redirecting user after login

Discussion in 'C#' started by paulie007, Jan 14, 2008.

0
  1. #1
    Hi all,

    I’m trying to customise some ASP code but I’m a complete novice with ASP.

    The code below is for a login. It checks the email and password in a database and if found redirects to a page. It works fine.

    The database has two types of user, guest and admin

    I want to the code to redirect the user to a different page depending on their account type, i.e. admin users get redirected to admin.asp and guest are redirected toguest.asp

    Any help you can give would be very much appreciated.

    <%
    if request.Form("login") = "true" then

    email = request.Form("email")
    password = request.Form("password")
    if instr(1,email,"'") > 0 then
    response.Redirect("index.asp")
    end if
    if instr(1,password,"'") > 0 then
    response.Redirect("index.asp")
    end if
    Query = "select * FROM password where email='" & email & "' and password = '" & password & "'"
    Set RS = Server.CreateObject("ADODB.Recordset")
    RS.Open Query, test_connector, 3, 3
    login_true = false
    if (not RS.bof) and (not RS.eof) then
    login_true = true
    session("access_level") = RS("user_level")
    session("user_email") = RS("email")
    session("mm_username") = RS("user_name")
    session("id") = RS("id")
    session("country") = RS("country")
    session("prov") = RS("prov")
    response.Redirect("test_main.asp")
    end if
    RS.Close
    if login_true = false then
    Response.Write "<h3>The User Name / Password you tried to use can not be found in our database please try again</h3>"
    end if
    else %>

    Hi again, Think I'm ok now. I made the following a chnages. There are probably betters ways to acheive what I want but this works!

    if request.Form("login") = "true" then

    email = request.Form("email")
    password = request.Form("password")
    if instr(1,email,"'") > 0 then
    response.Redirect("index.asp")
    end if
    if instr(1,password,"'") > 0 then
    response.Redirect("index.asp")
    end if
    Query = "select * FROM password where email='" & email & "' and password = '" & password & "'"
    Set RS = Server.CreateObject("ADODB.Recordset")
    RS.Open Query, test_connector, 3, 3
    login_true = false
    if (not RS.bof) and (not RS.eof) then
    login_true = true
    session("access_level") = RS("user_level")
    session("user_email") = RS("email")
    session("mm_username") = RS("user_name")
    session("id") = RS("id")
    session("country") = RS("country")
    session("prov") = RS("prov")
    if session("access_level") = "admin" then
    response.Redirect("test_admin.asp")
    else
    if session("access_level") = "tutor" then
    response.Redirect("wer.asp")
    else
    if session("access_level") = "guest" then
    response.Redirect("test_main.asp")
    end if
    end if
    end if
    end if
     
    paulie007, Jan 14, 2008 IP