Jag har en login.. efter att man har loggat in så är dom olika användarna i olika levels beroende på vad dom har för konto. Det verkar inte vara något fel på koden för den hämtar ju bara det den får träff på. Alltså är felsökningen att din sql-sats inte plockar fram rätt användare. Du har where strmsgdeleted = '0' och troligen är dessa konton något annant än 0 idetta fall och därför får du aldrig tag på några andra än just det kontot som är 3. Ja du... Jag har så att då ett konto läggs till så blir strmsgdeleted = '0' automatiskt.. Din SQL ser ut så här. Det hjälpte inte... :/ Jag skulle skrivit din kod på följande sätt: Ja du Andreas.. Ta bort dina Response.Redirect(). Tror det är de som strular till det. Andreas.. Det hjälpte tyvärr inte.. Det går inte att komma in på din sida. Har du möjlighet att bifoga källkoden för hela sidan? Ja du... Vi har skrivit ut och ändrat lite i SQLen och det kan inte vara inloggningen... Jag tror inte ditt problem ligger i den sida du bifogade. UTan sidan som hanterar inloggning. Ni behöver inte tänka mer på detta... löste det på egen hand..Varför kan ingen logga in som inte är level 3?
Jag har 4 olika levels...
0 = Guest
1 = Members
2 = Vip
3 = Administrators
Jag har denna kod som kollar en login:<code>
<%
Session("uIp") = Request.ServerVariables("REMOTE_ADDR")
If Request.Form("hdnAction") = "login" then
strSql = "select Id, strLevel, strFirstName, strLastName, strEmail, strSwimmerId,
strMsgDeleted from tblUsers where strMsgDeleted='0' AND strEmail = '" & Replace(Request.Form
("email"), "'", "''") & "' and strPassword = '" & Replace(Request.Form("pass"), "'", "''") & "'"
set rsLogin = Conn.Execute(strSql)
If not rsLogin.eof then
Session("uUserId") = rsLogin("Id")
Session("uLevel") = rsLogin("strLevel")
Session("uFirstName") = rsLogin("strFirstName")
Session("uLastName") = rsLogin("strLastName")
Session("uEmail") = rsLogin("strEmail")
Session("inside") = "yea"
Session("uSwimmerId") = rsLogin("strSwimmerId")
strSql = "update tblUsers set strLastLogin = '" & Now() & "', strIp = '" & Request.ServerVariables("REMOTE_ADDR") & "' where Id = " & Session("uUserId")
Conn.Execute(strSql)
rsLogin.Close : set rsLogin = nothing
Response.Redirect "" & PageRoot & "default.asp"
Else
rsLogin.Close : set rsLogin = nothing
Response.Redirect "" & PageRoot & "default.asp"
End If
End If
%></code>
Varför kommer bara level 3 användarna in?
Det är bara denna kod som kan göra nåt..
Gästerna loggar inte in utan för 0 automatiskt då dom kommer in på sidan och sen om dom skulle logga in så uppdateras Sessionen "uLevel" till deras level som står i databasen.
Någon som kan se något fel?Sv: Varför kan ingen logga in som inte är level 3?
Att använda strmsgdeleted som ett urval i din select-frågar verkar fel, för då får man ju inte logga in om man har något som är <> 0, eller?Sv: Varför kan ingen logga in som inte är level 3?
Så alla som är 0 är inte borttagna ur systemet och alla som är 1 är borttagna..
Så den delen kan inte vara tom. Så något är fel eftersom man kommer in till samma sida efter inloggning och där är det bara den koden och lite html kod...
Så jag vet inte varför bara level 3 kommer in...
Så här ser databasstrukturen ut:<code>CREATE TABLE tblusers (
Id int(11) NOT NULL auto_increment,
strFirstName text,
strLastName text,
strEmail text,
strPassword text,
strLastLogin text,
strIp text,
strLevel int(11) unsigned NOT NULL default '1',
strSwimmer int(11) unsigned NOT NULL default '0',
strSwimmerId int(11),
strMsgDeleted int(11) unsigned NOT NULL default '0',
strMsgDeletedIp text,
PRIMARY KEY (Id)
) TYPE=MyISAM;</code>Sv: Varför kan ingen logga in som inte är level 3?
strSql = "select Id, strLevel, strFirstName, strLastName, strEmail, strSwimmerId,
strMsgDeleted from tblUsers where strMsgDeleted='0' AND strEmail = '" & Replace(Request.Form
("email"), "'", "''") & "' and strPassword = '" & Replace(Request.Form("pass"), "'", "''") & "'"
set rsLogin = Conn.Execute(strSql)
Borde den inte se ut så här :
strSql = "select Id, strLevel, strFirstName, strLastName, strEmail, strSwimmerId,
strMsgDeleted from tblUsers where strMsgDeleted=0 AND strEmail = '" & Replace(Request.Form
("email"), "'", "''") & "' and strPassword = '" & Replace(Request.Form("pass"), "'", "''") & "'"
set rsLogin = Conn.Execute(strSql)
strMsgDeleted är ju av typen int i databasen, inte char.
Vet inte om det har något med problemet att göra, men jag hittar inget annat fel i koden.Sv: Varför kan ingen logga in som inte är level 3?
Har nu bytt ut koden från den förra till denna:<code><%
Session("uIp") = Request.ServerVariables("REMOTE_ADDR")
If Request.Form("hdnAction") = "login" then
Set rsLogin = Server.CreateObject("ADODB.Recordset")
strSql = "select * from tblusers where strMsgDeleted=0 and strEmail = '" & Replace(Request.Form("email"), "'", "''") & "' and strPassword = '" & Replace(Request.Form("pass"), "'", "''") & "'"
rsLogin.Open strSQL, Conn, adOpenStatic, adLockOptimistic
If (rsLogin.eof or rsLogin.bof) then
Session("ErrorMsg") = "Felaktigt Användarnamn eller Lösenord"
rsLogin.Close : set rsLogin = nothing
Response.Redirect "" & PageRoot & "default.asp"
Else
LoginId = rsLogin("Id")
LoginLevel = rsLogin("strLevel")
LoginFirstName = rsLogin("strFirstName")
LoginLastName = rsLogin("strLastName")
LoginEmail = rsLogin("strEmail")
If rsLogin("strSwimmer") = 1 Then
LoginSwimmerId = rsLogin("strSwimmerId")
Session("uSwimmerId") = "" & LoginSwimmerId & ""
End If
Session("uUserId") = "" & LoginId & ""
Session("uLevel") = "" & LoginLevel & ""
Session("uFirstName") = "" & LoginFirstName & ""
Session("uLastName") = "" & LoginLastName & ""
Session("uEmail") = "" & LoginEmail & ""
rsLogin.Close : set rsLogin = nothing
strSqlUpdate = "update tblusers set strlastlogin = '" & Now() & "', strIp = '" & Request.ServerVariables("REMOTE_ADDR") & "' where Id = " & Session("uUserId")
Conn.Execute(strSqlUpdate)
Response.Redirect "" & PageRoot & "default.asp"
End If
End If
%></code>
Men då får jag följande fel:<code>
ADODB.Recordset.1 error '80020009'
Unsupported Lock Type.</code>Sv: Varför kan ingen logga in som inte är level 3?
<code>
<%
Function SQLText(Value)
If Len(Value) Then
SQLText = "'" & Replace(Value, "'", "''") & "'"
Else
SQLText = "Null"
End If
End Function
Dim rs
Dim lngUserId
Dim strUserIP
Dim strUserEMail
Dim strUserPassword
strUserEMail = Trim(Request.Form("email"))
strUserPassword = Trim(Request.Form("pass"))
strUserIP = Session("uIp")
If Len(strUserIP) = 0 Then
strUserIP = Request.ServerVariables("REMOTE_ADDR")
Session("uIp") = strUserIP
End If
Select Case Request.Form("hdnAction")
Case "login"
strSQL = "SELECT *" & vbCrLf & _
"FROM tblUsers" & vbCrLf & _
"WHERE strMsgDeleted=0 AND strEmail = " & SQLText(strUserEMail) & " AND strPassword = " & SQLText(strUserPassword)
Set rs = Server.CreateObject("ADODB.Recordset")
rs.Open strSQL, Conn
If rs.EOF then
rsLogin.Close
Set rsLogin = nothing
Response.Redirect PageRoot & "default.asp?message=" & Server.URLEncode("Felaktigt Användarnamn eller Lösenord")
Else
lngUserId = rs("Id")
Session("uUserId") = lngUserId
Session("uLevel") = rs("strLevel")
Session("uFirstName") = rs("strFirstName")
Session("uLastName") = rs("strLastName")
Session("uEmail") = rs("strEmail")
If rs("strSwimmer") = 1 Then
Session("uSwimmerId") = "" & rs("strSwimmerId")
End If
rsLogin.Close
set rsLogin = nothing
strSQL = "UPDATE tblusers SET strLastLogin = Now(), strIp = " & strSQL(strUserIP) & "" & vbCrLf & _
"WHERE Id = " & lngUserId
Conn.Execute strSQL
Response.Redirect "" & PageRoot & "default.asp"
End If
End If
%>
</code>Sv: Varför kan ingen logga in som inte är level 3?
Fick rätta till några små fel... Men nu har jag bara problemet att det vill inte logga in utan bara står och laddar om sidan hela tiden...
Du kan ju ta dig en till: www.teambd.net/dev/
Användare: temp@teambd.net
Lösenord: temp
<b>Fick fixa till din kod lite... strSQL(strUserIp) Varför ska du ha med strSQL innan?</b>
Koden efter jag fixat till:<code><%
Function SQLText(Value)
If Len(Value) Then
SQLText = "'" & Replace(Value, "'", "''") & "'"
Else
SQLText = "Null"
End If
End Function
Dim rs
Dim lngUserId
Dim strUserIP
Dim strUserEMail
Dim strUserPassword
strUserEMail = Trim(Request.Form("email"))
strUserPassword = Trim(Request.Form("pass"))
strUserIP = Session("uIp")
If Len(strUserIP) = 0 Then
strUserIP = Request.ServerVariables("REMOTE_ADDR")
Session("uIp") = strUserIP
End If
Select Case Request.Form("hdnAction")
Case "login"
strSQL = "SELECT *" & vbCrLf & _
"FROM tblusers" & vbCrLf & _
"WHERE strMsgDeleted=0 AND strEmail = " & SQLText(strUserEMail) & " AND strPassword = " & SQLText(strUserPassword)
Set rs = Server.CreateObject("ADODB.Recordset")
rs.Open strSQL, Conn
If rs.EOF then
rs.Close
Set rs = nothing
Response.Redirect PageRoot & "default.asp?message=" & Server.URLEncode("Felaktigt Användarnamn eller Lösenord")
Else
lngUserId = rs("Id")
Session("uUserId") = lngUserId
Session("uLevel") = rs("strLevel")
Session("uFirstName") = rs("strFirstName")
Session("uLastName") = rs("strLastName")
Session("uEmail") = rs("strEmail")
Session("inside") = "yea"
If rs("strSwimmer") = 1 Then
Session("uSwimmerId") = "" & rs("strSwimmerId")
End If
rs.Close
set rs = nothing
strSQL = "UPDATE tblusers SET strLastLogin = Now(), strIp = '" & strUserIP & "'" & vbCrLf & _
"WHERE Id = " & lngUserId
Conn.Execute strSQL
Response.Redirect "" & PageRoot & "default.asp"
End If
End Select
%></code>Sv: Varför kan ingen logga in som inte är level 3?
<code>
<%
Function SQLText(Value)
If Len(Value) Then
SQLText = "'" & Replace(Value, "'", "''") & "'"
Else
SQLText = "Null"
End If
End Function
Dim rs
Dim lngUserId
Dim strUserIP
Dim strUserEMail
Dim strUserPassword
strUserEMail = Trim(Request.Form("email"))
strUserPassword = Trim(Request.Form("pass"))
strUserIP = Session("uIp")
If Len(strUserIP) = 0 Then
strUserIP = Request.ServerVariables("REMOTE_ADDR")
Session("uIp") = strUserIP
End If
Select Case Request.Form("hdnAction")
Case "login"
strSQL = "SELECT *" & vbCrLf & _
"FROM tblusers" & vbCrLf & _
"WHERE strMsgDeleted=0 AND strEmail = " & SQLText(strUserEMail) & " AND strPassword = " & SQLText(strUserPassword)
Set rs = Server.CreateObject("ADODB.Recordset")
rs.Open strSQL, Conn
If rs.EOF then
Else
lngUserId = rs("Id")
Session("uUserId") = lngUserId
Session("uLevel") = rs("strLevel")
Session("uFirstName") = rs("strFirstName")
Session("uLastName") = rs("strLastName")
Session("uEmail") = rs("strEmail")
Session("inside") = "yea"
If rs("strSwimmer") = 1 Then
Session("uSwimmerId") = "" & rs("strSwimmerId")
End If
strSQL = "UPDATE tblusers SET strLastLogin = Now(), strIp = '" & strUserIP & "'" & vbCrLf & _
"WHERE Id = " & lngUserId
Conn.Execute strSQL
End If
rs.Close
set rs = nothing
End Select
%>
</code>
Jag har för vana att inte använda Response.Redirect().Sv: Varför kan ingen logga in som inte är level 3?
Jag förstår inte vad som inte vill funka.
Den ska ju bara komma tillbaka till samma sida så det måste vara den koden.
Men du kan ju testa logga in med dom uppgifter jag gav dig..Sv: Varför kan ingen logga in som inte är level 3?
Sv: Varför kan ingen logga in som inte är level 3?
Det måste vara en annan fil... Men jag kan infoga koden från den filen...
Sub.asp<code><%
' ############################ MySQL DATABASE ############################
Set Conn = Server.CreateObject("ADODB.Connection")
Conn.Open "driver={MySQL};server=localhost;uid=******;pwd=******;database=******"
' #########################################################################
' ### Root Folders ##############################
SwimmerRoot = "swimmers/"
ImageRoot = "_gfx/"
PageRoot = ""
IncludeRoot = "inc/"
' ###############################################
StyleSheet = "" & IncludeRoot & "stylesheet.css"
JavaScript = "" & IncludeRoot & "base.js"
Title = " - Team Norrbotten v.6 -"
If session("uLevel") = "" Then
session("uLevel") = "0"
End If
If Request.Querystring("action") = "logout" Then
session.abandon
session("uLevel") = "0"
session("stat") = "Yes"
Response.Redirect "default.asp"
End If
SQL = "SELECT * FROM tblsettings WHERE id = 1 ORDER BY id DESC"
Set RecSet = Conn.Execute(SQL)
Do until RecSet.EOF
If RecSet("strRegister") = "0" Then
sNews = "1"
sGuestbook = "1"
sContact = "1"
sLinks = "1"
sLostPw = RecSet("strLostPw")
Else
sRegister = RecSet("strRegister")
sLostPw = RecSet("strLostPw")
sNews = RecSet("strNews")
sGuestbook = RecSet("strGuestbook")
sContact = RecSet("strContact")
sLinks = RecSet("strLinks")
End If
Recset.MoveNext
Loop
Recset.Close
Sub Menu
Response.Write" <table border=""0"" cellpadding=""0"" cellspacing=""0"">" & vbcrlf
Response.Write" <tr>" & vbcrlf
Response.Write" <td onMouseOver=""this.style.background='#CAC5B6';"" onMouseOut=""this.style.background='#D6D8E0';"" onClick=""location.href='" & PageRoot & "default.asp';"" class=""menu""><img src=""" & ImageRoot & "knappar/menu_start.gif"" border=""0""></td>" & vbcrlf
Response.Write" <td width=""1"" bgcolor=""#96989E""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" height=""1"" width=""1""></td>" & vbcrlf
If Not session("inside") = "yea" Then
If sRegister = "1" Then
Response.Write" <td onMouseOver=""this.style.background='#CAC5B6';"" onMouseOut=""this.style.background='#D6D8E0';"" onClick=""location.href='" & PageRoot & "agreement.asp';"" class=""menu""><img src=""" & ImageRoot & "knappar/menu_bli_medlem.gif"" border=""0""></td>" & vbcrlf
Response.Write" <td width=""1"" bgcolor=""#96989E""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" height=""1"" width=""1""></td>" & vbcrlf
End If
End If
Response.Write" <td onMouseOver=""this.style.background='#CAC5B6';"" onMouseOut=""this.style.background='#D6D8E0';"" onClick=""location.href='" & PageRoot & "swimmers_view.asp?SwimmerId=1';"" class=""menu""><img src=""" & ImageRoot & "knappar/menu_simmare.gif"" border=""0""></td>" & vbcrlf
Response.Write" <td width=""1"" bgcolor=""#96989E""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" height=""1"" width=""1""></td>" & vbcrlf
Response.Write" <td onMouseOver=""this.style.background='#CAC5B6';"" onMouseOut=""this.style.background='#D6D8E0';"" onClick=""location.href='" & PageRoot & "guestbook.asp';"" class=""menu""><img src=""" & ImageRoot & "knappar/menu_guestbook.gif"" border=""0""></td>" & vbcrlf
Response.Write" <td width=""1"" bgcolor=""#96989E""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" height=""1"" width=""1""></td>" & vbcrlf
Response.Write" <td onMouseOver=""this.style.background='#CAC5B6';"" onMouseOut=""this.style.background='#D6D8E0';"" onClick=""location.href='" & PageRoot & "#';"" class=""menu""><img src=""" & ImageRoot & "knappar/menu_kontakta_oss.gif"" border=""0""></td>" & vbcrlf
Response.Write" <td width=""1"" bgcolor=""#96989E""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" height=""1"" width=""1""></td>" & vbcrlf
Response.Write" <td onMouseOver=""this.style.background='#CAC5B6';"" onMouseOut=""this.style.background='#D6D8E0';"" onClick=""location.href='" & PageRoot & "#';"" class=""menu""><img src=""" & ImageRoot & "knappar/menu_updates.gif"" border=""0""></td>" & vbcrlf
Response.Write" <td width=""1"" bgcolor=""#96989E""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" height=""1"" width=""1""></td>" & vbcrlf
Response.Write" <td onMouseOver=""this.style.background='#CAC5B6';"" onMouseOut=""this.style.background='#D6D8E0';"" onClick=""location.href='" & PageRoot & "#';"" class=""menu""><img src=""" & ImageRoot & "knappar/menu_links.gif"" border=""0"" hspace=""5""></td>" & vbcrlf
Response.Write" <td width=""1"" bgcolor=""#96989E""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" height=""1"" width=""1""></td>" & vbcrlf
If session("uLevel") = "3" Then
Response.Write" <td onMouseOver=""this.style.background='#CAC5B6';"" onMouseOut=""this.style.background='#D6D8E0';"" onClick=""location.href='" & PageRoot & "#';"" class=""menu""><img src=""" & ImageRoot & "knappar/menu_admin.gif"" border=""0"" hspace=""5""></td>" & vbcrlf
Response.Write" <td width=""1"" bgcolor=""#96989E""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" height=""1"" width=""1""></td>" & vbcrlf
End If
Response.Write" <td width=""100%"" class=""level""></td>" & vbcrlf
If session("inside") = "yea" Then
Response.Write" <td width=""1"" bgcolor=""#96989E""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" height=""1"" width=""1""></td>" & vbcrlf
Response.Write" <td class=""menu"" onMouseOver=""this.style.background='#CAC5B6';"" onMouseOut=""this.style.background='#D6D8E0';"" onClick=""location.href='?action=logout';""><div class=""right"">"
Response.Write" <img src=""" & ImageRoot & "knappar/menu_logout.gif"" border=""0""></div></td>" & vbcrlf
End If
Response.Write" </tr>" & vbcrlf
Response.Write" </table>"
End Sub
Sub TableSpace
Response.Write" <table border=""0"" cellpadding=""0"" cellspacing=""0"">" & vbcrlf
Response.Write" <tr>" & vbcrlf
Response.Write" <td> </td>" & vbcrlf
Response.Write" </tr>" & vbcrlf
Response.Write" </table>"
End Sub
Sub Copyright
Response.Write" <table border=""0"" cellpadding=""2"" cellspacing=""0"" width=""100%"">" & vbcrlf
Response.Write" <tr>" & vbcrlf
Response.Write" <td align=""right"" valign=""top""><font style=""color:#96989E"";>Copyright © 2003-2005 Team Norrbotten<br>" & vbcrlf
Response.Write" Design & coding by Linus Enbom</font></td>" & vbcrlf
Response.Write" </tr>" & vbcrlf
Response.Write" </table>"
End Sub
Sub Stat
Response.Write" <table border=""0"" cellpadding=""0"" cellspacing=""0"">" & vbcrlf
Response.Write" <tr>" & vbcrlf
Response.Write" <td width=""1"" bgcolor=""#96989E""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" width=""1"" height=""1""></td>" & vbcrlf
Response.Write" <td height=""15"" background=""" & ImageRoot & "window_top_bg.gif"">" & vbcrlf
Response.Write" <table border=""0"" cellpadding=""0"" cellspacing=""0"">" & vbcrlf
Response.Write" <tr>" & vbcrlf
Response.Write" <td height=""15"" background=""" & ImageRoot & "window_name_bg.gif"" valign=""bottom""> <font class=""grey""><b>- Besökare -</b></font> </td>" & vbcrlf
Response.Write" <td><img src=""" & ImageRoot & "window_top_1.gif"" border=""0"" height=""15"" width=""13""></td>" & vbcrlf
Response.Write" </tr>" & vbcrlf
Response.Write" </table>" & vbcrlf
Response.Write" </td>" & vbcrlf
Response.Write" <td width=""1""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" width=""1"" height=""1""></td>" & vbcrlf
Response.Write" </tr>" & vbcrlf
Response.Write" <tr>" & vbcrlf
Response.Write" <td width=""1"" bgcolor=""#96989E""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" width=""1"" height=""1""></td>" & vbcrlf
Response.Write" <td>" & vbcrlf
Response.Write" <table border=""0"" cellpadding=""3"" cellspacing=""0"" bgcolor=""#ECECF0"">" & vbcrlf
Response.Write" <tr>" & vbcrlf
Response.Write" <td>" & vbcrlf
Response.Write" <table border=""0"" cellpadding=""0"" cellspacing=""1"" bgcolor=""#E3E3E7"">" & vbcrlf
Response.Write" <tr>" & vbcrlf
Response.Write" <td bgcolor=""#FFFFFF"">" & vbcrlf
Response.Write" <!-- CONTENT -->" & vbcrlf
Response.Write" <table border=""0"" cellpadding=""5"" cellspacing=""0"" width=""160"">" & vbcrlf
Response.Write" <tr>" & vbcrlf
Response.Write" <td>" & vbcrlf
Response.Write" <table border=""0"" cellpadding=""0"" cellspacing=""0"" width=""150"">" & vbcrlf
Response.Write" <tr>" & vbcrlf
Response.Write" <td>" & vbcrlf
Response.Write" <b>Beök Idag:</b>" & vbcrlf
Response.Write" </td>" & vbcrlf
Response.Write" <td style=""text-align:right;"">" & vbcrlf
Response.Write" 5 st" & vbcrlf
Response.Write" </td>" & vbcrlf
Response.Write" </tr>" & vbcrlf
Response.Write" <tr>" & vbcrlf
Response.Write" <td>" & vbcrlf
Response.Write" <b>Beök i Veckan:</b>" & vbcrlf
Response.Write" </td>" & vbcrlf
Response.Write" <td style=""text-align:right;"">" & vbcrlf
Response.Write" 15 st" & vbcrlf
Response.Write" </td>" & vbcrlf
Response.Write" </tr>" & vbcrlf
Response.Write" <tr>" & vbcrlf
Response.Write" <td>" & vbcrlf
Response.Write" <b>Olika Besökare:</b>" & vbcrlf
Response.Write" </td>" & vbcrlf
Response.Write" <td style=""text-align:right;"">" & vbcrlf
' ### Totalt antal unika besökare ################################################################
SQL100 = "SELECT Count(*) From tblip"
Set RecSet100 = Conn.Execute(SQL100)
Response.Write" " & RecSet100.Fields(0) & " st<br>" & vbcrlf
' ################################################################################################
Response.Write" </td>" & vbcrlf
Response.Write" </tr>" & vbcrlf
Response.Write" <tr>" & vbcrlf
Response.Write" <td>" & vbcrlf
Response.Write" <b>Beök Totalt:</b>" & vbcrlf
Response.Write" </td>" & vbcrlf
Response.Write" <td style=""text-align:right;"">" & vbcrlf
' ### Totalt antal besökare ######################################################################
Set rs = Server.CreateObject ("ADODB.RecordSet")
SQL ="SELECT Antal FROM tblmonth"
rs.Open SQL, conn
iTotal = 0
If Not rs.EOF Then
Do While Not rs.EOF
iTotal = iTotal + rs("Antal")
rs.MoveNext
Loop
End If
rs.Close
' ################################################################################################
Response.Write" " & iTotal & " st" & vbcrlf
Response.Write" </td>" & vbcrlf
Response.Write" </tr>" & vbcrlf
Response.Write" <tr>" & vbcrlf
Response.Write" <td colspan=""2"">" & vbcrlf
Response.Write" Mer Statistik" & vbcrlf
Response.Write" </td>" & vbcrlf
Response.Write" </tr>" & vbcrlf
Response.Write" </table>" & vbcrlf
Response.Write" </td>" & vbcrlf
Response.Write" </tr>" & vbcrlf
Response.Write" </table>" & vbcrlf
Response.Write" <!-- END CONTENT -->" & vbcrlf
Response.Write" </td>" & vbcrlf
Response.Write" </tr>" & vbcrlf
Response.Write" </table>" & vbcrlf
Response.Write" </td>" & vbcrlf
Response.Write" </tr>" & vbcrlf
Response.Write" </table>" & vbcrlf
Response.Write" </td>" & vbcrlf
Response.Write" <td width=""1"" bgcolor=""#96989E""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" width=""1"" height=""1""></td>" & vbcrlf
Response.Write" </tr>" & vbcrlf
Response.Write" <tr>" & vbcrlf
Response.Write" <td width=""1""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" width=""1"" height=""1""></td>" & vbcrlf
Response.Write" <td bgcolor=""#96989E""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" width=""1"" height=""1""></td>" & vbcrlf
Response.Write" <td width=""1""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" width=""1"" height=""1""></td>" & vbcrlf
Response.Write" </tr>" & vbcrlf
Response.Write" </table>"
End Sub
Function TableLeft(strLeftHeadline, strLeftContent, strWide)
Response.Write" <table border=""0"" cellpadding=""0"" cellspacing=""0"">" & vbcrlf
Response.Write" <tr>" & vbcrlf
Response.Write" <td width=""1"" bgcolor=""#96989E""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" width=""1"" height=""1""></td>" & vbcrlf
Response.Write" <td height=""15"" background=""" & ImageRoot & "window_top_bg.gif"">" & vbcrlf
Response.Write" <table border=""0"" cellpadding=""0"" cellspacing=""0"">" & vbcrlf
Response.Write" <tr>" & vbcrlf
Response.Write" <td height=""15"" background=""" & ImageRoot & "window_name_bg.gif"" valign=""bottom""> <font class=""grey""><b>- " & strLeftHeadline & " -</b></font> </td>" & vbcrlf
Response.Write" <td><img src=""" & ImageRoot & "window_top_1.gif"" border=""0"" height=""15"" width=""13""></td>" & vbcrlf
Response.Write" </tr>" & vbcrlf
Response.Write" </table>" & vbcrlf
Response.Write" </td>" & vbcrlf
Response.Write" <td width=""1""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" width=""1"" height=""1""></td>" & vbcrlf
Response.Write" </tr>" & vbcrlf
Response.Write" <tr>" & vbcrlf
Response.Write" <td width=""1"" bgcolor=""#96989E""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" width=""1"" height=""1""></td>" & vbcrlf
Response.Write" <td>" & vbcrlf
Response.Write" <table border=""0"" cellpadding=""3"" cellspacing=""0"" bgcolor=""#ECECF0"">" & vbcrlf
Response.Write" <tr>" & vbcrlf
Response.Write" <td>" & vbcrlf
Response.Write" <table border=""0"" cellpadding=""0"" cellspacing=""1"" bgcolor=""#E3E3E7"">" & vbcrlf
Response.Write" <tr>" & vbcrlf
Response.Write" <td bgcolor=""#FFFFFF"">" & vbcrlf
Response.Write" <!-- CONTENT -->" & vbcrlf
Response.Write" <table border=""0"" cellpadding=""6"" cellspacing=""0"" width=""" & strWide & """>" & vbcrlf
Response.Write" <tr>" & vbcrlf
Response.Write" <td>" & strLeftContent & "</td>" & vbcrlf
Response.Write" </tr>" & vbcrlf
Response.Write" </table>" & vbcrlf
Response.Write" <!-- END CONTENT -->" & vbcrlf
Response.Write" </td>" & vbcrlf
Response.Write" </tr>" & vbcrlf
Response.Write" </table>" & vbcrlf
Response.Write" </td>" & vbcrlf
Response.Write" </tr>" & vbcrlf
Response.Write" </table>" & vbcrlf
Response.Write" </td>" & vbcrlf
Response.Write" <td width=""1"" bgcolor=""#96989E""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" width=""1"" height=""1""></td>" & vbcrlf
Response.Write" </tr>" & vbcrlf
Response.Write" <tr>" & vbcrlf
Response.Write" <td width=""1""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" width=""1"" height=""1""></td>" & vbcrlf
Response.Write" <td bgcolor=""#96989E""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" width=""1"" height=""1""></td>" & vbcrlf
Response.Write" <td width=""1""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" width=""1"" height=""1""></td>" & vbcrlf
Response.Write" </tr>" & vbcrlf
Response.Write" </table>"
End Function
Function TableRight(strRightHeadline, strRightContent, strWide)
Response.Write" <table border=""0"" cellpadding=""0"" cellspacing=""0"">" & vbcrlf
Response.Write" <tr>" & vbcrlf
Response.Write" <td width=""1"" bgcolor=""#96989E""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" width=""1"" height=""1""></td>" & vbcrlf
Response.Write" <td height=""15"" background=""" & ImageRoot & "window_top_bg.gif"">" & vbcrlf
Response.Write" <table border=""0"" cellpadding=""0"" cellspacing=""0"">" & vbcrlf
Response.Write" <tr>" & vbcrlf
Response.Write" <td height=""15"" background=""" & ImageRoot & "window_name_bg.gif"" valign=""bottom""> <font class=""grey""><b>- " & strRightHeadline & " -</b></font> </td>" & vbcrlf
Response.Write" <td><img src=""" & ImageRoot & "window_top_1.gif"" border=""0"" height=""15"" width=""13""></td>" & vbcrlf
Response.Write" </tr>" & vbcrlf
Response.Write" </table>" & vbcrlf
Response.Write" </td>" & vbcrlf
Response.Write" <td width=""1""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" width=""1"" height=""1""></td>" & vbcrlf
Response.Write" </tr>" & vbcrlf
Response.Write" <tr>" & vbcrlf
Response.Write" <td width=""1"" bgcolor=""#96989E""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" width=""1"" height=""1""></td>" & vbcrlf
Response.Write" <td>" & vbcrlf
Response.Write" <table border=""0"" cellpadding=""3"" cellspacing=""0"" bgcolor=""#ECECF0"">" & vbcrlf
Response.Write" <tr>" & vbcrlf
Response.Write" <td>" & vbcrlf
Response.Write" <table border=""0"" cellpadding=""0"" cellspacing=""1"" bgcolor=""#E3E3E7"">" & vbcrlf
Response.Write" <tr>" & vbcrlf
Response.Write" <td bgcolor=""#FFFFFF"">" & vbcrlf
Response.Write" <!-- CONTENT -->" & vbcrlf
Response.Write" <table border=""0"" cellpadding=""5"" cellspacing=""0"" width=""" & strWide & """>" & vbcrlf
Response.Write" <tr>" & vbcrlf
Response.Write" <td>" & strRightContent & "</td>" & vbcrlf
Response.Write" </tr>" & vbcrlf
Response.Write" </table>" & vbcrlf
Response.Write" <!-- END CONTENT -->" & vbcrlf
Response.Write" </td>" & vbcrlf
Response.Write" </tr>" & vbcrlf
Response.Write" </table>" & vbcrlf
Response.Write" </td>" & vbcrlf
Response.Write" </tr>" & vbcrlf
Response.Write" </table>" & vbcrlf
Response.Write" </td>" & vbcrlf
Response.Write" <td width=""1"" bgcolor=""#96989E""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" width=""1"" height=""1""></td>" & vbcrlf
Response.Write" </tr>" & vbcrlf
Response.Write" <tr>" & vbcrlf
Response.Write" <td width=""1""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" width=""1"" height=""1""></td>" & vbcrlf
Response.Write" <td bgcolor=""#96989E""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" width=""1"" height=""1""></td>" & vbcrlf
Response.Write" <td width=""1""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" width=""1"" height=""1""></td>" & vbcrlf
Response.Write" </tr>" & vbcrlf
Response.Write" </table>"
End Function
Function TableBig(strHeadline, strContent, strWide)
Response.Write" <table border=""0"" cellpadding=""0"" cellspacing=""0"">" & vbcrlf
Response.Write" <tr>" & vbcrlf
Response.Write" <td width=""1"" bgcolor=""#96989E""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" width=""1"" height=""1""></td>" & vbcrlf
Response.Write" <td height=""15"" background=""" & ImageRoot & "window_top_bg.gif"">" & vbcrlf
Response.Write" <table border=""0"" cellpadding=""0"" cellspacing=""0"">" & vbcrlf
Response.Write" <tr>" & vbcrlf
Response.Write" <td height=""15"" background=""" & ImageRoot & "window_name_bg.gif"" valign=""bottom""> <font class=""grey""><b>- " & strHeadline & " -</b></font> </td>" & vbcrlf
Response.Write" <td><img src=""" & ImageRoot & "window_top_1.gif"" border=""0"" height=""15"" width=""13""></td>" & vbcrlf
Response.Write" </tr>" & vbcrlf
Response.Write" </table>" & vbcrlf
Response.Write" </td>" & vbcrlf
Response.Write" <td width=""1""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" width=""1"" height=""1""></td>" & vbcrlf
Response.Write" </tr>" & vbcrlf
Response.Write" <tr>" & vbcrlf
Response.Write" <td width=""1"" bgcolor=""#96989E""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" width=""1"" height=""1""></td>" & vbcrlf
Response.Write" <td>" & vbcrlf
Response.Write" <table border=""0"" cellpadding=""3"" cellspacing=""0"" bgcolor=""#ECECF0"">" & vbcrlf
Response.Write" <tr>" & vbcrlf
Response.Write" <td>" & vbcrlf
Response.Write" <table border=""0"" cellpadding=""0"" cellspacing=""1"" bgcolor=""#E3E3E7"">" & vbcrlf
Response.Write" <tr>" & vbcrlf
Response.Write" <td bgcolor=""#FFFFFF"">" & vbcrlf
Response.Write" <!-- CONTENT -->" & vbcrlf
Response.Write" <table border=""0"" cellpadding=""6"" cellspacing=""0"" width=""" & strWide & """>" & vbcrlf
Response.Write" <tr>" & vbcrlf
Response.Write" <td>" & strContent & "</td>" & vbcrlf
Response.Write" </tr>" & vbcrlf
Response.Write" </table>" & vbcrlf
Response.Write" <!-- END CONTENT -->" & vbcrlf
Response.Write" </td>" & vbcrlf
Response.Write" </tr>" & vbcrlf
Response.Write" </table>" & vbcrlf
Response.Write" </td>" & vbcrlf
Response.Write" </tr>" & vbcrlf
Response.Write" </table>" & vbcrlf
Response.Write" </td>" & vbcrlf
Response.Write" <td width=""1"" bgcolor=""#96989E""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" width=""1"" height=""1""></td>" & vbcrlf
Response.Write" </tr>" & vbcrlf
Response.Write" <tr>" & vbcrlf
Response.Write" <td width=""1""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" width=""1"" height=""1""></td>" & vbcrlf
Response.Write" <td bgcolor=""#96989E""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" width=""1"" height=""1""></td>" & vbcrlf
Response.Write" <td width=""1""><img src=""" & ImageRoot & "nothing.gif"" border=""0"" width=""1"" height=""1""></td>" & vbcrlf
Response.Write" </tr>" & vbcrlf
Response.Write" </table>" & vbcrlf
End Function
Function FixaNews(strTexting)
' Tar bort otillåten kod
strTexting = Server.HTMLEncode(strTexting)
' Tillåten HTML kod
strTexting = Replace(strTexting, vbCrLf, "<br />")
strTexting = Replace(strTexting,"[f]","<b>")
strTexting = Replace(strTexting,"[/f]","</b>")
strTexting = Replace(strTexting,"[k]","<i>")
strTexting = Replace(strTexting,"[/k]","</i>")
strTexting = Replace(strTexting,"[u]","<u>")
strTexting = Replace(strTexting,"[/u]","</u>")
strTexting = Replace(strTexting,"[orange]","<font class=""orange"">")
strTexting = Replace(strTexting,"[/orange]","</font>")
strTexting = Replace(strTexting,"[grey]","<font class=""grey"">")
strTexting = Replace(strTexting,"[/grey]","</font>")
strTexting = Replace(strTexting,"[local_b]","")
strTexting = Replace(strTexting,"[local_e]","")
strTexting = Replace(strTexting,"[blank_b]","<a target=""_blank"" href='")
strTexting = Replace(strTexting,"[blank_m]","'>")
strTexting = Replace(strTexting,"[blank_e]","</a>")
strTexting = Replace(strTexting,"å","å")
strTexting = Replace(strTexting,"Å","Å")
strTexting = Replace(strTexting,"ä","ä")
strTexting = Replace(strTexting,"Ä","Ä")
strTexting = Replace(strTexting,"ö","ö")
strTexting = Replace(strTexting,"Ö","Ö")
FixaNews = strTexting
End Function
Function GetAge(ByVal vstrBirthDate)
lngYears = DateDiff("yyyy", vstrBirthDate, Now)
If month(vstrBirthDate) > month(now()) Then
lngYears = lngYears - 1
Elseif month(vstrBirthDate) = month(now()) Then
If day(vstrBirthDate) > day(now()) Then
lngYears = lngYears - 1
End If
End If
GetAge = lngYears
End Function
Function FixaKlubbUrl(uKlubb)
Select Case uKlubb
Case 1
FixaKlubbUrl = "http://bbksim.teambd.net"
Case 2
FixaKlubbUrl = "http://w1.971.telia.com/%7Eu97103901/"
Case 3
FixaKlubbUrl = "http://www.lulesim.nu"
Case 4
FixaKlubbUrl = "http://pitesim.hortlaxdata.se"
Case 5
FixaKlubbUrl = "http://www.alvsbyn.net/foretag/sims/simlinje/index.htm"
Case 6
FixaKlubbUrl = "http://kirunasim.se/"
End Select
End Function
Function FixaKlubb(uKlubb)
Select Case uKlubb
Case 1
FixaKlubb = "Bodens BK Simning"
Case 2
FixaKlubb = "Jokkmokk Simsällskap"
Case 3
FixaKlubb = "Luleå Simsällskap"
Case 4
FixaKlubb = "Piteå Sim"
Case 5
FixaKlubb = "Älvsby Simsällskap"
Case 6
FixaKlubb = "Kiruna Sim"
End Select
End Function
' ### Gästboken ###########################################################
If Request.Form("hdnAction") = "guestpost" Then
txtDate = Now()
txtUserId = Session("uUserId")
If Session("inside") = "yea" Then
SQL="Insert Into tblguestbook(strUserId, strFirstName, strLastName, strEmail, strIp, strDate, strMsg)"
SQL = SQL & "Values('"& txtUserId &"','"& Request("txtFirstName") &"','"& Request("txtLastName") &"','"& Request("txtEmail") &"','"& Request("txtIp") &"','"& txtDate &"','"& Request("txtMsg") &"')"
Else
SQL="Insert Into tblguestbook(strFirstName, strLastName, strEmail, strIp, strDate, strMsg)"
SQL = SQL & "Values('"& Request("txtFirstName") &"','"& Request("txtLastName") &"','"& Request("txtEmail") &"','"& Request("txtIp") &"','"& txtDate &"','"& Request("txtMsg") &"')"
End If
Conn.Execute(SQL)
Response.Clear
Response.Redirect "guestbook.asp"
End If
If Request.Form("hdnAction") = "guestedit" Then
SQL="Update tblguestbook Set strMsg = '"& Request("txtMsg") &"' WHERE Id = '"& Request.Querystring("id") &"'"
Conn.Execute(SQL)
Response.Clear
Response.Redirect "guestbook.asp"
End If
If Session("uUserId") = "" & Request.Querystring("UserId") & "" Then
If Request.Querystring("action") = "delete" Then
If Request.Querystring("page") = "guestbook" Then
SQL = "DELETE FROM tblguestbook WHERE id=" & Request.Querystring("id")
Conn.Execute(SQL)
Response.Clear
Response.Redirect "guestbook.asp"
End If
End If
ElseIf Session("uLevel") = "3" Then
If Request.Querystring("action") = "delete" Then
If Request.Querystring("page") = "guestbook" Then
SQL = "UPDATE tblguestbook set strMsgDeleted='1' WHERE id=" & Request.Querystring("id")
Conn.Execute(SQL)
Response.Clear
Response.Redirect "guestbook.asp"
End If
End If
Else
Response.Redirect "guestbook.asp"
End If
%>
</code>Sv: Varför kan ingen logga in som inte är level 3?
Din kod är sårbar för SQL inject.
Det verkar som dina sajt saknar struktur. T. ex. kod för att redigera gästboken bör ligga guestbook.asp. Den bör inte ligga i en annan sida vilket gör förändringen och redirectar till guestbook.asp.
Jag kan hjälpa dig gå igenom din kod och rätta det fel jag stöter på. Men det gör jag enklast om jag har en kopia av sidorna och databasen. Inte genom forummet.Sv: Varför kan ingen logga in som inte är level 3?
Koden blev följande:<code><%
Function SQLText(Value)
If Len(Value) Then
SQLText = "'" & Replace(Value, "'", "''") & "'"
Else
SQLText = "Null"
End If
End Function
Dim rs
Dim lngUserId
Dim strUserIP
Dim strUserEMail
Dim strUserPassword
strUserEMail = Trim(Request.Form("email"))
strUserPassword = Trim(Request.Form("pass"))
strUserIP = Session("uIp")
If Len(strUserIP) = 0 Then
strUserIP = Request.ServerVariables("REMOTE_ADDR")
Session("uIp") = strUserIP
End If
Select Case Request.Form("hdnAction")
Case "login"
strSQL = "SELECT *" & vbCrLf & _
"FROM tblusers" & vbCrLf & _
"WHERE strMsgDeleted=0 AND strEmail=" & SQLText(strUserEMail) & " AND strPassword=" & SQLText(strUserPassword)
Set rs = Server.CreateObject("ADODB.Recordset")
rs.Open strSQL, Conn
If rs.EOF then
Else
lngUserId = rs("Id")
Session("uUserId") = lngUserId
Session("uLevel") = rs("strLevel")
Session("uFirstName") = rs("strFirstName")
Session("uLastName") = rs("strLastName")
Session("uEmail") = rs("strEmail")
Session("inside") = "yea"
If rs("strSwimmer") = 1 Then
Session("uSwimmerId") = "" & rs("strSwimmerId")
End If
strSQL2 = "UPDATE tblusers SET strLastLogin='" & Now() & "', strIp = '" & strUserIP & "'" & vbCrLf & _
"WHERE Id = " & lngUserId
Conn.Execute strSQL2
End If
rs.Close
set rs = nothing
End Select
%></code>
Jag tror att det var detta som spökade:<code>strSQL2 = "UPDATE tblusers SET strLastLogin='" & Now() & "', strIp = '" & strUserIP & "'" & vbCrLf & _
"WHERE Id = " & lngUserId</code>
Det stod först ( innan denna kod --^ ):<code>strSQL2 = "UPDATE tblusers SET strLastLogin = Now(), strIp = '" & strUserIP & "'" & vbCrLf & _
"WHERE Id = " & lngUserId</code>
Och jag TROR att det var Now() som spökade... Men jag kan inte vara säker..
Men det funkar nu iaf.. Tack för hjälpen..