• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 759
  • Last Modified:

ASP - MDB Login with a Twist?

Microsoft (MDB) Login validation.

Form login:

ASP question, How would you validate a Member & Password form fields in a Form named "login" to make sure they exist and match in a table, and if so, then pass another field (MailingListID) in that same table row to a string receiving ASP page to show that users data from that entire row.

------------------------------------------------------------------------------------------------------
I am currently using (<%=MM_LoginAction%>) for the action, a Macromedia extension
concidering using a custom script on ("member-update-now.asp" or "member-login.asp").


<form method="POST" action=" " name="LogIn">
Member Log In
Member : <input type="TEXT" name="Member" size="20">
Password: <input type="PASSWORD" name="Password" size="20">                
<input name="login" type="submit" value="Submit Login">
</form>

Redirect if success: member-update-now.asp
Redirect if failed: member-signup.asp or possibly self (member-login.asp)
-------------------------------------------------------------------------------------------------------

Thanks in advance... please smart@sses need not reply!
0
mrwebdev
Asked:
mrwebdev
  • 2
1 Solution
 
dc_cypherCommented:
Disclaimer: I'm not using Macrobedia for this and I don't have adequate testing resources on hand right now (might be a little buggy, sorry), but I hacked this together from an old script I did so it should be more than enough to get you started.  The following is the content for member-login.asp and member-update-now.asp, respectively.

[member-login.asp]

<%
FoundError = false
ErrorLog = ""
If Request.Form("login") <> "" OR Request.Form("Member") <> "" OR Request.Form("Password") <> "" Then

      If Request.Form("Member") = "" Then
            FoundError = true
            ErrorLog = ErrorLog & "Please enter a Member<BR>" & vbcrlf
      End If
      
      If Request.Form("Password") = "" Then
            FoundError = true
            ErrorLog = ErrorLog & "Please enter a Password<BR>" & vbcrlf

      End If
      
      If NOT FoundError Then
            SET DBC = Server.CreateObject("ADODB.Connection")
            DBC.Open "YOUR_DB_CONNECTION"

            SQL = "SELECT Member_ID FROM tbl_Members WHERE Member = '" & trim(Request.Form("Member")) & "' AND Password = '" & trim(Request.Form("Password")) & "'"
            SET RSCheckMember = DBC.Execute(SQL)
            
            If RSCheckMember.BOF AND RSCheckMember.EOF Then
                  FoundError = true
                  ErrorLog = ErrorLog & "Please enter a valid Member/password combination.<BR>" & vbcrlf
            Else
                  Session("Member") = trim(Request.Form("Member"))
                  Session("Cur_Login") = Now()
                  Response.Redirect "member-update-now.asp?Member_ID=" & RSCheckMember("Member_ID")
            End If

            RSCheckMember.Close
            SET RSCheckMember = nothing
            
            DBC.Close
            SET DBC = nothing
      End If
End If

If FoundError OR Request.Form("login") = "" Then
      %>
      <html>
      <head>
      <title>Member Login</title>
      </head>
      <body>

      <% If ErrorLog <> "" Then Response.Write "<div style=""color: red; font-weight: bold;"">" & ErrorLog & "</div><br />" & vbCrLf %>
      
      <form method="POST" action="member-login.asp" name="LogIn">
      Member Log In<br />
      Member: <input type="TEXT" name="Member" size="20" /><br />
      Password: <input type="PASSWORD" name="Password" size="20" /><br />
      <input name="login" type="submit" value="Submit Login" />
      </form>

      </body>
      </html>
<% End If %>

[member-update-now.asp]

<html>
<body>

<%
If Session("Member") <> "" AND Request("Member_ID") <> "" Then
      SET DBC = Server.CreateObject("ADODB.Connection")
      DBC.Open "YOUR_DB_CONNECTION"

      SQL = "SELECT Field1, Field2, Field3 FROM tbl_Members WHERE Member_ID = " & Request("Member_ID")
      SET RSMemberInfo = DBC.Execute(SQL)
      
      If NOT (RSMemberInfo.BOF AND RSMemberInfo.EOF) Then
            Response.Write "Field 1: " & RSMemberInfo("Field1") & "<br />" & vbCrLf
            Response.Write "Field 1: " & RSMemberInfo("Field1") & "<br />" & vbCrLf
            Response.Write "Field 1: " & RSMemberInfo("Field1") & "<br />" & vbCrLf
      End If
      
      RSMemberInfo.close
      Set RSMemberInfo = Nothing
      
      DBC.Close
      Set DBC = Nothing
Else
      Response.Write "Access Denied"
End If
%>

</body>
</html>
0
 
mrwebdevAuthor Commented:
Although I didnt use your answer it was a great response. I  changed the following code and it works like a charm. I am posting this so that it may help others.

<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Request.QueryString
MM_valUsername=CStr(Request.Form("Member"))
If MM_valUsername <> "" Then
  MM_fldDynamicRedirect="MailingListID"
  MM_fldUserAuthorization=""
  MM_redirectLoginSuccessDynamic=""
  MM_redirectLoginFailed="member-signup.asp"
  MM_flag="ADODB.Recordset"
  set MM_rsUser = Server.CreateObject(MM_flag)
  MM_rsUser.ActiveConnection = MM_my_STRING
  MM_rsUser.Source = "SELECT member, password"
  If MM_fldDynamicRedirect <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldDynamicRedirect
  If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization
  MM_rsUser.Source = MM_rsUser.Source & " FROM members WHERE member='" & Replace(MM_valUsername,"'","''") &"' AND password='" & Replace(Request.Form("Password"),"'","''") & "'"
  MM_rsUser.CursorType = 0
  MM_rsUser.CursorLocation = 2
  MM_rsUser.LockType = 3
  MM_rsUser.Open
  If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
    ' username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername
    If (MM_fldUserAuthorization <> "") Then
      Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
    ElseIf (MM_fldDynamicRedirect <> "") Then

'---------My Modifications---------note: --["member-account-detail.asp?MailingListID=" + ]---

      MM_redirectLoginSuccessDynamic = "member-account-detail.asp?MailingListID=" + CStr(MM_rsUser.Fields.Item(MM_fldDynamicRedirect).Value)

'-----------------------------------------------------------------------------------------

    Else
      Session("MM_UserAuthorization") = ""
    End If
    if CStr(Request.QueryString("accessdenied")) <> "" And false Then
      MM_redirectLoginSuccessDynamic = Request.QueryString("accessdenied")
    End If
    MM_rsUser.Close
    Response.Redirect(MM_redirectLoginSuccessDynamic)
  End If
  MM_rsUser.Close
  Response.Redirect(MM_redirectLoginFailed)
End If
%>

This is a modified version of Login redirect to a URL in a databse extension from Macromedia's Exchange.
0
 
mrwebdevAuthor Commented:
PS:  Instead of using the URL field I used the MailingListID field.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now