Problem

<% CONST useSession = TRUE ' Retrieve Form Variables username = TRIM( Request( "username" ) ) password = TRIM( Request( "password" ) ) newUser = TRIM( Request( "newUser" ) ) newUsername = TRIM( Request( "newUsername" ) ) newPassword = TRIM( Request( "newPassword" ) ) addCookie = TRIM( Request( "addCookie" ) ) ' Retrieve Current Page nextPage = Request.ServerVariables( "SCRIPT_NAME" ) ' Ready Database Connection Set Con = Server.CreateObject( "ADODB.Connection" ) Con.Open "userDSN" ' Add New User IF newUser <> "" THEN IF newUsername = "" THEN showError "You must enter a username" END IF IF newPassword = "" THEN showError "You must enter a password" END IF IF usernameTaken( newUsername ) THEN showError "The username you entered has already " &_ "been chosen by a previous user. Please select " &_ "a new username" END IF sqlString = "INSERT INTO userlist ( user_username, user_password ) " &_ "VALUES ('" & newUsername & "','" & newPassword & "')" Con.Execute sqlString username = newUsername password = newPassword IF useSession THEN Session( "loggedIn" ) = "Yes" END IF ' Authenticate User IF Session( "loggedIn" ) = "" THEN IF username = "" OR password = "" THEN loginMessage = "You must login before you can view this page." showLogin END IF result = validateLogin( username, password ) IF result = 1 THEN loginMessage = "You entered an unregistered username." showLogin END IF IF result = 2 THEN loginMessage = "You did not enter a valid password." showLogin END IF IF useSession THEN Session( "loggedIn" ) = "Yes" END IF ' Add a Cookie IF addCookie <> "" THEN Response.Cookies( "username" ) = username Response.Cookies( "username" ).Expires = "12/25/2002" Response.Cookies( "password" ) = password Response.Cookies( "password" ).Expires = "12/25/2002" END IF ' Create Security Query String Variable sq = "username=" & Server.HTMLEncode( username ) & "&" sq = sq & "password=" & Server.HTMLEncode( password ) ' Create Security Form Variable sf = "" sf = sf & "" ' Check Username and Password FUNCTION validateLogin( theUsername, thePassword ) sqlString = "SELECT user_password FROM userlist " &_ "WHERE user_username='" & fixQuotes( username ) & "'" Set RS = Con.Execute( sqlString ) IF RS.EOF THEN validateLogin = 1 ELSE IF RS( "user_password" ) <> thePassword THEN validateLogin = 2 ELSE validateLogin = 0 END IF END IF END FUNCTION ' Check Whether Username Already Taken FUNCTION usernameTaken( theUsername ) sqlString = "SELECT user_id FROM userlist " &_ "WHERE user_username='" & fixQuotes( theUsername ) & "'" Set RS = Con.Execute( sqlString ) IF RS.EOF THEN usernameTaken = FALSE ELSE usernameTaken = TRUE END IF RS.Close Set RS = Nothing END FUNCTION ' Show Error Page SUB showError( theError ) %> Problem There was a problem with your registration information
<%=theError %> <% Response.End END SUB ' Show the Login Page SUB showLogin %> <% Response.End END SUB FUNCTION fixQuotes( theString ) fixQuotes = REPLACE( theString, "'", "''" ) END FUNCTION %>