<%
Option Explicit
Dim strError, strSQL, objRS
'see if the form has been submitted
If Request.Form("action")="login" Then
'the form has been submitted
'// validate the form
'check if a username has been entered
If Request.Form("username") = "" Then _
strError = strError & "- Please enter a username
" & vbNewLine
'check if a password has been entered
If Request.Form("password") = "" Then _
strError = strError & "- Please enter a password
" & vbNewLine
'// check if an error has occured
If strError = "" Then
'continue
'include database connection code
%>
<%
'// create the SQL
strSQL = "SELECT * FROM Users WHERE user_name='" & _
fixQuotes(Request.Form("username")) & "'"
'// run the SQL
Set objRS = objConn.Execute (strSQL)
'// see if there are any records returned
If objRS.EOF Then
'no username found
strError = "- Invalid username or password
" & vbNewLine
Else
'check password
If objRS("password")=Request.Form("password") Then
'username/password valid
'save session data
Session("loggedin") = True
Session("user_id") = objRS("user_id")
Session("group_id") = objRS("group_id")
Session("username") = Request.Form("username")
session("Name") = objRS("f_name") & " " & objRS("l_name")
session("Password") = objRS("password")
session("email") = objRS("email")
session("FirstName") = objRS("f_name")
session("LastName") = objRS("l_name")
session("addr1") = objRS("addr1")
session("addr2") = objRS("addr2")
session("city") = objRS("city")
session("state") = objRS("state")
session("postalcode") = objRS("postalcode")
session("country") = objRS("country")
session("phone") = objRS("phone")
session("fax") = objRS("fax")
session("selfemp") = objRS("selfemp")
'redirect to members area
if Session("group_id")=1 then
Response.Redirect("../index.asp?login=true")
else
Response.Redirect("../index1.asp?login=true")
end if
Response.End
Else
'invalid password
strError = "- Invalid username or password
" & vbNewLine
End If
End If
End If
If strError <> "" Then
'output the error message
'add extra HTML...
strError = "The following errors occured:" & _
"
" & vbNewLine & strError
End If
'display message in URL.. (ie thank you for registering)
If Request.QueryString("msg") <> "" And strError = "" Then
strError = "
" & Request.QueryString("msg") & "
"
End If
End If
Function fixQuotes(strData)
fixQuotes = Replace(strData,"'","''")
End Function're-set session data (ie log out)Session("loggedin")=""
Session("userid")=""
%>
Members Area Login
| |
ICBT Campus |
|
| |
QS Online Support |
|
|
|
00Members Login
Please enter your username and password to access the Members Area.
<%=strError%>