Update Admin Password

[llldnylll]

I tried searching for my problem, but nothing came up...


I am trying to crate a page that, after login in, admin can update their password.

Why is it that, no matter who logs in, it keeps changing the same users PSWRD (not user who logged in)?

 

[traingamer]

Why is it that, no matter who logs in, it keeps changing the same users PSWRD (not user who logged in)?

Without seeing your server-side code and/or your SQL, it would be somewhat difficult to answer this question.

Greg
"Personally, I am always ready to learn, although I do not always like being taught." - Winston Churchill

 

[llldnylll]

Im not sure it this will help...


MY Recordset:

<%
Dim RS_Password
Dim RS_Password_numRows

Set RS_Password = Server.CreateObject("ADODB.Recordset")
RS_Password.ActiveConnection = MM_CN_VZThot_STRING
RS_Password.Source = "SELECT * FROM Employees"
RS_Password.CursorType = 0
RS_Password.CursorLocation = 2
RS_Password.LockType = 1
RS_Password.Open()

RS_Password_numRows = 0
%>





My Form:

<form name="form1" method="POST" action="<%=MM_editAction%>">
Password
<input type="text" name="textfield">
Re-Enter
<input type="text" name="textfield2">
<input type="submit" name="Submit" value="Submit">
<input type="hidden" name="MM_update" value="form1">
<input type="hidden" name="MM_recordId" value="<%= RS_Password.Fields.Item("TechName").Value %>">
</form>

 

[traingamer]

What about the 'Update' sql? What have you tried so far?

 

[llldnylll]

I'm stuck so don't know what to try.



' *** Update Record: construct a sql update statement and execute it

If (CStr(Request("MM_update")) <> "" And CStr(Request("MM_recordId")) <> "") Then

' create the sql update statement
MM_editQuery = "update " & MM_editTable & " set "
For MM_i = LBound(MM_fields) To UBound(MM_fields) Step 2
MM_formVal = MM_fields(MM_i+1)
MM_typeArray = Split(MM_columns(MM_i+1),",")
MM_delim = MM_typeArray(0)
If (MM_delim = "none") Then MM_delim = ""
MM_altVal = MM_typeArray(1)
If (MM_altVal = "none") Then MM_altVal = ""
MM_emptyVal = MM_typeArray(2)
If (MM_emptyVal = "none") Then MM_emptyVal = ""
If (MM_formVal = "") Then
MM_formVal = MM_emptyVal
Else
If (MM_altVal <> "") Then
MM_formVal = MM_altVal
ElseIf (MM_delim = "'") Then ' escape quotes
MM_formVal = "'" & Replace(MM_formVal,"'","''") & "'"
Else
MM_formVal = MM_delim + MM_formVal + MM_delim
End If
End If
If (MM_i <> LBound(MM_fields)) Then
MM_editQuery = MM_editQuery & ","
End If
MM_editQuery = MM_editQuery & MM_columns(MM_i) & " = " & MM_formVal
Next
MM_editQuery = MM_editQuery & " where " & MM_editColumn & " = " & MM_recordId

If (Not MM_abortEdit) Then
' execute the update
Set MM_editCmd = Server.CreateObject("ADODB.Command")
MM_editCmd.ActiveConnection = MM_editConnection
MM_editCmd.CommandText = MM_editQuery
MM_editCmd.Execute
MM_editCmd.ActiveConnection.Close

If (MM_editRedirectUrl <> "") Then
Response.Redirect(MM_editRedirectUrl)
End If

 

[traingamer]

Is your hidden field (<input type="hidden" name="MM_recordId" value="<%= RS_Password.Fields.Item("TechName").Value %>">) equal to what you think it should be?

Greg
"Personally, I am always ready to learn, although I do not always like being taught." - Winston Churchill

 

[lebisol]

SELECT * FROM Employees"
you need to filer the recordset for cridential supplied in the form/page prior to pulling into hidden field.
=========================
<%= RS_Password.Fields.Item("TechName").Value %>
=========================

this value is most likely the 1st returned....
logic would be:
login form-->
validate user/pass -->
if valid (found in recordset) return uniqueID (TechName)--->
this ID will then be populated into your hidden field of
<%= RS_Password.Fields.Item("TechName").Value %>

then and only then you will be able to update the correct record.
All the best!

:--------------------------------------:

All around in my home town,
They tryin' to track me down...