Chapter 12 "Why Not Try Step 2"

Rix · November 12th, 2003, 02:15 PM

Has anyone completed Step 2 in Chapter 12 "Why Not Try"?

This is exactly what I want to do with a logon page. I want to Redirect users once they login to a specific page depending on their access level.

I cannot figure out how to code the redirects for MM_UserAuthorization. Specifically, sending the user to a specific page depending on their access levels. I have the access levels set up for each page. I just need the code for redirecting them once they logon.

Warmest Regards
Rick Sweeney
Webspin Graphics and Web Design

Imar · November 12th, 2003, 05:24 PM

Hi Rick,

Redirecting users away from the Login page based on the access level is not too complicated. Basically what you need is the same code that is used to protect the page, but with a little twist.

In Login.asp, change this:

Code:

MM_rsUser.Close
    Response.Redirect(MM_redirectLoginSuccess)

to something similar to this:

Code:

MM_rsUser.Close

Code:

' Response.Redirect(MM_redirectLoginSuccess)
If (InStr(1, Session("MM_UserAuthorization"), "Administrators")>=1) Then
  ' An admin is logging in
  Response.Redirect("admin/admin.asp")
End If
If (InStr(1, Session("MM_UserAuthorization"), "Members")>=1) Then
  ' A Member is logging in
  Response.Redirect("mySite.asp")
End If
' Not a member and not a admin, so redirect to home
Response.Redirect("home.asp")

This code just checks the Session variable that holds the access level. If it contains Administrators, you can redirect them to the admin.asp page. If the user is a member, redirect them to mySite.asp.

In all other cases, just redirect them home.asp. In TheSoccerSite the last situation isn't possible. If you can successfully login, you have to be either a member, or an admin. However, in your site you may have "just visitors" that can login, but are not allowed to view the mySite.asp page.

Hope this helps, and if you have more questions, feel free to ask.

Cheers,

Imar

---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.

Rix · November 12th, 2003, 05:28 PM

I have the following code to try and logon users to a specific page depending on their acces level:

<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>

<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request.QueryString)
MM_valUsername=CStr(Request.Form("userName"))
If MM_valUsername <> "" Then
  MM_fldUserAuthorization="userGroup"
  MM_redirectLoginSuccess="AccessPage.asp"
  MM_redirectLoginFailed="login.asp?failed=true"
  MM_flag="ADODB.Recordset"
  set MM_rsUser = Server.CreateObject(MM_flag)
  MM_rsUser.ActiveConnection = MM_connPregel_STRING
  MM_rsUser.Source = "SELECT userName, pwd"
  If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization
  MM_rsUser.Source = MM_rsUser.Source & " FROM pregel_users WHERE userName='" & Replace(MM_valUsername,"'","''") &"' AND pwd='" & Replace(Request.Form("pwd"),"'","''") & "'"
  MM_rsUser.CursorType = 0
  MM_rsUser.CursorLocation = 2
  MM_rsUser.LockType = 3
  MM_rsUser.Open
  If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
    ' username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername
    If (MM_fldUserAuthorization <> "") Then
      Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization ).Value)
    Else
      Session("MM_UserAuthorization") = ""
    End If
    if CStr(Request.QueryString("accessdenied")) <> "" And true Then
      MM_redirectLoginSuccess = Request.QueryString("accessdenied")
    End If
    MM_rsUser.Close
    If InStr(1, "admin", MM_UserAuthorization) >= 1 Then
      MM_redirectLoginSuccess="admin_adduser_master.asp"
    Else
      If InStr(1, "vip", MM_UserAuthorization) >= 1 Then
         MM_redirectLoginSuccess="VipPage.asp"
      Else
         If InStr(1, "visitor", MM_UserAuthorization) >= 1 Then
            MM_redirectLoginSuccess="VisitorPage.asp"
   End If
      End If
         End If
    Response.Redirect(MM_redirectLoginSuccess)
  End If
  MM_rsUser.Close
  Response.Redirect(MM_redirectLoginFailed)
End If

When I log on as an "admin", it works fine. It takes me to the admin page. When I try and log on as a "vip", I get an accessed denied page telling me I have no access to the admin page. I have the restrictions set up correctly for the VipPage.asp, but it is like the code never falls into the second if statement after checking for admin...

MM_rsUser.Close
    If InStr(1, "admin", MM_UserAuthorization) >= 1 Then
      MM_redirectLoginSuccess="admin_adduser_master.asp"
    Else
      If InStr(1, "vip", MM_UserAuthorization) >= 1 Then
         MM_redirectLoginSuccess="VipPage.asp"
      Else
         If InStr(1, "visitor", MM_UserAuthorization) >= 1 Then
            MM_redirectLoginSuccess="VisitorPage.asp"
   End If

Trying to access the VisitorPage.asp when logging on with visitor access is not working either.

I have went through the bullet item 12 on page 449, but this makes no sense to me as I do not want to be directed to a page with link options. I want users to be directed to the page they have access to once logging in.

Thanks in advance for any help on this one.
Rick Sweeney
Webspin Graphics and Web Design

Rix · November 12th, 2003, 05:31 PM

We must have submitted the reply about the same time. Let me try your suggestion.

Thank you very much. I will get back with you on the results.

Rick

Rix · November 12th, 2003, 05:41 PM

Awsome Imar, that worked.

Thanks again
RIck

Imar · November 12th, 2003, 05:54 PM

Hi Rick,

You were pretty close with your code. It had two little problems:

1. You are using MM_UserAuthorization, instead of Session("MM_UserAuthorization"). The MM_UserAuthorization is a Session variable, so you can't use it as a direct variable, like you did (unless you do something like this: MM_UserAuthorization = Session("MM_UserAuthorization") somewhere in your page).

2. You mixed up a few things in the InStr method. According to the docs (found here), this is how InStr works:

InStr([start, ]string1, string2[, compare])

Arguments
start
Optional. Numeric expression that sets the starting position for each search. If omitted, search begins at the first character position. If start contains Null, an error occurs. The start argument is required if compare is specified.
string1
Required. String expression being searched.
string2
Required. String expression searched for.
compare
Optional. Numeric value indicating the kind of comparison to use when evaluating substrings. See Settings section for values. If omitted, a binary comparison is performed.

As you can see, the second argument to the InStr method is the string search for. You had it the other way around (you passed VIP before you passed the Session variable). If you session variable has an exact match, this shouldn't be a problem. However, if your user has multiple levels assigned, the VIP test won't work correctly.

Cheers,

Imar

---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.

Rix · November 12th, 2003, 08:46 PM

Yes I see how it works now. You are very kind to have taken the time with me on this.

Warmest Regards
Rick Sweeney