Inserting Random Passwords into Database

Discussion in 'ASP General' started by Miranda, Dec 4, 2003.

  1. Miranda

    Miranda Guest

    Hi, I have a ASP/vbscript program that generates random passwords. The
    problem is I need to insert those passwords into an Access database of
    327 clients.

    I have the random password program generating the 327 passwords, but
    have had no luck inserting them.
    ===============================================
    Here is the code that generates the passwords:
    ===============================================
    <% Option Explicit %>
    <%
    Dim X
    Response.Write "<HTML>" & vbCrLf
    Response.Write "<HEAD>" & vbCrLf
    Response.Write "<TITLE> ASP Random Password Generator v1.1 - by Carl
    Mercier ()</TITLE>" & vbCrLf
    Response.Write "</HEAD>" & vbCrLf
    Response.Write "<BODY>" & vbCrLf
    Response.Write "<FONT FACE=COURIER>" & vbCrLf

    Response.Write "<B>Fixed length (5 character) passwords</B><BR>" &
    vbCrLf

    For X = 0 To 326
    'Response.Write RandomPW(5) & "<br>" & vbCrLf
    Next

    Response.Write "</FONT>" & vbCrLf
    Response.Write "</BODY>" & vbCrLf
    Response.Write "</HTML>" & vbCrLf



    Function RandomPW(myLength)
    'These constant are the minimum and maximum length for random
    'length passwords. Adjust these values to your needs.
    Const minLength = 5
    Const maxLength = 5

    Dim X, Y, strPW

    If myLength = 0 Then
    Randomize
    myLength = Int((maxLength * Rnd) + minLength)
    End If


    For X = 1 To myLength
    'Randomize the type of this character
    Y = Int((3 * Rnd) + 1) '(1) Numeric, (2) Uppercase, (3) Lowercase

    Select Case Y
    Case 1
    'Numeric character
    Randomize
    strPW = strPW & CHR(Int((9 * Rnd) + 48))
    Case 2
    'Uppercase character
    Randomize
    strPW = strPW & CHR(Int((25 * Rnd) + 65))
    Case 3
    'Lowercase character
    Randomize
    strPW = strPW & CHR(Int((25 * Rnd) + 97))

    End Select
    Next

    RandomPW = strPW

    End Function

    %>
    ===============================================
    I tried:
    ===============================================
    Response.Write "<B>Fixed length (5 character) passwords</B><BR>" &
    vbCrLf
    Response.Write "<form method='post'
    action='insertPasswordsADMIN.asp'>" & vbCrLf
    For X = 0 To 326
    'Response.Write RandomPW(5) & "<br>" & vbCrLf
    Response.Write "<input type='text' name='GenPassWord'
    value='RandomPW(5)'>"& vbCrLf

    Next
    Response.Write "<input type='submit' name='update' value='Update'>"&
    vbCrLf
    Response.Write "</form>" & vbCrLf
    ===============================================
    ....with no luck.
    ===============================================
    ===============================================
    Here is my code for 'insertPasswordsADMIN.asp':
    ===============================================

    <%@LANGUAGE="JAVASCRIPT" CODEPAGE="1252"%>
    <!--#include file="../adojavas.inc"-->

    <%
    var conn;
    var rs;
    var sSQL;

    rs=Server.CreateObject("ADODB.Recordset");
    conn = Server.CreateObject("ADODB.connection");
    conn.Open("mydata");

    sSQL = "SELECT InvestPassword ";
    sSQL += " FROM invest ; "

    rs.Open(sSQL,conn);
    //Response.write(sSQL);


    if (!rs.eof) {
    while (!rs.eof){

    sSQL += " Insert INTO invest ";
    sSQL += " (InvestPassword)";

    //expecting values

    sSQL += " VALUES ("
    sSQL += " '" + Request.form("GenPassWord") + "');"

    rs = conn.Execute(sSQL);
    rs.MoveNext();
    }
    }

    %>
    ===============================================
    ....This line 'rs = conn.Execute(sSQL);' is coughing up an error??
    ===============================================
    Now, one of my problems is that the password generator is in VBScript,
    and I code in JavaScript. Although I have some understanding of
    VBscript from having to translate it into JavaScript - I am definately
    not a pro.
    My alternative to figuring this out is inserting the passwords into
    the database manually, I'd REALLY rather not do that!

    Any Suggestions would be greatly appreciated!!
    Thank you in advance for anybody who would like to help me tackle this
    problem!

    Miranda Johnsen
    Miranda, Dec 4, 2003
    #1
    1. Advertising

  2. Why do you need two pages and a form to do this? Also, even though you code
    in JavaScript, since you have a method in VBScript (and I assume this is
    just an admin, one-off page that only needs to be run once), why can't the
    whole page be in VBScript? And in a one-off page, why does the length
    passed into the randomPW function have to be variable? Why are you using a
    DSN (see http://www.aspfaq.com/2126)? Finally, what's with the "my" prefix
    all over the place... should I expect to find prefixes on other functions
    and variable names, like his, her, Bob's, etc?

    <%
    function randomPW(length)
    randomize
    ...
    randomPW = whatever
    end function

    set conn = CreateObject("ADODB.connection")
    conn.open "mydata"
    for x = 0 to 326
    sql = "INSERT invest (InvestPassword)" & _
    " VALUES('" & randomPW(5) & "')"
    conn.execute sql, , 129
    next
    conn.close: set conn = nothing
    %>

    That's it. Just hit the page, get a coffee, and when you come back, you
    will have 327 randomized passwords in the table invest. Note: I did not
    inspect the RandomPW function to see if it could be optimized, nor did I do
    anything to prevent multiple passwords from being identical.

    --
    Aaron Bertrand
    SQL Server MVP
    http://www.aspfaq.com/
    Aaron Bertrand - MVP, Dec 4, 2003
    #2
    1. Advertising

  3. Aaron,
    Thank you for your previous response.
    Just to let you know the myWhatevers were already in the code when I got
    it (I did'nt write it). And I only used 'myData' for an example for a
    DSN, that's not what I've really named it. I know I should be using
    DSN-less connections, right now it works so...

    I did what you recomended and it worked, but it is not inserting the
    passwords into the right rows. I already have several other columns in
    this table that have info regarding the 200+ clients (some clients have
    more than one row, so I guess I should be testing for clientID and only
    inserting one password value per clientID). I've added the password
    colum to the table and now I need to insert the passwords into the empty
    records for the clients.


    What is happening when I run the program as it is, is that it insert the
    300+ passwords before the clients and I end up with 600+ rows, but still
    no passwords for the clients. Am I making sense?
    Do you know how to fix this??

    Thanks again,
    Miranda




    *** Sent via Developersdex http://www.developersdex.com ***
    Don't just participate in USENET...get rewarded for it!
    Miranda johnsen, Dec 5, 2003
    #3
  4. > I did what you recomended and it worked, but it is not inserting the
    > passwords into the right rows. I already have several other columns in
    > this table that have info regarding the 200+ clients (some clients have
    > more than one row, so I guess I should be testing for clientID and only
    > inserting one password value per clientID). I've added the password
    > colum to the table and now I need to insert the passwords into the empty
    > records for the clients.


    Then you need an update statement, not an insert statement!

    However, before I can tell you how to proceed, I need to know what your
    primary key is.

    A
    Aaron Bertrand [MVP], Dec 5, 2003
    #4
  5. I was wondering about that :s
    The table I'm working in is called Investors, there is no primary key in
    there, but the InvestorId is the Key to Investors File.
    -Miranda

    *** Sent via Developersdex http://www.developersdex.com ***
    Don't just participate in USENET...get rewarded for it!
    Miranda johnsen, Dec 5, 2003
    #5
  6. Okay, so you would do this:

    <%
    function randomPW(length)
    '... blah ...
    end function

    set conn = CreateObject("ADODB.connection")
    conn.open "mydata"

    set rs = conn.execute("SELECT InvestorID FROM Invest")
    do while not rs.eof
    ' assuming InvestorID is an integer!
    sql = "UPDATE invest SET password = " & _
    "'" & randomPW(5) & "'" & _
    " WHERE InvestorID = " & InvestorID
    conn.execute sql, , 129
    rs.movenext
    loop

    rs.close: set rs = nothing
    conn.close: set conn = nothing
    %>

    This certainly isn't very efficient. I'm also curious what you're going to
    do when another investor gets added to the table...

    If you were using MSDE or another flavor of SQL Server, this would be far,
    far easier.

    --
    Aaron Bertrand
    SQL Server MVP
    http://www.aspfaq.com/




    "Miranda johnsen" <> wrote in message
    news:...
    >
    > I was wondering about that :s
    > The table I'm working in is called Investors, there is no primary key in
    > there, but the InvestorId is the Key to Investors File.
    > -Miranda
    >
    > *** Sent via Developersdex http://www.developersdex.com ***
    > Don't just participate in USENET...get rewarded for it!
    Aaron Bertrand [MVP], Dec 5, 2003
    #6
  7. > there is no primary key in there,

    Why not? How do you plan to ensure data integrity?

    --
    Aaron Bertrand
    SQL Server MVP
    http://www.aspfaq.com/
    Aaron Bertrand [MVP], Dec 5, 2003
    #7
  8. The Access Database I am using from extracted tables from the main
    company database. Because there are so many clients, he exported
    pertinent tables into a seperate web database so when content on the
    main database changes, like a new client is added and so forth, he will
    not have to enter redundant information online, he just re-exports the
    tables to the web database and re-uploads the database.
    Probably not the best way to go about it, but it works.

    I have a seperate access database for non-client related data for
    content that is only online.

    As for generating a password for a new client, I don't think (I hope) I
    will have too much troubel writing a page for him to generate a password
    for a new user online. I could have it so he selects the member to add a
    password for and run the script to generate it and update that record.

    Ironically, I've spent more time trying to figure out how to do this
    automatically than if I had of just put the values in manually!

    This is one of the last steps in my project and I'm almost at my
    deadline so I really the advice/help you have given me.
    I'll let you know how it goes!
    Cheers,
    Miranda

    *** Sent via Developersdex http://www.developersdex.com ***
    Don't just participate in USENET...get rewarded for it!
    Miranda johnsen, Dec 5, 2003
    #8
  9. > there is no primary key in there,
    >Why not? How do you plan to ensure data integrity?


    hm, well I have a database with 6 tables.
    3 of these tables contain a Primary Key.
    TableA and TableB have certificateNumber as their PrimaryKey. They also
    have InvestorID in them. The Table I need, the InvestorsTable,where I
    inserted the Password column, and also has the InvestorID in it.

    I don't believe this convoluted explaination is helping to answer your
    question. I guess my answer is I don't know :s
    I didn't realize my integrity was at risk!
    -miranda

    *** Sent via Developersdex http://www.developersdex.com ***
    Don't just participate in USENET...get rewarded for it!
    Miranda johnsen, Dec 5, 2003
    #9
  10. > I don't believe this convoluted explaination is helping to answer your
    > question. I guess my answer is I don't know :s
    > I didn't realize my integrity was at risk!


    First I'll state the disclaimer that this does not apply to every last
    situation in the world. I have some tables without primary keys, and I can
    explain why if you'd like.

    However.

    A table is meant to represent a set of unique entities. A primary key
    enforces the fact that, whatever makes those entities unique, cannot be
    repeated (and will always *uniquely* define that entity, or in simpler
    terms, row). If you don't have a primary key (or a unique constraint,
    though I'm not sure those are supported in Access) then it's difficult to
    prevent your data from becoming corrupt. Depending on the complexity of
    your schema, this corruption (e.g. having two investorIDs in your investors
    table, for example) could be anywhere from mildly annoying, to downright
    disastrous.

    --
    Aaron Bertrand
    SQL Server MVP
    http://www.aspfaq.com/
    Aaron Bertrand [MVP], Dec 5, 2003
    #10
  11. Aaron? Still around?

    I've created a new table in the database for the clients
    username, password and email.
    It consists of:

    1) MemberID
    (this is the primaryKey and Not an integer, value is
    CP00010 and increases from there).

    2) MemberPW
    (random generated password, client will have the
    option to change this password if they choose)

    3) ClientEmail
    (not always present and not required yet)

    I've altered the SQL statement to reflect these changes
    and MemberID is coming up as undefined, more
    specific, this is the error:
    Variable is undefined: 'MemberID'

    I am assuming this is because MemberID is not an
    integer.I may be wrong (It would'nt be the first time!). Is
    there a way around this? The MemberID is used
    throughout the database to connect the data to the
    members.

    If you have a solution to this, I thank you in advance.
    Sincerely,
    Miranda Johnsen



    *** Sent via Developersdex http://www.developersdex.com ***
    Don't just participate in USENET...get rewarded for it!
    Miranda johnsen, Dec 8, 2003
    #11
  12. > I've altered the SQL statement to reflect these changes
    > and MemberID is coming up as undefined, more
    > specific, this is the error:
    > Variable is undefined: 'MemberID'
    >
    > I am assuming this is because MemberID is not an
    > integer.I may be wrong (It would'nt be the first time!). Is
    > there a way around this?


    I can't see your code. You're going to have to show the code that produces
    this error if you expect anyone to be able to troubleshoot it.

    --
    Aaron Bertrand
    SQL Server MVP
    http://www.aspfaq.com/
    Aaron Bertrand - MVP, Dec 8, 2003
    #12
  13. Miranda

    Bob Barrows Guest

    Show the relevant bit of code, please.

    Bob Barrows

    --
    Microsoft MVP -- ASP/ASP.NET
    Please reply to the newsgroup. The email account listed in my From
    header is my spam trap, so I don't check it very often. You will get a
    quicker response by posting to the newsgroup.
    Bob Barrows, Dec 8, 2003
    #13
  14. Hey, get out of here for a minute and check your e-mail! :p

    --
    Aaron Bertrand
    SQL Server MVP
    http://www.aspfaq.com/




    "Bob Barrows" <> wrote in message
    news:...
    > Show the relevant bit of code, please.
    >
    > Bob Barrows
    >
    > --
    > Microsoft MVP -- ASP/ASP.NET
    > Please reply to the newsgroup. The email account listed in my From
    > header is my spam trap, so I don't check it very often. You will get a
    > quicker response by posting to the newsgroup.
    >
    >
    Aaron Bertrand - MVP, Dec 8, 2003
    #14
  15. Miranda

    Bob Barrows Guest

    Aaron Bertrand - MVP wrote:
    > Hey, get out of here for a minute and check your e-mail! :p
    >

    :)
    Done

    --
    Microsoft MVP -- ASP/ASP.NET
    Please reply to the newsgroup. The email account listed in my From
    header is my spam trap, so I don't check it very often. You will get a
    quicker response by posting to the newsgroup.
    Bob Barrows, Dec 8, 2003
    #15
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?Sm9l?=

    Support for generating random passwords in ASP.NET

    =?Utf-8?B?Sm9l?=, Aug 4, 2004, in forum: ASP .Net
    Replies:
    2
    Views:
    1,063
    =?Utf-8?B?RGFuIE5hc2g=?=
    Aug 4, 2004
  2. =?Utf-8?B?Sm9l?=

    How to generate random passwords

    =?Utf-8?B?Sm9l?=, Nov 22, 2004, in forum: ASP .Net
    Replies:
    2
    Views:
    587
    Alphonse Giambrone
    Nov 23, 2004
  3. k.i.n.g.
    Replies:
    5
    Views:
    406
    Jon Clements
    May 29, 2006
  4. globalrev
    Replies:
    4
    Views:
    746
    Gabriel Genellina
    Apr 20, 2008
  5. VK
    Replies:
    15
    Views:
    1,130
    Dr J R Stockton
    May 2, 2010
Loading...

Share This Page