Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Hi, Can anyone Help?? I am tryi

Status
Not open for further replies.
ma701sd

ma701sd

IS-IT--Management
Dec 15, 2000
94
GB
Hi,
Can anyone Help??

I am trying to create a login procedure. The first page asks for a username and password and the correct password reminder answer is displayed (on the action page1).

The action page "1" then displays the password reminder question and asks for the answer in a Form.

The problem lies in the second action page..It half works!

- When the correct answer is entered it displays the password..cool!
- when an incorrect answer is entered a validated error message is displayed...cool!

The problem:
1) When I enter another users password (user B) reminder answer, it displays displays user b's answer when it should display my validated error?

2) two different users with the same password reminder question and answer are displayed (The users Uniqueness is not observed)

Can any one please help.

I am attaching the code as a reference

Thank

Sam

Actiopage1
<!DOCTYPE HTML PUBLIC &quot;-//W3C//DTD HTML 4.0 Transitional//EN&quot;>


<!-- This is the origina password reminder where I attempted to rtrieve the users password reminder question and submit
The answer to another form. Instead I opted to just the question which the user should be able to answer at the login screen-->

<HTML>
<HEAD>
<TITLE>Retrieve Member login details</TITLE>
</HEAD>

<BODY>

<CFQUERY DATASOURCE= &quot;ONLINE&quot; NAME=&quot;Retrieve_Question&quot;>
SELECT Username, Email, PasswordReminderQuestion,PasswordReminderAnswer, Surname
FROM Users
WHERE UserName = '#Form.UserName#' AND SurName= '#form.SurName#'

</CFQUERY>
<CFIF #Retrieve_Question.RecordCount# IS &quot;0&quot;>
<CFOUTPUT>
Im Sorry, the name <B>#UserName#</B> and Last Name <B>#SurName#</B> that you entered does not match a valid user.<BR>
You need to either <A href=&quot;NewUser.cfm&quot;> create an account </A> or
<A href=&quot;ForgottenPassword.cfm&quot;> Try again</A>
</CFOUTPUT>

<CFELSE>
<CFOUTPUT QUERY=&quot;retrieve_question&quot;>
<CFFORM ACTION = &quot;PasswordAns.cfm&quot; METHOD =&quot;POST&quot;>
<INPUT TYPE=&quot;hidden&quot; NAME=&quot;UserName&quot; VALUE=&quot;#FORM.UserName#&quot;>
<INPUT TYPE=&quot;hidden&quot; NAME=&quot;SurName&quot; VALUE=&quot;#FORM.SurName#&quot;>



Your User Name is #UserName#<BR>
Your Last Name is #SurName#<BR>

Your Password Reminder Question is #PasswordReminderQuestion#<BR>

Please Enter your answer to the question:
<CFINPUT MESSAGE=&quot;You must enter your answer&quot; REQUIRED = &quot;Yes&quot; TYPE=&quot;Text&quot; NAME=&quot;PasswordReminderAnswer&quot;>
<INPUT TYPE=&quot;submit&quot; VALUE=&quot;process&quot;>
<INPUT TYPE=&quot;reset&quot; VALUE=&quot;Clear&quot;><BR>
</CFFORM>
</CFOUTPUT>

</CFIF>






</BODY>
</HTML>


Actionpage2
<!DOCTYPE HTML PUBLIC &quot;-//W3C//DTD HTML 4.0 Transitional//EN&quot;>




<HTML>
<HEAD>
<TITLE>Retrieve Password</TITLE>
</HEAD>

<BODY>
<CFQUERY DATASOURCE= &quot;ONLINE&quot; NAME=&quot;Retrieve_Password&quot;>
SELECT UserName, Password, Email, PasswordReminderQuestion, PasswordReminderAnswer, Surname
FROM Users
WHERE PasswordReminderAnswer = '#form.PasswordReminderAnswer#'
</CFQUERY>

<CFIF #Retrieve_Password.recordcount# is 0 >
<CFOUTPUT>
Im Sorry, the answer <B>#PasswordReminderAnswer#</B> to your question is invalid.<BR>
#username#, #surname#

You need to either <A HREF=&quot;NewUser.cfm&quot;> create an account </A> or
<A HREF=&quot;ForgottenPassword.cfm&quot;> Try again</a>
</CFOUTPUT>


<CFELSE>

<CFOUTPUT QUERY = &quot;Retrieve_Password&quot;>

You may now log in with the following details:<BR>
User Name : <B>#UserName#</B>
Password : <B>#Password#</B><BR><BR>
</CFOUTPUT>
</CFIF>
</BODY>
</HTML>

 
Sort by date Sort by votes
The problem:
1) When I enter another users password (user B) reminder answer, it displays displays user b's answer when it should display my validated error?
2) two different users with the same password reminder question and answer are displayed (The users Uniqueness is not observed)
This comes from your query :
<CFQUERY ..>
SELECT ...
FROM ...
WHERE PasswordReminderAnswer = '#form.PasswordReminderAnswer#'
</CFQUERY>
of course this will select user b's information if form.password... is user b's !!!! and of course this will select ALL user who have the same form.password.. info !!!

to fix that, just change your query to :
<CFQUERY ..>
SELECT ...
FROM ...
WHERE PasswordReminderAnswer = '#form.PasswordReminderAnswer#' AND username=#form.username# AND surname=#form.surname#
</CFQUERY>

and then check the number of answers :
if there is none or more than 1 : wrong
if there is exactly one : cool


 
Upvote 0 Downvote
Iza,

Thanks ever so much...IT WORKS!!!!
( Im sure i tried what you said but then again i couldn't have because it didnt work, does order matter in the where clause?).

Anyway, Thanks once again
I really appreciate your help :)
 
Upvote 0 Downvote
&quot;does order matter in the where clause&quot; to my knowledge : no
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

LyndonOHRC
  • Locked
  • Question
Need help using ImageCrop()
Replies
1
Views
248
LyndonOHRC
LyndonOHRC
FALCONSEYE
  • Locked
  • Question
Error: no known VMs. (check for corrupt jvm.cfg file) !!! How I Fixed It !!!
Replies
0
Views
829
FALCONSEYE
FALCONSEYE
MDEJAKE
  • Locked
  • Question
autosuggest (cfc and jquery) help
Replies
0
Views
291
MDEJAKE
MDEJAKE
lollieleaver
  • Locked
  • Question
Dreamweaver CS4 - how can I make an Access database downloadable from my site?
Replies
2
Views
264
lollieleaver
lollieleaver
cfhelp
  • Locked
  • Question
Coldfusion 2016 - Cant find CFX_tags
Replies
0
Views
532
cfhelp
cfhelp

Part and Inventory Search

Sponsor

Back
Top