Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
 All Forums
 Snitz Forums 2000 MOD-Group
 MOD Add-On Forum (W/O Code)
 Verification Code on Registration

Note: You must be registered in order to post a reply.
To register, click here. Registration is FREE!
Before posting, make sure you have read this topic!

Screensize:
UserName:
Password:
Format Mode:
Format: BoldItalicizedUnderlineStrikethrough Align LeftCenteredAlign Right Horizontal Rule Insert HyperlinkInsert EmailInsert Image Insert CodeInsert QuoteInsert List
   
Message:

* HTML is OFF
* Forum Code is ON
Smilies
Smile [:)] Big Smile [:D] Cool [8D] Blush [:I]
Tongue [:P] Evil [):] Wink [;)] Clown [:o)]
Black Eye [B)] Eight Ball [8] Frown [:(] Shy [8)]
Shocked [:0] Angry [:(!] Dead [xx(] Sleepy [|)]
Kisses [:X] Approve [^] Disapprove [V] Question [?]

 
   

T O P I C    R E V I E W
Webbo Posted - 06 October 2013 : 09:00:53
With more and more people using mobiles and some browsers breaking up the activation link resulting in more and more people not activating their accounts via email validation, an idea would be to have a random generated code, say six numbers or letters long that prospective members would be sent via email and once they accessed the email would have to return to the site and put the code into a form field to activate their membership

How easy would this be to mod?

15   L A T E S T    R E P L I E S    (Newest First)
Webbo Posted - 02 December 2013 : 14:16:44
Carefree, the following piece of code doesn't work:

'" & strEncodedPassword & "' AND M_NEWKEY=

It does not recognise the password being submitted,

The following however does work:

'" & SHA256(Request.Form("Password")) & "' AND M_NEWKEY=


If Request.Form("Key")>"" Then
strSql = "SELECT M_NAME, M_PASSWORD, M_NEWKEY" & _
" FROM " & strMemberTablePrefix & "MEMBERS_PENDING" & _
" WHERE lCase(M_NAME)='" & trim(lCase(Request.Form("UserName"))) & "' AND M_PASSWORD='" & SHA256(Request.Form("Password")) & "' AND M_NEWKEY='" & trim(Request.Form("Key")) & "'"
Set rsValid = my_Conn.Execute(strSql)


Webbo Posted - 02 December 2013 : 13:51:33
Doh, can I have the red after you Carefree

I must have looked at that line of code so many times also, it even shows the correct format further on in the same line

I'm pleased to report validate.asp now works
Carefree Posted - 02 December 2013 : 12:21:33
Yes, thanks. Blinded by looking at it too many times, I guess. That's what happens when you write code and cannot test it.

Edit...

That's odd. I have it correctly on my copy. Must have edited it incorrectly here. Fixed on above posts.
cripto9t Posted - 02 December 2013 : 11:56:14


WHERE lCase(M_NAME)='" & trim(lCase(Request.Form("UserName"))) AND "' & M_PASSWORD


should be

WHERE lCase(M_NAME)='" & trim(lCase(Request.Form("UserName"))) & "' AND M_PASSWORD
Webbo Posted - 02 December 2013 : 02:31:54
Tried that and even tried re-typing the lines out with a few line breaks...


If Request.Form("Key")>"" Then
strSql = "SELECT M_NAME, M_PASSWORD, M_NEWKEY" & _
" FROM " & strMemberTablePrefix & "MEMBERS_PENDING" & _
" WHERE lCase(M_NAME)='" & trim(lCase(Request.Form("UserName"))) AND "' & M_PASSWORD='" & SHA256(Request.Form("Password")) & "' AND M_NEWKEY='" & trim(Request.Form("Key")) & "'"
Set rsValid = my_Conn.Execute(strSql)
If not rsValid.EOF Then
rsValid.Close
Set rsValid = Nothing


Still the same mismatch error:

Microsoft VBScript runtime error '800a000d'

Type mismatch: '[string: "SELECT M_NAME, M_PAS"]'

/forum/validate.asp, line 41


I'm offline now for the next 12 hours


Carefree Posted - 02 December 2013 : 01:56:45
There is no mismatch. Something is corrupt. Try typing the line in manually.
Webbo Posted - 01 December 2013 : 16:54:56
That's what I've got and I just loaded the above line to make sure and still get the error message:

Microsoft VBScript runtime error '800a000d'

Type mismatch: '[string: "SELECT M_NAME, M_PAS"]'

/forum/validate.asp, line 41


I've played with it for a while and can't seem to work out where the mismatch is
Carefree Posted - 01 December 2013 : 16:18:09
Looks like you copied it wrong, may want to recopy the file. That line should be:

	strSql="SELECT M_NAME, M_PASSWORD, M_NEWKEY FROM " & strMemberTablePrefix & "MEMBERS_PENDING WHERE lCase(M_NAME)='" & trim(lCase(Request.Form("UserName"))) & "' AND M_PASSWORD='" & strEncodedPassword & "' AND M_NEWKEY='" & trim(Request.Form("Key")) & "'"
Webbo Posted - 01 December 2013 : 11:30:07
Okay, it's now writing to the database but when you enter the username, password and key into validate.asp and submit it it throws up the following error:

Microsoft VBScript runtime error '800a000d'

Type mismatch: '[string: "SELECT M_NAME, M_PAS"]'

/forum/validate.asp, line 41
Webbo Posted - 01 December 2013 : 08:41:21
Lol, which shade of red would you prefer

I'm out and about at the moment but will do it when I get back in and report back
Carefree Posted - 01 December 2013 : 06:54:02
Duhhh. Color me red. Change M_USERNAME to M_NAME.

Fixed in original instructions. Also changed "validate.asp" in original.
Webbo Posted - 01 December 2013 : 03:54:11
It shows:

UPDATE FORUM_MEMBERS_PENDING SET M_NEWKEY = '8IXY4B8S3G' WHERE M_USERNAME='validate'

('validate' is the username I used to register )

The username is entered into the MEMBERS_PENDING table along with any registration info but the Newkey value isn't
Carefree Posted - 30 November 2013 : 22:52:45
That's correct. Make the following change and let me know what it reports.


After this line:

						strSql="UPDATE " & strMemberTablePrefix & "MEMBERS_PENDING SET M_NEWKEY = '" & strJJ & "' WHERE M_USERNAME='" & chkString(trim(Request.Form("Name")),"SQLString") & "'"


Insert this:

						Response.Write	strSql
						WriteFooter
						Response.End
Webbo Posted - 30 November 2013 : 15:56:35
The verfication code is being generated and added into the activation email but isn't being written into the database

The code is see doing that is...


Next
strSql="UPDATE " & strMemberTablePrefix & "MEMBERS_PENDING SET M_NEWKEY = '" & strJJ & "' WHERE M_USERNAME='" & chkString(trim(Request.Form("Name")),"SQLString") & "'"
my_Conn.Execute (strSql),,adCmdText + adExecuteNoRecords
Webbo Posted - 30 November 2013 : 15:04:36
It's set to:

Name: M_NEWKEY
Type: VARCHAR
Length: 10
NULL


?

Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.04 seconds. Powered By: Snitz Forums 2000 Version 3.4.07