Reputation: 3
Adding string on one variable in classic asp
I'm trying logging verification, everything seems to be fine, but when I add the special characters string to another variable it causes an error to occur.
I'm trying to detect if a user is inputting special characters such as: !, . etc. something like that.
Here's my code,
<form action="" method="get"/>
username:<input type="text" name="user"/><br>
password:<input type="password" name="pass"/><br>
<input type="submit" value="Login">
</form>
<%
dim user,pass, spchar, getspchar
user=request.querystring("user")
pass=request.querystring("pass")
spchar = "!"
getspchar = spchar
if user = "" then
response.write("Please provide your first name")
elseif pass = "" then
response.write("Please provide your password")
elseif user = spchar or pass = spchar then
response.write(getspchar &" Special character not allowed")
elseif user <> "admin" or pass <> "admin" then
response.write("Invalid Username or Password")
else
response.write("welcome")
end if
%>
Upvotes: 0
Views: 761
Answers (1)
Reputation:
What you need to do is check to see if your special characters are in the list. Perhaps something like the following...
<%
Dim user, pass, specchars
'Put all your special characters in the following list...
user = Request.QueryString("user")
pass = Request.QueryString("pass")
specchars = "!£$%^"
If IsValid(user, specchars) And IsValid(pass, specchars) Then
Response.Write("Username and password are fine! Welcome!")
Else
Response.Write("Bad username or password.")
End if
'The reason I've given two arguments here is so that you can have different
'restricted characters for both the username and password...
Function IsValid(phrase, special)
Dim rv, c
For c = 1 to Len(specchars)
rv = (Instr(phrase, Mid(special, c, 1)) = 0)
Next
IsValid = rv
End Function
%>
Just as an aside, here, you're visually displaying your username and password in the query string which is tagged on to the end of your URL (something like www.example.com/default.asp?user=admin&pass=G0d); this isn't a good idea. Try at least using POST in your form instead of GET. If you do this, then you're going to have to look at changing to using Request.Form("controlname") ... and that's just scratching the surface.
Please remember that this is a very basic piece of code and I would not recommend using any structure like this for your security on the internet. You'll need to look into Secure Sockets Layer (SSL) and similar encryption.
Upvotes: 1
Related Questions
- Classic asp putting string in double quotes
- ASP.NET - How to add variable in string
- concatenating string in classic asp
- Use string as variable name ASP
- ASP: A string don't work if I assign a value to it
- String concatenation in ASP
- how to concat a string with slash in classic asp?
- Multiline String In Classic Asp
- Adding variable to string in ASP.net
- In Classic ASP, how do I reference a variable based on a string?