This Tutorial enables you to use 1 login page for sites with areas restricted to certain users.

By using a column in your database, and a small piece of coding to add to the login script, you can move your users dynamically to the appropriate folder for their access level.

Create a table in your database with a minimum of 4 fields,

ID for the record, Username, UserPassword and AccessLevel
Create your login page as normal;

  • design your page
  • add a form and enter two field box for the Username and Password.

In Application/Server behaviours/User Authentication select Login user.
Set the behaviour up by choosing the correct connection, table and marrying up the form fields to the database fields.

Enter your failed and successful pages as normal, and make sure you select to use Access Level as well as Username and Password. Use the column AccessLevel in the database for the Access level.

Save your page.

Change to Code view.

Your login code will be at the top of the page, move down the code until you find:

If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then ' username and password match - this is a valid user

Move down a little until this line Session("MM_UserAuthorization") = "" End If

Enter a break return and paste this code below that line:

' redirect user based on Access level
If Session("MM_UserAuthorization") = "category1" Then
MM_redirectLoginSuccess = "folder1/"
ElseIf Session("MM_UserAuthorization") = "category2" Then
MM_redirectLoginSuccess = "folder2/"
Else MM_redirectLoginSuccess = "folder3/"
End If

Change the category1, category2 to the settings you have in the column AccessLevel in your user details table.

Change the folder for folder1, folder2 to respective folders for each category.

The final folder3 is for the default folder or file to move to if the person exists in the table, but a Access Level has not been found.

If you always require an Access Level to be found, then set this last If to the failed page. You can add more ElseIf statements for extra categories.

Don't forget to use the Restrict Access to page behaviour on each page that requires a login, so if for someone does get by, they will automatically be moved to your failed page, and not gain access simply by entering a URL.