...

View Full Version : redirecting user depending on login credentials



netcrawler
01-26-2005, 03:44 PM
Hi i would like to have a simple example of a login script that would redirect users to different pages to my site depending on their userid. Certain user would have access to page1.asp certain would have access to page2.asp.

Please help I have a login script working right now but I just cant figure how to redirect the user to different pages depending on their userid.

Thanks.

<---Code--->


<%
Dim MM_cadet_STRING, MM_LoginAction, MM_valUsername, MM_redirectLoginSuccess, MM_redirectLoginFailed, MM_flag, MM_rsUser, MM_fldUserAuthorization
MM_cadet_STRING = "provider=Microsoft.Jet.OLEDB.4.0;data source=d:\inetsrv\database\cadets\main1.mdb;"
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Request.QueryString
MM_valUsername=CStr(Request.Form("userid"))
If MM_valUsername <> "" Then
MM_fldUserAuthorization=""
if strLang="e" then
MM_redirectLoginSuccess="../intro_e.asp"
else
MM_redirectLoginSuccess="../intro_f.asp"
end if
if strLang="e" then
MM_redirectLoginFailed="login_wrong_e.asp"
else
MM_redirectLoginFailed="login_wrong_f.asp"
end if
MM_flag="ADODB.Recordset"
set MM_rsUser = Server.CreateObject(MM_flag)
MM_rsUser.ActiveConnection = MM_cadet_STRING
MM_rsUser.Source = "SELECT Userid, password"
If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization
MM_rsUser.Source = MM_rsUser.Source & " FROM adminlogin WHERE Userid='" & Replace(MM_valUsername,"'","''") &"' AND password='" & Replace(Request.Form("pass"),"'","''") & "'"
MM_rsUser.CursorType = 0
MM_rsUser.CursorLocation = 2
MM_rsUser.LockType = 3
MM_rsUser.Open
If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
' username and password match - this is a valid user
Session("MM_Username") = MM_valUsername
If (MM_fldUserAuthorization <> "") Then
Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization ).Value)
Else
Session("MM_UserAuthorization") = ""
End If
if CStr(Request.QueryString("accessdenied")) <> "" And false Then
MM_redirectLoginSuccess = Request.QueryString("accessdenied")
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginSuccess)
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginFailed)
End If
%>

<--- end of code --->

Burnout
01-26-2005, 09:05 PM
I'll be honest, I'm not sure if I'm qualified to answer your question or not since I'm a relative newbie.

I recently worked on a similar problem, but I didn't base it on the user id. I just had a field in my database that dictated access rights. The possible values were "Admin", "All" and "User". Once I queried the database to see if the User ID and Password were valid, I passed this access-rights value to a Session object which I then compared using If statements. Here's a snippet.



If RS.RecordCount = 0 Then 'If no username and password matched those that were entered
Response.Redirect("login.asp?isFail=1")
Else
Session.Timeout = 5
Session("active") = TRUE
Session("fullName") = RS("fullName")
Session("accessType") = RS("accessType")
If Session("accessType") = "Admin" Then
Response.Redirect("page1.asp")
elseif Session("accessType") = "All" Then
Response.Redirect("page2.asp")
Else
Response.Redirect("page3.asp")
End If
End If



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum