By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
429,262 Members | 2,664 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 429,262 IT Pros & Developers. It's quick & easy.

Nested If? Login using MS Access and ASP

P: 85
Hi Mark et. All,

I have a question to see if you can educate me here since this is something new to me as well.

I created a login page for the user to login and the ASP will check and redirect them to the appropriate page. So far, everything works fine. Myself and the user admin can login to the "Trform.asp" page OK without problem.

My question for you and your peers is I have 5 more users. Let's say A, B, C, D, and E. I want myself, admin, users A, B, and C to login and redirect to the form "Trform.asp" and users D and E to login and redirect to the form "SearchProject.asp". I have tried nested IFs however, it does not look work when I have more than 1 ELSE IF statement. Below is the CheckPass.asp file and I would very much appreciate if someone can help me out. Like I mentioned above that myself and the admin can login and redirect to the Trform.asp OK. However, I want more users to have the same access to the file.
Expand|Select|Wrap|Line Numbers
  1. <%
  2. Dim adocon
  3. Dim adorst
  4. Dim strSQl
  5. Dim strUsername
  6. Dim strPassW
  7.  
  8. strUsername = trim(Request.Form("Username"))
  9. strPassW = trim(Request.Form("PassW"))
  10.  
  11. If strUsername = "" OR _
  12. strPassW = "" Then
  13. Response.Redirect("UserLogin.asp?error=Sorry ... Username or Password does not exist. Please try again.")
  14.  
  15. Else
  16.  
  17. Set adocon = Server.CreateObject("ADODB.Connection")
  18. adocon.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath("PTSystem.mdb")
  19.  
  20. strSQL = "SELECT * FROM Accounts" 
  21. Set adorst = Server.CreateObject("ADODB.Recordset")
  22. adorst.Open strSQL, adocon
  23.  
  24. If strUsername = "admin" then
  25.     Response.Redirect("Trform.asp")
  26. Else If strUsername = "james" then
  27.     Response.Redirect("Trform.asp")
  28. Else
  29.     Response.Redirect("UserLogin.asp")
  30. End If
  31. End If
  32.  
  33. End If
  34.  
  35. adorst.Close
  36. Set adorst = Nothing
  37.  
  38. adocon.Close
  39. Set adocon = Nothing
  40. %>
Jan 8 '08 #1
Share this Question
Share on Google+
12 Replies


P: 6
You could try this (although I hope this system is not meant to be secure)

Expand|Select|Wrap|Line Numbers
  1. If strUsername = "admin" Or strUsername = "james" Or strUsername = "A" etc... then
  2.     Response.Redirect("Trform.asp")
  3. ElseIf strUsername = "D" Or strUsername = "E" etc... Then
  4.     Response.Redirect("someWhere_Else.asp")
  5. Else
  6.     Response.Redirect("UserLogin.asp")
  7. End If

HTH

S
Jan 8 '08 #2

P: 85
You are the best! It works fine. I have 2 more questions regarding to this login issue and would appreciate if you can help me out.

1. Let's say if there are several folks outside of my team would like to have
access to the SearchProject.asp link as well. Instead of having me to go
back and update the CheckPassword.asp file to include their usernames, is
there a way, that we can redirect them automatically? The reason why,
because there might be another 20 or 30 or so and I hate to have to do it
manually.

2. Cookies. How can you setup the cookies where let's say, where
users "admin", "james", "A", "B", and "C" can go back and forth between the
Trforms.asp and SearchProjects.asp links. While the user regular users
such as "D", "E" and "F" can only access to the SearchProject.asp only?

Thanks once again for your outstanding support.
Jan 8 '08 #3

idsanjeev
100+
P: 241
Hi
you have need another field to distinguis between You and your team if any then try to check with if.. elseif condition

2.

Expand|Select|Wrap|Line Numbers
  1. <%
  2. If Not IsEmpty(Request.form("Submit")) Then
  3.   R.MoveFirst
  4.   R.Find "username= " & Request.Form("username") & ""
  5.   If Not R.EOF Then
  6.     Match = strComp(R("password"), Request.Form("password"))
  7.     If Match = 0 Then
  8.        vusername = Request.Form("username")
  9.       Response.Cookies("username") = vusername 'store username in  cookies
  10. %>
  11.  
Then after call on next
Expand|Select|Wrap|Line Numbers
  1. If Request.Cookies("username") = "" Then
  2.  
  3. 'other condition to check user is regular or not
  4. Response.Redirect "SearchProject.asp"
  5. else
  6.   Response.Write "Sorry!!!! You have limitted permission"
  7.  
Jan 9 '08 #4

P: 85
Hi,

Thanks for your reply. I am having trouble to intergrate the information that you provided below along with the information that I already had. The login process has 2 files total. The UserLogin.asp file and the CheckPassword.asp file.

UserLogin.asp:
Expand|Select|Wrap|Line Numbers
  1. <INPUT CLASS="bluebox" NAME="Username" SIZE="25" TYPE="text" ID="Username" />
  2.  
  3. <INPUT CLASS="bluebox" NAME="PassW" SIZE="25" TYPE="Password" ID="PassW" />
  4.  
  5. <INPUT CLASS="Table_Blue" TYPE="Submit" NAME="Submit" VALUE="LOGIN" />
  6.  
Below is the entire CheckPassword.asp file. I would appreciate if you can intergrate yours into this file for me.
Expand|Select|Wrap|Line Numbers
  1. <%
  2. Dim adocon
  3. Dim adorst
  4. Dim strSQl
  5. Dim strUsername
  6. Dim strPassW
  7.  
  8. strUsername = trim(Request.Form("Username"))
  9. strPassW = trim(Request.Form("PassW"))
  10.  
  11. If strUsername = "" OR _
  12. strPassW = "" Then
  13. Response.Redirect("UserLogin.asp?error=Sorry ... Username or Password does not exist. Please try again.")
  14.  
  15. Else
  16.  
  17. Set adocon = Server.CreateObject("ADODB.Connection")
  18. adocon.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath("PTSystem.mdb")
  19.  
  20. strSQL = "SELECT * FROM Accounts" 
  21. Set adorst = Server.CreateObject("ADODB.Recordset")
  22. adorst.Open strSQL, adocon
  23.  
  24. If strUsername = "admin" Or strUsername = "james" Or strUsername = "ddarvel" Then
  25.     Response.Redirect("Trform.asp")
  26. Else If strUsername = "avear" Or strUsername = "cgirl" Then
  27.     Response.Redirect("SearchProject.asp")
  28. Else
  29.     Response.Redirect("UserLogin.asp")
  30. End If
  31. End If
  32. End If
  33.  
  34. adorst.Close
  35. Set adorst = Nothing
  36.  
  37. adocon.Close
  38. Set adocon = Nothing
  39. %>
The Trform.asp is a form where only users admin, james, and ddarvel have access to. Should I put the following lines on the very top of the Trform.asp file?
Expand|Select|Wrap|Line Numbers
  1. If Request.Cookies("username") = "" Then
  2.  
  3. 'other condition to check user is regular or not
  4. Response.Redirect "SearchProject.asp"
  5. else
  6.   Response.Write "Sorry!!!! You have limitted permission"
  7.  
By the way, do you have comments on the item 1 of the previously posted? About other users...Thanks once again for your outstanding support.
Jan 9 '08 #5

idsanjeev
100+
P: 241
Hi hotflash
Thanks, your complements is very hot like your name any way
You have 5 user say A,B,C,D And E. So youhave three types of user on
moderator, admin and user so
Are taken any field in table to Distinguish between normal user,administrator and yourself(moderator) if not then take a filed like e_blog that store value for Moderator M admin A and normal N then after in login page try this
Expand|Select|Wrap|Line Numbers
  1. If Not IsEmpty(Request.form("Submit")) Then
  2.   R.MoveFirst
  3.   R.Find "username = " & Request.Form("username") & ""
  4.   If Not R.EOF Then
  5.     Match = strComp(R("password"), Request.Form("password"))
  6.     If Match = 0 Then
  7.         vusername = Request.Form("username")
  8.           Response.Cookies("username") = vusername
  9.              If R("e_blog")="A" Then
  10.     Response.Cookies("e_blog")="A"
  11.                 Response.Redirect "Trform.asp"
  12.       Else
  13.       Response.Redirect "Searchproject.asp"
  14.                End If
  15.                   Else
  16.         Response.Write ("Invalid Password")
  17.       End If 
  18.          Else   
  19.              Response.Write("Invalid User")  
  20.   End If
  21. End If
  22. R.Close
  23. Set R = Nothing
  24. conn.Close
  25. Set conn = Nothing
  26. %>
  27.  
And in the page of Trform.asp where u chek the user is loged or not at top try to use this code login user is administrator or not
Expand|Select|Wrap|Line Numbers
  1. <%If Request.Cookies("username") = "" Then
  2.   Response.Redirect "login.asp"
  3. elseif request.Cookies("username")=request.cookies("username") then
  4. if request.Cookies("e_blog")="A" Then
  5. %>
  6. 'next code for display on form
  7.  
And for yourself I think you can easily add line to chek and redirec where u want
Jan 10 '08 #6

P: 85
Hi,

Thanks once again for your reply however; you are OVER my head on this one.

The parameters that you used in the example you provided might be different from the parameters that I actually used such as vusername, username instead of strUsername and Username, etc... I have modified the CheckPassword.asp file to the best of my knowledge to make sure we are talking about the same thing however, I am still having problem. This time, it does not even let me login. Below is a modified CheckPassword.asp per your recommendation. I would appreciate if you can take a look 1 more time please. So sorry to bug you. I used users "admin", "james" and "chris" as an ADMIN which will allow to login to the Trform.asp file the rest will be redirected to the SearchProject.asp file. Thanks once again for your quick response.

<%
Dim conn
Dim RS
Dim strSQL
Dim strUsername
Dim strPassW
Dim Submit

strUsername = trim(Request.Form("Username"))
strPassW = trim(Request.Form("PassW"))

If strUsername = "" OR _
strPassW = "" Then
Response.Redirect("UserLogin.asp?error=Sorry ... Username or Password does not exist. Please try again.")

Else

Set conn = Server.CreateObject("ADODB.Connection")
conn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath("PTSystem.mdb")

strSQL = "SELECT * FROM Accounts"
Set RS = Server.CreateObject("ADODB.Recordset")
RS.Open strSQL, conn

If Not IsEmpty(Request.Form("Submit")) Then
RS.MoveFirst
RS.Find "Username = " & Request.Form("Username") & ""
If Not RS.EOF Then
Match = strSQL(RS("PassW"), Request.Form("PassW"))
If Match = 0 Then
strUsername = Request.Form("Username")
Response.Cookies("Username") = strUsername
If strUsername = "admin" Or strUsername = "james" Or strUsername = "chris"Then
Response.Cookies("e_blog")="A"
Response.Redirect "Trform.asp"
Else
Response.Redirect "SearchProject.asp"
End If
Else
Response.Write ("Invalid Password")
End If
Else
Response.Write("Invalid User")
End If
End If


End If

RS.Close
Set RS = Nothing
conn.Close
Set conn = Nothing
%>
Jan 10 '08 #7

idsanjeev
100+
P: 241
Hi
why are you hard core for user type selection. i sugest u in privious post take an another filed to identified user type.mean where is userid,password take another field thats is e_blog in the table thats your first work.
second work is arrange code. how can u find e_blog for user type identification you can't store directly e_blog in to cookies
Expand|Select|Wrap|Line Numbers
  1.  Response.Cookies("e_blog")="A"
  2.  
you have to use
Expand|Select|Wrap|Line Numbers
  1. If R("e_blog")="A" Then
  2.     Response.Cookies("e_blog")="A"
  3.  
Jan 11 '08 #8

P: 85
Hi,

Thanks for your replying. I am so sorry for the confusion since I am very new to this stuff. Right now, my MS Access PTSystem.mdb file has a table called Accounts. This table has 3 fields AccountID, Username and PassW. If I read your replies correctly, you want me to create another field in the Accounts table called e_blog and mark the admin users with "A"? So right now, my Accounts table looks like:

Field Name: AccountID (text), Username (text), PassW (text) and e_blog (test).

Also there are multiple test users in the table as a moment.

AccountID: Username: PassW e_blog
1 admin test1 A
2 james test1 A
3 chris test1

You noticed that username "chris" does not mark with A.

I modifed the CheckPassword.asp file to look like below however, it still does not let me login. The parameters that you provided in the sample code such as username, vusername, password is kinda different than the actual items that i defined in the CheckPassword.asp file so I tried to match them according to my understanding.

Thanks again for your outstanding support and patience.

<%
Dim conn
Dim RS
Dim strSQL
Dim strUsername
Dim strPassW

strUsername = trim(Request.Form("Username"))
strPassW = trim(Request.Form("PassW"))

If strUsername = "" OR _
strPassW = "" Then
Response.Redirect("UserLogin.asp?error=Sorry ... Username or Password does not exist. Please try again.")

Else

Set conn = Server.CreateObject("ADODB.Connection")
conn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath("PTSystem.mdb")

strSQL = "SELECT * FROM Accounts"
Set RS = Server.CreateObject("ADODB.Recordset")
RS.Open strSQL, conn

If Not IsEmpty(Request.form("Submit")) Then
RS.MoveFirst
RS.Find "Username = " & Request.Form("Username") & ""
If Not RS.EOF Then
Match = strSQL(RS("PassW"), Request.Form("PassW"))
If Match = 0 Then
strUsername = Request.Form("Username")
Response.Cookies("Username") = strUsername
If RS("e_blog")="A" Then
Response.Cookies("e_blog")="A"
Response.Redirect "Trform.asp"
Else
Response.Redirect "Searchproject.asp"
End If
Else
Response.Write ("Invalid Password")
End If
Else
Response.Write("Invalid User")
End If
End If

End If

RS.Close
Set RS = Nothing
conn.Close
Set conn = Nothing
%>
Jan 11 '08 #9

P: 85
Hi,

As listed in post #5, the value in the UserLogin.asp should be LOGIN instead of Submit. I changed to LOGIN, however, at this time, I got a "Blank Page". It looks like there is still something wrong with the code. Can you help please? Thanks.
Jan 13 '08 #10

idsanjeev
100+
P: 241
Hi
ok i try
it is complete code for normal userlogin page acording to your requirments here are three types of user and only he can view using his eblog field from user thats is the flag to identify user
Expand|Select|Wrap|Line Numbers
  1. <%@ Language=VBScript %>
  2. <% Option Explicit %>
  3. <%
  4. Dim conn
  5. Dim R,sql
  6. Dim vuserid
  7. Dim password
  8. Dim match
  9. Set conn = Server.CreateObject("ADODB.Connection")
  10. conn.Mode = adModeReadWrite
  11. conn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath("PTSystem.mdb")
  12. sql= "Select *From accounts"
  13. Set R = Server.CreateObject("ADODB.Recordset")
  14. R.Open SQL, conn, adOpenStatic, adLockReadOnly, adCmdText
  15.  
  16. %>
  17. <html>
  18. <head>
  19. <title>Login-Section</title>
  20. </head>
  21.  
  22. <body>
  23. <form name="myform" method="POST" action="login.asp">
  24. <div style="Position:Absolute; top:150; left:268">
  25. <center><h2><font face="arial">Welcome To Login Page</font></h2>
  26. </center>
  27. <table border = '0' align = 'center' width = '500' height = '70'>
  28.   <tr>
  29.     <td  align=right>&nbsp;&nbsp;&nbsp;<font face=Arial size=4><b>User Name</b></font></td>
  30.     <td >&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type= 'text' name="vuserid"></td>
  31.   </tr>
  32.   <tr>
  33.     <td align=right>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font face=Arial size=4 ><b>Password</font></b></td>
  34.     <td >&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type= "password" name= "password"></td></font>
  35.   </tr>
  36. </table>
  37. <table style="Position:relative; top:20; left:225"> 
  38. <tr>
  39. </td><td align='center'><input type="submit" name="submit" value="Login"  ></td>
  40. <td align="right"><input type="button" name="Close" value="Close" onclick="window.close()"></tr>
  41. </table>
  42. </div>
  43. <div style="Position:Absolute; top:265; left:310">
  44. <%
  45. If Not IsEmpty(Request.form("Submit")) Then
  46.   R.MoveFirst
  47.  R.Find "User= '" & Request.Form("vuserid") & "'"
  48.   If Not R.EOF Then
  49.     Match = strComp(R("pass"), Request.Form("password"))
  50.     If Match = 0 Then
  51.        vuserid = Request.Form("vuserid")
  52.       Response.Cookies("userid") = vuserid
  53.       If R("eblog")="m" Then
  54.       response.Cookies("eblog")="m"
  55.       Response.Redirect "controladmin.asp"
  56.       elseif R("eblog")="a" then
  57.       response.Cookies("eblog")="a"
  58.       Response.Redirect"trform.asp"
  59.       else
  60.       Response.Redirect "search.asp"
  61.       End If
  62.     Else
  63.       Response.Write "<table><tr><td width=475 align=center><font color=red size= +2><b>Invalid Password</b></font></td></tr></table>"
  64.       End If 
  65.       Else   
  66.       Response.Write "<table><tr><td width=475 align=center><font color=red size=+2><b>Invalid User</b></font></td></tr></table>"  
  67.     End If
  68.  End If
  69. R.Close
  70. Set R= Nothing
  71. conn.Close
  72. Set conn = Nothing
  73. %>
  74. </div>
  75. </form>
  76. </body>
  77. </html>
  78.  
and on the page where user have permission chek eblog fields with user login check let me know if any other problems
thanks
Jan 15 '08 #11

P: 85
Hi idsanjeev,

Thanks for your help. I played around with the code that you provided over the weekend and the login works fine for me however, it does not look like the COOKIES is working properly.

There are 5 files involved in the Login process. The LOGIN code below allows me to login OK however the COOKIES is does not work right.

1. UserLogin.asp
2. CheckPassword.asp
3. WEBAdmin.asp (for Admin access only).
4. EngineersTools (for Engineer only).
5. PMTools (for the Project Manager only).

Questions:

1. Do I need to put sometype of Response.Cookies on top of the UserLogin.asp file so that the Admin can access to both items 4 and 5 above however, 4 and 5 can't access to 3?

2. Do I need to put sometype of Response.Cookies on top of items 3, 4 and 5?

Thanks once again for your outstanding support so far.

Here is the REVISED code. Please notice that I changed "e_blog" to "AccessLevel", "Admin" for "A", etc..

If Not IsEmpty(Request.Form("Username")) Then

strSQL = "SELECT * FROM Accounts where username='" & Request.Form("Username") & "' and PassW='" & Request.Form("PassW") & "'"
Set RS = Server.CreateObject("ADODB.Recordset")
RS.Open strSQL, conn

If Not RS.EOF Then
RS.MoveFirst
Match = 0
If Match = 0 Then
strUsername = Request.Form("Username")
Response.Cookies("Username") = strUsername
If RS("AccessLevel")= "Admin" Then
Response.Cookies("AccessLevel")= "Admin"
Response.Redirect "WEBAdmin.asp"
ElseIf RS("AccessLevel") = "Engineer" Then
Response.Cookies("AccessLevel")= "Engineer"
Response.Redirect "EngineerTools.asp"
Else
Response.Redirect "PMTools.asp"
End If
Else
Response.Write ("Invalid Password")
End If
Else
Response.Redirect("UserLogin.asp?error=Sorry ... Username or Password does not exist. Please try again.")
End If
End If
Jan 15 '08 #12

idsanjeev
100+
P: 241
Hi
thats is not a good poster like we so
first of try to read about asp from
Asp
Any way your problems is you wants to admin can access the pages of option provided 4 and 5 so your have to check after login page he goes on next page then chek user is login or not if not login then go to login if login then chek his accesslevel cookie . All about cookes store in veriable and how can call a cookies already posted in previous posting so please try from there.
Any thing store and call in cookes very easy here you have to store username in to cookies thats is accepted from form or variable name and code is already posted how to intialize and how to retrive
Read it from
Cookie
let me know it work
Thanks
Regards
sanjeev jha
Jan 16 '08 #13

Post your reply

Sign in to post your reply or Sign up for a free account.