Future,
I think that is probably a better way of doing a session than I am currently doing. Currently the session only cares if the user/pass is authenticated. This doesn't truly distinguish one validated user from the other ALTHOUGH they don't get directed to their page without being uniquely authenticated for that page. Make sense? Probably makes more sense to you than to me. lol :) Thanks a ton for the help. The code I'm using is below. I haven't gotten the function that is there to work properly because I'm not sure of the way I should do it but it was meant to stop sql injection.
<%
Dim adoCon
Dim strCon
Dim rsCheckUser
Dim strMySqlDB
Dim strSQL
Dim strSQL1
Dim strUrl
Dim strUserName
Dim strPassword
Dim rstemp
function SQLComply (Term)
Term = trim (Term)
if Term <> "" then
Term = Replace (Term, chr (39), chr (39) & chr (39))
end if
SQLComply = Term
end function
strUserName = Request.Form("txtUserName")
strPassword = Request.Form ("txtUserPass")
strMySqlDB = "users"
Set adoCon = Server.CreateObject("ADODB.Connection")
strCon = "Driver={MySQL ODBC 3.51
Driver};uid=root;password=lookout;Server=localhost ;Option=16834;Database=CheckUser;"
adoCon.Open strCon
Set rsCheckUser =
Server.CreateObject("ADODB.Recordset")
strSQL = "SELECT tblUsers.Url FROM tblUsers WHERE
tblUsers.UserID ='" & strUserName & "' and
tblUsers.Password ='" & strPassword & "'"
rsCheckUser.Open strSQL, strCon
If rsCheckUser.EOF and rsCheckUser.BOF then
response.Write("Incorrect Login, please try again.")
Else
strUrl=rsCheckUser("Url")
Session("blnIsUserGood") = True
Response.Redirect(strUrl)
End If
Set adoCon = Nothing
Set strCon = Nothing
Set rsCheckUser = Nothing
Set rsCheckUser = Nothing
Session("blnIsUserGood") = False
Response.Redirect"Unauthorized_user_page.htm"
%>
See, my current session only cares about true or false for the user/pass failing or not.
|