Solved

Access Level Conditional Redirect

Posted on 2004-08-09
27
280 Views
Last Modified: 2010-04-25
I am working on a project using a datagrid.  I have two different pages, 1 that is read only and 1 that has insert & edit buttons on the page.  I have built a login page and have a table in my database that has a login, password, and access column.  I am using dreamweavers built in "login" behavior and their "restrict access to page" behavior.  What I want to do is this:

If the user logs in and their access level=1 then I want them to be sent to the read only page.  If their access level=2 then I want them to be sent to the read & write page.

I will probably need some hand-holding thru this as I get over my head really fast when modifying code.

Thanks,
Scott
0
Comment
Question by:aswhitehead
  • 15
  • 12
27 Comments
 
LVL 8

Expert Comment

by:alexhogan
ID: 11756692
When your user logs in you will get an access level and you want to redirect the user to the respective page.  You can use an If statement.

Like this..,

If "AccessLevel" <> 2 Then
    Response.Redirect("readonlypage.asp")
Else
    Response.Redirect("readandwritepage.asp")
End If

This says that if the access level is not equal to 2,(read and write mode) then redirect the user to the read only page, else, redirect the user to the read and write page.

This however assumes that the only two conditions are going to be 1 or 2.  If a 3 is passed to this expression, it will redirect the user to the read only page because 3 is not equal to 2.  So if you expand your administrative levels to more than two you would need to modify the expression.
0
 

Author Comment

by:aswhitehead
ID: 11756881
Do I place this code on my login page?  If so, where does it go on the page.  I can post my code if you would like so that you can show me where to place it.

Scott
0
 
LVL 8

Expert Comment

by:alexhogan
ID: 11757232
You would place the code where you are processing the login data.

Post your code and I'll show you where to put it.
0
 

Author Comment

by:aswhitehead
ID: 11757343
Here is the code from my login page:

<%@LANGUAGE="VBSCRIPT"%>
<!--#include file="Connections/SAMPLES.asp" -->
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Request.QueryString
MM_valUsername=CStr(Request.Form("login2"))
If MM_valUsername <> "" Then
  MM_fldUserAuthorization="Access"
  MM_redirectLoginSuccess="Datagrid_RW.asp"
  MM_redirectLoginFailed="DatagridLoginFailed.asp"
  MM_flag="ADODB.Recordset"
  set MM_rsUser = Server.CreateObject(MM_flag)
  MM_rsUser.ActiveConnection = MM_SAMPLES_STRING
  MM_rsUser.Source = "SELECT Login, Password"
  If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization
  MM_rsUser.Source = MM_rsUser.Source & " FROM Login WHERE Login='" & Replace(MM_valUsername,"'","''") &"' AND Password='" & Replace(Request.Form("password2"),"'","''") & "'"
  MM_rsUser.CursorType = 0
  MM_rsUser.CursorLocation = 2
  MM_rsUser.LockType = 3
  MM_rsUser.Open
  If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
    ' username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername
    If (MM_fldUserAuthorization <> "") Then
      Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
    Else
      Session("MM_UserAuthorization") = ""
    End If
    if CStr(Request.QueryString("accessdenied")) <> "" And false Then
      MM_redirectLoginSuccess = Request.QueryString("accessdenied")
    End If      
    MM_rsUser.Close
    Response.Redirect(MM_redirectLoginSuccess)
  End If
  MM_rsUser.Close
  Response.Redirect(MM_redirectLoginFailed)
End If
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<p>Welcome to the Sample Tracking Database login page. &nbsp;Enter your login
  and password to access the database.</p>
<form name="form4" method="POST" action="<%=MM_LoginAction%>">
  <table width="249" border="0">
    <tr>
      <td width="74"><div align="right">Login&nbsp;</div></td>
      <td width="159"> <input name="login2" type="text" id="login2"> </td>
    </tr>
    <tr>
      <td><div align="right">Password&nbsp;</div></td>
      <td> <input name="password2" type="text" id="password2"> </td>
    </tr>
  </table>
  <p>
    <input type="submit" name="Submit2" value="Log In">
  </p>
</form>

<p>&nbsp;</p>
<p>&nbsp; </p>
</body>
</html>
0
 
LVL 8

Expert Comment

by:alexhogan
ID: 11780595
Place your branching code between these two lines;

 MM_rsUser.Open
<insert code here>
  If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
0
 
LVL 8

Expert Comment

by:alexhogan
ID: 11780604
My mistake..,

Place the branching code before this code block;

if CStr(Request.QueryString("accessdenied")) <> "" And false Then
      MM_redirectLoginSuccess = Request.QueryString("accessdenied")
    End If    
    MM_rsUser.Close
    Response.Redirect(MM_redirectLoginSuccess)
  End If
  MM_rsUser.Close
  Response.Redirect(MM_redirectLoginFailed)
End If
%>

Everything before this verifies the user and creates the session objects.
0
 

Author Comment

by:aswhitehead
ID: 11783077
I am getting this error when I try to login:

Microsoft VBScript runtime error '800a000d'

Type mismatch: '[string: "AccessLevel"]'

/DatagridLogin.asp, line 31

I tried changing "AccessLevel" to "Access" because that is the column name in my database but thad didn't work either.  Do I need to define the variable "AccessLevel" before this to make this work?

Scott


0
 
LVL 8

Expert Comment

by:alexhogan
ID: 11783572
The type mismatch indicates that you are getting a conflict in data types.  e.g. You are trying to pass a string to an integer or something similar.

What is the datatype of AccessLevel in your database?
0
 

Author Comment

by:aswhitehead
ID: 11783680
Datatype is "text".  I am using microsoft access.
0
 

Author Comment

by:aswhitehead
ID: 11783716
Also, the column name is "Access" not "AccessLevel".  I changed the branching code to "Access" but it still didn't work.

Scott
0
 
LVL 8

Expert Comment

by:alexhogan
ID: 11784029
Are you still getting the same error message or is it just not redirecting?
0
 

Author Comment

by:aswhitehead
ID: 11784063
Same error:

Microsoft VBScript runtime error '800a000d'

Type mismatch: '[string: "Access"]'

/DatagridLogin.asp, line 33

Thanks,
Scott
0
 

Author Comment

by:aswhitehead
ID: 11789238
Anyone have any ideas on this error message?

Thanks,
Scott
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:aswhitehead
ID: 11811099
I still have not been able to get this to work.  I would like to award you (alexhogan) the points if we can get this error fixed but I do not have the expertise to know what to do.  Do you have any suggestions?  Here is my page of code after I have inserted your branching code.  Could you take a look at it and see if I have any mistakes anywhere that would cause this error?  Again, the column name in my database is : "Access"

<%@LANGUAGE="VBSCRIPT"%>
<!--#include file="Connections/SAMPLES.asp" -->
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Request.QueryString
MM_valUsername=CStr(Request.Form("login2"))
If MM_valUsername <> "" Then
  MM_fldUserAuthorization="Access"
  MM_redirectLoginSuccess="Datagrid_RW.asp"
  MM_redirectLoginFailed="DatagridLoginFailed.asp"
  MM_flag="ADODB.Recordset"
  set MM_rsUser = Server.CreateObject(MM_flag)
  MM_rsUser.ActiveConnection = MM_SAMPLES_STRING
  MM_rsUser.Source = "SELECT Login, Password"
  If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization
  MM_rsUser.Source = MM_rsUser.Source & " FROM Login WHERE Login='" & Replace(MM_valUsername,"'","''") &"' AND Password='" & Replace(Request.Form("password2"),"'","''") & "'"
  MM_rsUser.CursorType = 0
  MM_rsUser.CursorLocation = 2
  MM_rsUser.LockType = 3
  MM_rsUser.Open
 
 
  If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
    ' username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername
    If (MM_fldUserAuthorization <> "") Then
      Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
    Else
      Session("MM_UserAuthorization") = ""
    End If
      
      If "Access" <> 2 Then
    Response.Redirect("Datagrid_RO.asp")
Else
    Response.Redirect("Datagrid_RW.asp")
End If

      
      if CStr(Request.QueryString("accessdenied")) <> "" And false Then
      MM_redirectLoginSuccess = Request.QueryString("accessdenied")
    End If      
    MM_rsUser.Close
    Response.Redirect(MM_redirectLoginSuccess)
  End If
  MM_rsUser.Close
  Response.Redirect(MM_redirectLoginFailed)
End If
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<p>Welcome to the Sample Tracking Database login page. &nbsp;Enter your login
  and password to access the database.</p>
<form name="form4" method="POST" action="<%=MM_LoginAction%>">
  <table width="249" border="0">
    <tr>
      <td width="74"><div align="right">Login&nbsp;</div></td>
      <td width="159"> <input name="login2" type="text" id="login2"> </td>
    </tr>
    <tr>
      <td><div align="right">Password&nbsp;</div></td>
      <td> <input name="password2" type="password" id="password2"> </td>
    </tr>
  </table>
  <p>
    <input type="submit" name="Submit2" value="Log In">
  </p>
</form>

<p>&nbsp;</p>
<p>&nbsp; </p>
</body>
</html>

Thanks,
Scott
0
 

Author Comment

by:aswhitehead
ID: 11821413
Okay...I have worked on it and got rid of the error but now it is only redirecting to the "read & write" page, even though  I sign in with a user that has "Read Only" access.  Here is my page code for the login page:

<%@LANGUAGE="VBSCRIPT"%>
<!--#include file="Connections/SAMPLES.asp" -->
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Request.QueryString
MM_valUsername=CStr(Request.Form("login2"))
If MM_valUsername <> "" Then
  MM_fldUserAuthorization="Access"
  MM_redirectLoginSuccess="Datagrid_RW.asp"
  MM_redirectLoginFailed="DatagridLoginFailed.asp"
  MM_flag="ADODB.Recordset"
  set MM_rsUser = Server.CreateObject(MM_flag)
  MM_rsUser.ActiveConnection = MM_SAMPLES_STRING
  MM_rsUser.Source = "SELECT Login, Password"
  If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization
  MM_rsUser.Source = MM_rsUser.Source & " FROM Login WHERE Login='" & Replace(MM_valUsername,"'","''") &"' AND Password='" & Replace(Request.Form("password2"),"'","''") & "'"
  MM_rsUser.CursorType = 0
  MM_rsUser.CursorLocation = 2
  MM_rsUser.LockType = 3
  MM_rsUser.Open
 
 
  If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
    ' username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername
    If (MM_fldUserAuthorization <> "") Then
      Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
    Else
      Session("MM_UserAuthorization") = ""
    End If
      
      If "Access" <> "1" Then
    Response.Redirect("Datagrid_RO.asp")
Else
    Response.Redirect("Datagrid_RW.asp")
End If

      
      if CStr(Request.QueryString("accessdenied")) <> "" And false Then
      MM_redirectLoginSuccess = Request.QueryString("accessdenied")
    End If      
    MM_rsUser.Close
    Response.Redirect(MM_redirectLoginSuccess)
  End If
  MM_rsUser.Close
  Response.Redirect(MM_redirectLoginFailed)
End If
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<p>Welcome to the Sample Tracking Database login page. &nbsp;Enter your login
  and password to access the database.</p>
<form name="form4" method="POST" action="<%=MM_LoginAction%>">
  <table width="249" border="0">
    <tr>
      <td width="74"><div align="right">Login&nbsp;</div></td>
      <td width="159"> <input name="login2" type="text" id="login2"> </td>
    </tr>
    <tr>
      <td><div align="right">Password&nbsp;</div></td>
      <td> <input name="password2" type="password" id="password2"> </td>
    </tr>
  </table>
  <p>
    <input type="submit" name="Submit2" value="Log In">
  </p>
</form>

<p>&nbsp;</p>
<p>&nbsp; </p>
</body>
</html>

What do you think would cause this?  I have "Restrict page" behaviors on both of the redirect pages.

Scott
0
 
LVL 8

Expert Comment

by:alexhogan
ID: 11821586
Sorry.., been out of town....

In your code block;

If "Access" <> "1" Then
    Response.Redirect("Datagrid_RO.asp")
Else
    Response.Redirect("Datagrid_RW.asp")
End If

Change it to;

If "Access" = "1" Then
    Response.Redirect("Datagrid_RO.asp")
Else
    Response.Redirect("Datagrid_RW.asp")
End If


0
 

Author Comment

by:aswhitehead
ID: 11821742
I think I have it working.  I think the final problem I had was that my session wasn't being logged out when I changed users.  If I login as a restricted user it takes me to the right page.  If I close the browser, go back, and login as an admin user it takes me to the correct page.  So I tried adding "Logout" behaviors to both of the pages and this is the error I get:

Microsoft VBScript runtime error '800a01b6'

Object doesn't support this property or method: 'Remove'

/Datagrid_RO.asp, line 8

Any thoughts?  I am using an ASPDATAGRID object from this site:

http://www.add2web.dk/aspdatagrid/

Maybe the conflict is there.

Scott
0
 
LVL 8

Expert Comment

by:alexhogan
ID: 11822045
Is there a 'Remove' method in the grid object?

The error you're getting is that there is no method or property named 'Remove'.
0
 

Author Comment

by:aswhitehead
ID: 11823761
Your probably going to think Im crazy...but I can't get the redirect to work now.  I guess I was dreaming that it had worked:-)  Here is the redirect code I am using:

If "Access" <> "2" Then
    Response.Redirect("Datagrid_RW.asp")
Else
    Response.Redirect("Datagrid_RO.asp")
End If

I have a user that has an Access of "1" & a user with an Access of "2".  The level "1" login works fine...it redirects to "Datagrid_RW.asp".  But the level "2" user doesn't work.  I have the options set in the login behavior and the "restrict access to page" behavior to direct back to the login page if login fails, so that is whats happening with them.  Its looks like the "Else" part of it is not working.  Any suggestions?

I'll forget about the logout function right now.  I have removed them from my page to try and get back to square one so that I can get this redirect to work.

SCott
0
 
LVL 8

Expert Comment

by:alexhogan
ID: 11823945
Try this;

Select Case (Access)
    Case "1"
         Response.Redirect("Datagrid_RW.asp")
    Case "2"
         Response.Redirect("Datagrid_RO.asp")
    Case Else
         Response.Redirect("Datagrid_RO.asp")
End Select

If anything other than 1 or 2 is entered then it will redirect to Datagrid_RO.asp.
0
 

Author Comment

by:aswhitehead
ID: 11824615
That produced the same result.  I am pretty sure that your redirect code is not the problem.  I think I may have narrowed the problem down though...

In the "Log In User" behavior in Dreamweaver MX:
     The page that you specify in the "If Login Succeeds, Go To" field is the only page that will work.  

For example:

I have a page, RO.asp, that has an access level of 2 and a page, RW.asp, that has an access level of 3.  If I put "RO.asp" in the "If Login Succeeds, Go To" field, then I can login with a level 2 user but that is the only page I  can log into.  If I try to go to RW.asp, even with a user name that has level 3 access, it fails.  The opposite is also true.  

It looks as if it is only passing parameters to whatever page is in that "If Login Succeeds, Go To" box.

What do you think?
0
 
LVL 8

Expert Comment

by:alexhogan
ID: 11824754
Let's start from the basics;

Did you create the access level field in the database?
Did you point to that field in the logon behavior?
Did you set the access level in the logon behavior?
0
 

Author Comment

by:aswhitehead
ID: 11825118
Did you create the access level field in the database?

     Yes.  The database is set up like this:  ID, Login, Password, Access

Did you point to that field in the logon behavior?

     Yes

Did you set the access level in the logon behavior?

     There is no place in the "login User" behavior to specify the access level.  Only the field to pull the access level
     from.  I did specify the access level in the "Restrict access to page" behavior on the redirect pages.

Scott

0
 
LVL 8

Accepted Solution

by:
alexhogan earned 500 total points
ID: 11825523
Here is the process from the beginning.

Once you have created the database table and logon page and created a connection;
1. Go to the Server Behaviors
2. Select User Authentication > Log In User from the '+'
3. Fill out the form using the drop downs (They should be somewhat fillouted for you, DW is pretty intuitive at this point)
4. At the bottom of the form you will see a section that reads, "Restrict access baxed on:"
   You will be given two choices;
   Username and password
   or
   Username, password, and access level
5. Select the second option, username, password and access level
6. When you make that selection the drop down below those choices will become active and allow you to select the field that contains the access level values.  In your case 'Access'

Now on the pages that you are accessing;

From the Server Behavoirs tab select User Authentication > Restrict Access to Page
1. On the dialog box you will be given two options like before
2. Select Username, password and access level
3. Next to the Select level(s) text area there is a button labeled 'Define...'
4. Click define and in the dialog box that displays add the access levels that you want by clicking on the '+' after entering the access level in the text box below the text area
5. Select the first level that you want to give access to
6. Enter the path and page in the text box titled, "If access denied, go to:" or click the browse button to find the file that you want
7. Repeat the same as above for the second level


That's pretty much it.

Now you don't have to worry about searching and hand coding the values that you were looking at before.
0
 

Author Comment

by:aswhitehead
ID: 11825726
I pretty much understand how to use the behaviors as they are...but how does this give me a redirect based upon the username and password that the person logs in with?  I quess I could have the first page have the links to the two pages (Read Only & Read/Write) and then when they click on one of them it will ask them to login.  What I was really hoping to do though was have the first page be a login screen and then based upon that data they would be directed to the Read Only or the Read/Write page.

I am sorry this is turning into such a project.  Let me know if I am missing something in your last answer.

Scott
0
 
LVL 8

Expert Comment

by:alexhogan
ID: 11825889
No problem..,

From the dialog box that restricts access to page.

If you have a page that restricts the user to have an access level of 2, and you access that page from the login with the user having an access level of 1, then you can redirect them to the 1 access level page on failure.

That is the same as saying;

If "Access" <> "2" Then
    Response.Redirect("read only page")
Else
    Response.Redirect("read and write page")
End If
0
 

Author Comment

by:aswhitehead
ID: 11825948
Now I see...that works great!  I have awarded you the points and thanks for hanging in there with me.

Scott
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Adobe Dreamweaver CS5 is a WYSIWYG web page editor that has advanced HTML, CSS, and Javascript rendering functionality and is probably the most well-known HTML editor available. Much of Dreamweaver's appeal centers around the Design View interfac…
This article is very specific and is only intended to help if you are installing Dreamweaver 8 in a Windows 7 environment with Office 2007 installed.   I'm not sure why Microsoft tends to release OS' that should not be released but they do.  Windows…
This video discusses moving either the default database or any database to a new volume.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now