Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 Community Forums
 Code Support: ASP (Non-Forum Related)
 Syntax Error		  New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

Carefree
Advanced Member

Philippines
4207 Posts
Posted - 30 April 2009 :  15:49:15  Show Profile  Reply with Quote
Here's some code for another password change project.

<%@ Language=VBScript%>
<%Response.Buffer = true%>
<!--#INCLUDE FILE="sha256.asp"-->
<%
set my_Conn = Server.CreateObject("ADODB.Connection")
my_Conn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=c:\db1.mdb"
if Request.Form("Change")="DoIt" then
	strSql="SELECT USERNAME, PASSWORD FROM TABLE1 WHERE USERNAME='" & REQUEST.FORM("USERNAME") & "'"
	set rsVerify=my_Conn.Execute(strSql)
	if not rsVerify.EOF then
		if sha256(Request.Form("oldpass"))<>rsVerify("password") then
			Response.Write	"Invalid password.<br>"
			Fini
		end if
	else
		Response.Write	"Unknown user."
		Fini
	end if
	rsVerify.Close
	set rsVerify=Nothing
	'	Change password
	if Request.Form("newpass")=Request.Form("newpass2") then
		strSql="UPDATE TABLE1 SET PASSWORD='"& sha256(Request.Form("newpass")) & "' WHERE USERNAME='" & Request.Form("UserName") & "'"
		my_Conn.Execute (strSql),,adCmdText + adExecuteNoRecords
	else
		Response.Write	"Passwords do not match."
		Fini
	end if
end if
my_Conn.Close
set my_Conn=Nothing
Response.Write	"<form action=""password.asp"" method=""post"">" & vbNewLine & _
	"	<input name=""Change"" type=""hidden"" value=""DoIt"">" & vbNewLine & _
	"	<table width=""50%"" bgcolor=""limegreen"" border=""1"" align=""center"" cellspacing=""0"" cellpadding=""0"">" & vbNewLine & _
	"		<tr valign=""middle"">" & vbNewLine & _
	"			<td width=""30%"" align=""right"" bgcolor=""skyblue"">Username: " & vbNewLine & _
	"			</td>" & vbNewLine & _
	"			<td width=""70%"" align=""left"" bgcolor=""white"">" & vbNewLine & _
	"				<input type=""text"" name=""username"" width=""50"" maxlength=""50"">" & vbNewLine & _
	"			</td>" & vbNewline & _
	"		</tr>" & vbNewLine & _
	"		<tr valign=""middle"">" & vbNewLine & _
	"			<td width=""30%"" align=""right"" bgcolor=""skyblue"">Current Password: " & vbNewLine & _
	"			</td>" & vbNewLine & _
	"			<td width=""70%"" align=""left"" bgcolor=""white"">" & vbNewLine & _
	"				<input type=""password"" name=""oldpass"" width=""50"" maxlength=""50"">" & vbNewLine & _
	"			</td>" & vbNewline & _
	"		</tr>" & vbNewLine & _
	"		<tr valign=""middle"">" & vbNewLine & _
	"			<td width=""30%"" align=""right"" bgcolor=""skyblue"">New Password: " & vbNewLine & _
	"			</td>" & vbNewLine & _
	"			<td width=""70%"" align=""left"" bgcolor=""white"">" & vbNewLine & _
	"				<input type=""password"" name=""newpass"" width=""50"" maxlength=""50"">" & vbNewLine & _
	"			</td>" & vbNewline & _
	"		</tr>" & vbNewLine & _
	"		<tr valign=""middle"">" & vbNewLine & _
	"			<td width=""30%"" align=""right"" bgcolor=""skyblue"">Confirm New Password: " & vbNewLine & _
	"			</td>" & vbNewLine & _
	"			<td width=""70%"" align=""left"" bgcolor=""white"">" & vbNewLine & _
	"				<input type=""password"" name=""newpass2"" width=""50"" maxlength=""50"">" & vbNewLine & _
	"			</td>" & vbNewline & _
	"		</tr>" & vbNewLine & _
	"	</table>" & vbNewLine & _
	"	<p align=""center"">" & vbNewLine & _
	"		<input type=""submit"" value=""Submit"">" & vbNewLine & _
	"	</p>" & vbNewLine & _
	"</form>" & vbNewLine

Function Fini
	Response.Flush
	%>
	<meta http-equiv="refresh" content="3;url=password.asp">
	<%
End Function
%>


The line in red is giving me a syntax error. Here's a sample output:
UPDATE TABLE1 SET PASSWORD='59830ebc3a4184110566bf1a290d08473dfdcbd492ce498b14cd1a5e2fa2e441' WHERE USERNAME='test1'

ruirib
Snitz Forums Admin

Portugal
26364 Posts
Posted - 30 April 2009 :  17:57:29  Show Profile  Send ruirib a Yahoo! Message  Reply with Quote
An ASP error or a SQL one?

Snitz 3.4 Readme | Like the support? Support Snitz too
Go to Top of Page

Carefree
Advanced Member

Philippines
4207 Posts
Posted - 30 April 2009 :  17:58:29  Show Profile  Reply with Quote
Syntax error in UPDATE statement
Go to Top of Page

gary b
Junior Member

USA
267 Posts
Posted - 30 April 2009 :  21:51:05  Show Profile  Visit gary b's Homepage  Reply with Quote
Remove double quotes from "newpass" and "Username"...

Edit: Add 'and Username'
Edited by - gary b on 30 April 2009 21:53:46
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20584 Posts
Posted - 01 May 2009 :  07:43:50  Show Profile  Visit HuwR's Homepage  Reply with Quote
quote:
Originally posted by gary b

Remove double quotes from "newpass" and "Username"...



why? that is the correct way to access a form control
Go to Top of Page

Carefree
Advanced Member

Philippines
4207 Posts
Posted - 01 May 2009 :  08:30:47  Show Profile  Reply with Quote
I've been wrestling with this since yesterday. I can't see anything wrong with the code but apparently MS disagrees with me.
Go to Top of Page

ruirib
Snitz Forums Admin

Portugal
26364 Posts
Posted - 01 May 2009 :  08:55:08  Show Profile  Send ruirib a Yahoo! Message  Reply with Quote
What database is that?

Snitz 3.4 Readme | Like the support? Support Snitz too
Go to Top of Page

Carefree
Advanced Member

Philippines
4207 Posts
Posted - 01 May 2009 :  09:03:42  Show Profile  Reply with Quote
This is a tiny Access 2000 DBase.
Go to Top of Page

Shaggy
Support Moderator

Ireland
6780 Posts
Posted - 01 May 2009 :  09:09:29  Show Profile  Reply with Quote
Any weird characters in the username? Don't forget to sanitise that variable before unleashing your script on the masses

Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.”
Go to Top of Page

ruirib
Snitz Forums Admin

Portugal
26364 Posts
Posted - 01 May 2009 :  09:10:45  Show Profile  Send ruirib a Yahoo! Message  Reply with Quote
quote:
Originally posted by Carefree

This is a tiny Access 2000 DBase.

Have you tried to execute the SQL directly in Access, just to see what happens?

Snitz 3.4 Readme | Like the support? Support Snitz too
Go to Top of Page

Carefree
Advanced Member

Philippines
4207 Posts
Posted - 01 May 2009 :  11:47:10  Show Profile  Reply with Quote
I cannot find anything wrong. Here's a link to a sample db with just those few things in it. See if anyone can spot what I'm missing.
Go to Top of Page

ruirib
Snitz Forums Admin

Portugal
26364 Posts
Posted - 01 May 2009 :  13:09:28  Show Profile  Send ruirib a Yahoo! Message  Reply with Quote
Enclose password in parenthesis:

     strSql="UPDATE TABLE1 SET [PASSWORD]='"& sha256(Request.Form("newpass")) & "' WHERE USERNAME='" & Request.Form("UserName") & "'"

It must be one "of them" reserved words...

Snitz 3.4 Readme | Like the support? Support Snitz too
Go to Top of Page

Carefree
Advanced Member

Philippines
4207 Posts
Posted - 01 May 2009 :  14:26:10  Show Profile  Reply with Quote
I checked the list of reserved words, just in case, and it wasn't included. But if it fixes it, I'm all for it lol.
Go to Top of Page

Carefree
Advanced Member

Philippines
4207 Posts
Posted - 01 May 2009 :  14:39:36  Show Profile  Reply with Quote
That fixed it, alright. Don't know why it isn't on any of the reserved word lists. Thanks.
Go to Top of Page

ruirib
Snitz Forums Admin

Portugal
26364 Posts
Posted - 01 May 2009 :  14:49:30  Show Profile  Send ruirib a Yahoo! Message  Reply with Quote
It's a weird thing, cause it works from Access without it...

Snitz 3.4 Readme | Like the support? Support Snitz too
Go to Top of Page

Carefree
Advanced Member

Philippines
4207 Posts
Posted - 05 October 2015 :  09:11:59  Show Profile  Reply with Quote
This is an OLD topic, but I was browsing and stumbled on this. Checked my restricted keyword mod and it turns out that "password" is restricted in Jet (not in Access). That's why it had the problem with the code.
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.14 seconds. Powered By: Snitz Forums 2000 Version 3.4.07