Link to home
Start Free TrialLog in
Avatar of Stiebel Eltron
Stiebel EltronFlag for Thailand

asked on

How to add "STATUS" event from the attached verify script?

<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<%
On Error Resume Next

Dim myConnection, rsUsers, connectString, sqlContent, Email, Password
	
'Build myConnectionection with database
connectString = "DRIVER={MySQL ODBC 3.51 Driver}; SERVER=DBServer; PORT=3306; DATABASE=DB; USER=DBUSER; PASSWORD=DBPW; OPTION=0;"

Set myConnection = Server.CreateObject("ADODB.Connection")
myConnection.Open connectString

If Err.Number <> 0 Then
	Response.Write Err.Number & " " & Err.Description
	Err.Clear
Else
     If 1 <> myConnection.state Then
     	Response.Write "Unable to open a connection to the db"
     Else
		Set rsUsers = Server.CreateObject("ADODB.Recordset")

		'Save the entered username and password
     	Email = Request.Form("Email")	
     	Password = Request.Form("Password")
     
     	sqlContent = "SELECT * FROM `users` WHERE `Password`='" & Replace(Password,"'","''") & "' AND `Email`='" & Replace(Email,"'","''") & "'"
     	rsUsers.Open sqlContent, myConnection, 1, 3
		
		
     
		If Err.Number <> 0 Then
			Response.Write Err.Number & " " & Err.Description
			Err.Clear
		Else
			If Not rsUsers.eof Then
				'Session("FName") = rsUsers.Fields("FName").Value
				FName = rsUsers("FName")
				Session("email") = Email				
				Session("FName") = FName
				Session("loggedin") = true                '// set flag indicating logged in
				Response.Redirect("../ste-iphoto.asp")
			Else
				'NOTE: Typically you do NOT want to have two separate "error" notifications
				'One for "invalid username" and another one for "Invalid Password".  The reason
				'for this is that to get into an account you need two pieces of information.
				'	1. a valid/existing username
				'	2. a password that is "tied" to the username specified.
				'if you explicitly tell me that I entered an incorrect username, I'll keep trying
				'until that error message changes to "invalid password".  In other words, if I
				'manage to see "Invalid password", then that implies I guessed that the username
				'I previously entered is valid/existent in the db!  So essentially I'm half way
				'in (thanks to you).
				'By contrast, if you just tell them "Invalid username or password", it is not clear
				'which of the two is incorrect.
				Response.Redirect("../ste-iphoto-login2.asp?login=passfailed")
			End if
		End If
	
		If rs.state<>0 Then rsUsers.Close
		Set rsUsers=nothing
     End If
End If

If myConnection.state<>0 Then myConnection.Close
Set myConnection=nothing

Response.End
%>

Open in new window

- attached script, advise from EE expert, hielo.

From the attached embed script, we would like to ask for tech support again, on how to add STATUS of users. Because there's a column "STATUS" from the MySql db, and any new users are set to be Status = 0 (unless activated by admin, users' status will be change to "1").
If user status = 0, user can't login yet.
If user status = 1, user can login.

Thank you!
ASKER CERTIFIED SOLUTION
Avatar of Scott Fell
Scott Fell
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Stiebel Eltron

ASKER

Great! Thanks so much for the idea... :)