How to add "STATUS" event from the attached verify script?

Stiebel Eltron
Stiebel Eltron used Ask the Experts™
on
<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<%
On Error Resume Next

Dim myConnection, rsUsers, connectString, sqlContent, Email, Password
	
'Build myConnectionection with database
connectString = "DRIVER={MySQL ODBC 3.51 Driver}; SERVER=DBServer; PORT=3306; DATABASE=DB; USER=DBUSER; PASSWORD=DBPW; OPTION=0;"

Set myConnection = Server.CreateObject("ADODB.Connection")
myConnection.Open connectString

If Err.Number <> 0 Then
	Response.Write Err.Number & " " & Err.Description
	Err.Clear
Else
     If 1 <> myConnection.state Then
     	Response.Write "Unable to open a connection to the db"
     Else
		Set rsUsers = Server.CreateObject("ADODB.Recordset")

		'Save the entered username and password
     	Email = Request.Form("Email")	
     	Password = Request.Form("Password")
     
     	sqlContent = "SELECT * FROM `users` WHERE `Password`='" & Replace(Password,"'","''") & "' AND `Email`='" & Replace(Email,"'","''") & "'"
     	rsUsers.Open sqlContent, myConnection, 1, 3
		
		
     
		If Err.Number <> 0 Then
			Response.Write Err.Number & " " & Err.Description
			Err.Clear
		Else
			If Not rsUsers.eof Then
				'Session("FName") = rsUsers.Fields("FName").Value
				FName = rsUsers("FName")
				Session("email") = Email				
				Session("FName") = FName
				Session("loggedin") = true                '// set flag indicating logged in
				Response.Redirect("../ste-iphoto.asp")
			Else
				'NOTE: Typically you do NOT want to have two separate "error" notifications
				'One for "invalid username" and another one for "Invalid Password".  The reason
				'for this is that to get into an account you need two pieces of information.
				'	1. a valid/existing username
				'	2. a password that is "tied" to the username specified.
				'if you explicitly tell me that I entered an incorrect username, I'll keep trying
				'until that error message changes to "invalid password".  In other words, if I
				'manage to see "Invalid password", then that implies I guessed that the username
				'I previously entered is valid/existent in the db!  So essentially I'm half way
				'in (thanks to you).
				'By contrast, if you just tell them "Invalid username or password", it is not clear
				'which of the two is incorrect.
				Response.Redirect("../ste-iphoto-login2.asp?login=passfailed")
			End if
		End If
	
		If rs.state<>0 Then rsUsers.Close
		Set rsUsers=nothing
     End If
End If

If myConnection.state<>0 Then myConnection.Close
Set myConnection=nothing

Response.End
%>

Open in new window

- attached script, advise from EE expert, hielo.

From the attached embed script, we would like to ask for tech support again, on how to add STATUS of users. Because there's a column "STATUS" from the MySql db, and any new users are set to be Status = 0 (unless activated by admin, users' status will be change to "1").
If user status = 0, user can't login yet.
If user status = 1, user can login.

Thank you!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Developer & EE Moderator
Fellow 2018
Most Valuable Expert 2013
Commented:
This is example code only and not meant to use live.  But it gives you the logic.
<%
 session("loggedin")="no"
select * from contacts where username = request.form("username") and password = request.form("password")
 ~
if  not rsUser.bor or not rsUser.eof then 'the username and password is good
  if rsUser.status=1 then 'ok to log in
       session("loggedin")="yes"
       else
       session("loggedin")="no"
  end if

if  session("loggedin")="no" then
   response.redirect("your_not_active.asp")
end if

end if


%>

Author

Commented:
Great! Thanks so much for the idea... :)

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial