Helpful Information
 
 
Category: Other Databases
MS SQL Query returns EOF in ASP

Hi,

I am having trouble getting a login script to work on my website. The page calls a stored procedure on MS SQL and it returns EOF. I have placed the following line after opening the recordset:

If dbRecSet.EOF Then Response.Write("dbRecSet.EOF")

I have a backup database that when I run the same query also returns EOF.

I can't see a problem and query analyzer also says it is fine. Any ideas what the problem could be?

SQL:


CREATE PROCEDURE [hammerf_storage].[proc_LoginCheck]
(
@strUname nvarchar
)
AS
SELECT tblMembers.member_name, tblMembers.member_password, tblMembers.member_salt, tblMembers.member_id, tblMembers.member_code
FROM tblMembers
WHERE tblMembers.member_name = @strUname


ASP:


<!-- #include file="../../inc_common.asp" -->
<!-- #include file="../../fnc_hash1way.asp" -->
<%
Dim strUsername
Dim strPassword
Dim lngUserID
Dim strUserCode
Dim intForumID
Dim lngLoopCounter
Dim blnIncorrectLogin
Dim blnSecurityCodeOK
Dim strReferer

blnIncorrectLogin = false
blnSecurityCodeOK = true
strReferer = Request.ServerVariables("HTTP_REFERER")
strUsername = Trim(Mid(Request.Form("memName"), 1, 15))
strPassword = LCase(Trim(Mid(Request.Form("memPword"), 1, 15)))
strUsername = Replace(strUsername, "password", "", 1, -1, 1)
strUsername = Replace(strUsername, "salt", "", 1, -1, 1)
strUsername = Replace(strUsername, "author", "", 1, -1, 1)
strUsername = Replace(strUsername, "code", "", 1, -1, 1)
strUsername = Replace(strUsername, "username", "", 1, -1, 1)
strUsername = formatSQLInput(strUsername)
If strUsername <> "" AND blnLongSecurityCode = false Then
'If blnLongSecurityCode = False Then Call checkSessionID(Request.Form("memSessionID"))
If Session("lngSecurityCode") <> Trim(Mid(Request.Form("securityCode"), 1, 6)) AND blnLongSecurityCode Then blnSecurityCodeOK = False
Set dbRecSet = Server.CreateObject("ADODB.Recordset")
dbSQLStr = "EXECUTE proc_LoginCheck @strUname = '" & strUserName & "';"
dbRecSet.Open dbSQLStr, dbConStr
If dbRecSet.EOF = True Then
blnIncorrectLogin = True
End If
If NOT dbRecSet.EOF Then 'AND blnSecurityCodeOK Then
strPassword = strPassword & dbRecSet("tblMembers.member_salt")
strPassword = HashEncode(strPassword)
If strPassword = dbRecSet("tblMembers.member_password") Then
lngUserID = CLng(dbRecSet("tblMembers.member_id"))
strUsername = dbRecSet("tblMembers.member_name")
Session("blnIsUserGood") = True
strUserCode = userCode(strUsername)
dbRecSet.Fields("tblMembers.member_code") = strUserCode
dbRecSet.Update
Response.Cookies("HMRCKI")("UID") = strUserCode
dbRecSet.Close
Set dbRecSet = Nothing
dbCon.Close
Set dbCon = Nothing
blnIncorrectLogin = False
If intForumID > 0 Then
If blnActiveMember = False Then
Response.Redirect(strReferer & "?Login=Suspended")
ElseIf blnLoggedInUserEmail = False Then
Response.Redirect(strReferer &"?Login=Inactive")
Else
Response.Redirect(strReferer & "?Login=Accepted")
End If
Else
If blnActiveMember = False Then
Response.Redirect("http://www.hammerfist.net/?Login=Suspended")
ElseIf blnLoggedInUserEmail = False Then
Response.Redirect("http://www.hammerfist.net/?Login=Inactive")
Else
Response.Redirect("http://www.hammerfist.net/?Login=Accepted")
End If
End If
Response.Redirect("http://www.hammerfist.net/?Login=Accepted")
Else
blnIncorrectLogin = true
Response.Redirect("http://www.hammerfist.net/?Login=Denied")
End If
End If
End If

If Request.Form("QUIK") OR blnSecurityCodeOK = false Then
strUsername = Replace(strUsername, "''", "'")
strPassword = Replace(strPassword, "''", "'")
Else
strUsername = ""
strPassword = ""
End If
Response.Redirect("http://www.hammerfist.net/?Login=ExecFailed")
%>










privacy (GDPR)