Wrox Programmer Forums
|
Classic ASP Basics For beginner programmers starting with "classic" ASP 3, pre-".NET." NOT for ASP.NET 1.0, 1.1, or 2.0
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Classic ASP Basics section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old November 22nd, 2003, 11:17 AM
Friend of Wrox
  
Join Date: Nov 2003
Posts: 141
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to acdsky
Default Conditional Login
Hi

I have got a login page reading an table within an SQL database. What I need to do is to redirect users depening on certian criteria linked to that user. For example the user table would have the following fields - Username; Password; Company; Designation and depending on any combanation it should redirect it to a certian page.

At the moment I have something like this:

sql = "SELECT * FROM tUsers WHERE " & _
                 "UserName='" & Request.Form("UserName") & "' AND " & _
                 "UserPassword='" & Request.Form("UserPassword") & "' "

 Set Rs = Cm.Execute(sql)

 If Rs.EOF Then
   Session("Authenticated") = 0
   Response.Redirect ("../Customer login_error.asp")
 Else
   Session("Authenticated") = 1
   Response.Redirect ("welcome.asp")
 End If


Would this be possible using a single logon? If so please point me in the right direction...

Rgrds
M



Such is Life!
 
Old November 22nd, 2003, 11:58 AM
Friend of Wrox
  
Join Date: Jun 2003
Posts: 440
Thanks: 0
Thanked 0 Times in 0 Posts
Default
Couldn't you do something like this...
Code:
If Rs.EOF Then
   Session("Authenticated") = 0
   Response.Redirect ("../Customer login_error.asp")
Else
   Session("Authenticated") = 1
   Select Case Rs("Company")
     Case "First Company Inc."
       Response.Redirect ("first.asp")
     Case "Second Company Inc."
       Response.Redirect ("second.asp")
     Case Else
       Response.Redirect ("notfound.asp")
   End Select
End If
Is that what you mean!?
Another way to do it is to pass the company name, if that is what you want to branch on, in the URL and then handle the switch later...
Code:
If Rs.EOF Then
   Session("Authenticated") = 0
   Response.Redirect ("../Customer login_error.asp")
Else
   Session("Authenticated") = 1
   Response.Redirect ("show.asp?where=" & Rs("Company"))
End If
In both cases you have to make sure that the user is logged on when requesting the page to which he/she is redirected. You also have to handle the case where people try to e.g. hack the URL (last example), if you will not allow others to see other companies. The same actually also goes for the first example. Some unauthorized people could try different URLs etc. What I am trying to say is be careful!

Hope it helps

Jacob.
 
Old November 25th, 2003, 11:59 AM
Friend of Wrox
  
Join Date: Nov 2003
Posts: 141
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to acdsky
Default
Yes, that is exactly what I am looking for my concern is like you said people guessing the URL.
I am using a check file but that only 0/1 irrespective of the company u belong to.
The only way I can see around the security issue is using asp.net and then use NTFS security to restrict access to folders.

Which is confusing me is having to check the company and then having to check if its a user or manager, would it be possible to nest another Case beneath the company check?

I will play around with it and see what I come up with

Thanks!
Marnus




Such is Life!





Similar Threads
Thread Thread Starter Forum Replies Last Post
login script: user can't hit "return" for login dmerrill Java Basics 13 July 14th, 2006 07:25 PM
Newbie Help. Login to unique login page per user Kainan Classic ASP Professional 10 May 3rd, 2005 07:47 AM
login failed for user nt authority\anonymous login rj1406 Classic ASP Databases 1 October 24th, 2004 09:15 AM




Contact Us - Wrox - Privacy Statement - Top

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.