Application Login

Active Data Objects & ASP by Mark Betz Listing One Application Login Please login with your user name and password. <%@ LANGUAGE="VBSCRIPT"%> <% Response.Buffer = TRUE '********************************************************************* ' This script handles the user login '********************************************************************* UserName = Request.Form("UserName") UserPwd = Request.Form("UserPwd") if UserName = "" or UserPwd = "" then Response.Redirect("userlogin.htm") end if cADOConnectString = "dsn=example_db;uid=user;pwd=userpwd" set Conn = Server.CreateObject("ADODB.Connection") Conn.Open(cADOConnectString) Query = "SELECT UserID from tbl_User where ((UserName = " & UserName _ & ") and (UserPwd = " & UserPwd & "))" set RS = Conn.Execute(Query) if not RS.EOF then UserId = RS("UserID") else Response.Redirect("userlogin.htm") end if RedirectURL = "welcome.asp?sesskey=" Query = "SELECT SessionID from tbl_Session where UserID = " _ & CStr(UserId) if not RS.EOF then RedirectURL = RedirectURL & RS("SessionID") else DateTime = Date & " " & Time Query = "INSERT tbl_Session values(" & CStr(UserId) & ", '" _ & DateTime & "'); SELECT @@IDENTITY" Conn.Execute(Query) set RS = RS.NextRecordSet RedirectURL = RedirectURL & RS(0) end if Response.Redirect(RedirectURL) %> Listing Two <%@ LANGUAGE="VBSCRIPT"%> <% Response.Buffer = TRUE '********************************************************************* ' This page welcomes the authenticated user '********************************************************************* if Request.QueryString("sesskey") = "" then Response.Redirect("userlogin.htm") end if cADOConnectString = "dsn=example_db;uid=user;pwd=userpwd" set Conn = Server.CreateObject("ADODB.Connection") Conn.Open(cADOConnectString) Query = "SELECT UserID from tbl_Session where SessionID = " _ & Request.QueryString("sesskey") set RS = Conn.Execute(Query) if not RS.EOF then UserId = RS("UserID") Query = "SELECT UserFullName from tbl_User where UserID = " _ & CStr(UserId) set RS = Conn.Execute(Query) if RS.EOF then Response.Write("Bad user ID in welcome.asp") Response.End else UserFullName = RS("UserFullName") DateTime = Date & " " & Time Query = "UPDATE tbl_Session set LastAccessTime = " & DateTime _ & " where SessionID = " & Request.QueryString("sesskey") Conn.Execute(Query) end if else Response.Redirect("userlogin.htm") end if %> Welcome Page Welcome <%=UserFullName%>. 1