Jump to content

Adding More than one restriction for Log In page


Mixaalser684

Recommended Posts

I've built a Log In Page in Dreamweaver 8 and added Log In server behaviour. I've noticed that this behaviour has only three states for logged user, username, password and access level. Lets say I need to add two more conditins for user to log in to page. I have these two in my accsess database, they are both boolean fields with yes/or no. One says the user is admin (yes/no) and the other, user is allowed ti access site in general (yes/no). Now since I know coding very little can someone tell me which pieces of code and where i need to insert so my log in checks this fields in database also?Here's my log in page code:

<%@LANGUAGE="JAVASCRIPT" CODEPAGE="1252"%><!--#include file="../Connections/prodavnica.asp" --><%// *** Validate request to log in to this site.var MM_LoginAction = Request.ServerVariables("URL");if (Request.QueryString!="") MM_LoginAction += "?" + Server.HTMLEncode(Request.QueryString);var MM_valUsername=String(Request.Form("Username"));if (MM_valUsername != "undefined") {  var MM_fldUserAuthorization="VrstaNalogaID";  var MM_redirectLoginSuccess="login2.asp";  var MM_redirectLoginFailed="loginfailed.asp";  var MM_flag="ADODB.Recordset";  var MM_rsUser = Server.CreateObject(MM_flag);  MM_rsUser.ActiveConnection = MM_prodavnica_STRING;  MM_rsUser.Source = "SELECT UserNameKorisnika, PasswordKorisnika";  if (MM_fldUserAuthorization != "") MM_rsUser.Source += "," + MM_fldUserAuthorization;  MM_rsUser.Source += " FROM Korisnici WHERE UserNameKorisnika='" + MM_valUsername.replace(/'/g, "''") + "' AND PasswordKorisnika='" + String(Request.Form("Password")).replace(/'/g, "''") + "'";  MM_rsUser.CursorType = 0;  MM_rsUser.CursorLocation = 2;  MM_rsUser.LockType = 3;  MM_rsUser.Open();  if (!MM_rsUser.EOF || !MM_rsUser.BOF) {	// username and password match - this is a valid user	Session("MM_Username") = MM_valUsername;	if (MM_fldUserAuthorization != "") {	  Session("MM_UserAuthorization") = String(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value);	} else {	  Session("MM_UserAuthorization") = "";	}	if (String(Request.QueryString("accessdenied")) != "undefined" && true) {	  MM_redirectLoginSuccess = Request.QueryString("accessdenied");	}	MM_rsUser.Close();	Response.Redirect(MM_redirectLoginSuccess);  }  MM_rsUser.Close();  Response.Redirect(MM_redirectLoginFailed);}%><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><title>Baze Podataka - Administrator - Log In</title></head><body><p>Administrator - Log In Stranica</p><form id="form1" name="form1" method="POST" action="<%=MM_LoginAction%>">  <table width="300" border="0">	<tr>	  <td><label for="label">		<div align="right">Username:</div>	  </label></td>	  <td><label for="Username"></label><input type="text" name="Username" id="Username" /></td>	</tr>	<tr>	  <td><label for="label">		<div align="right">Password:</div>	  </label></td>	  <td><input type="password" name="Password" id="Password" /></td>	</tr>	<tr>	  <td colspan="2"><div align="center">		<input type="submit" name="Submit" value="Login" />	  </div></td>	</tr>  </table></form><p> </p></body></html>

Link to comment
Share on other sites

Add the extra fields you want to check here:MM_rsUser.Source = "SELECT UserNameKorisnika, PasswordKorisnika";And then somewhere after this line:if (!MM_rsUser.EOF || !MM_rsUser.BOF) {You can check the values of the other fields and redirect if they aren't correct. This is how you redirect:Response.Redirect(MM_redirectLoginFailed);

Link to comment
Share on other sites

Add the extra fields you want to check here:MM_rsUser.Source = "SELECT UserNameKorisnika, PasswordKorisnika";And then somewhere after this line:if (!MM_rsUser.EOF || !MM_rsUser.BOF) {You can check the values of the other fields and redirect if they aren't correct. This is how you redirect:Response.Redirect(MM_redirectLoginFailed);
Thanx. But as I said I'm noob for the code, and couldn't make it work, can you please be more speific? Thanx.
Link to comment
Share on other sites

I still can't do it. Here's my VBScript page:

<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%><!--#include file="../Connections/connGuestbook.asp" --><%' *** Validate request to log in to this site.MM_LoginAction = Request.ServerVariables("URL")If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request.QueryString)MM_valUsername=CStr(Request.Form("username"))If MM_valUsername <> "" Then  MM_fldUserAuthorization="NivoPristupaID"  MM_redirectLoginSuccess="index.asp"  MM_redirectLoginFailed="failed.asp"  MM_flag="ADODB.Recordset"  set MM_rsUser = Server.CreateObject(MM_flag)  MM_rsUser.ActiveConnection = MM_connGuestbook_STRING  MM_rsUser.Source = "SELECT Username, Password"  If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization  MM_rsUser.Source = MM_rsUser.Source & " FROM tblKorisnici WHERE Username='" & Replace(MM_valUsername,"'","''") &"' AND Password='" & Replace(Request.Form("password"),"'","''") & "'"  MM_rsUser.CursorType = 0  MM_rsUser.CursorLocation = 2  MM_rsUser.LockType = 3  MM_rsUser.Open  If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then 	' username and password match - this is a valid user	Session("MM_Username") = MM_valUsername	If (MM_fldUserAuthorization <> "") Then	  Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)	Else	  Session("MM_UserAuthorization") = ""	End If	if CStr(Request.QueryString("accessdenied")) <> "" And true Then	  MM_redirectLoginSuccess = Request.QueryString("accessdenied")	End If	MM_rsUser.Close	Response.Redirect(MM_redirectLoginSuccess)  End If  MM_rsUser.Close  Response.Redirect(MM_redirectLoginFailed)End If%><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><title>Login</title></head><body><form id="frmlogin" name="frmlogin" method="POST" action="<%=MM_LoginAction%>">  <table width="300" border="1">	<tr>	  <td>Username:</td>	  <td><label>		<input name="username" type="text" id="username" />	  </label></td>	</tr>	<tr>	  <td>Password:</td>	  <td><input name="password" type="password" id="password" /></td>	</tr>	<tr>	  <td> </td>	  <td><input name="login" type="submit" id="login" value="Login" /></td>	</tr>  </table></form></body></html>

I created Login behaviour and besides Username, Password and Acces Level I need to chek one more field in database which is Boolean datatype, that field needs to be true so user can log in. I read all tutorials (ADO, VBScript, SQL) and I still can't get this to work. The farthest I went is to get Missing Operator Error.Here's what I did:

...MM_rsUser.Source = "SELECT Username, Password, Dozvoljen WHERE Dozvoljen = 'True' "...

I also tried adding WHERE Dozvoljen = 'True' in this line of code:

....MM_rsUser.Source = MM_rsUser.Source & " FROM tblKorisnici WHERE Username='" & Replace(MM_valUsername,"'","''") &"' AND Password='" & Replace(Request.Form("password"),"'","''") & "'"....

And that failed too.So, please help me, and say which statement exactly and where I need to add in order for this to work? Thanx.P.S. - I'm building ASP page with VBScript and Access 2002 database sing Dreamweaver 8.

Link to comment
Share on other sites

Well, I don't know what the fields are in your database that you want to check, but you need to add the field names to the select list:MM_rsUser.Source = "SELECT Username, Password"Put a comma after Password and add whatever the field names are. That will get those fields from the database as well as the username and password. Once you get the fields from the database then you can check the values. You'll probably want to check the field somewhere in the if statement, and redirect if the value isn't what you want.

if MM_rsUser.Fields.Item("field_name").Value <> "True" then  Response.Redirect(MM_redirectLoginFailed)end if

I realize you don't know much about programming, but if you want to program then you're going to have to learn. You wouldn't take your car to get fixed to someone who doesn't know how to fix cars, and you can't write programs unless you know how to program.

Link to comment
Share on other sites

Well, I don't know what the fields are in your database that you want to check, but you need to add the field names to the select list:MM_rsUser.Source = "SELECT Username, Password"Put a comma after Password and add whatever the field names are. That will get those fields from the database as well as the username and password. Once you get the fields from the database then you can check the values. You'll probably want to check the field somewhere in the if statement, and redirect if the value isn't what you want.
if MM_rsUser.Fields.Item("field_name").Value <> "True" then  Response.Redirect(MM_redirectLoginFailed)end if

I realize you don't know much about programming, but if you want to program then you're going to have to learn. You wouldn't take your car to get fixed to someone who doesn't know how to fix cars, and you can't write programs unless you know how to program.

Thanx for the answer I appreciate it. I really hate to ask so obvious questions, but those tutoorials didn't help me and I had no choice. I'm fully aware I need to know my car in order to drive it, thanx.
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...