• 0

[VB/ASP] Merged login session problem


Question

Ok on my site my friend set up 2 different folders with tow different logins that redirect you to 2 seperate pages. I wanted to merge both logins into one and just let them gain access to both of the pages without have to login twice b/c that's just stupid. So the login script is the same for both folders (login.asp)

<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request.QueryString)
MM_valUsername=CStr(Request.Form("userName"))
If MM_valUsername <> "" Then
  MM_fldUserAuthorization=""
  MM_redirectLoginSuccess="welcome.asp"
  MM_redirectLoginFailed="login.asp?valid=1"
  MM_flag="ADODB.Recordset"
  set MM_rsUser = Server.CreateObject(MM_flag)
  MM_rsUser.ActiveConnection = MM_connTest_STRING
  MM_rsUser.Source = "SELECT users_email, users_password"
  If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization
  MM_rsUser.Source = MM_rsUser.Source & " FROM test.users WHERE users_email='" & Replace(MM_valUsername,"'","''") &"' AND users_password='" & Replace(Request.Form("password"),"'","''") & "'"
  MM_rsUser.CursorType = 0
  MM_rsUser.CursorLocation = 2
  MM_rsUser.LockType = 3
  MM_rsUser.Open
  If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then 
	' username and password match - this is a valid user
	Session("MM_Username") = MM_valUsername
	If (MM_fldUserAuthorization <> "") Then
	  Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
	Else
	  Session("MM_UserAuthorization") = ""
	End If
	if CStr(Request.QueryString("accessdenied")) <> "" And false Then
	  MM_redirectLoginSuccess = Request.QueryString("accessdenied")
	End If
	MM_rsUser.Close
	Response.Redirect(MM_redirectLoginSuccess)
  End If
  MM_rsUser.Close
  Response.Redirect(MM_redirectLoginFailed)
End If
%>

Both pages have an authorize check. One page works, the other doesn't. Both have the same check of this:

If Session("MM_Username") <> "" Then
  If (true Or CStr(Session("MM_UserAuthorization"))="") Or _
		 (InStr(1,MM_authorizedUsers,Session("MM_UserAuthorization"))>=1) Then
	MM_grantAccess = true
  End If
End If

Why will it only let me into one of the pages and not the other one. Is the login script tied into a session based on the url? B/c that's the only way I can see that script filtering out the request.

Edited by sathenzar
Link to comment
Share on other sites

4 answers to this question

Recommended Posts

  • 0

I'm not sure on the redirecting part yet, but I did notice this:

If Session("MM_Username") <> "" Then
  If (true Or CStr(Session("MM_UserAuthorization"))="") Or _
		 (InStr(1,MM_authorizedUsers,Session("MM_UserAuthorization"))>=1) Then
	MM_grantAccess = true
  End If
End If

Or specifically this:

If (true Or...

OR Logic dictates that a true value in 1 or both of the statements will resolve to a true statement for the IF block. This means, it doesnt matter what Session("MM_UserAuthorization") is, its always going to let them through with MM_grantAccess = true. Is this be design?

Link to comment
Share on other sites

  • 0

that's the problem, I didn't design the script. I'm trying figure out how the login script can be specific to a page. I mean the login is line by line exactly the same. So I just wanted to move it up a level in the directory system and just not have two seperate logins. They code to check authentication on both parts are the same too.

Link to comment
Share on other sites

  • 0

I'll give $20 to anyone who provides me an answer to this problem that fixes it.

Here is login.asp's login script part:

<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request.QueryString)
MM_valUsername=CStr(Request.Form("userName"))
If MM_valUsername <> "" Then
  MM_fldUserAuthorization=""
  MM_redirectLoginSuccess="../welcome2.asp"
  MM_redirectLoginFailed="login.asp?valid=1"
  MM_flag="ADODB.Recordset"
  set MM_rsUser = Server.CreateObject(MM_flag)
  MM_rsUser.ActiveConnection = MM_connTest_STRING
  MM_rsUser.Source = "SELECT users_email, users_password"
  If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization
  MM_rsUser.Source = MM_rsUser.Source & " FROM test.users WHERE users_email='" & Replace(MM_valUsername,"'","''") &"' AND users_password='" & Replace(Request.Form("password"),"'","''") & "'"
  MM_rsUser.CursorType = 0
  MM_rsUser.CursorLocation = 2
  MM_rsUser.LockType = 3
  MM_rsUser.Open
  If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then 
	' username and password match - this is a valid user
	Session("MM_Username") = MM_valUsername
	If (MM_fldUserAuthorization <> "") Then
	  Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
	Else
	  Session("MM_UserAuthorization") = ""
	End If
	if CStr(Request.QueryString("accessdenied")) <> "" And false Then
	  MM_redirectLoginSuccess = Request.QueryString("accessdenied")
	End If
	MM_rsUser.Close
	Response.Redirect(MM_redirectLoginSuccess)
  End If
  MM_rsUser.Close
  Response.Redirect(MM_redirectLoginFailed)
End If
%>

This file used to be located in two directories, each leading to a different page (dir1/welcome.asp, dir2/welcome.asp)

Each of these welcome.asp files had the follow code at the top to choose whether or not the user was granted access:

<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>
<%
' *** Restrict Access To Page: Grant or deny access to this page
MM_authorizedUsers=""
MM_authFailedURL="..quote/login2.asp"
MM_grantAccess=true
If Session("MM_Username") <> "" Then
  If (true Or CStr(Session("MM_UserAuthorization"))="") Or _
		 (InStr(1,MM_authorizedUsers,Session("MM_UserAuthorization"))>=1) Then
	MM_grantAccess = true
  End If
End If
If Not MM_grantAccess Then
  MM_qsChar = "?"
  If (InStr(1,MM_authFailedURL,"?") >= 1) Then MM_qsChar = "&"
  MM_referrer = Request.ServerVariables("URL")
  if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?" & Request.QueryString()
  MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" & Server.URLEncode(MM_referrer)
  Response.Redirect(MM_authFailedURL)
End If
%>

Why would dir1/welcome.asp work after I login but not dir2/welcome.asp. But yet if I login using the dir2/login.asp old script it lets me in...

Link to comment
Share on other sites

  • 0

if I'm not being clear enough please tell me it'd be so helpful to get this resolved. I need this completed for work and I'm not 100% stable with VB. I have programmed in many languages so I can kind of work my way around things but I still can't seem to figure this out 100%.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.