Solved

ASP - MDB Login with a Twist?

Posted on 2004-11-01
704 Views
Last Modified: 2008-02-01
Microsoft (MDB) Login validation.

Form login:

ASP question, How would you validate a Member & Password form fields in a Form named "login" to make sure they exist and match in a table, and if so, then pass another field (MailingListID) in that same table row to a string receiving ASP page to show that users data from that entire row.

------------------------------------------------------------------------------------------------------
I am currently using (<%=MM_LoginAction%>) for the action, a Macromedia extension
concidering using a custom script on ("member-update-now.asp" or "member-login.asp").


<form method="POST" action=" " name="LogIn">
Member Log In
Member : <input type="TEXT" name="Member" size="20">
Password: <input type="PASSWORD" name="Password" size="20">                
<input name="login" type="submit" value="Submit Login">
</form>

Redirect if success: member-update-now.asp
Redirect if failed: member-signup.asp or possibly self (member-login.asp)
-------------------------------------------------------------------------------------------------------

Thanks in advance... please smart@sses need not reply!
0
Question by:mrwebdev
    3 Comments
     
    LVL 1

    Accepted Solution

    by:
    Disclaimer: I'm not using Macrobedia for this and I don't have adequate testing resources on hand right now (might be a little buggy, sorry), but I hacked this together from an old script I did so it should be more than enough to get you started.  The following is the content for member-login.asp and member-update-now.asp, respectively.

    [member-login.asp]

    <%
    FoundError = false
    ErrorLog = ""
    If Request.Form("login") <> "" OR Request.Form("Member") <> "" OR Request.Form("Password") <> "" Then

          If Request.Form("Member") = "" Then
                FoundError = true
                ErrorLog = ErrorLog & "Please enter a Member<BR>" & vbcrlf
          End If
          
          If Request.Form("Password") = "" Then
                FoundError = true
                ErrorLog = ErrorLog & "Please enter a Password<BR>" & vbcrlf

          End If
          
          If NOT FoundError Then
                SET DBC = Server.CreateObject("ADODB.Connection")
                DBC.Open "YOUR_DB_CONNECTION"

                SQL = "SELECT Member_ID FROM tbl_Members WHERE Member = '" & trim(Request.Form("Member")) & "' AND Password = '" & trim(Request.Form("Password")) & "'"
                SET RSCheckMember = DBC.Execute(SQL)
                
                If RSCheckMember.BOF AND RSCheckMember.EOF Then
                      FoundError = true
                      ErrorLog = ErrorLog & "Please enter a valid Member/password combination.<BR>" & vbcrlf
                Else
                      Session("Member") = trim(Request.Form("Member"))
                      Session("Cur_Login") = Now()
                      Response.Redirect "member-update-now.asp?Member_ID=" & RSCheckMember("Member_ID")
                End If

                RSCheckMember.Close
                SET RSCheckMember = nothing
                
                DBC.Close
                SET DBC = nothing
          End If
    End If

    If FoundError OR Request.Form("login") = "" Then
          %>
          <html>
          <head>
          <title>Member Login</title>
          </head>
          <body>

          <% If ErrorLog <> "" Then Response.Write "<div style=""color: red; font-weight: bold;"">" & ErrorLog & "</div><br />" & vbCrLf %>
          
          <form method="POST" action="member-login.asp" name="LogIn">
          Member Log In<br />
          Member: <input type="TEXT" name="Member" size="20" /><br />
          Password: <input type="PASSWORD" name="Password" size="20" /><br />
          <input name="login" type="submit" value="Submit Login" />
          </form>

          </body>
          </html>
    <% End If %>

    [member-update-now.asp]

    <html>
    <body>

    <%
    If Session("Member") <> "" AND Request("Member_ID") <> "" Then
          SET DBC = Server.CreateObject("ADODB.Connection")
          DBC.Open "YOUR_DB_CONNECTION"

          SQL = "SELECT Field1, Field2, Field3 FROM tbl_Members WHERE Member_ID = " & Request("Member_ID")
          SET RSMemberInfo = DBC.Execute(SQL)
          
          If NOT (RSMemberInfo.BOF AND RSMemberInfo.EOF) Then
                Response.Write "Field 1: " & RSMemberInfo("Field1") & "<br />" & vbCrLf
                Response.Write "Field 1: " & RSMemberInfo("Field1") & "<br />" & vbCrLf
                Response.Write "Field 1: " & RSMemberInfo("Field1") & "<br />" & vbCrLf
          End If
          
          RSMemberInfo.close
          Set RSMemberInfo = Nothing
          
          DBC.Close
          Set DBC = Nothing
    Else
          Response.Write "Access Denied"
    End If
    %>

    </body>
    </html>
    0
     
    LVL 6

    Author Comment

    by:mrwebdev
    Although I didnt use your answer it was a great response. I  changed the following code and it works like a charm. I am posting this so that it may help others.

    <%
    ' *** Validate request to log in to this site.
    MM_LoginAction = Request.ServerVariables("URL")
    If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Request.QueryString
    MM_valUsername=CStr(Request.Form("Member"))
    If MM_valUsername <> "" Then
      MM_fldDynamicRedirect="MailingListID"
      MM_fldUserAuthorization=""
      MM_redirectLoginSuccessDynamic=""
      MM_redirectLoginFailed="member-signup.asp"
      MM_flag="ADODB.Recordset"
      set MM_rsUser = Server.CreateObject(MM_flag)
      MM_rsUser.ActiveConnection = MM_my_STRING
      MM_rsUser.Source = "SELECT member, password"
      If MM_fldDynamicRedirect <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldDynamicRedirect
      If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization
      MM_rsUser.Source = MM_rsUser.Source & " FROM members WHERE member='" & Replace(MM_valUsername,"'","''") &"' AND password='" & Replace(Request.Form("Password"),"'","''") & "'"
      MM_rsUser.CursorType = 0
      MM_rsUser.CursorLocation = 2
      MM_rsUser.LockType = 3
      MM_rsUser.Open
      If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
        ' username and password match - this is a valid user
        Session("MM_Username") = MM_valUsername
        If (MM_fldUserAuthorization <> "") Then
          Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
        ElseIf (MM_fldDynamicRedirect <> "") Then

    '---------My Modifications---------note: --["member-account-detail.asp?MailingListID=" + ]---

          MM_redirectLoginSuccessDynamic = "member-account-detail.asp?MailingListID=" + CStr(MM_rsUser.Fields.Item(MM_fldDynamicRedirect).Value)

    '-----------------------------------------------------------------------------------------

        Else
          Session("MM_UserAuthorization") = ""
        End If
        if CStr(Request.QueryString("accessdenied")) <> "" And false Then
          MM_redirectLoginSuccessDynamic = Request.QueryString("accessdenied")
        End If
        MM_rsUser.Close
        Response.Redirect(MM_redirectLoginSuccessDynamic)
      End If
      MM_rsUser.Close
      Response.Redirect(MM_redirectLoginFailed)
    End If
    %>

    This is a modified version of Login redirect to a URL in a databse extension from Macromedia's Exchange.
    0
     
    LVL 6

    Author Comment

    by:mrwebdev
    PS:  Instead of using the URL field I used the MailingListID field.
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Accessibility and Usability are two concepts that seem to be closely related.  But, too many people seem to have a distorted perception of them. During last five years, those two words have come to the day-to-day work of almost every web develope‚Ķ
    Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
    Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
    The viewer will learn how to dynamically set the form action using jQuery.

    933 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now