Skip to content

Instantly share code, notes, and snippets.

@mdinstuhl
Created September 29, 2013 21:07
Show Gist options
  • Save mdinstuhl/6756548 to your computer and use it in GitHub Desktop.
Save mdinstuhl/6756548 to your computer and use it in GitHub Desktop.
This is ASP code from a login page that I wrote over 10 years ago. Can you spot the errors? How would you correct it to work by today's standards?
<%@ Language=VBScript %>
<!-- #INCLUDE FILE="dbaccess.asp" -->
<%
Dim sUsername
Dim sPassword
OpenDB()
sUsername = Trim(Request.Form("txtUsername"))
sPassword = Trim(Request.Form("txtPassword"))
oRS.Open "SELECT * FROM web_Users WHERE RTRIM(sUsername)='" & sUsername & "' AND RTRIM(sPassword) = '" & sPassword & "'", oCN
If oRS.BOF AND oRS.EOF Then
CloseDB()
Response.Redirect("../error.asp")
Else
Session("sUsername") = Trim(oRS("sUsername"))
Session("iUserIdx") = oRS("iUserIdx")
Session("iStatus") = oRS("iStatus")
Session("sEmail") = Trim(oRS("sEmail"))
oRS.Close
oRS.Open "UPDATE web_Users SET dtLastLogin = '" & Now() & "' WHERE iUserIdx = " & Session("iUserIdx"),oCN
End If
CloseDB()
Response.Redirect("../index.asp")
%>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment