parallon
04-30-2008, 04:23 PM
Hello all. I have a group of pages that require permissions to access. I have a login screen which checks the DB for UserId and Password. So, if I manually type in a URL to one of the protected pages and the session is null, then I get the login screen as expected, but if I go to the default.asp page which has the same verification code and try to login, it just keeps loading the login screen; although if I manually type in one of the other pages again, then that page will open and the session is populated. Once I try to go back to the default.asp page, I get the login screen again without logging off.
Here is the code that I am using for the logoff:
<%
'*** Restrict Access To Page: Grant or deny access to this page
MM_authorizedUsers="User"
MM_authFailedURL="Login.asp"
MM_grantAccess=false
If Session("MM_Username") <> "" Then
If (false Or CStr(Session("MM_UserAuthorization"))="") Or _
(InStr(1,MM_authorizedUsers,Session("MM_UserAuthorization"))>=1) Then
MM_grantAccess = true
End If
End If
If Not MM_grantAccess Then
MM_qsChar = "?"
If (InStr(1,MM_authFailedURL,"?") >= 1) Then MM_qsChar = "&"
MM_referrer = Request.ServerVariables("URL")
if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?" & Request.QueryString()
MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" & Server.URLEncode(MM_referrer)
Response.Redirect(MM_authFailedURL)
End If
%>
I put the following code to check the session status at the login screen, and it is still showing the current session, so I know it's active, just not sure why it is not letting me see the screen.
<%
response.Write("Session is " & session("MM_Username") & "<BR>")
%>
Here is the login script:
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request.QueryString)
MM_valUsername=CStr(Request.Form("txtUserID"))
If MM_valUsername <> "" Then
MM_fldUserAuthorization="AccessLevel"
MM_redirectLoginSuccess="default.asp"
MM_redirectLoginFailed="LoginFail.asp"
MM_flag="ADODB.Recordset"
set MM_rsUser = Server.CreateObject(MM_flag)
MM_rsUser.ActiveConnection = MM_jobs_STRING
MM_rsUser.Source = "SELECT UserId, Password"
If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization
MM_rsUser.Source = MM_rsUser.Source & " FROM tblUsers WHERE UserId='" & Replace(MM_valUsername,"'","''") &"' AND Password='" & Replace(Request.Form("txtPassword"),"'","''") & "'"
MM_rsUser.CursorType = 0
MM_rsUser.CursorLocation = 2
MM_rsUser.LockType = 3
MM_rsUser.Open
If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
' username and password match - this is a valid user
Session("MM_Username") = MM_valUsername
If (MM_fldUserAuthorization <> "") Then
Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
Else
Session("MM_UserAuthorization") = ""
End If
if CStr(Request.QueryString("accessdenied")) <> "" And true Then
MM_redirectLoginSuccess = Request.QueryString("accessdenied")
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginSuccess)
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginFailed)
End If
%>
I'm sure I am missing something simple.
Thanks in advance,
Parallon
Here is the code that I am using for the logoff:
<%
'*** Restrict Access To Page: Grant or deny access to this page
MM_authorizedUsers="User"
MM_authFailedURL="Login.asp"
MM_grantAccess=false
If Session("MM_Username") <> "" Then
If (false Or CStr(Session("MM_UserAuthorization"))="") Or _
(InStr(1,MM_authorizedUsers,Session("MM_UserAuthorization"))>=1) Then
MM_grantAccess = true
End If
End If
If Not MM_grantAccess Then
MM_qsChar = "?"
If (InStr(1,MM_authFailedURL,"?") >= 1) Then MM_qsChar = "&"
MM_referrer = Request.ServerVariables("URL")
if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?" & Request.QueryString()
MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" & Server.URLEncode(MM_referrer)
Response.Redirect(MM_authFailedURL)
End If
%>
I put the following code to check the session status at the login screen, and it is still showing the current session, so I know it's active, just not sure why it is not letting me see the screen.
<%
response.Write("Session is " & session("MM_Username") & "<BR>")
%>
Here is the login script:
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request.QueryString)
MM_valUsername=CStr(Request.Form("txtUserID"))
If MM_valUsername <> "" Then
MM_fldUserAuthorization="AccessLevel"
MM_redirectLoginSuccess="default.asp"
MM_redirectLoginFailed="LoginFail.asp"
MM_flag="ADODB.Recordset"
set MM_rsUser = Server.CreateObject(MM_flag)
MM_rsUser.ActiveConnection = MM_jobs_STRING
MM_rsUser.Source = "SELECT UserId, Password"
If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization
MM_rsUser.Source = MM_rsUser.Source & " FROM tblUsers WHERE UserId='" & Replace(MM_valUsername,"'","''") &"' AND Password='" & Replace(Request.Form("txtPassword"),"'","''") & "'"
MM_rsUser.CursorType = 0
MM_rsUser.CursorLocation = 2
MM_rsUser.LockType = 3
MM_rsUser.Open
If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
' username and password match - this is a valid user
Session("MM_Username") = MM_valUsername
If (MM_fldUserAuthorization <> "") Then
Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
Else
Session("MM_UserAuthorization") = ""
End If
if CStr(Request.QueryString("accessdenied")) <> "" And true Then
MM_redirectLoginSuccess = Request.QueryString("accessdenied")
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginSuccess)
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginFailed)
End If
%>
I'm sure I am missing something simple.
Thanks in advance,
Parallon