I am redesigning our company website and am having issues with how to log in users with levels to different pages. Example: Level "A" goes to a_summary.asp and level "M" goes to m_summary.asp. I am currently using Dreamweaver's "helpers" for most of it because I have a tight deadline. In the past we had an outside source do the database portion of our website and now I am trying to take over that area. He used VBScript, so I plan on using the same thing - but I am more familiar with JavaScript. Below is the code that I have, but I need it to redirect to the above mentioned pages:


<!--#include file="../Connections/connTBGMNWeb.asp" -->
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString <> "" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request.QueryString)
MM_valUsername = CStr(Request.Form("username"))
If MM_valUsername <> "" Then
Dim MM_fldUserAuthorization
Dim MM_redirectLoginSuccess
Dim MM_redirectLoginFailed
Dim MM_loginSQL
Dim MM_rsUser
Dim MM_rsUser_cmd

MM_fldUserAuthorization = "AgentOrMember"
MM_redirectLoginSuccess = "../login/login.asp"
MM_redirectLoginFailed = "../login/login_bad.asp"

MM_loginSQL = "SELECT AgencyID, PW"
If MM_fldUserAuthorization <> "" Then MM_loginSQL = MM_loginSQL & "," & MM_fldUserAuthorization
MM_loginSQL = MM_loginSQL & " FROM dbo.[User] WHERE AgencyID = ? AND PW = ?"
Set MM_rsUser_cmd = Server.CreateObject ("ADODB.Command")
MM_rsUser_cmd.ActiveConnection = MM_connTBGMNWeb_STRING
MM_rsUser_cmd.CommandText = MM_loginSQL
MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param1", 200, 1, 255, MM_valUsername) ' adVarChar
MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param2", 200, 1, 255, Request.Form("password")) ' adVarChar
MM_rsUser_cmd.Prepared = true
Set MM_rsUser = MM_rsUser_cmd.Execute

If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
' username and password match - this is a valid user
Session("MM_Username") = MM_valUsername
If (MM_fldUserAuthorization <> "") Then
Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
Else
Session("MM_UserAuthorization") = ""
End If
if CStr(Request.QueryString("accessdenied")) <> "" And false Then
MM_redirectLoginSuccess = Request.QueryString("accessdenied")
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginSuccess)
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginFailed)
End If
%>

The old code looked like this (but I am using different db connections and record sets now):

<!--#include file="conn.asp"-->
<%
If Request.Form("username")<>"" Then
' Code to open connection to Access DSN
sql="SELECT * FROM [User] WHERE AgencyID='" & Request.Form("username") & "'"
Set rs = Server.CreateObject("ADODB.Recordset")
rs.Open sql, cn, 3, 3
If rs.EOF Then
Response.Redirect "login/login_bad.asp"
End If
If rs.Fields("PW")<>Request.Form("Password") Then
Response.Redirect "login/login_bad.asp"
End If
Session("PWD")=rs.Fields("PW")
Session("AgencyID")=rs.Fields("AgencyID")
Session("Level")=rs.Fields("Level")
Session("AgencyName")=rs.Fields("AgencyName")
Session("MemberID")=rs.Fields("AgencyID")
Session("AgentOrMember")=rs.Fields("AgentOrMember")
If Session("AgentOrMember")="A" Then Response.Redirect "login/agent/a_summary.asp"
If Session("AgentOrMember")="M" Then Response.Redirect "login/member/m_summary.asp"
End If
%>

Any help is appreciated!

Twidget26

Do you have a field in your database that says that this user is Level "A" or Level "M"? Your old code had one and I use the connection method that he uses in my own code. His code already redirected them to different locations and is the way I would use. If you have more than two possibilities then I would change it to a Select Case statement.

Session("AgentOrMember")=rs.Fields("AgentOrMember")

If Session("AgentOrMember")="A" Then
Response.Redirect "login/agent/a_summary.asp"
End If
If Session("AgentOrMember")="M" Then
Response.Redirect "login/member/m_summary.asp"
End If

Not to sound like a nimrod here, but where do I put that exactly? I completely understand his coding and where I would put it there, but I don't understand why my coding looks so different and I can't figure out where to put the redirect coding. I'd assume it'd be within this area:

MM_fldUserAuthorization = "AgentOrMember"
MM_redirectLoginSuccess = "../login/login.asp"
MM_redirectLoginFailed = "../login/login_bad.asp"

Twidget26

No, at that point in your code you haven't opened your recordset yet, which is needed to find out which group they belong too. It looks like it would take the place of this line though.

Response.Redirect(MM_redirectLoginSuccess)

Truthfully I'm having trouble following the code. It looks like some code is missing. I noticed that two If statements aren't closed. Question, why are you changing from his code to yours when it looks like both are doing the same thing. His is shorter and from what I know about ASP coding it is a better method. I'm not trying to knock your method because it's perfectly acceptable. I'm just trying to understand the full picture. His by the way looks to missing a close to an If statement as well.

I am definately not offended or anything....as I am just learning this stuff and I'm also using DreamWeaver for the first time. It's easier for me to use as much "pre-scripted" Dreamweaver code that I can, that's why I was switching. Yes, his code is shorter and easier to follow..I'm just trying to figure out why it's different if it's suppose to be the same. We are figuring out that working with Dreamweaver templates using ASP is becomming very difficult so I'm thinking I'm scrapping what I've got and starting over again (and using xmas money to buy books and lot's of them!!! hehe).

Maybe you can answer another dumb question....what language is he writing in if they are different?

Thanks for not being mean and trying to help!

t

Truthfully I still feel like I'm new to this even though I've been doing it for a year now. I also had to self teach myself this stuff so I understand what you're going through. Below is a list of resources that I've found very useful including this site which has saved me on more than one occasion.

Both of you were using the same language, vbscript. I was referring to your method of database connectivity. Again, both methods are usable, I've just always heard that his is a better connection method. It also happens to be the method I'm using on over 200 dynamic web pages.

If you go back to his code I suggest taking a close look at it to understand it better and also maybe improve it. I don't mind answering any questions you have about it. Improvements to his code: I believe I don't see closing End If's to two of his If statements. Is it really necessary to declare all of your variables as Session variables (eats up server memory, but might be needed elsewhere)?

Continue posting and I'll answer as many questions as I can.

Resources:
Websites:
http://www.asp101.com
http://www.devguru.com
http://www.w3schools.com
Books:
Active Server Pages 3.0 in 21 Days
- ISBN# 0-672-31863-6
- It's from the SAMS Teach Yourself series.
- This book saved me! Like you I was on a short time table and this made things easy to understand.
- There might be a newer version out of this book.

I hope I've been at least somewhat helpful. Good Luck!

Thanks so much and I'm glad to hear you are learning as you go along too! Makes me less stressed about this stuff. You've been a big help and I will definately continue to post as I'm redesigning this website. Wish I had something smaller to start with to get practice but you have to take what you get! :)

I'll definately be checking out the websites and book you mentioned! Thanks again and have a good holiday.

t