Hi there,

I have in place a login/logout system that uses a database with
FName/SName/Username/Password/Secret Question/Secret Answer
Fields.

I seem to have a mental block on what to do next really and wondering if someone could help me out.

Basically, at the moment the system goes:
Login using Username and Password and then they get access to password protected pages.
Then there's simply a logout .asp page.

However, I'd like to implement a system where if they forget their password they can:


Click on the "Forgot Password Link"
Be taken to a page where they input their username
Then it would show them their secret question
Below it they could enter the answer
Finally, they would be shown their Username and Password and have a link back to the login page.


Any advice or help would be greatly appreciated, I know this is probably simple, but would like some advice as I have a mental block of where to start and go with this.

Many thanks
Jonathan

Hi Jonathan,

Well the forgoting password link would take them to a page, call it page1 for example:

page1 -
Contains a form with a text field which posts to page 2.

page2 -
Contains asp which creates a recordset by comparing the username, if the username doesnt match then the user is redirected to the previous page with an error message. If the username does match then the page loads with the security question and another form to fill in the answer which posts to page 3.

page3 -
Another recordset checking the answer against the question. If wrong redirected back to previous page, if correct then show or username & password, or you could email the details.

OK cheers mate that helps give me a little perspective now.

On with the code now!!!

Cheers
jon :)

right I've got as far as the second page and I've no idea where to start with the code to be honest. I've set up the connection. But as for the recordset and the 'if' statement I don't really know where to start.

I'm sorry I'm a pain in the ass!

Sumthn like this, just change it to match your db fields and connection


Set RS = Server.CreateObject("ADODB.RecordSet")
user = Request.Form("user")

RS.open "SELECT * FROM tblCustomers WHERE strUser='"&user&"'", dbconn ' where dbconn is the name of your connection
IF RS.EOF = True THEN
RS.Close
Set RS = Nothing
dbconn.Close
Set dbConn = Nothing
Response.Redirect("page1.asp?Login=Fail")
ELSE
DO WHILE RS.EOF = False
IF RS("strUser") = user THEN
validUser = true
question = RS("strSecurityQuestion")
END
RS.MoveNext
LOOP

RS.Close
Set RS = Nothing
dbconn.Close
Set dbconn = Nothing

END IF
IF validUser <> True THEN
Response.Redirect("page1.asp?Login=Fail")
END IF


In your next form, you just write out the question e.g


<p>Security Question:<br />
<%=question%><br />
<input type="text" name="answer" /></p>


If your having trouble with recordsets then check w3schools ADO tutorial
http://www.w3schools.com/ado/default.asp

Right here's the code for the 2nd page:

<%
Set MyRS = Server.CreateObject("ADODB.RecordSet")
user = Request.Form("user")

MyRS.open "SELECT * FROM UserTable WHERE username='"&username_box&"'", MyConn ' where MyConn is the name of your connection
IF MyRS.EOF = True THEN
MyRS.Close
Set MyRS = Nothing
MyConn.Close
Set MyConn = Nothing
Response.Redirect("forgot_password_page_1.asp?Login=Fail")
ELSE
DO WHILE MyRS.EOF = False
IF MyRS("strusername") = user THEN
validUser = true
question = MyRS("strsecretquestion")
END
MyRS.MoveNext
LOOP

MyRS.Close
Set MyRS = Nothing
MyConn.Close
Set MyConn = Nothing

END IF
IF validUser <> True THEN
Response.Redirect("forgot_password_page_1.asp?Login=Fail")
END IF
%>

I need to put the form into the third page don't i?

My head has gone completely on this but I really appreciate your help and support on this mate.

I couldn't help but notice that the connection wasn't linking to any datbase or anything. Do I need to put this in?

Server.MapPath("\flight\passwordhowto.mdb

or similar?

No the form would come after the script like below, i dont know where your db is, i.e. are you testing this on a local machine or webserver, but you would need to create the appropriate connection string for the db.


<%@ LANGUAGE = "VBSCRIPT" %>
<%

'Connection String here

Set MyRS = Server.CreateObject("ADODB.RecordSet")
user = Request.Form("user")

MyRS.open "SELECT * FROM UserTable WHERE username='"&username_box&"'", MyConn ' where MyConn is the name of your connection
IF MyRS.EOF = True THEN
MyRS.Close
Set MyRS = Nothing
MyConn.Close
Set MyConn = Nothing
Response.Redirect("forgot_password_page_1.asp?Login=Fail")
ELSE
DO WHILE MyRS.EOF = False
IF MyRS("strusername") = user THEN
validUser = true
question = MyRS("strsecretquestion")
END
MyRS.MoveNext
LOOP

MyRS.Close
Set MyRS = Nothing
MyConn.Close
Set MyConn = Nothing

END IF
IF validUser <> True THEN
Response.Redirect("forgot_password_page_1.asp?Login=Fail")
END IF
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title></title>
</head>
<body>

<form name="secquestion" action="page3.asp" method="post">
<p>Security Question:<br />
<%=question%><br />
Answer:<input type="text" name="answer" /></p>
<input type="submit" />
</form>
</body>
</html>


Hope that helps

Ok I got a good feeling about this, we're defintely getting somewhere.

I'm getting an error though.

Here's What I got So far...

forgot_password_page_1.html

<html>
<head>
<title>Welcome To GlamorganAir - Forgotten Your Password?</title>
<link href="style.css" rel="stylesheet" type="text/css" />
</head>

<body>
<img class="banner" src="images/top_banner.jpg" alt="GlamorganAir">
<div class="menu"><a href="index.html">Departures & Arrivals</a> | <a href="departures_independent.asp">Departures</a> | <a href="arrivals_independent.asp">Arrivals</a> | <a href="admin_home.asp">Admin</a></div>

<div class="content">

<p>If you have forgotten your password, we will ask you a security question first, when answered correctly, you will be given your password.</p><p>You will be required to give your Username below first...</p>

<form name="user" method="post" action="forgot_password_page_2.asp">

<label>Please Enter Your Username:
<input type="text" name="username_box">
</label>
<input type="submit" />
</form>

</div>

</body>
</html>

and forgot_password_page_2.asp

<%@ LANGUAGE = "VBSCRIPT" %>
<%

Set MyConn = Server.CreateObject("ADODB.Connection")
MyConn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=c:\inetpub\wwwroot\flight\passwordhowto.mdb"

Set MyRS = Server.CreateObject("ADODB.RecordSet")
user = Request.Form("user")

MyRS.open "SELECT * FROM UserTable WHERE username='"&username_box&"'", MyConn ' where MyConn is the name of your connection
IF MyRS.EOF = True THEN
MyRS.Close
Set MyRS = Nothing
MyConn.Close
Set MyConn = Nothing
Response.Redirect("forgot_password_page_1.asp?Login=Fail")
ELSE
DO WHILE MyRS.EOF = False
IF MyRS("strusername") = user THEN
validUser = true
question = MyRS("strsecretquestion")
END
MyRS.MoveNext
LOOP

MyRS.Close
Set MyRS = Nothing
MyConn.Close
Set MyConn = Nothing

END IF
IF validUser <> True THEN
Response.Redirect("forgot_password_page_1.asp?Login=Fail")
END IF
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title></title>
</head>
<body>

<form name="secquestion" action="forgot_password_page_3.asp" method="post">
<p>Security Question:<br />
<%=question%><br />
Answer:<input type="text" name="answer" /></p>
<input type="submit" />
</form>
</body>
</html>

Thanks mate, really appreciate this!

Whats the error message you are receiving?

On page 1 change
<input type="text" name="username_box">

to

<input type="text" name="user">

The second page is request a field called user from page one, which wasnt there.

Sorry mate had to leave the room...

Here's the error...

Error Type:
Microsoft VBScript compilation (0x800A03F4)
Expected 'If'
/flight/forgot_password_page_2.asp, line 22, column 3
END
--^

I've changed what you said to change and I've also changed

MyRS.open "SELECT * FROM UserTable WHERE username='"&username_box&"'", MyConn

to

MyRS.open "SELECT * FROM UserTable WHERE username='"&user&"'", MyConn

but that still doesn't work for me unfortunately.

put an "IF" after the end, thats whats missing in line 22



IF MyRS("strusername") = user THEN
validUser = true
question = MyRS("strsecretquestion")
END IF

It's saying...

Error Type:
ADODB.Recordset (0x800A0CC1)
Item cannot be found in the collection corresponding to the requested name or ordinal.
/flight/forgot_password_page_2.asp, line 19

My Database fields are called

myfirst
mylast
username
userpwd
SecretQuestion
SecretAnswer

MyRS("strusername") is what you have in your code

should be MyRS("username")
the part between the quotes corresponds to the field names in the recordset

Excellent mate, that works good,

I thought there was a problem with the 'str' before the names but wasn't too sure like!

What you suggest for page 3?

I know I have to do summin like "if 'answer' = SecretAnswer then output "userpwd" to screen."

But am unsure how to code it.

I would like to generate an email too if I can.

Thanks again mate, you're a legend.

You need sumthn like this:


<%@ LANGUAGE = "VBSCRIPT" %>
<%

Set MyConn = Server.CreateObject("ADODB.Connection")
MyConn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=c:\inetpub\wwwroot\flight\passwordhowto.mdb"

Set MyRS = Server.CreateObject("ADODB.RecordSet")
user = Request.Form("user")
answer = Request.Form("answer")

MyRS.open "SELECT * FROM UserTable WHERE username='"&user&"'", MyConn ' where MyConn is the name of your connection

IF MyRS("secretanswer") <> answer THEN
Response.Redirect("forgot_password_page_2.asp?Answer=Incorrect")

END IF

MyRS.Close
Set MyRS = Nothing
MyConn.Close
Set MyConn = Nothing

Set mail = Server.CreateObject("CDO.Message")

html = "<table width='400' style='border:1px solid #999999;'>"
html = html & "<tr><th colspan='2' style='text-align:center; background:#E8EACC;'>User details</th></tr>"
html = html & "<tr><td width='90' style='background:#FF9966; color:#000000;'>Username:</td><td>"&user&"</td></tr>"
html = html & "<tr><td style='background:#FF9966; color:#000000;'>Password:</td><td>"&myRS("userpwd")&"</td></tr></table>"

mail.Subject = "Password Reminder"
mail.To = "user@usersaddress.co.uk"
mail.From = "admin@yourdomain.co.uk"
mail.HTMLBody = html

mail.Send
Set mail = Nothing

%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title></title>
</head>
<body>

<p>An email has been sent to your address with your user details</p>

</body>
</html>

Hi mate,

that's one hell of an effort, thank you!

I'm getting an error

Error Type:
(0x80020009)
Exception occurred.
/flight/forgot_password_page_3.asp, line 13


The email field is called 'useremail' if that helps

Plus I haven't got a domain.

Background info - I'm doing it on a pc in a lab and using it as a server. so when I want to access my files to view them, i need to key in

http://localhost/flight/index.html

hope that helps you get where I'm at!

P.S. Plus I've noticed that when I key in a wrong username at the beginning it redirects to a page named

forgot_password_page_1.asp?Login=Fail

there is no such page so the system shows a "page not found" message

P.S. If it makes it easier, as a last resort, it doesn't matter if the last page doesn't send an email notification of the password. It could just simply show it on screen or it could give a text box that would allow the user to define a new password.

Either of the three options would be great. Ideally though, if I could get the email notification working, it would be awesome!

Hi guys can anyone help me on this last page of code? It's pretty much last minute stuff really, I need to hand this in tomorrow.

Many thanks for all your help, it's really appreciated!
Jon

I have this working up to page 3 (see code below), I am using a student server but I don't know where to go from here, can anyone help?

<%@ LANGUAGE = "VBSCRIPT" %>
<%

Set MyConn = Server.CreateObject("ADODB.Connection")
MyConn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath("/02014092/lightsynth/passwordhowto.mdb")

Set MyRS = Server.CreateObject("ADODB.RecordSet")
user = Request.Form("user")
answer = Request.Form("answer")

MyRS.open "SELECT * FROM UserTable WHERE username='"&user&"'", MyConn ' where MyConn is the name of your connection

IF MyRS("MyAnswer") <> answer THEN
Response.Redirect("forgot_password_page_2.asp?Answer=Incorrect")

END IF

MyRS.Close
Set MyRS = Nothing
MyConn.Close
Set MyConn = Nothing

Set mail = Server.CreateObject("CDO.Message")

html = "<table width='400' style='border:1px solid #999999;'>"
html = html & "<tr><th colspan='2' style='text-align:center; background:#E8EACC;'>User details</th></tr>"
html = html & "<tr><td width='90' style='background:#FF9966; color:#000000;'>Username:</td><td>"&user&"</td></tr>"
html = html & "<tr><td style='background:#FF9966; color:#000000;'>Password:</td><td>"&myRS("userpwd")&"</td></tr></table>"

mail.Subject = "Password Reminder"
mail.To = "user@usersaddress.co.uk"
mail.From = "admin@yourdomain.co.uk"
mail.HTMLBody = html

mail.Send
Set mail = Nothing

%>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
<link href="style.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="nav.js"></script>

<body><div class="main">
<img src="images/logo.png" alt="Lightsynth" width="619" height="86" />
<div id="globalNav">
<div id="globalLink"><a href="index.html" id="gl1" class="glink" onMouseOver="ehandler(event,menuitem1);">Home</a><a href="http://lightsynth.blogspot.com/" id="gl2" class="glink" onMouseOver="ehandler(event,menuitem2);" target="_blank">Blog</a><a href="history.html" id="gl3" class="glink" onMouseOver="ehandler(event,menuitem3);">History</a><a href="products.html" id="gl4" class="glink" onMouseOver="ehandler(event,menuitem4);">Products</a><a href="downloads.html" id="gl5" class="glink" onMouseOver="ehandler(event,menuitem5);">Downloads</a><a href="contact_us.html" id="gl6" class="glink" onMouseOver="ehandler(event,menuitem6);">Contact Us</a><a href="members_home.asp" id="gl7" class="glink" onMouseOver="ehandler(event,menuitem7);">Members</a><a href="links.html" id="gl8" class="glink" onMouseOver="ehandler(event,menuitem8);">Links</a></div>
<!-- end globalNav -->
<div id="subglobal1" class="subglobalNav"> </div>
<div id="subglobal2" class="subglobalNav"> </div>
<div id="subglobal3" class="subglobalNav"> <a href="making_of.html">Making The Lightsynth</a> | <a href="video_diary.html">Video Diary</a></div>
<div id="subglobal4" class="subglobalNav"> <a href="products.html">About Our Products</a> | <a href="audio.html">Audio Demo's</a> | <a href="video.html">Video Demo's</a></div>
<div id="subglobal5" class="subglobalNav"> <a href="vst.html">VST Upgrades</a> | <a href="firmware.html">Firmware Upgrades</a> | <a href="manuals.html">Manuals</a> | <a href="members_tunes.asp">Members Tunes</a>
</div>
<div id="subglobal6" class="subglobalNav"></div>
<div id="subglobal7" class="subglobalNav"><a href="view_all_members.asp">View All Members</a> | <a href="update_account.asp">Update Personal Account</a> | <a href="forum.asp">Members Forum</a></div>
<div id="subglobal8" class="subglobalNav"></div>
<script type="text/javascript" src="hidden.js"></script>
</div>
<div class="content"><h1><img src="images/members_login_pic.gif" alt="Members Area Login" /></h1>

<p>An email has been sent to your address with your user details</p>

</div>

</div>

</body>
</html>


However it's giving me the following error:

The page cannot be displayed
There is a problem with the page you are trying to reach and it cannot be displayed.

-----

Please try the following:

Open the students.comp.glam.ac.uk home page, and then look for links to the information you want.
Click the Refresh button, or try again later.

Click Search to look for information on the Internet.
You can also see a list of related sites.

HTTP 500 - Internal server error
Internet Explorer


Any help would be greatly appreciated, this problem's been bugging me for months now! thank you!

Turn off the HTML friendly error-message to see more detail of the error

Sorry I'm unsure how to do that (now I sound stupid!!! haha)

Tools > Internet Options >Advanced tab > uncheck 'show friendly HTTP error messages'

That should do it :)

Right thanks! lol!

It says:

error '80020009'
/02014092/lightsynth/forgot_password_page_3.asp, line 13


Thats the code as shown in post #21

Again, many thanks!

:)

Any idea's whats wrong with the code?


mail.Subject = "Password Reminder"
mail.To = "user@usersaddress.co.uk"
mail.From = "admin@yourdomain.co.uk"
mail.HTMLBody = html

I think there may be something wrong here but am not really sure if other bits of the code are right either?

The code seems to be fine

Do you get any sort of error?

There should be also some code that set the object mail to some kind of instance of a mail component.

Probably the code looks something like this :

set mail = Server.CreateObject(....)

Yeah the error I get is as follows (when my browser is set to "non-friendly HTML errors"):

error '80020009'
/02014092/lightsynth/forgot_password_page_3.asp, line 13


The bit you said about "set mail = Server.CreateObject(....)"

I found it in the code on Post #21 which is the page in concern as follows:

MyRS.Close
Set MyRS = Nothing
MyConn.Close
Set MyConn = Nothing

Set mail = Server.CreateObject("CDO.Message")

html = "<table width='400' style='border:1px solid #999999;'>"
html = html & "<tr><th colspan='2' style='text-align:center; background:#E8EACC;'>User details</th></tr>"


hope that helps!

Anyone able to help me out on this one?

Cheers
Jon!