serif" size="2">U moet hier
inloggen voor U verder kunt.</font></p>
<p><font face="Verdana, Arial, Helvetica, sans-serif" size="2">26-7-2001:<br>
AUB <b>NIET UITTESTEN</b>, ik ben met deze tool de FMI pagina's aan het
omzetten !</font></p>
<p><font face="Verdana, Arial, Helvetica, sans-serif" size="2">De webmaster</font></p>
<form name="Login" method="post" action="<%=MM_LoginAction%>">
<p><font face="Verdana, Arial, Helvetica, sans-serif" size="2">Gebruikersnaam:
<input value="<%= Request.Cookies("SPGusername" %>" type="text" name="UserName" size="30" maxlength="30">
</font></p>
<p><font face="Verdana, Arial, Helvetica, sans-serif" size="2">Wachtwoord:
<input value="<%= Request.Cookies("SPGpassword" %>" type="password" name="Password" size="30" maxlength="30">
</font></p>
<p><font face="Verdana, Arial, Helvetica, sans-serif" size="2">
<input type="submit" name="Submit" value="Inloggen">
<input <%=((Request.Cookies("SPGremember" == "1"?"CHECKED":""%> type="checkbox" name="Remember" value="1">
Automatisch inloggen</font></p>
</form>
<p> </p>
</td>
<td width="20%"> </td>
</tr>
<tr>
<td width="20%">
<div align="center"><font face="Verdana, Arial, Helvetica, sans-serif" size="2">Username:
<b>test</b></font></div>
</td>
<td>
<div align="center"><a href="index.asp"><font face="Verdana, Arial, Helvetica, sans-serif" size="2">Bekijk
de Fictionele artikelen die hier aan te passen zijn.</font></a></div>
</td>
<td width="20%">
<div align="center"><font face="Verdana, Arial, Helvetica, sans-serif" size="2">wachtwoord:
<b>test</b></font></div>
</td>
</tr>
<tr>
<td width="20%">
<div align="center"><b><font face="Verdana, Arial, Helvetica, sans-serif" size="2">©
SPG Financiën</font></b></div>
</td>
<td>
<div align="center"><i>Deze Tool is Ontwikkeld door <a href="mailto: ?subject=Content_Management">D.van
Galen</a> voor SPG Financiën</i></div>
</td>
<td width="20%">
<div align="center"><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><b>Klik
hier voor hulp.</b></font></div>
</td>
</tr>
</table>
</body>
</html>

If anyone has a clue or a hint to help my page recognise me better then just my username, please let me know.

Laters everyone.

With kind regards,

Dennis van Galen
Webmaster KPN Nederland
Financial and Information Services

Reply to this topic