Mixaalser684 Posted January 17, 2008 Share Posted January 17, 2008 I've built a Log In Page in Dreamweaver 8 and added Log In server behaviour. I've noticed that this behaviour has only three states for logged user, username, password and access level. Lets say I need to add two more conditins for user to log in to page. I have these two in my accsess database, they are both boolean fields with yes/or no. One says the user is admin (yes/no) and the other, user is allowed ti access site in general (yes/no). Now since I know coding very little can someone tell me which pieces of code and where i need to insert so my log in checks this fields in database also?Here's my log in page code: <%@LANGUAGE="JAVASCRIPT" CODEPAGE="1252"%><!--#include file="../Connections/prodavnica.asp" --><%// *** Validate request to log in to this site.var MM_LoginAction = Request.ServerVariables("URL");if (Request.QueryString!="") MM_LoginAction += "?" + Server.HTMLEncode(Request.QueryString);var MM_valUsername=String(Request.Form("Username"));if (MM_valUsername != "undefined") { var MM_fldUserAuthorization="VrstaNalogaID"; var MM_redirectLoginSuccess="login2.asp"; var MM_redirectLoginFailed="loginfailed.asp"; var MM_flag="ADODB.Recordset"; var MM_rsUser = Server.CreateObject(MM_flag); MM_rsUser.ActiveConnection = MM_prodavnica_STRING; MM_rsUser.Source = "SELECT UserNameKorisnika, PasswordKorisnika"; if (MM_fldUserAuthorization != "") MM_rsUser.Source += "," + MM_fldUserAuthorization; MM_rsUser.Source += " FROM Korisnici WHERE UserNameKorisnika='" + MM_valUsername.replace(/'/g, "''") + "' AND PasswordKorisnika='" + String(Request.Form("Password")).replace(/'/g, "''") + "'"; MM_rsUser.CursorType = 0; MM_rsUser.CursorLocation = 2; MM_rsUser.LockType = 3; MM_rsUser.Open(); if (!MM_rsUser.EOF || !MM_rsUser.BOF) { // username and password match - this is a valid user Session("MM_Username") = MM_valUsername; if (MM_fldUserAuthorization != "") { Session("MM_UserAuthorization") = String(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value); } else { Session("MM_UserAuthorization") = ""; } if (String(Request.QueryString("accessdenied")) != "undefined" && true) { MM_redirectLoginSuccess = Request.QueryString("accessdenied"); } MM_rsUser.Close(); Response.Redirect(MM_redirectLoginSuccess); } MM_rsUser.Close(); Response.Redirect(MM_redirectLoginFailed);}%><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><title>Baze Podataka - Administrator - Log In</title></head><body><p>Administrator - Log In Stranica</p><form id="form1" name="form1" method="POST" action="<%=MM_LoginAction%>"> <table width="300" border="0"> <tr> <td><label for="label"> <div align="right">Username:</div> </label></td> <td><label for="Username"></label><input type="text" name="Username" id="Username" /></td> </tr> <tr> <td><label for="label"> <div align="right">Password:</div> </label></td> <td><input type="password" name="Password" id="Password" /></td> </tr> <tr> <td colspan="2"><div align="center"> <input type="submit" name="Submit" value="Login" /> </div></td> </tr> </table></form><p> </p></body></html> Link to comment Share on other sites More sharing options...
justsomeguy Posted January 17, 2008 Share Posted January 17, 2008 Add the extra fields you want to check here:MM_rsUser.Source = "SELECT UserNameKorisnika, PasswordKorisnika";And then somewhere after this line:if (!MM_rsUser.EOF || !MM_rsUser.BOF) {You can check the values of the other fields and redirect if they aren't correct. This is how you redirect:Response.Redirect(MM_redirectLoginFailed); Link to comment Share on other sites More sharing options...
Mixaalser684 Posted January 18, 2008 Author Share Posted January 18, 2008 Add the extra fields you want to check here:MM_rsUser.Source = "SELECT UserNameKorisnika, PasswordKorisnika";And then somewhere after this line:if (!MM_rsUser.EOF || !MM_rsUser.BOF) {You can check the values of the other fields and redirect if they aren't correct. This is how you redirect:Response.Redirect(MM_redirectLoginFailed);Thanx. But as I said I'm noob for the code, and couldn't make it work, can you please be more speific? Thanx. Link to comment Share on other sites More sharing options...
Mixaalser684 Posted January 23, 2008 Author Share Posted January 23, 2008 I still can't do it. Here's my VBScript page: <%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%><!--#include file="../Connections/connGuestbook.asp" --><%' *** Validate request to log in to this site.MM_LoginAction = Request.ServerVariables("URL")If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request.QueryString)MM_valUsername=CStr(Request.Form("username"))If MM_valUsername <> "" Then MM_fldUserAuthorization="NivoPristupaID" MM_redirectLoginSuccess="index.asp" MM_redirectLoginFailed="failed.asp" MM_flag="ADODB.Recordset" set MM_rsUser = Server.CreateObject(MM_flag) MM_rsUser.ActiveConnection = MM_connGuestbook_STRING MM_rsUser.Source = "SELECT Username, Password" If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization MM_rsUser.Source = MM_rsUser.Source & " FROM tblKorisnici WHERE Username='" & Replace(MM_valUsername,"'","''") &"' AND Password='" & Replace(Request.Form("password"),"'","''") & "'" MM_rsUser.CursorType = 0 MM_rsUser.CursorLocation = 2 MM_rsUser.LockType = 3 MM_rsUser.Open If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then ' username and password match - this is a valid user Session("MM_Username") = MM_valUsername If (MM_fldUserAuthorization <> "") Then Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value) Else Session("MM_UserAuthorization") = "" End If if CStr(Request.QueryString("accessdenied")) <> "" And true Then MM_redirectLoginSuccess = Request.QueryString("accessdenied") End If MM_rsUser.Close Response.Redirect(MM_redirectLoginSuccess) End If MM_rsUser.Close Response.Redirect(MM_redirectLoginFailed)End If%><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><title>Login</title></head><body><form id="frmlogin" name="frmlogin" method="POST" action="<%=MM_LoginAction%>"> <table width="300" border="1"> <tr> <td>Username:</td> <td><label> <input name="username" type="text" id="username" /> </label></td> </tr> <tr> <td>Password:</td> <td><input name="password" type="password" id="password" /></td> </tr> <tr> <td> </td> <td><input name="login" type="submit" id="login" value="Login" /></td> </tr> </table></form></body></html> I created Login behaviour and besides Username, Password and Acces Level I need to chek one more field in database which is Boolean datatype, that field needs to be true so user can log in. I read all tutorials (ADO, VBScript, SQL) and I still can't get this to work. The farthest I went is to get Missing Operator Error.Here's what I did: ...MM_rsUser.Source = "SELECT Username, Password, Dozvoljen WHERE Dozvoljen = 'True' "... I also tried adding WHERE Dozvoljen = 'True' in this line of code: ....MM_rsUser.Source = MM_rsUser.Source & " FROM tblKorisnici WHERE Username='" & Replace(MM_valUsername,"'","''") &"' AND Password='" & Replace(Request.Form("password"),"'","''") & "'".... And that failed too.So, please help me, and say which statement exactly and where I need to add in order for this to work? Thanx.P.S. - I'm building ASP page with VBScript and Access 2002 database sing Dreamweaver 8. Link to comment Share on other sites More sharing options...
justsomeguy Posted January 25, 2008 Share Posted January 25, 2008 Well, I don't know what the fields are in your database that you want to check, but you need to add the field names to the select list:MM_rsUser.Source = "SELECT Username, Password"Put a comma after Password and add whatever the field names are. That will get those fields from the database as well as the username and password. Once you get the fields from the database then you can check the values. You'll probably want to check the field somewhere in the if statement, and redirect if the value isn't what you want. if MM_rsUser.Fields.Item("field_name").Value <> "True" then Response.Redirect(MM_redirectLoginFailed)end if I realize you don't know much about programming, but if you want to program then you're going to have to learn. You wouldn't take your car to get fixed to someone who doesn't know how to fix cars, and you can't write programs unless you know how to program. Link to comment Share on other sites More sharing options...
Mixaalser684 Posted January 25, 2008 Author Share Posted January 25, 2008 Well, I don't know what the fields are in your database that you want to check, but you need to add the field names to the select list:MM_rsUser.Source = "SELECT Username, Password"Put a comma after Password and add whatever the field names are. That will get those fields from the database as well as the username and password. Once you get the fields from the database then you can check the values. You'll probably want to check the field somewhere in the if statement, and redirect if the value isn't what you want.if MM_rsUser.Fields.Item("field_name").Value <> "True" then Response.Redirect(MM_redirectLoginFailed)end if I realize you don't know much about programming, but if you want to program then you're going to have to learn. You wouldn't take your car to get fixed to someone who doesn't know how to fix cars, and you can't write programs unless you know how to program. Thanx for the answer I appreciate it. I really hate to ask so obvious questions, but those tutoorials didn't help me and I had no choice. I'm fully aware I need to know my car in order to drive it, thanx. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.