0

I am using User authentication system, which uses 2 pages index.asp where user logs in and then the username and password is sent to the validate.asp page where it is checked against database userlist.

if username and password are matched with username and password of database record then it should redirect to new page main.asp

but it is just throwing back to index.asp

index.asp

<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>

<!DOCTYPE html PUBLIC "-//W5C//DTD XHTML 1.0 Transitional//EN" "http://www.w5.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w5.org/1999/xhtml">
<SCRIPT SRC="Z:\demographics\boxover.js"></SCRIPT>
<head>
<!--<META HTTP-EQUIV=REFRESH CONTENT="5;URL=http://www.ualr.edu/human_relations/demographics/applicant-tracking-data.asp">-->

	<title>Office of Human Relations - University of Arkansas at Little Rock</title>
	<!--#include virtual="/human_relations/assets/includes/custom_head_onecolumn.inc" -->
 
		<div id="contentcenteronecolumn">
			<h3><p align="center">Online Recruitment Process</p></h3><br/><br/>
</head>
<style>
<!--
 /* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{mso-style-parent:"";
	margin:0in;
	margin-bottom:.0001pt;
	mso-pagination:widow-orphan;
	font-size:12.0pt;
	font-family:"georgia";
	mso-fareast-font-family:"Times New Roman";}
p
	{font-size:10.0pt;
	font-family:"georgia";
	mso-fareast-font-family:"Times New Roman";}
@page Section1
	{size:8.5in 11.0in;
	margin:1.0in 1.25in 1.0in 1.25in;
	mso-header-margin:.5in;
	mso-footer-margin:.5in;
	tab-interval:.5in;
	mso-paper-source:0;}

div.Section1
	{page:Section1;}
-->
.in {
font-size:10.0pt;
	font-family:"georgia";
	mso-fareast-font-family:"Times New Roman";
    }
.error { color: red; }
</style>
<style type="text/css">
body {
georgia, Helvetica, sans-serif;
font-size: 12px;
}
</style>

<!--<p>
Please review the <a href="http://www.ualr.edu/human_relations/recruitment/optiona.asp">Recruitment Guidelines</a> prior to logging in.
</p>-->
<p align="center"><span class="in">First time users must</span> <a href="/human_relations/phaseI/create.asp">Register</a>
</p></font>

<!--<p><span class="teenI">Login using your FACSTAFF domain username & create unique password. 
</span></p>-->



<form action="validate.asp" method="POST" name="form1">


<table border=0 cellpadding=0 cellspacing=0 width=95%>
							<tr align="left">
							<td valign="top">
									<br>
									<div align="center">
									<span class="teenI"><a href=http://www.ualr.edu/human_relations/phaseI/update.asp>Change Password</a></span>
									</div>
									<br/>
								<td valign="top">
									<br>
									<div align="center">
									<span class="teenI">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="/human_relations/">Human Relations</a></span>
									</div>

									
<!--<table border=0 style="margin-left: 50px;">-->
<table border=0 cellpadding=0 cellspacing=0 width=85%>
<%if message <> "" then%>
<tr><td colspan="2"><strong><%=message%></strong></td></tr>
<%end if%><br/>
<tr><td>Username:</td><td><input type="text" name="txtName"></td></tr>
<tr><td>Password:</td><td><input type="password" name="txtPassword"></td></tr>
<input type="submit" value="Submit"></td></tr>
<tr><td colspan="2">&nbsp;</td></tr>

<tr><td colspan="2"><span class="teenI">Forgot password or username e-mail: humanrelations@ualr.edu</span></td></tr>

</table>

</table>
</form>
</div>
<script>document.form1.username.focus()</script>
<%
End If
%>

<!--#include virtual="/ualr_assets/includes/footer.inc" -->
</html>



validate.asp


<%

'Read in the password and username from the form
Dim strUserName, strPassword
strUserName = Request.form("txtName")
strPassword = Request.form("txtPassword")

'Establish a database connection...


Dim sConString
	sConString = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & Server.Mappath("project.mdb") & ";"	
Set rsCHECK = Server.CreateObject("ADODB.Recordset")


sSQLString = "SELECT * from userlist WHERE username='" & strUserName & "' and  userpassword='" & strPassword & "'"

	rsCHECK.Open sSQLString, sConString, 0, 1

	If rsCHECK.EOF Then
		userloggedin=false 
			else 
			userloggedin=true 
	End If 

	If userloggedin=true Then 

Response.redirect("main.asp")

		Else 
		response.write "No record with specified ID was found. Please try again.<br /><a href='index.asp'>Return to Login</a>"
 


End If 
%>
2
Contributors
3
Replies
4
Views
7 Years
Discussion Span
Last Post by webprgmquery
0

Show us code of main.asp. Maybe you need to set seesion key for username or something like this at line #142.

0

index.asp

<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>

<!DOCTYPE html PUBLIC "-//W5C//DTD XHTML 1.0 Transitional//EN" "http://www.w5.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w5.org/1999/xhtml">
<SCRIPT SRC="Z:\demographics\boxover.js"></SCRIPT>
<head>
<!--<META HTTP-EQUIV=REFRESH CONTENT="5;URL=http://www.ualr.edu/human_relations/demographics/applicant-tracking-data.asp">-->

	<title>Office of Human Relations - University of Arkansas at Little Rock</title>
	<!--#include virtual="/human_relations/assets/includes/custom_head_onecolumn.inc" -->
 
		<div id="contentcenteronecolumn">
			<h3><p align="center">Online Recruitment Process</p></h3><br/><br/>
</head>
<style>
<!--
 /* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{mso-style-parent:"";
	margin:0in;
	margin-bottom:.0001pt;
	mso-pagination:widow-orphan;
	font-size:12.0pt;
	font-family:"georgia";
	mso-fareast-font-family:"Times New Roman";}
p
	{font-size:10.0pt;
	font-family:"georgia";
	mso-fareast-font-family:"Times New Roman";}
@page Section1
	{size:8.5in 11.0in;
	margin:1.0in 1.25in 1.0in 1.25in;
	mso-header-margin:.5in;
	mso-footer-margin:.5in;
	tab-interval:.5in;
	mso-paper-source:0;}

div.Section1
	{page:Section1;}
-->
.in {
font-size:10.0pt;
	font-family:"georgia";
	mso-fareast-font-family:"Times New Roman";
    }
.error { color: red; }
</style>
<style type="text/css">
body {
georgia, Helvetica, sans-serif;
font-size: 12px;
}
</style>

<%
If session("LoggedIn") = "LoggedOut" Then
	message = "You have successfully logged out"
ElseIf session("LoggedIn") = "NotNow" Then
	message = "You must log in"
Else
	message = ""
End If

session("LoggedIn") = "NOPE"
session("username") = ""


If Request.Form <> "" Then

  bsuccess=True 
'if username is blank then set error flag
If Request.Form("username") = "" Then
bsuccess=False
End If
'if password is blank then set error flag
If Request.Form("password") = "" Then
bsuccess=False
End If
 
 If bsuccess=False Then
 'if any error in username & password then report it   
  Response.write "Be sure the username and password details are complete." & " <A HREF=Javascript:history.go(-1)>Back</A>"
Else
'store username and password in session variable 
	session("LoggedIn") = "YesWeHaveLoggedInGiveMeThePages"
	session("username") = Request.Form("username")
    session("password") = Request.Form("password")
	'response.redirect("main.asp")
    'verify user account
	response.redirect("verify.asp")
	
	End if
Else
%>


<p align="center"><span class="in">First time users must</span> <a href="/human_relations/phaseI/create.asp">Register</a>
</p></font>

<%

If Request.QueryString <> "" Then
	
	If Request.QueryString("error") = "failure" Then
		response.write "<p class='error'>Username and password did not match. <br/> Please try again.</p>"
  'If username doesn't exist
	Elseif Request.QueryString("error") ="namefailed" then
		response.write "Username does not exist. Please create it."
				
	End If
	
	Elseif Request.QueryString("error") = "intialize" Then
	    response.write("") 
End If
%>

<form action="<%=Request.ServerVariables("PATH_INFO")%>" method="POST" name="form1">


<table border=0 cellpadding=0 cellspacing=0 width=95%>
							<tr align="left">
							<td valign="top">
									<br>
									<div align="center">
									<span class="teenI"><a href=http://www.ualr.edu/human_relations/phaseI/update.asp>Change Password</a></span>
									</div>
									<br/>
								<td valign="top">
									<br>
									<div align="center">
									<span class="teenI">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="/human_relations/">Human Relations</a></span>
									</div>

									
<!--<table border=0 style="margin-left: 50px;">-->
<table border=0 cellpadding=0 cellspacing=0 width=85%>
<%if message <> "" then%>
<tr><td colspan="2"><strong><%=message%></strong></td></tr>
<%end if%><br/>
<tr><td>Username:</td><td><input type="text" name="username" value="<%=Request.QueryString("user")%>"></td></tr>
<tr><td>Password:</td><td><input type="password" name="password"></td></tr>
<tr><td colspan=2 align='center'><input type="hidden" name="domain" value="facstaff"><input 
type="submit" value="Submit"></td></tr>
<tr><td colspan="2">&nbsp;</td></tr>

<tr><td colspan="2"><span class="teenI">Forgot password or username e-mail: [email]humanrelations@ualr.edu[/email]</span></td></tr>

</table>

</table>
</form>
</div>
<script>document.form1.username.focus()</script>
<%
End If
%>

<!--#include virtual="/ualr_assets/includes/footer.inc" -->
</html>

Verify.asp

<% 
   Dim sConString, username, password, rspassword, sSQLString 
	sConString = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & Server.Mappath("project.mdb") & ";"	
    
    username = session("username")
	 Response.Cookies("MyCookie")=session("username")
    userpassword = session("password")
    	
 If username="" Then 
 Response.write "blanks are not allowed in the textboxes..Please check"
 'Response.redirect("index.asp")
 Else 
    set conn=Server.CreateObject("ADODB.Connection")
set rsE=Server.CreateObject("ADODB.RecordSet")
conn.Open "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & Server.MapPath("project.mdb") & ";"
rsE.Open "SELECT userpassword FROM userlist WHERE username='" & username & "'", conn,adOpenDynamic,1



if not rsE.Eof then
	'If there is record with the entered username then check with password
			
    'if user entered password matches with database password  	
	 If rsE("userpassword") = userpassword then
		'allow user to fill faculty/administartive position
	     Response.Redirect("main.asp")
	      'if password not matching 
		  ElseIf rsE("userpassword") <> userpassword then
        	'report it and direct to login page
			Response.Redirect("index.asp?error=failure")
			 'Response.write "Username and Password do not match.Please check and login again"
           End if	
'if username doen't exist then report it to login page
'else  Response.Redirect("index.asp?error=notvalid")
		Else 

Response.write"Sorry for the inconvienece. Please Refresh" 
	end if 
		
		
End If 	
		
%>

defs.asp

<%
'determine if user is logged in - check session("LoggedIn") - if not, redirect to login
'If session("LoggedIn") <> "YesWeHaveLoggedInGiveMeThePages" Then
	'session("LoggedIn") = "NotNow"
	'session.Timeout = 10
'session.clear
	'response.redirect("index.asp")
'End If

'set connection string for database connections
Dim sConString
	sConString = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & Server.Mappath("project.mdb") & ";"	

'get auth_user - stored in session variable
auth_user = session("username")

'use line below to force auth_user for debugging, testing, etc
'auth_user = "kmsanders"

'function to get next id from table
function getid(table, field)
	sSQLString = "SELECT " & field & " FROM " & table & " ORDER BY " & field & " ASC;"
	Set rsID = Server.CreateObject("ADODB.Recordset")
	rsID.Open sSQLString, sConString, 0, 1
	While NOT rsID.EOF
		idTemp = rsID(field)
		rsID.MoveNext
	Wend
	rsID.Close
	Set rsID = Nothing
	getid = idTemp + 1
end function

'get the next approver for a department, given department name and order in approval process (order will come from forminfo or will be 1 for first approver)
function getnextapprover(department, order)
	sSQLString = "SELECT * FROM departments WHERE department='" & department & "';"
	Set rsDept = Server.CreateObject("ADODB.Recordset")
	rsDept.Open sSQLString, sConString, 0, 1
	'if nextapprover order is greater than 5, should be going to provost...
	If (order + 1) <= 4 Then
		approverTemp = "approver" & order + 1
		checkForApprover = rsDept(approverTemp)
		If checkForApprover = "" OR isNull(checkForApprover) Then
			getnextapprover = order
		Else
			getnextapprover = order + 1
		End If
	Else
		getnextapprover = "50"
	End If
	rsDept.Close
	Set rsDept = Nothing
end function

'get next approvers username, given department name and order in approval process - can be combined with getFullName(getnextapproverusername()) to get full name
function getnextapproverusername(department,nextApprover)
	If nextApprover = 50 Then
		getnextapproverusername = Provost
	Else
		Set rsApprover = Server.CreateObject("ADODB.Recordset")
		sSQLString = "SELECT * FROM departments WHERE department='" & department & "';"
		rsApprover.Open sSQLString, sConString, 0, 1
		If NOT rsApprover.EOF Then
			getnextapproverusername = rsApprover("approver" & nextApprover)
		End If
		rsApprover.Close
		Set rsApprover = Nothing
	End If
	'response.write "Next Approver: " & nextApproverUsername & "<br />"
end function

'queries active directory for full 'display name' of passed username
function getFullName(username)
	str = "username=" & username
	strURL = "http://www.ualr.edu/human_relations/phaseI/includes/name.pl"
	Dim objHttp
	Set objHttp = CreateObject("Msxml2.ServerXMLHTTP")
	objhttp.setTimeouts 5000, 9999999, 999999, 999999 
	objHttp.open "POST", strURL, false
	objHttp.setRequestHeader "Content-type", "application/x-www-form-urlencoded"
	objHttp.Send str
	ResponseText = objHttp.ResponseText
	getFullName = ResponseText
	Set objHttp = Nothing
end function
%>

Edited by __avd: Added [code] tags. For easy readability, always wrap programming code within posts in [code] (code blocks).

0

index.asp

<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>

<!DOCTYPE html PUBLIC "-//W5C//DTD XHTML 1.0 Transitional//EN" "http://www.w5.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w5.org/1999/xhtml">
<SCRIPT SRC="Z:\demographics\boxover.js"></SCRIPT>
<head>
<!--<META HTTP-EQUIV=REFRESH CONTENT="5;URL=http://www.ualr.edu/human_relations/demographics/applicant-tracking-data.asp">-->

<title>Office of Human Relations - University of Arkansas at Little Rock</title>
<!--#include virtual="/human_relations/assets/includes/custom_head_onecolumn.inc" -->

<div id="contentcenteronecolumn">
<h3><p align="center">Online Recruitment Process</p></h3><br/><br/>
</head>
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"georgia";
mso-fareast-font-family:"Times New Roman";}
p
{font-size:10.0pt;
font-family:"georgia";
mso-fareast-font-family:"Times New Roman";}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
tab-interval:.5in;
mso-paper-source:0;}

div.Section1
{pageection1;}
-->
.in {
font-size:10.0pt;
font-family:"georgia";
mso-fareast-font-family:"Times New Roman";
}
.error { color: red; }
</style>
<style type="text/css">
body {
georgia, Helvetica, sans-serif;
font-size: 12px;
}
</style>

<%
If session("LoggedIn") = "LoggedOut" Then
message = "You have successfully logged out"
ElseIf session("LoggedIn") = "NotNow" Then
message = "You must log in"
Else
message = ""
End If

session("LoggedIn") = "NOPE"
session("username") = ""


If Request.Form <> "" Then

bsuccess=True 
'if username is blank then set error flag
If Request.Form("username") = "" Then
bsuccess=False
End If
'if password is blank then set error flag
If Request.Form("password") = "" Then
bsuccess=False
End If

If bsuccess=False Then
'if any error in username & password then report it 
Response.write "Be sure the username and password details are complete." & " <A HREF=Javascript:history.go(-1)>Back</A>"
Else
'store username and password in session variable 
session("LoggedIn") = "YesWeHaveLoggedInGiveMeThePages"
session("username") = Request.Form("username")
session("password") = Request.Form("password")
'response.redirect("main.asp")
'verify user account
response.redirect("verify.asp")

End if
Else
%>


<p align="center"><span class="in">First time users must</span> <a href="/human_relations/phaseI/create.asp">Register</a>
</p></font>

<%

If Request.QueryString <> "" Then

If Request.QueryString("error") = "failure" Then
response.write "<p class='error'>Username and password did not match. <br/> Please try again.</p>"
'If username doesn't exist
Elseif Request.QueryString("error") ="namefailed" then
response.write "Username does not exist. Please create it."

End If

Elseif Request.QueryString("error") = "intialize" Then
response.write("") 
End If
%>

<form action="<%=Request.ServerVariables("PATH_INFO")%>" method="POST" name="form1">


<table border=0 cellpadding=0 cellspacing=0 width=95%>
<tr align="left">
<td valign="top">
<br>
<div align="center">
<span class="teenI"><a href=http://www.ualr.edu/human_relations/phaseI/update.asp>Change Password</a></span>
</div>
<br/>
<td valign="top">
<br>
<div align="center">
<span class="teenI">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="/human_relations/">Human Relations</a></span>
</div>


<!--<table border=0 style="margin-left: 50px;">-->
<table border=0 cellpadding=0 cellspacing=0 width=85%>
<%if message <> "" then%>
<tr><td colspan="2"><strong><%=message%></strong></td></tr>
<%end if%><br/>
<tr><td>Username:</td><td><input type="text" name="username" value="<%=Request.QueryString("user")%>"></td></tr>
<tr><td>Password:</td><td><input type="password" name="password"></td></tr>
<tr><td colspan=2 align='center'><input type="hidden" name="domain" value="facstaff"><input 
type="submit" value="Submit"></td></tr>
<tr><td colspan="2">&nbsp;</td></tr>

<tr><td colspan="2"><span class="teenI">Forgot password or username e-mail: [email]humanrelations@ualr.edu[/email]</span></td></tr>

</table>

</table>
</form>
</div>
<script>document.form1.username.focus()</script>
<%
End If
%>

<!--#include virtual="/ualr_assets/includes/footer.inc" -->
</html>

Verify.asp

<% 
Dim sConString, username, password, rspassword, sSQLString 
sConString = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & Server.Mappath("project.mdb") & ";" 

username = session("username")
Response.Cookies("MyCookie")=session("username")
userpassword = session("password")

If username="" Then 
Response.write "blanks are not allowed in the textboxes..Please check"
'Response.redirect("index.asp")
Else 
set conn=Server.CreateObject("ADODB.Connection")
set rsE=Server.CreateObject("ADODB.RecordSet")
conn.Open "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & Server.MapPath("project.mdb") & ";"
rsE.Open "SELECT userpassword FROM userlist WHERE username='" & username & "'", conn,adOpenDynamic,1



if not rsE.Eof then
'If there is record with the entered username then check with password

'if user entered password matches with database password 
If rsE("userpassword") = userpassword then
'allow user to fill faculty/administartive position
Response.Redirect("main.asp")
'if password not matching 
ElseIf rsE("userpassword") <> userpassword then
'report it and direct to login page
Response.Redirect("index.asp?error=failure")
'Response.write "Username and Password do not match.Please check and login again"
End if 
'if username doen't exist then report it to login page
'else Response.Redirect("index.asp?error=notvalid")
Else 

Response.write"Sorry for the inconvienece. Please Refresh" 
end if 


End If 

%>

defs.asp

<%
'determine if user is logged in - check session("LoggedIn") - if not, redirect to login
'If session("LoggedIn") <> "YesWeHaveLoggedInGiveMeThePages" Then
'session("LoggedIn") = "NotNow"
'session.Timeout = 10
'session.clear
'response.redirect("index.asp")
'End If

'set connection string for database connections
Dim sConString
sConString = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & Server.Mappath("project.mdb") & ";" 

'get auth_user - stored in session variable
auth_user = session("username")

'use line below to force auth_user for debugging, testing, etc
'auth_user = "kmsanders"

'function to get next id from table
function getid(table, field)
sSQLString = "SELECT " & field & " FROM " & table & " ORDER BY " & field & " ASC;"
Set rsID = Server.CreateObject("ADODB.Recordset")
rsID.Open sSQLString, sConString, 0, 1
While NOT rsID.EOF
idTemp = rsID(field)
rsID.MoveNext
Wend
rsID.Close
Set rsID = Nothing
getid = idTemp + 1
end function

'get the next approver for a department, given department name and order in approval process (order will come from forminfo or will be 1 for first approver)
function getnextapprover(department, order)
sSQLString = "SELECT * FROM departments WHERE department='" & department & "';"
Set rsDept = Server.CreateObject("ADODB.Recordset")
rsDept.Open sSQLString, sConString, 0, 1
'if nextapprover order is greater than 5, should be going to provost...
If (order + 1) <= 4 Then
approverTemp = "approver" & order + 1
checkForApprover = rsDept(approverTemp)
If checkForApprover = "" OR isNull(checkForApprover) Then
getnextapprover = order
Else
getnextapprover = order + 1
End If
Else
getnextapprover = "50"
End If
rsDept.Close
Set rsDept = Nothing
end function

'get next approvers username, given department name and order in approval process - can be combined with getFullName(getnextapproverusername()) to get full name
function getnextapproverusername(department,nextApprover)
If nextApprover = 50 Then
getnextapproverusername = Provost
Else
Set rsApprover = Server.CreateObject("ADODB.Recordset")
sSQLString = "SELECT * FROM departments WHERE department='" & department & "';"
rsApprover.Open sSQLString, sConString, 0, 1
If NOT rsApprover.EOF Then
getnextapproverusername = rsApprover("approver" & nextApprover)
End If
rsApprover.Close
Set rsApprover = Nothing
End If
'response.write "Next Approver: " & nextApproverUsername & "<br />"
end function

'queries active directory for full 'display name' of passed username
function getFullName(username)
str = "username=" & username
strURL = "http://www.ualr.edu/human_relations/phaseI/includes/name.pl"
Dim objHttp
Set objHttp = CreateObject("Msxml2.ServerXMLHTTP")
objhttp.setTimeouts 5000, 9999999, 999999, 999999 
objHttp.open "POST", strURL, false
objHttp.setRequestHeader "Content-type", "application/x-www-form-urlencoded"
objHttp.Send str
ResponseText = objHttp.ResponseText
getFullName = ResponseText
Set objHttp = Nothing
end function
%>

When user log in few times it works fine and directs to the main page after verifying username and password. After page logout if user refresh the page and again uses log in page and logs in then usename value in the textbox is blank and because of that user authentication fails if message "blanks are not allowed is typed then it get displayed. Why this text box value, after refresing page is blank evenif user is entering it. Again on verification page user hits refresh (F5) then it directs to main page.

Edited by __avd: Added [code] tags. For easy readability, always wrap programming code within posts in [code] (code blocks).

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.