Snitz Forums 2000 - problem with authenticating users

Snitz Forums 2000

Username:	Password:
Save Password
Forgot your Password?

All Forums

Help Groups for Snitz Forums 2000 Users

Help: MOD Implementation

problem with authenticating users

New Topic

Topic Locked

Printer Friendly

Author

Topic

rsoxhater
Junior Member

120 Posts

Posted - 14 February 2003 : 17:30:07

Hey guys - I have a completely random - were using a script that Laser wrote for me to authenticate users for our chatroom with our snitz DB. It returns a 0 for no access (not a member), a 1 for a member, and a 2 for admin access. You can see the chatroom at http://www.traderretreat.com/community/chatroom.asp

Everything was working fine until yesterday - it had been working fine for a month or so since he wrote it, and since we upgraded to SQL - still no problems. Yesterday, around midday, it just broke, lol. You can try logging in at the above url with a guest/ guest combo, that is an account with member access. This is the url that it calls, and it should return a 1 to the java applet.

http://www.traderretreat.com/community/aas.asp?username=guest&password=guest

What would make this happen? The script and forums were not being chagned in anyway at the time other than normal users. The forums all still work fine.

Any ideas here as to why this would happen? What can I check? Thanks guys, my users are missing their chatroom, lol.

Edited by - rsoxhater on 14 February 2003 18:32:59

rsoxhater
Junior Member

120 Posts

Posted - 14 February 2003 : 17:32:17

This is the script at aas.asp that laser wrote for me:

<%response.buffer=true%>





<%
'Create the Connection object
set conn = server.createobject("adodb.connection")
conn.open strConnString

'Create the recordset object
set rs = server.createobject("adodb.recordset")

user = Request.QueryString("username")
user = Replace(user, "+", " ")

passwd = Request.QueryString("password")

if user = "" Then
Response.Clear
Response.Write "0"
Response.End
Else
If passwd = "" Then
Response.Clear
Response.Write "0"
Response.End
Else
strSqlv = "SELECT M_NAME, M_PASSWORD, M_LEVEL "
strSqlv = strSqlv & " FROM " & strMemberTablePrefix & "MEMBERS "
strSqlv = strSqlv & " WHERE M_NAME = """ & user & """;"

rs.open strSqlv, strConnString,0,1

if rs.eof then
Response.Clear
Response.Write "0"
Response.End
Else
If SHA256(passwd) <> rs("M_PASSWORD") then
Response.Clear
Response.Write "0"
Response.End
Else
if CLng(rs("M_LEVEL")) > 2 then
Response.Clear
Response.WRite "2"
Response.End
else
Response.Clear
Response.WRite "1"
Response.End
End If
End If
End If
rs.close
End If

set rs = nothing
End If%>

<%
conn.close
set conn = nothing
%>

ruirib
Snitz Forums Admin

Portugal
26364 Posts

Posted - 14 February 2003 : 19:06:04

I see you have changed back the title. I think you shouldn't have, that would make it easier to get help from laser himself...

Snitz 3.4 Readme | Like the support? Support Snitz too

rsoxhater
Junior Member

120 Posts

Posted - 14 February 2003 : 19:44:40

I have already emailed him the topic, I was hoping someone else would know what that error I'm getting meant

ruirib
Snitz Forums Admin

Portugal
26364 Posts

Posted - 14 February 2003 : 19:49:50

Try changing this line


strSqlv = strSqlv & " WHERE M_NAME = """ & user & """;"


strSqlv = strSqlv & " WHERE M_NAME = '" & user & "';"

See if it helps.

Snitz 3.4 Readme | Like the support? Support Snitz too

rsoxhater
Junior Member

120 Posts

Posted - 15 February 2003 : 09:51:50

Rui - THANK YOU!! It worked. Its wierd how it just stopped working all of a sudden though.

ruirib
Snitz Forums Admin

Portugal
26364 Posts

Posted - 15 February 2003 : 20:39:14

You're welcome.

Snitz 3.4 Readme | Like the support? Support Snitz too

laser
Advanced Member

Australia
3859 Posts

Posted - 16 February 2003 : 14:48:03

ruirib, can you explain the difference between ' and " ?

Nikkol
Forum Moderator

USA
6907 Posts

Posted - 16 February 2003 : 14:50:50

in a sql statement, text values need to be wrapped in single quotes, not double quotes.

Nikkol ~ Help Us Help You | ReadMe | 3.4.03 fixes | security fixes ~

ruirib
Snitz Forums Admin

Portugal
26364 Posts

Posted - 16 February 2003 : 19:06:55

In Access you can use both single quotes and double quotes to wrap a text literal value. In SQL Server, you should use single quotes. Single quote use for that purpose results from SQL server compliance with ANSI SQL standards.
In SQL Server these settings can vary through the use of SET QUOTED IDENTIFIER, by setting it to On or Off. Whenever a connection is established through the SQL ODBC or OLEDB drivers it is set to ON, meaning you can only use single quotes to identify text literals. Double quote use in this context means that SQL Server will interpret what is delimited by the double quotes as an identifier (a column name in rsoxhater case). Turning it to OFF would also allow single and double quote use to delimit text literals, but could have some other side limitations (not related to text literals).

I always prefer to use single quotes. It's ANSI and it avoids confusion between text literals and end of strings.

Snitz 3.4 Readme | Like the support? Support Snitz too

Edited by - ruirib on 17 February 2003 06:08:34

laser
Advanced Member

Australia
3859 Posts

Posted - 17 February 2003 : 04:04:49

Thanks guys, shows that I don't use SQL Server

. Never have, maybe never will.