Access Level Conditional Redirect

I am working on a project using a datagrid.  I have two different pages, 1 that is read only and 1 that has insert & edit buttons on the page.  I have built a login page and have a table in my database that has a login, password, and access column.  I am using dreamweavers built in "login" behavior and their "restrict access to page" behavior.  What I want to do is this:

If the user logs in and their access level=1 then I want them to be sent to the read only page.  If their access level=2 then I want them to be sent to the read & write page.

I will probably need some hand-holding thru this as I get over my head really fast when modifying code.

Thanks,
Scott
aswhiteheadAsked:
Who is Participating?
 
alexhoganConnect With a Mentor Commented:
Here is the process from the beginning.

Once you have created the database table and logon page and created a connection;
1. Go to the Server Behaviors
2. Select User Authentication > Log In User from the '+'
3. Fill out the form using the drop downs (They should be somewhat fillouted for you, DW is pretty intuitive at this point)
4. At the bottom of the form you will see a section that reads, "Restrict access baxed on:"
   You will be given two choices;
   Username and password
   or
   Username, password, and access level
5. Select the second option, username, password and access level
6. When you make that selection the drop down below those choices will become active and allow you to select the field that contains the access level values.  In your case 'Access'

Now on the pages that you are accessing;

From the Server Behavoirs tab select User Authentication > Restrict Access to Page
1. On the dialog box you will be given two options like before
2. Select Username, password and access level
3. Next to the Select level(s) text area there is a button labeled 'Define...'
4. Click define and in the dialog box that displays add the access levels that you want by clicking on the '+' after entering the access level in the text box below the text area
5. Select the first level that you want to give access to
6. Enter the path and page in the text box titled, "If access denied, go to:" or click the browse button to find the file that you want
7. Repeat the same as above for the second level


That's pretty much it.

Now you don't have to worry about searching and hand coding the values that you were looking at before.
0
 
alexhoganCommented:
When your user logs in you will get an access level and you want to redirect the user to the respective page.  You can use an If statement.

Like this..,

If "AccessLevel" <> 2 Then
    Response.Redirect("readonlypage.asp")
Else
    Response.Redirect("readandwritepage.asp")
End If

This says that if the access level is not equal to 2,(read and write mode) then redirect the user to the read only page, else, redirect the user to the read and write page.

This however assumes that the only two conditions are going to be 1 or 2.  If a 3 is passed to this expression, it will redirect the user to the read only page because 3 is not equal to 2.  So if you expand your administrative levels to more than two you would need to modify the expression.
0
 
aswhiteheadAuthor Commented:
Do I place this code on my login page?  If so, where does it go on the page.  I can post my code if you would like so that you can show me where to place it.

Scott
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
alexhoganCommented:
You would place the code where you are processing the login data.

Post your code and I'll show you where to put it.
0
 
aswhiteheadAuthor Commented:
Here is the code from my login page:

<%@LANGUAGE="VBSCRIPT"%>
<!--#include file="Connections/SAMPLES.asp" -->
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Request.QueryString
MM_valUsername=CStr(Request.Form("login2"))
If MM_valUsername <> "" Then
  MM_fldUserAuthorization="Access"
  MM_redirectLoginSuccess="Datagrid_RW.asp"
  MM_redirectLoginFailed="DatagridLoginFailed.asp"
  MM_flag="ADODB.Recordset"
  set MM_rsUser = Server.CreateObject(MM_flag)
  MM_rsUser.ActiveConnection = MM_SAMPLES_STRING
  MM_rsUser.Source = "SELECT Login, Password"
  If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization
  MM_rsUser.Source = MM_rsUser.Source & " FROM Login WHERE Login='" & Replace(MM_valUsername,"'","''") &"' AND Password='" & Replace(Request.Form("password2"),"'","''") & "'"
  MM_rsUser.CursorType = 0
  MM_rsUser.CursorLocation = 2
  MM_rsUser.LockType = 3
  MM_rsUser.Open
  If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
    ' username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername
    If (MM_fldUserAuthorization <> "") Then
      Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
    Else
      Session("MM_UserAuthorization") = ""
    End If
    if CStr(Request.QueryString("accessdenied")) <> "" And false Then
      MM_redirectLoginSuccess = Request.QueryString("accessdenied")
    End If      
    MM_rsUser.Close
    Response.Redirect(MM_redirectLoginSuccess)
  End If
  MM_rsUser.Close
  Response.Redirect(MM_redirectLoginFailed)
End If
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<p>Welcome to the Sample Tracking Database login page. &nbsp;Enter your login
  and password to access the database.</p>
<form name="form4" method="POST" action="<%=MM_LoginAction%>">
  <table width="249" border="0">
    <tr>
      <td width="74"><div align="right">Login&nbsp;</div></td>
      <td width="159"> <input name="login2" type="text" id="login2"> </td>
    </tr>
    <tr>
      <td><div align="right">Password&nbsp;</div></td>
      <td> <input name="password2" type="text" id="password2"> </td>
    </tr>
  </table>
  <p>
    <input type="submit" name="Submit2" value="Log In">
  </p>
</form>

<p>&nbsp;</p>
<p>&nbsp; </p>
</body>
</html>
0
 
alexhoganCommented:
Place your branching code between these two lines;

 MM_rsUser.Open
<insert code here>
  If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
0
 
alexhoganCommented:
My mistake..,

Place the branching code before this code block;

if CStr(Request.QueryString("accessdenied")) <> "" And false Then
      MM_redirectLoginSuccess = Request.QueryString("accessdenied")
    End If    
    MM_rsUser.Close
    Response.Redirect(MM_redirectLoginSuccess)
  End If
  MM_rsUser.Close
  Response.Redirect(MM_redirectLoginFailed)
End If
%>

Everything before this verifies the user and creates the session objects.
0
 
aswhiteheadAuthor Commented:
I am getting this error when I try to login:

Microsoft VBScript runtime error '800a000d'

Type mismatch: '[string: "AccessLevel"]'

/DatagridLogin.asp, line 31

I tried changing "AccessLevel" to "Access" because that is the column name in my database but thad didn't work either.  Do I need to define the variable "AccessLevel" before this to make this work?

Scott


0
 
alexhoganCommented:
The type mismatch indicates that you are getting a conflict in data types.  e.g. You are trying to pass a string to an integer or something similar.

What is the datatype of AccessLevel in your database?
0
 
aswhiteheadAuthor Commented:
Datatype is "text".  I am using microsoft access.
0
 
aswhiteheadAuthor Commented:
Also, the column name is "Access" not "AccessLevel".  I changed the branching code to "Access" but it still didn't work.

Scott
0
 
alexhoganCommented:
Are you still getting the same error message or is it just not redirecting?
0
 
aswhiteheadAuthor Commented:
Same error:

Microsoft VBScript runtime error '800a000d'

Type mismatch: '[string: "Access"]'

/DatagridLogin.asp, line 33

Thanks,
Scott
0
 
aswhiteheadAuthor Commented:
Anyone have any ideas on this error message?

Thanks,
Scott
0
 
aswhiteheadAuthor Commented:
I still have not been able to get this to work.  I would like to award you (alexhogan) the points if we can get this error fixed but I do not have the expertise to know what to do.  Do you have any suggestions?  Here is my page of code after I have inserted your branching code.  Could you take a look at it and see if I have any mistakes anywhere that would cause this error?  Again, the column name in my database is : "Access"

<%@LANGUAGE="VBSCRIPT"%>
<!--#include file="Connections/SAMPLES.asp" -->
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Request.QueryString
MM_valUsername=CStr(Request.Form("login2"))
If MM_valUsername <> "" Then
  MM_fldUserAuthorization="Access"
  MM_redirectLoginSuccess="Datagrid_RW.asp"
  MM_redirectLoginFailed="DatagridLoginFailed.asp"
  MM_flag="ADODB.Recordset"
  set MM_rsUser = Server.CreateObject(MM_flag)
  MM_rsUser.ActiveConnection = MM_SAMPLES_STRING
  MM_rsUser.Source = "SELECT Login, Password"
  If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization
  MM_rsUser.Source = MM_rsUser.Source & " FROM Login WHERE Login='" & Replace(MM_valUsername,"'","''") &"' AND Password='" & Replace(Request.Form("password2"),"'","''") & "'"
  MM_rsUser.CursorType = 0
  MM_rsUser.CursorLocation = 2
  MM_rsUser.LockType = 3
  MM_rsUser.Open
 
 
  If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
    ' username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername
    If (MM_fldUserAuthorization <> "") Then
      Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
    Else
      Session("MM_UserAuthorization") = ""
    End If
      
      If "Access" <> 2 Then
    Response.Redirect("Datagrid_RO.asp")
Else
    Response.Redirect("Datagrid_RW.asp")
End If

      
      if CStr(Request.QueryString("accessdenied")) <> "" And false Then
      MM_redirectLoginSuccess = Request.QueryString("accessdenied")
    End If      
    MM_rsUser.Close
    Response.Redirect(MM_redirectLoginSuccess)
  End If
  MM_rsUser.Close
  Response.Redirect(MM_redirectLoginFailed)
End If
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<p>Welcome to the Sample Tracking Database login page. &nbsp;Enter your login
  and password to access the database.</p>
<form name="form4" method="POST" action="<%=MM_LoginAction%>">
  <table width="249" border="0">
    <tr>
      <td width="74"><div align="right">Login&nbsp;</div></td>
      <td width="159"> <input name="login2" type="text" id="login2"> </td>
    </tr>
    <tr>
      <td><div align="right">Password&nbsp;</div></td>
      <td> <input name="password2" type="password" id="password2"> </td>
    </tr>
  </table>
  <p>
    <input type="submit" name="Submit2" value="Log In">
  </p>
</form>

<p>&nbsp;</p>
<p>&nbsp; </p>
</body>
</html>

Thanks,
Scott
0
 
aswhiteheadAuthor Commented:
Okay...I have worked on it and got rid of the error but now it is only redirecting to the "read & write" page, even though  I sign in with a user that has "Read Only" access.  Here is my page code for the login page:

<%@LANGUAGE="VBSCRIPT"%>
<!--#include file="Connections/SAMPLES.asp" -->
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Request.QueryString
MM_valUsername=CStr(Request.Form("login2"))
If MM_valUsername <> "" Then
  MM_fldUserAuthorization="Access"
  MM_redirectLoginSuccess="Datagrid_RW.asp"
  MM_redirectLoginFailed="DatagridLoginFailed.asp"
  MM_flag="ADODB.Recordset"
  set MM_rsUser = Server.CreateObject(MM_flag)
  MM_rsUser.ActiveConnection = MM_SAMPLES_STRING
  MM_rsUser.Source = "SELECT Login, Password"
  If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization
  MM_rsUser.Source = MM_rsUser.Source & " FROM Login WHERE Login='" & Replace(MM_valUsername,"'","''") &"' AND Password='" & Replace(Request.Form("password2"),"'","''") & "'"
  MM_rsUser.CursorType = 0
  MM_rsUser.CursorLocation = 2
  MM_rsUser.LockType = 3
  MM_rsUser.Open
 
 
  If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
    ' username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername
    If (MM_fldUserAuthorization <> "") Then
      Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
    Else
      Session("MM_UserAuthorization") = ""
    End If
      
      If "Access" <> "1" Then
    Response.Redirect("Datagrid_RO.asp")
Else
    Response.Redirect("Datagrid_RW.asp")
End If

      
      if CStr(Request.QueryString("accessdenied")) <> "" And false Then
      MM_redirectLoginSuccess = Request.QueryString("accessdenied")
    End If      
    MM_rsUser.Close
    Response.Redirect(MM_redirectLoginSuccess)
  End If
  MM_rsUser.Close
  Response.Redirect(MM_redirectLoginFailed)
End If
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<p>Welcome to the Sample Tracking Database login page. &nbsp;Enter your login
  and password to access the database.</p>
<form name="form4" method="POST" action="<%=MM_LoginAction%>">
  <table width="249" border="0">
    <tr>
      <td width="74"><div align="right">Login&nbsp;</div></td>
      <td width="159"> <input name="login2" type="text" id="login2"> </td>
    </tr>
    <tr>
      <td><div align="right">Password&nbsp;</div></td>
      <td> <input name="password2" type="password" id="password2"> </td>
    </tr>
  </table>
  <p>
    <input type="submit" name="Submit2" value="Log In">
  </p>
</form>

<p>&nbsp;</p>
<p>&nbsp; </p>
</body>
</html>

What do you think would cause this?  I have "Restrict page" behaviors on both of the redirect pages.

Scott
0
 
alexhoganCommented:
Sorry.., been out of town....

In your code block;

If "Access" <> "1" Then
    Response.Redirect("Datagrid_RO.asp")
Else
    Response.Redirect("Datagrid_RW.asp")
End If

Change it to;

If "Access" = "1" Then
    Response.Redirect("Datagrid_RO.asp")
Else
    Response.Redirect("Datagrid_RW.asp")
End If


0
 
aswhiteheadAuthor Commented:
I think I have it working.  I think the final problem I had was that my session wasn't being logged out when I changed users.  If I login as a restricted user it takes me to the right page.  If I close the browser, go back, and login as an admin user it takes me to the correct page.  So I tried adding "Logout" behaviors to both of the pages and this is the error I get:

Microsoft VBScript runtime error '800a01b6'

Object doesn't support this property or method: 'Remove'

/Datagrid_RO.asp, line 8

Any thoughts?  I am using an ASPDATAGRID object from this site:

http://www.add2web.dk/aspdatagrid/

Maybe the conflict is there.

Scott
0
 
alexhoganCommented:
Is there a 'Remove' method in the grid object?

The error you're getting is that there is no method or property named 'Remove'.
0
 
aswhiteheadAuthor Commented:
Your probably going to think Im crazy...but I can't get the redirect to work now.  I guess I was dreaming that it had worked:-)  Here is the redirect code I am using:

If "Access" <> "2" Then
    Response.Redirect("Datagrid_RW.asp")
Else
    Response.Redirect("Datagrid_RO.asp")
End If

I have a user that has an Access of "1" & a user with an Access of "2".  The level "1" login works fine...it redirects to "Datagrid_RW.asp".  But the level "2" user doesn't work.  I have the options set in the login behavior and the "restrict access to page" behavior to direct back to the login page if login fails, so that is whats happening with them.  Its looks like the "Else" part of it is not working.  Any suggestions?

I'll forget about the logout function right now.  I have removed them from my page to try and get back to square one so that I can get this redirect to work.

SCott
0
 
alexhoganCommented:
Try this;

Select Case (Access)
    Case "1"
         Response.Redirect("Datagrid_RW.asp")
    Case "2"
         Response.Redirect("Datagrid_RO.asp")
    Case Else
         Response.Redirect("Datagrid_RO.asp")
End Select

If anything other than 1 or 2 is entered then it will redirect to Datagrid_RO.asp.
0
 
aswhiteheadAuthor Commented:
That produced the same result.  I am pretty sure that your redirect code is not the problem.  I think I may have narrowed the problem down though...

In the "Log In User" behavior in Dreamweaver MX:
     The page that you specify in the "If Login Succeeds, Go To" field is the only page that will work.  

For example:

I have a page, RO.asp, that has an access level of 2 and a page, RW.asp, that has an access level of 3.  If I put "RO.asp" in the "If Login Succeeds, Go To" field, then I can login with a level 2 user but that is the only page I  can log into.  If I try to go to RW.asp, even with a user name that has level 3 access, it fails.  The opposite is also true.  

It looks as if it is only passing parameters to whatever page is in that "If Login Succeeds, Go To" box.

What do you think?
0
 
alexhoganCommented:
Let's start from the basics;

Did you create the access level field in the database?
Did you point to that field in the logon behavior?
Did you set the access level in the logon behavior?
0
 
aswhiteheadAuthor Commented:
Did you create the access level field in the database?

     Yes.  The database is set up like this:  ID, Login, Password, Access

Did you point to that field in the logon behavior?

     Yes

Did you set the access level in the logon behavior?

     There is no place in the "login User" behavior to specify the access level.  Only the field to pull the access level
     from.  I did specify the access level in the "Restrict access to page" behavior on the redirect pages.

Scott

0
 
aswhiteheadAuthor Commented:
I pretty much understand how to use the behaviors as they are...but how does this give me a redirect based upon the username and password that the person logs in with?  I quess I could have the first page have the links to the two pages (Read Only & Read/Write) and then when they click on one of them it will ask them to login.  What I was really hoping to do though was have the first page be a login screen and then based upon that data they would be directed to the Read Only or the Read/Write page.

I am sorry this is turning into such a project.  Let me know if I am missing something in your last answer.

Scott
0
 
alexhoganCommented:
No problem..,

From the dialog box that restricts access to page.

If you have a page that restricts the user to have an access level of 2, and you access that page from the login with the user having an access level of 1, then you can redirect them to the 1 access level page on failure.

That is the same as saying;

If "Access" <> "2" Then
    Response.Redirect("read only page")
Else
    Response.Redirect("read and write page")
End If
0
 
aswhiteheadAuthor Commented:
Now I see...that works great!  I have awarded you the points and thanks for hanging in there with me.

Scott
0
All Courses

From novice to tech pro — start learning today.