Digital Workshop

Hi,

Now that I can get back data returns from the SQL DB, I am trying to figure out how to check user input into a text input box (saved as a variable) with their DB registered user name or password.

I tried using FindText setting the search item as the same variable as associated with user input in the text input box. I learned that FindText's return is the index number of the first character of the searched for item in the (return) string. So, if the return string has 20 names or 20 passwords returned from the DB, and the user enters "Charlie" and Charlie is found, then the return is Charlie's first character position in the string (for example, 18 or 27, etc. Not found and the return is -1. So, if 1= -1...

But, if the user enters Ch, it will still produce a return other than -1. Since there is no way to know in advance what user names, passwords will be in the DB and returned, not their position in the return string, no easy way to use FindText. In testing, I found that many first letters, entered as one character in the text input will produce a result different than -1.

Maybe, there is a better way to configure this checking or the post web data Destination dialog. Currently I am using one variable and get back all DB elements into that string. Maybe I could add 20 or more multiple items (hard to know how many names, etc. would be in the DB as it grows over time). And, also I would need to reconfigure the ASP to send back names with a separate variable label for each.

Or maybe there is a better way to set up the checking altogether, using some other scripting?

Any suggestions appreciated.

Kind Regards,

I might be misunderstand, it's sunny, warm and the bank holiday is approaching - but;

You should not be returning the username and passwords - especially if this is over an unencrypted connection and especially all of them!

The user should enter the details and the PHP / ASP script should use SQL to confirm and send back a flag.

What also concerns me, is how you are able to retrieve plaintext passwords from a database. Cardinal rule of storing passwords is always treat users as 'dumb' - they will and do use the same password in multiple system and for anybody to be able to see that password is wrong - even if its the admin.

Mack

Hi Mack,

Thank you for your thoughts and suggestions. Yes, you are quite correct. The design, if ever I can get it working, will let the ASP do the checking and return a "flag." The LMS and DB have capability to set up and store data from user-input custom fields or could use first date registered or an auto-inserted "xyz" as a check.

First time I've tried using DB validation like this, so I appreciate the counsel of experience. Thanks, Mack.

This posting has sample ASP code: viewtopic.php?f=4&t=4566&p=20864#p20864

Kind Regards,