confirm Login no worky.

Basically I cannot get this baby to work other than to allow the GUEST ACCESS and the ADMIN ACCESS the MEMBER ACCESS I am not even sure if it is even connecting to the databse.

Here is the code for the CONFIRMLOGIN page and also the LIBRARY.INC page.

When Logging in as a MEMBER it simply redirects to the mainview page but as a GUEST. Ishn't dat vierd?

Any suggestions would be appreciated..........

Heres the ConfirmLogin.asp

<!--#include file="Library.inc"-->
<HTML>
<HEAD>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" type="text/css" href="refer.css">
<TITLE></TITLE>
<% Response.Buffer = true %>
<%
Username = request.form("txtUserName")
Password = request.form("txtPassword")
if Password = "letmein" and Username = "admin" then%>
<%response.clear%>
<%Response.Redirect "MainView.asp?user=admin"%>
<%
session("User_Id") = ""
session("UserName") = ""
session("FirstName") = ""
session("LastName") = ""
session("Street") = ""
session("City") = ""
session("Province") = ""
session("PostalCode") = ""
session("Telephone") = ""
session("Email") = ""
session("Password") = ""
%>
<% Else %>

<%
dim objrsUsers, sql
sql = "SELECT * FROM Users WHERE UserName = 'UserName';"
set objrsUsers = Server.CreateObject("ADODB.Recordset")
objrsUsers.Open sql, objConn
if objrsUsers.EOF then
response.clear
response.redirect"MainView.asp?user=guest"
else

if UserName = txtUserName and not objrsUsers.EOF then
session("bvaliduser") = (objrsUsers.Fields.Item("txtUserName").value)
'Response.cookies("ckLoggedin") = "Loggedin"
'response.clear
response.redirect"MainView.asp?user=member"%>

<%end if%><%end if%><%end if%>

Now heres the Library.Inc page

<!-- #Include file="adovbs.inc" -->
<%
dim objConn
set objConn = Server.CreateObject("ADODB.Connection")
objConn.Open "Library"


'if Session("bValidUser") = True and Session("UserID") = "" then
'dim rsPersonIDCheck
'set rsPersonIDCheck = Server.CreateObject("ADODB.Recordset")
'dim strSQL
'strSQL = "SELECT User_ID FROM Users WHERE E_Mail = '" & Session("E_Mail") & "';"
'rsPersonIDCheck.Open strSQL, objConn
'if rsPersonIDCheck.EOF then
'Session("bValidUser") = False
'else
' Session("UserID") = rsPersonIDCheck("UserID")
'end if
'rsPersonIDCheck.Close
'end if
%>

In the ConfirmLogin.asp :

after the redirect,
session("User_Id") = ""
session("UserName") = ""
session("FirstName") = ""
session("LastName") = ""
session("Street") = ""
session("City") = ""
session("Province") = ""
session("PostalCode") = ""
session("Telephone") = ""
session("Email") = ""
session("Password") = ""

Never gets executed all these settings should happen before the redirect.



the query
sql = "SELECT * FROM Users WHERE UserName = 'UserName';"

will look for the text "UserName" in the DB not the value of UserName variable.

That's why you always get an empty record and get redirected as guest because

if objrsUsers.EOF then is TRUE

The query should be some thing like.

sql = "SELECT * FROM Users WHERE UserName = '" & UserName & "'"

Also you need to do some checking that the user didn't enter some thing that contains ' ...


if UserName = txtUserName and not objrsUsers.EOF then

txtUserName was never defined so it is a blank string.


I hope this is of any Help

Thanks alot Yassoor... I will give that a try....
Quite obviously I am a complete newbie.......

I have made the appropriate changes to the query ..... and made it so it now redirects the user back to the Login page if nothing is entered....

Now when the correct member info is entered it simply reloads the ConfirmLogin page..... which of course shows nothing........Weird?

RavingRonin