Active Data Objects & ASP

by Mark Betz





Listing One

<!-- USERLOGIN.HTM -->

<HTML>

<HEAD>

<TITLE>Application Login</TITLE>

</HEAD>

<BODY BGCOLOR="#FFFFFF">



Please login with your user name and password.



<FORM NAME="LoginForm" METHOD="POST" ACTION="login.asp">

  <INPUT NAME="UserName" TYPE="TEXT" SIZE=25>

  <INPUT NAME="UserPwd" TYPE="TEXT" SIZE=25>

  <INPUT TYPE="RESET" VALUE="Clear">

  <INPUT TYPE="SUBMIT" VALUE="Log In">

</FORM>



</BODY>

</HTML>



<!-- LOGIN.ASP -->

<%@ LANGUAGE="VBSCRIPT"%>

<%

Response.Buffer = TRUE

'*********************************************************************

' This script handles the user login

'*********************************************************************



UserName = Request.Form("UserName")

UserPwd = Request.Form("UserPwd")

if UserName = "" or UserPwd = "" then

  Response.Redirect("userlogin.htm")

end if



cADOConnectString = "dsn=example_db;uid=user;pwd=userpwd"

set Conn = Server.CreateObject("ADODB.Connection")

Conn.Open(cADOConnectString)



Query = "SELECT UserID from tbl_User where ((UserName = " & UserName _

  & ") and (UserPwd = " & UserPwd & "))"

set RS = Conn.Execute(Query)

if not RS.EOF then

  UserId = RS("UserID")

else

  Response.Redirect("userlogin.htm")

end if



RedirectURL = "welcome.asp?sesskey="

Query = "SELECT SessionID from tbl_Session where UserID = " _

  & CStr(UserId)

if not RS.EOF then

  RedirectURL = RedirectURL & RS("SessionID")

else

  DateTime = Date & " " & Time

  Query = "INSERT tbl_Session values(" & CStr(UserId) & ", '" _

    & DateTime & "'); SELECT @@IDENTITY"

  Conn.Execute(Query)

  set RS = RS.NextRecordSet

  RedirectURL = RedirectURL & RS(0)

end if



Response.Redirect(RedirectURL)

%>



Listing Two

<!-- WELCOME.ASP -->

<%@ LANGUAGE="VBSCRIPT"%>

<%

Response.Buffer = TRUE

'*********************************************************************

' This page welcomes the authenticated user

'*********************************************************************

if Request.QueryString("sesskey") = "" then

  Response.Redirect("userlogin.htm")

end if



cADOConnectString = "dsn=example_db;uid=user;pwd=userpwd"

set Conn = Server.CreateObject("ADODB.Connection")

Conn.Open(cADOConnectString)



Query = "SELECT UserID from tbl_Session where SessionID = " _

  & Request.QueryString("sesskey")

set RS = Conn.Execute(Query)

if not RS.EOF then

  UserId = RS("UserID")

  Query = "SELECT UserFullName from tbl_User where UserID = " _

    & CStr(UserId)

  set RS = Conn.Execute(Query)

  if RS.EOF then

    Response.Write("Bad user ID in welcome.asp")

    Response.End

  else

    UserFullName = RS("UserFullName") 

    DateTime = Date & " " & Time

    Query = "UPDATE tbl_Session set LastAccessTime = " & DateTime _

      & " where SessionID = " & Request.QueryString("sesskey")

    Conn.Execute(Query)

  end if 

else

  Response.Redirect("userlogin.htm")

end if

%>

<HTML>

<HEAD>

<TITLE>Welcome Page</TITLE>

</HEAD>

<BODY BGCOLOR="#FFFFFF">



Welcome <%=UserFullName%>.



</BODY>

</HTML>





1



