ASP Login Script Question

[lmcny]

I have an login asp program that accepts a user name and password to get access to member articles.

I can get the program after verification to redirect to a page, but what I'd like to do is have it redirect the original session url (the first link that was clicked on) Does anyone know if this is possible? I'm cutting and pasting some of the code below with some comments. Any help would be great appreciated.


<%
Session("nyatep_ConnectionString") = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source= deleted for Security reasons Info=False"
Username = Request.Form("username")
Password = Request.Form("password")

Set login = Server.CreateObject("ADODB.RecordSet")
cmd = "SELECT * FROM tblMembers WHERE (username = '" & username & "') AND "
cmd = cmd & "(password = '" & password & "') "
'response.write cmd
'Response.End


login.Open cmd,Session("nyatep_ConnectionString"), 3, 1

session("member") = 0

If login.RecordCount = 1 Then

if login.Fields("member") = 1 then
session("member") = 1
end if

Session("memberId") = login.Fields("memberId")
Session("username") = login.Fields("username")
Session("Verified") = True 'they can view mailings
Session("url") = "" I think this is where I need to assign the session url value.

If Len(Session("url")) = 0 Then
Response.Redirect "article2.asp"
Else
'Response.Write " "
Response.Redirect Session("url")
End If

' Login Failed
Else

Response.Redirect "default.asp?error=1" 'No Such Login Name or Wrong Password

End If

%>

 

[FesterSXS]

you need to set that in the actual page itself before the redirect to the login page.

yourpage.asp

<%
If Session("LoggedIn") <> True Then
  Session("url") = Request.ServerVariables("SCRIPT_NAME")
  Response.Redirect "login.asp"
End If
%>

This needs to be customised further to account for QueryString values (if necessary)

Tony
[red]_________________________________________________________________[/red]
Webmaster -

http://www.SpiraxSarco.com/

 

[steven290]

Response.Redirect request.ServerVariables("HTTP_REFERER")

orsave it to the session

Session("url") = request.ServerVariables("HTTP_REFERER")

 

[steven290]

Request.ServerVariables("SCRIPT_NAME")

this gives you the

http://www.domainname.com

part

 

[Sheco]

In the protected page you need something like this:

If Not CBool(Session("Verified")) Then
'must log in before this protected page is viewed
Session("url") = Request.ServerVariables("SCRIPT_NAME")
Response.Redirect "login.asp"
end if

So that you can redirect back to the correct page once you verify the login.

 

[Sheco]

wow nice response time!

 

[Sheco]

I admit it, I hate being the slowest one.

 

[lmcny]

this is how the asp program is set up

I have an asp page that has a link to an article that is in a protected area. The file to be called is default.asp, this contains the form to enter the information and it posts it to login1.asp which verifies the information and then redirects it to where it is supposed to go. I'd like it to go directly to the article. So I am not exactly sure where I'm supposed to be inserting the code you all gave me

 

[Sheco]

Well you could link directly to the article and then bounce off the article if not logged in.

Or you could put the destination page in the QueryString of your link to default.asp and then copy that into a hidden form element to be submitted to login1.asp... and then login1 would take that value and redirect to it.

 

[Sheco]

Let me try to draw a picture:

__________________________________________________________
| Page1.asp:                                             |
| <a href=default.asp?GoTo=article.asp>Click</a>         |
----------------------------------------------------------
   |
   |
   |
   V
____________________________________________________________
| default.asp:                                             |
| <form action=login1.asp method=post>                     |
|  UserName: <input type="text" name="UID">                |
|  <BR>                                                    |
|  Password: <input type="text" name="PWD">                |
|  <input type="hidden" name="Go" value=<%= Request("Go")%>|
| </form>                                                  |
------------------------------------------------------------
   |
   |
   |
   V
__________________________________________________________
| login1.asp:                                             |
| If LoginOK(Request("UID"), Request("PWD")) Then         |
|   IF (Len(Request("Go") > 0) Then                       |
|     Response.Redirect Request("Go")                     |
|   Else                                                  |
|     Response.Redirect "[URL unfurl="true"]http://www.yahoo.com[/URL]             |
|   End If                                                |
| Else                                                    |
|   'login failed                                         |
|   Response.Redirect "default.asp"                       |
| End If                                                  |
----------------------------------------------------------
 

Personally I like the other way better... where you do the checking on your actual protected page and then redirect to the login page if not currently authenticated.

 

[Sheco]

bleh, looks better in the code window... lemme try again:

__________________________________________________________
| Page1.asp:                                             |
| <a href=default.asp?GoTo=article.asp>Click</a>         |
----------------------------------------------------------
   |
   |
   |
   V
____________________________________________________________
| default.asp:                                             |
| <form action=login1.asp method=post>                     |
|  UserName: <input type="text" name="UID">                |
|  <BR>                                                    |
|  Password: <input type="text" name="PWD">                |
|  <input type="hidden" name="Go" value=<%= Request("Go")%>|
| </form>                                                  |
------------------------------------------------------------
   |
   |
   |
   V
__________________________________________________________
| login1.asp:                                             |
| If LoginOK(Request("UID"), Request("PWD")) Then         |
|   IF (Len(Request("Go") > 0) Then                       |
|     Response.Redirect Request("Go")                     |
|   Else                                                  |
|     Response.Redirect "[URL unfurl="true"]http://www.yahoo.com[/URL]             |
|   End If                                                |
| Else                                                    |
|   'login failed                                         |
|   Response.Redirect "default.asp"                       |
| End If                                                  |
----------------------------------------------------------

I hate for all that art to go to waste!

/smirk

 

[steven290]

i don't see your LoginOK function anywhere, he might get confused by that

 

[Sheco]

Thats ok, I think he should do it the other way instead.

 

[ethorn10]

I like the method you drew out there. But request("GoTo") instead of request("Go").

 

[Sheco]

Lol yeah, I started with GoTo but then I dropped it down to Go when the text box for entering the response wasn't wide enough to get it in there without wrapping the text and making it hard for me to align the verticle line that marks the right side of the page...

Actually at first I called it "destination" but that was too long for the 2nd page so I went back and called it "GoTo" but that was too long for the 3rd page... thats how I ended up with only "Go"


/grin

 

[Sheco]

Anyway, the way that I would do this is to make an include file like this:

<%
If Not CBool(Session("Verified")) Then
  'must log in before this protected page is viewed
  Session("url") = Request.ServerVariables("SCRIPT_NAME")
  Response.Redirect "default.asp" [red]'assuming your login page is called default.asp[/red]
end if    
%>

Maybe call it something like protected.asp

Then I would just include it on every protected page.

Then I would alter the login1.asp page (or whatever the name is of the page that processes the login request to do something like this:

'*** Put code to veryify the login here ***

... 

IF LoginOK Then
 IF (Len(Request("Go") > 0) Then       
   Response.Redirect Session("url") 
  Else     
    Response.Redirect "[URL unfurl="true"]http://www.yahoo.com[/URL]     
  End If                             
End IF

Then you just make your site as normal and your links as normal and all of the protected pages will be protected and the normal pages will be normal.

 

[lmcny]

Thank you for your help. I like the verify code better then the hidden input field. I'm going to try and get that to work. I will let you know how I make out.

FYI - I'm a female.

I appreciate the help.

 

[lmcny]

Sheco - Thanks you so much! I did get this to work by using the include security file and modifying the login.asp file. I spent most of my day trying to figure this one out. I should have come here first.


I appreciate everyone's help on this.

 

[Sheco]

w00t! Glad it worked out for you!

...Looking back over the code that I posted I see some errors, but I guess you already found and fixed 'em else you wouldn'ta got it workin'