Decline Entry to Site - VBScript

Anything VBScript-related, including Windows Script Host, WMI, ADSI, and more.
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Locked
User avatar
rcandela
Posts: 6
Joined: Mon Aug 27, 2012 3:42 am

Decline Entry to Site - VBScript

Post by rcandela » Mon Aug 27, 2012 9:19 am

I have a column under my 'USERS' table for STATUS (Either: 'Active' or 'Deactive'

I'm trying to program by session to turn around any users with STATUS = 'Deactive'

While I could just alter my SQL Query with a WHERE clause to exclude any users with STATUS 'Deactive' -
I'd rather have my users see a message explaining that there account is no longer active, and to contact an Administrator. Help! (you can see where I tried to turn around deactivated users, but this does not work)

Here's the code

Code: Select all

If Request.Form("btnLogin")  "" Then
Set rsCheckUser = Server.CreateObject("ADODB.Recordset")
strSQL = "SELECT * FROM USERS WHERE USER_ID ='" & Request.Form("txtUserName") & "'"
'Response.Write(strSQL)
rsCheckUser.Open strSQL, dbConn
If NOT rsCheckUser.EOF Then
     If Request.Form("txtUserPass") = rsCheckUser("PASSWORD") Then
               
               'Set Session Variables
               Session("UserName") = CStr(Request.Form("txtUserName"))
               Session("FullName") = rsCheckUser("FIRST_NAME") & " " & rsCheckUser("LAST_NAME")
               Session("FirstName") = rsCheckUser("FIRST_NAME")
               Session("LastName") = rsCheckUser("LAST_NAME")
               Session("id") = rsCheckUser("UNIQUE_ID")
               Session("Level") = rsCheckUser("USER_LEVEL")
               Session("Status") = rsCheckUser("STATUS")
               Session("userGood") = True
               Session("SessionNumber") = Session.SessionID
               
               'Turn around Deactivated Users
               If rsCheckUser("STATUS") = "Deactive" Then
               Response.Redirect("login.asp?error=deactive")
               End If
               
               
               'If its a system admin we'll set the session timeout to 2 hours 
               'otherwise we set it to 10 minutes so users can't over write each other
               If Session("Level") = "Admin" Then
                    Session.Timeout = 120
               Else 
                    Session.Timeout = 10
            End If
               rsCheckUser.Close
               Set rsCheckUser = Nothing
               Set dbConn = Nothing
               Response.Redirect("index.asp")
     'If its not a good login then kick them out to the login screen and tell them why
     Else 
               rsCheckUser.Close
               Set rsCheckUser = Nothing
               Set dbConn = Nothing
               Session("userGood") = False 
               Response.Redirect("login.asp?error=password")
     End If
End If
End If

User avatar
rcandela
Posts: 6
Joined: Mon Aug 27, 2012 3:42 am

Decline Entry to Site - VBScript

Post by rcandela » Mon Aug 27, 2012 9:19 am

I have a column under my 'USERS' table for STATUS (Either: 'Active' or 'Deactive'

I'm trying to program by session to turn around any users with STATUS = 'Deactive'

While I could just alter my SQL Query with a WHERE clause to exclude any users with STATUS 'Deactive' -
I'd rather have my users see a message explaining that there account is no longer active, and to contact an Administrator. Help! (you can see where I tried to turn around deactivated users, but this does not work)

Here's the code

Code: Select all

If Request.Form("btnLogin")  "" Then
Set rsCheckUser = Server.CreateObject("ADODB.Recordset")
strSQL = "SELECT * FROM USERS WHERE USER_ID ='" & Request.Form("txtUserName") & "'"
'Response.Write(strSQL)
rsCheckUser.Open strSQL, dbConn
If NOT rsCheckUser.EOF Then
     If Request.Form("txtUserPass") = rsCheckUser("PASSWORD") Then
               
               'Set Session Variables
               Session("UserName") = CStr(Request.Form("txtUserName"))
               Session("FullName") = rsCheckUser("FIRST_NAME") & " " & rsCheckUser("LAST_NAME")
               Session("FirstName") = rsCheckUser("FIRST_NAME")
               Session("LastName") = rsCheckUser("LAST_NAME")
               Session("id") = rsCheckUser("UNIQUE_ID")
               Session("Level") = rsCheckUser("USER_LEVEL")
               Session("Status") = rsCheckUser("STATUS")
               Session("userGood") = True
               Session("SessionNumber") = Session.SessionID
               
               'Turn around Deactivated Users
               If rsCheckUser("STATUS") = "Deactive" Then
               Response.Redirect("login.asp?error=deactive")
               End If
               
               
               'If its a system admin we'll set the session timeout to 2 hours 
               'otherwise we set it to 10 minutes so users can't over write each other
               If Session("Level") = "Admin" Then
                    Session.Timeout = 120
               Else 
                    Session.Timeout = 10
            End If
               rsCheckUser.Close
               Set rsCheckUser = Nothing
               Set dbConn = Nothing
               Response.Redirect("index.asp")
     'If its not a good login then kick them out to the login screen and tell them why
     Else 
               rsCheckUser.Close
               Set rsCheckUser = Nothing
               Set dbConn = Nothing
               Session("userGood") = False 
               Response.Redirect("login.asp?error=password")
     End If
End If
End If

User avatar
jvierra
Posts: 13681
Joined: Tue May 22, 2007 9:57 am
Contact:

Decline Entry to Site - VBScript

Post by jvierra » Mon Aug 27, 2012 10:13 am

I will rey again to make this clear:

If rsCheckUser("STATUS") = "Deactive" Then
MUST BE:

If Trim(LCase(rsCheckUser.Fields("STATUS").Value)) = "deactive" Then

You MUST match trhe string exactly. YOu cannot compare two strings that are likely in difernt cases and may have spaces paffing the fields. Trim/LCase will prevent this. If it still doesn't match the something is wrong with the field declaration.

Using a where clasue will do all of this automatically.

Locked