Not Able to Login Successfully ASP/VBSCRIPT

jdutwell · April 2nd, 2008, 03:01 PM

Hello,

I am unable to login successfully...any help you can offer would be much appreciated! The first section of code below is on the login.asp page (specifically, the section that checks for username yyyuser1 and password yyypass1) and then the code below that is on the page that the user is directed to when they login (content.asp).

When I enter a username of yyyuser1 and password of yyypass1, I am taken to the correct content.asp page, but it appears that the Access_Status is not "Granted" because I am then redirected back to the login page. I am going between two different websites - is this the problem?

-------------code on login.asp-----------------------------------
<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>
<%
' ************************************************** ******************
' Check for enabled cookies by creating a test session variable and
' recalling the login page. If the session variable retains its value
' then your test is successful
' ************************************************** *****************
If Session("Access_Status") = "" AND Request.QueryString("test") <> 1 then
   Session("Access_Status") = "Test"
   Response.Redirect "login.asp?test=1"
   ElseIf Session("Access_Status") = "" AND Request.QueryString("test") = 1 then
   Response.Redirect "cookie_error.asp"
End If %>

<%
' ************************************************** ****************
' Verify User Name and Password. If correct set Session variable =
' to check against on secure pages. Redirect User to the secured
' ************************************************** ****************
If LCase(Trim(Request("UserName"))) = "yyyuser1" AND Lcase(Trim(Request("Password"))) = "yyypass1" then
   Session("Access_Status") = "Granted"
   Response.Redirect "http://www.yyy.biz/draft/content.asp"
   ElseIf LCase(Trim(Request("UserName"))) = "yyysetup" AND LCase(Trim(Request("Password"))) = "yyypass" then
   Session("Special_Status") = "SpecialSet"
   Response.Redirect "http://www.yyy.biz/draft/specificsetup.asp"
   ElseIf LCase(Trim(Request("UserName"))) = "xxxuser" AND LCase(Trim(Request("Password"))) = "xxxpass" then
   Session("Access_Status") = "Granted"
   Response.Redirect "http://www.xxx.biz/draft/info.asp"
   ElseIf LCase(Trim(Request("UserName"))) = "xxxsetup" AND LCase(Trim(Request("Password"))) = "xxxpass" then
   Session("Access_Status") = "Special"
   Response.Redirect "http://www.xxx.biz/draft/specific.asp"
' ************************************************** *****************
' If not correct User Name and Password and user attempted to enter
' something, change status to Denied. Use this value to know when
' to display an error message.
' ************************************************** *****************
   ElseIf Request("UserName") <> "" OR Request("Password") <> "" then
   Session("Access_Status") = "Denied"
' ************************************************** **************
' Must be an initial view or the User entered nothing. Make sure the
' Access_Status = "" so the page will display without an error message
' ************************************************** ****************
   Else
   Session("Access_Status") = "Test"
End If
%>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

</head>
<body >

<%
' ************************************************** ****************
' Display error message when an incorrect User Name or Password is
' ************************************************** ****************
If Session("Access_Status") = "Denied" then
   Response.write("<p class=""accessdenied"">The Username and#47;or Password you entered were incorrect. Please try again.</p>")
End If
%>

<form action="login.asp" method="post" >
<input type="hidden" name="AdminLogin" value="true" />
<table border="0" cellpadding="0" cellspacing="0" width="200">
<tr><td class="content" valign="top">
<p>Username<br />
<input type="text" size="15" name="UserName" /></p>
<p>Password<br />
<input type="password" size="15" name="Password" />
</p>
</td></tr></table>
<input type="submit" value="Log In" name="login" />
<input type="reset" name="reset" value="Reset" />
</form>
-----------end code on login.asp-------------------

-----------code on content.asp---------------------
<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>
<% Option Explicit %>
<%
' ************************************************** *
' Check to see if user has access to this page
' ************************************************** *
If Session("Access_Status") <> "Granted" then
   Response.Redirect "http://www.mmm.biz/draft/login.asp"
End If
%>
----------end code on content.asp------------------

Thank you for any help you can offer!

mat41 · April 2nd, 2008, 05:25 PM

;;; I am going between two different websites - is this the problem?

I have never had the need to do this and couldnt imagine ever wanting to. No IMO you can not share session variables from application to application.

Session variables should be used sparingly. I use them as a last resort and tend to pass variables from page to page using hidden form variables

Wind is your friend
Matt
www.elitemarquees.com.au

jdutwell · April 4th, 2008, 11:26 AM

Matt,

Thank you again for your help. I will look into using hidden form variables.

Go Solar!

Lea