I am trying to set up a login page for my new members site. I have the index page, which shows all the new members. there are add, update, delete links beside each member. When you click on any of the links, I have some code at the top of the page that verify's if they have logged in (using cookies). That code looks like this:

<%
'If the session variable is False or does not exsist then redirect the user to the unauthorised user page
If Session("blnIsUserGood") = False or IsNull(Session("blnIsUserGood")) = True then

'Redirect to unathorised user page
Response.Redirect"login.asp"
End If
%>

If they haven't, it takes them to the login page. What I need to be able to do is when they login, take them to the correct page the wanted to go to (ad, update, delete). How can I do this? Also, on the update/delete pages, I am passing their member id so I can look them up in the database, so that would need to get passed as well if they click on update/delete.

Thanks!!

Add - http://www.zluth.org/new_members/add_new_members.asp

Update - http://www.zluth.org/new_members/update.asp?memberid=memberid

Delete - http://www.zluth.org/new_members/update.asp?memberid=memberid

memberid equals there id from the database.

HI,
I will suggest you not to have a middle page just to validate the authenticity of user. WHat you can do is, on Index page you can prepare the links for ADD/DELETE/CHANGE as (keep in mind that the URL may be same or different.. all depends how you will get all 3 option in one ASP file. I am dealing with one page for ADD/DELETE/CHANGE functionalities.):

<a href="http://www.site.com/member_Action.asp?opt=add&id=someid">Add</a>
<a href="http://www.site.com/member_Action.asp?opt=change&id=someid">Change</a>
<a href="http://www.site.com/member_Action.asp?opt=delete&id=someid">Delete</a>

On on this ASP page first of all you should check whether the user is loogedin or not. For that you can set a session variable when user logs in in his account. I assume that you set the value "TRUE" in Session("blnIsUserGood") variable. So code will be:
IF Session("blnIsUserGood") =False OR Session("blnIsUserGood") ="" then

RESPONSE.REDIRECT "Login.asp"
end if
'' normal code goes here.....

ok, this is almost working like I need it to. ONce you are logged in, it works fine. But, if the user is not logged in yet, I have it redirect them to the login page. Once they login, it automatically takes them to the add new member page. What I need is when they login, it takes them to the page they wan to go to add/update/delete. my member_maint.asp page looks like this:

<%
'If the session variable is False or does not exsist then redirect the user to the login user page
If Session("blnIsUserGood") = False or IsNull(Session("blnIsUserGood")) = True then

'Redirect to login user page
Response.Redirect"login.asp"
Else
Select Case Request.QueryString("opt")
Case "add" Response.Redirect "add_new_members.asp"
Case "change" Response.Redirect "update.asp" & "?memberid=" & Request.QueryString("memberid")
Case "delete" Response.Redirect "delete.asp" & "?memberid=" & Request.QueryString("memberid")
Case Else Response.Write "Invalid Option"
End Select
End If
%>

HI,
For that you should pass one parameter as hidden value or as query variable to the LOGIN.asp page and should store it in a hidden field in that. After successful login, first check the value of that hidden field and then redirect the user to the desired location based on the value of that field.

Ok, I got this to work, except when I login, the form goes to a check_user form that looks like this:

<%
'Dimension variables
Dim adoCon 'Database Connection Variable
Dim strCon 'Holds the Database driver and the path and name of the database
Dim rsCheckUser 'Database Recordset Variable
Dim strAccessDB 'Holds the Access Database Name
Dim strSQL 'Database query sring
Dim strUserName 'Holds the user name
Dim opt 'option user selected
Dim memberid 'member id for update/delete

'Initalise the strUserName variable
strUserName = Request.Form("txtUserName")
opt = Request.Form("opt")

'Check the database to see if user exsits and read in there password
'Initialise the strAccessDB variable with the name of the Access Database
strAccessDB = "users"

'Create a connection odject
Set adoCon = Server.CreateObject("ADODB.Connection")

'Database connection info and driver
strCon = "DRIVER={Microsoft Access Driver (*.mdb)};uid=;pwd=letmein; DBQ=" & Server.MapPath(strAccessDB)

'Set an active connection to the Connection object
adoCon.Open strCon

'Create a recordset object
Set rsCheckUser = Server.CreateObject("ADODB.Recordset")

'Initalise the strSQL variable with an SQL statement to query the database
strSQL = "SELECT tblUsers.Password FROM tblUsers WHERE tblUsers.UserID ='" & strUserName & "'"

'Query the database
rsCheckUser.Open strSQL, strCon

'If the recordset finds a record for the username entered then read in the password for the user
If NOT rsCheckUser.EOF Then

'Read in the password for the user from the database
If (Request.Form("txtUserPass")) = rsCheckUser("Password") Then

'If the password is correct then set the session variable to True
Session("blnIsUserGood") = True

'Close Objects before redirecting
Set adoCon = Nothing
Set strCon = Nothing
Set rsCheckUser = Nothing

'Redirect to the authorised user page and send the users name
if (opt = "add") then
Response.Redirect"add_new_members.asp?name=" & strUserName
end if
if (opt = "update") then
Response.Redirect "update.asp?name=" & strUserName & "memberid=" & Request.Form("memberid")
End if
if (opt = "delete") then
Response.Redirect "delete.asp?name=" & strUserName & "memberid=" & Request.Form("memberid")
End if
End If
End If

'Close Objects
Set adoCon = Nothing
Set strCon = Nothing
Set rsCheckUser = Nothing

'If the script is still running then the user must not be authorised
Session("blnIsUserGood") = False

'Redirect to the unautorised user page
Response.Redirect"unauthorised_user_page.shtm"
%>

The problem is when it redirects to the update/delete page, I get the error:

Microsoft JET Database Engine error '80040e14'

Syntax error (missing operator) in query expression 'MemberID='.

On the update/delete pages, my SQL loks like this:

SQLstmt = "SELECT * FROM New_Members WHERE MemberID=" & Request.Querystring("memberid")

For some reason, it is not getting the memberid.

Thanks for all your help!!

Change the code'Redirect to the authorised user page and send the users name
if (opt = "add") then
Response.Redirect"add_new_members.asp?name=" & strUserName
end if
if (opt = "update") then
Response.Redirect "update.asp?name=" & strUserName & "memberid=" & Request.Form("memberid")
End if
if (opt = "delete") then
Response.Redirect "delete.asp?name=" & strUserName & "memberid=" & Request.Form("memberid")
End if

with these lines 'Redirect to the authorised user page and send the users name
if (opt = "add") then
Response.Redirect"add_new_members.asp?name=" & strUserName
end if
if (opt = "update") then
Response.Redirect "update.asp?name=" & server.URlencode(strUserName) & "&memberid=" & Request.Form("memberid")
End if
if (opt = "delete") then
Response.Redirect "delete.asp?name=" & server.URLencode(strUserName) & "&memberid=" & Request.Form("memberid")
End if

Thanks, works like a champ!!!