where to call db field in asp?

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

   Hi,

Can someone please help me?

I have a db with a table called users and fields u_id, u_password and access.
Now if access =admin then i need to create a cetain cookie and if access=user then another cookie. 

However, I am not sure how to identify the access field.
A user has to first login with his username and password in myads.asp and if login is successful then the user is redirected again to myads.asp where certaint information regarding his membership is displayed. To edit his details he clicks on another button that takes him to an aspx page.

Here is part of the code. the part in bold is where i want my cookies to go.

Thanks in advance for the help

<!--#include file="Connections/connDUclassified.asp" -->
<%
Dim rsUser__MMColParam
rsUser__MMColParam = "0"
if (Session("MM_Username") <> "") then rsUser__MMColParam = Session
("MM_Username") end if

%>
<%
set rsUser = Server.CreateObject("ADODB.Recordset")
rsUser.ActiveConnection = MM_connDUclassified_STRING
rsUser.Source = "SELECT U_ID, U_FIRST, U_LAST, ACCESS FROM USERS
WHERE U_ID = '" + Replace(rsUser__MMColParam, "'", "''") + "'"
rsUser.CursorType = 0
rsUser.CursorLocation = 2
rsUser.LockType = 3
rsUser.Open()
rsUser_numRows = 0

%>
<%
Dim rsAds__MMColParam
rsAds__MMColParam = "0"
if (Session("MM_Username") <> "") then rsAds__MMColParam = Session
("MM_Username")
%>

<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction
+ "?" + Request.QueryString
MM_valUsername=CStr(Request.Form("Username"))

If MM_valUsername <> "" Then

MM_fldUserAuthorization=""
MM_redirectLoginSuccess="myAds.asp"

MM_redirectLoginFailed="myAds.asp"

MM_flag="ADODB.Recordset"
set MM_rsUser = Server.CreateObject(MM_flag)
MM_rsUser.ActiveConnection = MM_connDUclassified_STRING
MM_rsUser.Source = "SELECT U_ID, U_PASSWORD, ACCESS"
If MM_fldUserAuthorization <> "" Then MM_rsUser.Source =
MM_rsUser.Source & "," & MM_fldUserAuthorization
MM_rsUser.Source = MM_rsUser.Source & " FROM USERS WHERE U_ID='" &
MM_valUsername &"' AND U_PASSWORD='" & CStr(Request.Form
("Password")) & "'"
MM_rsUser.CursorType = 0
MM_rsUser.CursorLocation = 2
MM_rsUser.LockType = 3
MM_rsUser.Open

If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then

' username and password match - this is a valid user
DIM ACCESS
DIM U_ID
DIM U_PWORD

'---create user cookie
if access="user" then
Response.Cookies("Name")("Username") = Request.Form("UserName")
Response.Cookies ("Name")("Password")=Request.Form
("Password")
Response.Cookies("Name").Path = "/"
Response.Cookies ("Name").expires =dateadd("h",1,now())
'Response.Write(Request.Cookies("Name")("Username"))
'Response.Write (Request.Cookies("Name")("Password"))

'---end user cookie
else
'create admin cookie

Response.Cookies("Name")("ADMINusername") = Request.Form
("UserName")
Response.Cookies ("Name")("ADMINPassword")=Request.Form
("Password")
Response.Cookies("Name").Path = "/"
Response.Cookies ("Name").expires =dateadd("h",1,now())

'---end admin cookie

end if

Session("MM_Username") = MM_valUsername
If (MM_fldUserAuthorization <> "") Then

Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item
(MM_fldUserAuthorization).Value)
Else
Session("MM_UserAuthorization") = ""

End If
if CStr(Request.QueryString("accessdenied")) <> "" And false Then
MM_redirectLoginSuccess = Request.QueryString("accessdenied")

End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginSuccess)

End If

MM_rsUser.Close
Response.Redirect(MM_redirectLoginFailed)

End If
%>

</SCRIPT>