Forums
This topic is locked
login to personal page
Posted 18 Dec 2006 17:44:27
1
has voted
18 Dec 2006 17:44:27 Michel Post posted:
Hello,I am new with ASP. I am trying to make a login section on my internetsite so that people who have filled in the registration form can login and access there own personal information.
so far I can make a login form and the page to access after login is ok, however it always shows the first person in the data base.
Can some one please help me with problem.
Thanks
Michel
Replies
Replied 18 Dec 2006 18:13:45
18 Dec 2006 18:13:45 Lee Diggins replied:
Hi Michel
You need to make sure the data you are displaying is being filtered by the unique ID of the current person being logged into the web site.
You need to filter the data by the Session("MM_Username"
value. This session is created when the user successfully logs into the system.
Hope this points you in the right direction. Give it a try and post back if you have any other questions.
Sharing Knowledge Saves Valuable Time!!!
~ ~ ~ ~ ~ ~
<b>Lee Diggins</b> - <i>DMXzone Manager</i>
<font size="1">[ Studio MX/MX2004 | ASP -> VBScript/PerlScript/JavaScript | SQL | CSS ]</font>
You need to make sure the data you are displaying is being filtered by the unique ID of the current person being logged into the web site.
You need to filter the data by the Session("MM_Username"
value. This session is created when the user successfully logs into the system.Hope this points you in the right direction. Give it a try and post back if you have any other questions.
Sharing Knowledge Saves Valuable Time!!!
~ ~ ~ ~ ~ ~
<b>Lee Diggins</b> - <i>DMXzone Manager</i>
<font size="1">[ Studio MX/MX2004 | ASP -> VBScript/PerlScript/JavaScript | SQL | CSS ]</font>
Replied 18 Dec 2006 22:17:57
18 Dec 2006 22:17:57 Michel Post replied:
Ok, This has to done on the page after the login, but which line off code it this? When I filter it with the recordset there is no option to filter on MM_Username.
I hope that you understand what I mean.
I hope that you understand what I mean.
Replied 19 Dec 2006 00:11:13
19 Dec 2006 00:11:13 Lee Diggins replied:
Hi Michel
I've created two test pages, connecting to the PUBS database, but you should be able to follow the code.
<b>login_1.asp</b>
<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<!--#include file="Connections/PUBS.asp" -->
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL"
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request.QueryString)
MM_valUsername=CStr(Request.Form("username")
If MM_valUsername <> "" Then
MM_fldUserAuthorization=""
MM_redirectLoginSuccess="login_2.asp"
MM_redirectLoginFailed="login_1.asp"
MM_flag="ADODB.Recordset"
set MM_rsUser = Server.CreateObject(MM_flag)
MM_rsUser.ActiveConnection = MM_PUBS_STRING
MM_rsUser.Source = "SELECT au_lname, au_fname"
If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization
MM_rsUser.Source = MM_rsUser.Source & " FROM dbo.authors WHERE au_lname='" & Replace(MM_valUsername,"'","''" &"' AND au_fname='" & Replace(Request.Form("password","'","''" & "'"
MM_rsUser.CursorType = 0
MM_rsUser.CursorLocation = 2
MM_rsUser.LockType = 3
MM_rsUser.Open
If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
' username and password match - this is a valid user
Session("MM_Username" = MM_valUsername
If (MM_fldUserAuthorization <> "" Then
Session("MM_UserAuthorization" = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
Else
Session("MM_UserAuthorization" = ""
End If
if CStr(Request.QueryString("accessdenied") <> "" And false Then
MM_redirectLoginSuccess = Request.QueryString("accessdenied"
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginSuccess)
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginFailed)
End If
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Untitled Document</title>
</head>
<body>
<form name="form1" method="POST" action="<%=MM_LoginAction%>">
<p>
<input name="username" type="text" id="username">
</p>
<p>
<input name="password" type="text" id="password">
</p>
<p>
<input type="submit" name="Submit" value="Submit">
<input type="reset" name="Reset" value="Reset">
</p>
</form>
hello
</body>
</html>
<b>login_2.asp</b>
<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<%
' *** Restrict Access To Page: Grant or deny access to this page
MM_authorizedUsers=""
MM_authFailedURL="login_1.asp"
MM_grantAccess=false
If Session("MM_Username" <> "" Then
If (true Or CStr(Session("MM_UserAuthorization")="" Or _
(InStr(1,MM_authorizedUsers,Session("MM_UserAuthorization")>=1) Then
MM_grantAccess = true
End If
End If
If Not MM_grantAccess Then
MM_qsChar = "?"
If (InStr(1,MM_authFailedURL,"?" >= 1) Then MM_qsChar = "&"
MM_referrer = Request.ServerVariables("URL"
if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?" & Request.QueryString()
MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" & Server.URLEncode(MM_referrer)
Response.Redirect(MM_authFailedURL)
End If
%>
<!--#include file="Connections/PUBS.asp" -->
<%
Dim Recordset1__myVar
Recordset1__myVar = "0"
If (Session("MM_Username" <> "" Then
Recordset1__myVar = Session("MM_Username"
End If
%>
<%
Dim Recordset1
Dim Recordset1_numRows
Set Recordset1 = Server.CreateObject("ADODB.Recordset"
Recordset1.ActiveConnection = MM_PUBS_STRING
Recordset1.Source = "SELECT * FROM dbo.authors WHERE au_lname = '" + Replace(Recordset1__myVar, "'", "''" + "'"
Recordset1.CursorType = 0
Recordset1.CursorLocation = 2
Recordset1.LockType = 1
Recordset1.Open()
Recordset1_numRows = 0
%>
<%
Dim Repeat1__numRows
Dim Repeat1__index
Repeat1__numRows = 10
Repeat1__index = 0
Recordset1_numRows = Recordset1_numRows + Repeat1__numRows
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Untitled Document</title>
</head>
<body>
<table border="0" cellpadding="3" cellspacing="0">
<tr>
<td>au_id</td>
<td>au_lname</td>
<td>au_fname</td>
<td>phone</td>
<td>address</td>
<td>city</td>
<td>state</td>
<td>zip</td>
<td>contract</td>
</tr>
<% While ((Repeat1__numRows <> 0) AND (NOT Recordset1.EOF)) %>
<tr>
<td><%=(Recordset1.Fields.Item("au_id".Value)%></td>
<td><%=(Recordset1.Fields.Item("au_lname".Value)%></td>
<td><%=(Recordset1.Fields.Item("au_fname".Value)%></td>
<td><%=(Recordset1.Fields.Item("phone".Value)%></td>
<td><%=(Recordset1.Fields.Item("address".Value)%></td>
<td><%=(Recordset1.Fields.Item("city".Value)%></td>
<td><%=(Recordset1.Fields.Item("state".Value)%></td>
<td><%=(Recordset1.Fields.Item("zip".Value)%></td>
<td><%=(Recordset1.Fields.Item("contract".Value)%></td>
</tr>
<%
Repeat1__index=Repeat1__index+1
Repeat1__numRows=Repeat1__numRows-1
Recordset1.MoveNext()
Wend
%>
</table>
</body>
</html>
<%
Recordset1.Close()
Set Recordset1 = Nothing
%>
Look at the way that the recordset is created in login_2.asp. I declare a variable called myVar, which is set to the value of Session("MM_Username", the SELECT statement includes a REPLACE method with the variable myVar, well Recordset1_myVar. This is telling the database to retrieve the record that has the authors lastname (which I've used as the username) in the Authors table.
Hope this makes sense, this sample was created using Dreamweaver MX.
If you're still stuck, post the code you have so far.
Sharing Knowledge Saves Valuable Time!!!
~ ~ ~ ~ ~ ~
<b>Lee Diggins</b> - <i>DMXzone Manager</i>
<font size="1">[ Studio MX/MX2004 | ASP -> VBScript/PerlScript/JavaScript | SQL | CSS ]</font>
I've created two test pages, connecting to the PUBS database, but you should be able to follow the code.
<b>login_1.asp</b>
<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<!--#include file="Connections/PUBS.asp" -->
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL"
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request.QueryString)
MM_valUsername=CStr(Request.Form("username"
)If MM_valUsername <> "" Then
MM_fldUserAuthorization=""
MM_redirectLoginSuccess="login_2.asp"
MM_redirectLoginFailed="login_1.asp"
MM_flag="ADODB.Recordset"
set MM_rsUser = Server.CreateObject(MM_flag)
MM_rsUser.ActiveConnection = MM_PUBS_STRING
MM_rsUser.Source = "SELECT au_lname, au_fname"
If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization
MM_rsUser.Source = MM_rsUser.Source & " FROM dbo.authors WHERE au_lname='" & Replace(MM_valUsername,"'","''"
&"' AND au_fname='" & Replace(Request.Form("password","'","''" & "'"MM_rsUser.CursorType = 0
MM_rsUser.CursorLocation = 2
MM_rsUser.LockType = 3
MM_rsUser.Open
If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
' username and password match - this is a valid user
Session("MM_Username"
= MM_valUsernameIf (MM_fldUserAuthorization <> ""
ThenSession("MM_UserAuthorization"
= CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)Else
Session("MM_UserAuthorization"
= ""End If
if CStr(Request.QueryString("accessdenied"
) <> "" And false ThenMM_redirectLoginSuccess = Request.QueryString("accessdenied"
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginSuccess)
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginFailed)
End If
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Untitled Document</title>
</head>
<body>
<form name="form1" method="POST" action="<%=MM_LoginAction%>">
<p>
<input name="username" type="text" id="username">
</p>
<p>
<input name="password" type="text" id="password">
</p>
<p>
<input type="submit" name="Submit" value="Submit">
<input type="reset" name="Reset" value="Reset">
</p>
</form>
hello
</body>
</html>
<b>login_2.asp</b>
<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<%
' *** Restrict Access To Page: Grant or deny access to this page
MM_authorizedUsers=""
MM_authFailedURL="login_1.asp"
MM_grantAccess=false
If Session("MM_Username"
<> "" ThenIf (true Or CStr(Session("MM_UserAuthorization"
)="" Or _(InStr(1,MM_authorizedUsers,Session("MM_UserAuthorization"
)>=1) ThenMM_grantAccess = true
End If
End If
If Not MM_grantAccess Then
MM_qsChar = "?"
If (InStr(1,MM_authFailedURL,"?"
>= 1) Then MM_qsChar = "&"MM_referrer = Request.ServerVariables("URL"
if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?" & Request.QueryString()
MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" & Server.URLEncode(MM_referrer)
Response.Redirect(MM_authFailedURL)
End If
%>
<!--#include file="Connections/PUBS.asp" -->
<%
Dim Recordset1__myVar
Recordset1__myVar = "0"
If (Session("MM_Username"
<> "" Then Recordset1__myVar = Session("MM_Username"
End If
%>
<%
Dim Recordset1
Dim Recordset1_numRows
Set Recordset1 = Server.CreateObject("ADODB.Recordset"
Recordset1.ActiveConnection = MM_PUBS_STRING
Recordset1.Source = "SELECT * FROM dbo.authors WHERE au_lname = '" + Replace(Recordset1__myVar, "'", "''"
+ "'"Recordset1.CursorType = 0
Recordset1.CursorLocation = 2
Recordset1.LockType = 1
Recordset1.Open()
Recordset1_numRows = 0
%>
<%
Dim Repeat1__numRows
Dim Repeat1__index
Repeat1__numRows = 10
Repeat1__index = 0
Recordset1_numRows = Recordset1_numRows + Repeat1__numRows
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Untitled Document</title>
</head>
<body>
<table border="0" cellpadding="3" cellspacing="0">
<tr>
<td>au_id</td>
<td>au_lname</td>
<td>au_fname</td>
<td>phone</td>
<td>address</td>
<td>city</td>
<td>state</td>
<td>zip</td>
<td>contract</td>
</tr>
<% While ((Repeat1__numRows <> 0) AND (NOT Recordset1.EOF)) %>
<tr>
<td><%=(Recordset1.Fields.Item("au_id"
.Value)%></td><td><%=(Recordset1.Fields.Item("au_lname"
.Value)%></td><td><%=(Recordset1.Fields.Item("au_fname"
.Value)%></td><td><%=(Recordset1.Fields.Item("phone"
.Value)%></td><td><%=(Recordset1.Fields.Item("address"
.Value)%></td><td><%=(Recordset1.Fields.Item("city"
.Value)%></td><td><%=(Recordset1.Fields.Item("state"
.Value)%></td><td><%=(Recordset1.Fields.Item("zip"
.Value)%></td><td><%=(Recordset1.Fields.Item("contract"
.Value)%></td></tr>
<%
Repeat1__index=Repeat1__index+1
Repeat1__numRows=Repeat1__numRows-1
Recordset1.MoveNext()
Wend
%>
</table>
</body>
</html>
<%
Recordset1.Close()
Set Recordset1 = Nothing
%>
Look at the way that the recordset is created in login_2.asp. I declare a variable called myVar, which is set to the value of Session("MM_Username"
, the SELECT statement includes a REPLACE method with the variable myVar, well Recordset1_myVar. This is telling the database to retrieve the record that has the authors lastname (which I've used as the username) in the Authors table.Hope this makes sense, this sample was created using Dreamweaver MX.
If you're still stuck, post the code you have so far.
Sharing Knowledge Saves Valuable Time!!!
~ ~ ~ ~ ~ ~
<b>Lee Diggins</b> - <i>DMXzone Manager</i>
<font size="1">[ Studio MX/MX2004 | ASP -> VBScript/PerlScript/JavaScript | SQL | CSS ]</font>