Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Password Change

Status
Not open for further replies.
skw8966

skw8966

Programmer
Apr 12, 2001
59
US
I have Active Server Pages which connect to an MS Access database. Within the DB is stored user information including usernames and password as the default password.

I'd like to create a page that asks them to change their password the first time logging in.

Any tips?
 
Sort by date Sort by votes
Add a column to the database that tracks the last time that they logged in (value set after completion of a valid login). If that value is null or empty it will signify that they have never logged in before. Upon checking that flag you can redirect them to the appropriate page. Additionally, you could use the data from that extra column for other purposes, such as letting the user know when their last visit to the site was.

-kaht

How much you wanna make a bet I can throw a football over them mountains?
sheepico.jpg
 
Upvote 0 Downvote
I've created a Password Change page. How would I tie this into the login page?

All passwords are "password" by default until changed so I could probably use that criteria to redirect to the password change page.

Here's the code for Login.asp and PassChange.asp.

Code: 
<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>
<!--#include file="Connections/CatReq.asp" -->
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Request.QueryString
MM_valUsername=CStr(Request.Form("usr"))
If MM_valUsername <> "" Then
  MM_fldUserAuthorization="SecurityLevel"
  MM_redirectLoginSuccess="default.asp"
  MM_redirectLoginFailed="Denied.asp"
  MM_flag="ADODB.Recordset"
  set MM_rsUser = Server.CreateObject(MM_flag)
  MM_rsUser.ActiveConnection = MM_CatReq_STRING
  MM_rsUser.Source = "SELECT User, Password"
  If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization
  MM_rsUser.Source = MM_rsUser.Source & " FROM users WHERE User='" & Replace(MM_valUsername,"'","''") &"' AND Password='" & Replace(Request.Form("pswd"),"'","''") & "'"
  MM_rsUser.CursorType = 0
  MM_rsUser.CursorLocation = 2
  MM_rsUser.LockType = 3
  MM_rsUser.Open
  If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then 
    ' username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername
    If (MM_fldUserAuthorization <> "") Then
      Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
    Else
      Session("MM_UserAuthorization") = ""
    End If
    if CStr(Request.QueryString("accessdenied")) <> "" And false Then
      MM_redirectLoginSuccess = Request.QueryString("accessdenied")
    End If
    MM_rsUser.Close
    Response.Redirect(MM_redirectLoginSuccess)
  End If
  MM_rsUser.Close
  Response.Redirect(MM_redirectLoginFailed)
End If
%>
<html>
<head>
<title>Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body bgcolor="BFE8D9" link="#009900" vlink="#FFFFFF">
<form name="form1" method="POST" action="<%=MM_LoginAction%>">
  <table width="54%" border="1" align="center" cellpadding="0" cellspacing="0">
    <tr> 
      <td colspan="2"><div align="center"><strong><font size="4"> Catalog Request 
          Section Login</font></strong></div></td>
    </tr>
    <tr> 
      <td width="39%"><div align="right">Username</div></td>
      <td width="61%"> <input name="usr" type="text" id="usr"></td>
    </tr>
    <tr> 
      <td> <div align="right">Password</div></td>
      <td> <input name="pswd" type="password" id="pswd"></td>
    </tr>
    <tr> 
      <td colspan="2"> <div align="center"> 
          <input type="submit" name="Submit" value="Login">
        </div></td>
    </tr>
  </table>
</form>
</body>
</html>
Code: 
<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>
<!--#include file="Connections/CatReq.asp" -->
<%
' *** Edit Operations: declare variables

Dim MM_editAction
Dim MM_abortEdit
Dim MM_editQuery
Dim MM_editCmd

Dim MM_editConnection
Dim MM_editTable
Dim MM_editRedirectUrl
Dim MM_editColumn
Dim MM_recordId

Dim MM_fieldsStr
Dim MM_columnsStr
Dim MM_fields
Dim MM_columns
Dim MM_typeArray
Dim MM_formVal
Dim MM_delim
Dim MM_altVal
Dim MM_emptyVal
Dim MM_i

MM_editAction = CStr(Request.ServerVariables("SCRIPT_NAME"))
If (Request.QueryString <> "") Then
  MM_editAction = MM_editAction & "?" & Request.QueryString
End If

' boolean to abort record edit
MM_abortEdit = false

' query string to execute
MM_editQuery = ""
%>
<%
' *** Insert Record: set variables

If (CStr(Request("MM_insert")) = "form1") Then

  MM_editConnection = MM_CatReq_STRING
  MM_editTable = "users"
  MM_editRedirectUrl = "default.asp"
  MM_fieldsStr  = "NewPass|value"
  MM_columnsStr = "Password|',none,''"

  ' create the MM_fields and MM_columns arrays
  MM_fields = Split(MM_fieldsStr, "|")
  MM_columns = Split(MM_columnsStr, "|")
  
  ' set the form values
  For MM_i = LBound(MM_fields) To UBound(MM_fields) Step 2
    MM_fields(MM_i+1) = CStr(Request.Form(MM_fields(MM_i)))
  Next

  ' append the query string to the redirect URL
  If (MM_editRedirectUrl <> "" And Request.QueryString <> "") Then
    If (InStr(1, MM_editRedirectUrl, "?", vbTextCompare) = 0 And Request.QueryString <> "") Then
      MM_editRedirectUrl = MM_editRedirectUrl & "?" & Request.QueryString
    Else
      MM_editRedirectUrl = MM_editRedirectUrl & "&" & Request.QueryString
    End If
  End If

End If
%>
<%
' *** Insert Record: construct a sql insert statement and execute it

Dim MM_tableValues
Dim MM_dbValues

If (CStr(Request("MM_insert")) <> "") Then

  ' create the sql insert statement
  MM_tableValues = ""
  MM_dbValues = ""
  For MM_i = LBound(MM_fields) To UBound(MM_fields) Step 2
    MM_formVal = MM_fields(MM_i+1)
    MM_typeArray = Split(MM_columns(MM_i+1),",")
    MM_delim = MM_typeArray(0)
    If (MM_delim = "none") Then MM_delim = ""
    MM_altVal = MM_typeArray(1)
    If (MM_altVal = "none") Then MM_altVal = ""
    MM_emptyVal = MM_typeArray(2)
    If (MM_emptyVal = "none") Then MM_emptyVal = ""
    If (MM_formVal = "") Then
      MM_formVal = MM_emptyVal
    Else
      If (MM_altVal <> "") Then
        MM_formVal = MM_altVal
      ElseIf (MM_delim = "'") Then  ' escape quotes
        MM_formVal = "'" & Replace(MM_formVal,"'","''") & "'"
      Else
        MM_formVal = MM_delim + MM_formVal + MM_delim
      End If
    End If
    If (MM_i <> LBound(MM_fields)) Then
      MM_tableValues = MM_tableValues & ","
      MM_dbValues = MM_dbValues & ","
    End If
    MM_tableValues = MM_tableValues & MM_columns(MM_i)
    MM_dbValues = MM_dbValues & MM_formVal
  Next
  MM_editQuery = "insert into " & MM_editTable & " (" & MM_tableValues & ") values (" & MM_dbValues & ")"

  If (Not MM_abortEdit) Then
    ' execute the insert
    Set MM_editCmd = Server.CreateObject("ADODB.Command")
    MM_editCmd.ActiveConnection = MM_editConnection
    MM_editCmd.CommandText = MM_editQuery
    MM_editCmd.Execute
    MM_editCmd.ActiveConnection.Close

    If (MM_editRedirectUrl <> "") Then
      Response.Redirect(MM_editRedirectUrl)
    End If
  End If

End If
%>
<%
Dim Recordset1
Dim Recordset1_numRows

Set Recordset1 = Server.CreateObject("ADODB.Recordset")
Recordset1.ActiveConnection = MM_CatReq_STRING
Recordset1.Source = "SELECT User, Password FROM users"
Recordset1.CursorType = 0
Recordset1.CursorLocation = 2
Recordset1.LockType = 1
Recordset1.Open()

Recordset1_numRows = 0
%>
<html>
<head>
<title>Change Password</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body bgcolor="BFE8D9" link="#009900" vlink="#FFFFFF">
<form name="form1" method="POST" action="<%=MM_editAction%>">
  
  <table width="51%" border="5" align="center" cellpadding="0" cellspacing="0">
    
    <tr> 
      <td colspan="2"><div align="center"><strong>This is your first visit. Please 
          enter a new password.</strong></div></td>
    </tr>
    <tr> 
      <td width="49%"><div align="right">Old Password:</div></td>
      <td width="51%">&nbsp;</td>
    </tr>
    <tr> 
      <td>
<div align="right">New Password:</div></td>
      <td>
<input name="NewPass" type="text" id="NewPass"></td>
    </tr>
    <tr> 
      <td><div align="right">Confirm New Password:</div></td>
      <td>
<input name="ConfNewPass" type="password" id="ConfNewPass"></td>
    </tr>
    <tr> 
      <td colspan="2">
<div align="center">
          <input type="submit" name="Submit" value="Change">
        </div></td>
    </tr>
  </table>

  <input type="hidden" name="MM_insert" value="form1">
</form>
</body>
</html>
<%
Recordset1.Close()
Set Recordset1 = Nothing
%>
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

TonyDi29
  • Locked
  • Question
Remove Underline &amp; Change Color from Link Text
Replies
0
Views
176
TonyDi29
TonyDi29
vb487
  • Locked
  • Question
How to change the length of right content div for only one of my pages
Replies
1
Views
145
darryncooke
darryncooke
mochalova
  • Locked
  • Question
Password protect a pdf
Replies
2
Views
168
TruthInSatire
TruthInSatire
nsanto17
  • Locked
  • Question
pass username and password to another site
Replies
1
Views
184
vacunita
vacunita
Albion
  • Locked
  • Question
Hiding username and password in CFQUERY
Replies
3
Views
157
cfSearching
cfSearching

Part and Inventory Search

Sponsor

Back
Top