Categories: MSDN / DotNet / Java / Scripts / Linux / PHP Ask - La ask - La Answer
Programmers Tech >> Developer Tech >> VB Classic

User Authentication Problems

Hi All,
me again! :o

Any help whatsoever will be truly appreciated!

i have created a login page linked to a login database. However, everytime I enter the correct login details, instead of directing me to the specified page for successful login, i receive the following error:

Error Type:
Microsoft OLE DB Provider for ODBC Drivers (0x80040E07)
[Microsoft][ODBC Microsoft Access Driver] Data type mismatch in criteria expression.
/COPSNet/TMP5ozdzmncuk.asp, line 35

Here is the code I am using and I have highlighted line 35 in red, i have checked the fields in the database, the username field is a numeric field and the password field is a text field, i have no clue where to go with this, for the sake of my fast moulting head (i dont wanna be a bald girl! :eek: hehe), HELP!

<%@LANGUAGE="VBSCRIPT"%>
<!--#include file="Connections/Login.asp" -->
<%
Dim rsUser
Dim rsUser_numRows

Set rsUser = Server.CreateObject("ADODB.Recordset")
rsUser.ActiveConnection = MM_Login_STRING
rsUser.Source = "SELECT EmployeeID, Password FROM Login"
rsUser.CursorType = 0
rsUser.CursorLocation = 2
rsUser.LockType = 1
rsUser.Open()

rsUser_numRows = 0
%>
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Request.QueryString
MM_valUsername=CStr(Request.Form("username"))
If MM_valUsername <> "" Then
MM_fldUserAuthorization=""
MM_redirectLoginSuccess="/activity.asp"
MM_redirectLoginFailed="/login failed.htm"
MM_flag="ADODB.Recordset"
set MM_rsUser = Server.CreateObject(MM_flag)
MM_rsUser.ActiveConnection = MM_Login_STRING
MM_rsUser.Source = "SELECT EmployeeID, Password"
If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization
MM_rsUser.Source = MM_rsUser.Source & " FROM Login WHERE EmployeeID='" & Replace(MM_valUsername,"'","''") &"' AND Password='" & Replace(Request.Form("password"),"'","''") & "'"
MM_rsUser.CursorType = 0
MM_rsUser.CursorLocation = 2
MM_rsUser.LockType = 3
MM_rsUser.Open()
If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
' username and password match - this is a valid user
Session("MM_Username") = MM_valUsername
If (MM_fldUserAuthorization <> "") Then
Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
Else
Session("MM_UserAuthorization") = ""
End If
if CStr(Request.QueryString("accessdenied")) <> "" And false Then
MM_redirectLoginSuccess = Request.QueryString("accessdenied")
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginSuccess)
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginFailed)
End If
%>
<html>
<head>
<title>COPSNetTemp</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

</head>

<body bgcolor="#000000">
<table width="977" border="0" cellpadding="0" cellspacing="0" bgcolor="#CCCCCC">
<!--DWLayoutTable-->
<tr>
<td width="224" height="95" valign="top" bgcolor="#000000"><img src="/COPS%20Images/gineric_header.gif" width="219" height="91"></td>
<td width="639" rowspan="2" align="center" valign="middle" bgcolor="#999999"><strong><font size="+7">COPS </font><font size="+7">INTRANET</font></strong></td>
<td width="114"> </td>
</tr>
<tr>
<td height="1"></td>
<td></td>
</tr>
<tr>
<td height="9"></td>
<td></td>
<td></td>
</tr>
<tr>
<td height="465" colspan="3" valign="top"> <table border="0" cellpadding="0" cellspacing="0">
<!--DWLayoutTable-->
<tr>
<td width="382" height="77"> </td>
<td width="481"> </td>
<td width="114"> </td>
</tr>
<tr>
<td height="80"> </td>
<td valign="middle" bgcolor="#999999"><p align="center"><strong><font size="4">Welcome
to the Customer and Order Processing System.</font></strong></p> <p align="center"><strong><font size="4"> Please Login using your
username (employee ID) password </font></strong></p>
</td>
<td> </td>
</tr>
<tr>
<td height="81"> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td height="148"> </td>
<td align="center" valign="middle" bgcolor="#999999"><form action="<%=MM_LoginAction%>" method="POST" name="login user" id="login user">
<p>Username:
<input name="username" type="text" id="username">
</p>
<p>Password:
<input name="password" type="password" id="password" maxlength="10">
</p>
<p>
<input type="submit" name="Submit" value="Submit">
</p>
</form></td>
<td> </td>
</tr>
<tr>
<td height="79"> </td>
<td> </td>
<td> </td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>
<%
rsUser.Close()
Set rsUser = Nothing
%>

thanks and regards to all
[6431 byte] By [wordsmith] at [2007-11-11 6:49:13]
«« If conditional woes
»» Reading XML ouput from Search engine
# 1 Re: User Authentication Problems
The error is, "Data type mismatch in criteria expression." The "criteria expression" is the portion of your SQL statement that follows "WHERE":

WHERE EmployeeID='" & Replace(MM_valUsername,"'","''") &"' AND Password='" & Replace(Request.Form("password"),"'","''") & "'"

You're surrounding your EmployeeID and Password values with single quotes; if the EmployeeID field in your database is a number, you should not surround the value with quotes. Also, if the EmployeeID or Password values contain single-quote characters, the SQL parser will be confused: 'Is this quote character the end of the string, or is it part of the value?' If you want to allow single-quote characters in your query values, try surrounding them with double-quotes instead.
Phil Weber at 2007-11-11 17:27:56 >
Developer Tech
VB Classic

Developer Tech

All Classified

Developer Tech New Topic

Developer Tech Hot Topic