0

Working on a classic asp website I've notice a behavior that is causing a lot of trouble to some users. Somehow after a posting a Login Form some password are no longer going thru, getting error (104) reset connection by peer trying to access the main.asp .

Here is the weird thing that you guys can help me figure out:

After many hours trying to find a clue, we got it all back working just by changing the HTML name atribute from name="pwdSenha" to name="pwdTestSenha" then a day after it started all over again, so weve changed the name one more time, now its all working fine again but i guess just until tomorrow.

Is there an explanation for what's happening?

Here is the simplified code:

<form class="modal-content animate" id="frmLogin" name="frmLogin" method="post" action="../functions/aut_user.asp">
  <div class="container">
    <label><b>Login</b></label>
    <input type="text" placeholder="Entre com Login" name="txtLogin" maxlength="45" required>    
    <label><b>Senha</b></label>
    <input type="password" placeholder="Entre com a Senha" name="pwdSenha" maxlength="15">        
    <button id="bntLoginEntrar" type="submit">Entrar</button>
  </div>  
</form>

The Autentication class

<%
if funConectaBD() and Session("USER_ID") = "" then
  Dim strLogin, strSenha
  strLogin = fAspas(Request.Form("txtLogin"))
  strSenha = "IS NULL"
  if Trim(Request.Form("pwdSenha")) <> "" then
    strSenha = "= '" & Cript(Request.Form("pwdSenha")) & "'"
  end if
  if strLogin <> "" then
    'on error resume next
    Dim adoRSLogin
    Set adoRSLogin = Server.CreateObject("ADODB.Recordset")
    adoRSLogin.ActiveConnection = bdConn

    Dim strSQL
    if Session("USER_CHANGE_PASS") <> "S" then      
        strSQL = "SELECT * " &_
                 "FROM users us" &_
                 "WHERE us.login = '" & strLogin & "' AND us.senha " & strSenha & " AND us.ativo = 'S';"
    else
        strSQL = "SELECT " &_
                 "FROM usuario us " &_
                 "WHERE us.login = '" & strLogin & "' AND us.ativo = 'S';"
    end if
    'Response.Write(strSQL & "<br/>")
    'Response.End()
    adoRSLogin.Open(strSQL)
    if not adoRSLogin.EOF then
        Session("USER_ID") = adoRSLogin("numero")
        Session("FUNC_ID") = adoRSLogin("funcionario")
        Session("USER_NAME") = adoRSLogin("nome")
        Session("FUNC_NAME") = ""
        Session("USER_LOGIN") = adoRSLogin("login")
        Session("USER_EMAIL") = adoRSLogin("email")
        Session("USER_PHONE") = adoRSLogin("telefone")
        if adoRSLogin("adm") = "S" then
            Session("USER_ADM") = TRUE
        else
            Session("USER_ADM") = FALSE
        end if
        Session("UNIT_ID") = adoRSLogin("unidade_numero")
        Session("UNIT_NAME") = adoRSLogin("unidade_nome")                       
        strSQL = "CALL inclui_conexao(" & Session("UNIT_ID") & "," & Session("USER_ID") & ",NOW(),NULL);"
        'Response.Write(strSQL & "<br/>")
        'Response.End
        bdConn.execute(strSQL)
        'on error goto 0        
    end if
    strSQL = empty
    set adoRSLogin = nothing
  end if
end if
%>
Alexei Levenkov
  • 98,904
  • 14
  • 127
  • 179
Marisco
  • 125
  • 1
  • 3
  • 16
  • I would suspect that there is a proxy server doing some caching or other network issue as the change in code you are doing should not have that impact. – Dijkgraaf Dec 26 '18 at 22:48
  • Thanks @Dijkgraaf we have contact our host, far as they know there was no change considering they're network, anyhow we're changing that attribute dynamically including date and time on it, I'm not happy but that fixed the issue. – Marisco Dec 28 '18 at 11:29
  • Side note: please review your code to see if it does not have SQL injections and if it does refer to https://stackoverflow.com/questions/7654446/parameterized-query-in-classic-asp – Alexei Levenkov Dec 29 '18 at 09:17

0 Answers0