awinstead
asked on
User Authentication Restricts everything
Hello everyone,
I have a simple login page that queries an Access database for username and password and access level. We have been using this login system for two years and it has been working like a champ. We have numerious pages that are using the Authenitcation to restric some users from having access to certain areas that only key members should have access to. They all work just fine. Today I went to create a new form and supply basic authentication to the form and when I load the page it blocks the page for everyone and redirects to the login page. So I took another page that already had authentication (that works fine) and cut and pasted the authentication to the new page instead of using the wizard and I get the exact same thing. Can someone look at the code and tell me what I am doing wrong?
Jester
I did add a couple session variables to the login some time ago
::::::::::::::: Login Page - Login Piece :::::::::::::::::::
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("U RL")
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request. QueryStrin g)
MM_valUsername=CStr(Reques t.Form("us ername"))
If MM_valUsername <> "" Then
MM_fldUserAuthorization="P ositionCod e"
MM_redirectLoginSuccess="r eglogin.as p"
MM_redirectLoginFailed="lo gin_failed .asp"
MM_flag="ADODB.Recordset"
set MM_rsUser = Server.CreateObject(MM_fla g)
MM_rsUser.ActiveConnection = MM_Main_DB_STRING
MM_rsUser.Source = "SELECT Username, password, SREP_CODE, OfficeLocation"
If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization
MM_rsUser.Source = MM_rsUser.Source & " FROM Fullemployees WHERE Username='" & Replace(MM_valUsername,"'" ,"''") &"' AND password='" & Replace(Request.Form("pwd" ),"'","''" ) & "'"
MM_rsUser.CursorType = 0
MM_rsUser.CursorLocation = 2
MM_rsUser.LockType = 3
MM_rsUser.Open
If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
' username and password match - this is a valid user
Session("MM_Username") = MM_valUsername
Session("MM_SREP_CODE") = (MM_rsUser.Fields.Item("SR EP_CODE"). Value)
Session("MM_STORE") = (MM_rsUser.Fields.Item("Of ficeLocati on").Value )
If (MM_fldUserAuthorization <> "") Then
Session("MM_UserAuthorizat ion") = CStr(MM_rsUser.Fields.Item (MM_fldUse rAuthoriza tion).Valu e)
Else
Session("MM_UserAuthorizat ion") = ""
End If
if CStr(Request.QueryString(" accessdeni ed")) <> "" And true Then
MM_redirectLoginSuccess = Request.QueryString("acces sdenied")
End If
MM_rsUser.Close
Response.Redirect(MM_redir ectLoginSu ccess)
End If
MM_rsUser.Close
Response.Redirect(MM_redir ectLoginFa iled)
End If
%>
:::::::::::::::: Form Page - Restriction piece :::::::::::::::::::::
<%
' *** Restrict Access To Page: Grant or deny access to this page
MM_authorizedUsers="1,2,3, 4,5,6,7,8"
MM_authFailedURL="../login 2.asp"
MM_grantAccess=false
If Session("MM_Username") <> "" Then
If (false Or CStr(Session("MM_UserAutho rization") )="") Or _
(InStr(1,MM_authorizedUser s,Session( "MM_UserAu thorizatio n"))>=1) Then
MM_grantAccess = true
End If
End If
If Not MM_grantAccess Then
MM_qsChar = "?"
If (InStr(1,MM_authFailedURL, "?") >= 1) Then MM_qsChar = "&"
MM_referrer = Request.ServerVariables("U RL")
if (Len(Request.QueryString() ) > 0) Then MM_referrer = MM_referrer & "?" & Request.QueryString()
MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" & Server.URLEncode(MM_referr er)
Response.Redirect(MM_authF ailedURL)
End If
%>
I have a simple login page that queries an Access database for username and password and access level. We have been using this login system for two years and it has been working like a champ. We have numerious pages that are using the Authenitcation to restric some users from having access to certain areas that only key members should have access to. They all work just fine. Today I went to create a new form and supply basic authentication to the form and when I load the page it blocks the page for everyone and redirects to the login page. So I took another page that already had authentication (that works fine) and cut and pasted the authentication to the new page instead of using the wizard and I get the exact same thing. Can someone look at the code and tell me what I am doing wrong?
Jester
I did add a couple session variables to the login some time ago
::::::::::::::: Login Page - Login Piece :::::::::::::::::::
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("U
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request.
MM_valUsername=CStr(Reques
If MM_valUsername <> "" Then
MM_fldUserAuthorization="P
MM_redirectLoginSuccess="r
MM_redirectLoginFailed="lo
MM_flag="ADODB.Recordset"
set MM_rsUser = Server.CreateObject(MM_fla
MM_rsUser.ActiveConnection
MM_rsUser.Source = "SELECT Username, password, SREP_CODE, OfficeLocation"
If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization
MM_rsUser.Source = MM_rsUser.Source & " FROM Fullemployees WHERE Username='" & Replace(MM_valUsername,"'"
MM_rsUser.CursorType = 0
MM_rsUser.CursorLocation = 2
MM_rsUser.LockType = 3
MM_rsUser.Open
If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
' username and password match - this is a valid user
Session("MM_Username") = MM_valUsername
Session("MM_SREP_CODE") = (MM_rsUser.Fields.Item("SR
Session("MM_STORE") = (MM_rsUser.Fields.Item("Of
If (MM_fldUserAuthorization <> "") Then
Session("MM_UserAuthorizat
Else
Session("MM_UserAuthorizat
End If
if CStr(Request.QueryString("
MM_redirectLoginSuccess = Request.QueryString("acces
End If
MM_rsUser.Close
Response.Redirect(MM_redir
End If
MM_rsUser.Close
Response.Redirect(MM_redir
End If
%>
:::::::::::::::: Form Page - Restriction piece :::::::::::::::::::::
<%
' *** Restrict Access To Page: Grant or deny access to this page
MM_authorizedUsers="1,2,3,
MM_authFailedURL="../login
MM_grantAccess=false
If Session("MM_Username") <> "" Then
If (false Or CStr(Session("MM_UserAutho
(InStr(1,MM_authorizedUser
MM_grantAccess = true
End If
End If
If Not MM_grantAccess Then
MM_qsChar = "?"
If (InStr(1,MM_authFailedURL,
MM_referrer = Request.ServerVariables("U
if (Len(Request.QueryString()
MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" & Server.URLEncode(MM_referr
Response.Redirect(MM_authF
End If
%>
ASKER
I checked the login page and I names are labeled "username" and "pwd" The funny thing is if I create a blank page and use the Authentication I get the same problem. There are numerous pages that were created some time ago and they all work just fine. It's just the new pages. I also tried copying and pasting from one of the old pages that work and that one fails too. I am completely baffled on this one. PLease help I am under a tight deadline.
Thanks,
Jester
Thanks,
Jester
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Also check that browser/firewall etc are not blocking cookies.