%
const missingUsername = 1
const missingPassword = 2
const missingBoth = 3
const badUsername = 4
const badPassword = 5
const goodUsernameAndPassword = 0
dim username
dim password
dim status
dim dsn
dim objConn
dim loginRec
dim doForm
dim referer
if request("action") = "logout" then
session("access") = 0
referer = Request.ServerVariables("HTTP_REFERER")
if referer = "" then
referer = "/index.htm"
else
if instr(referer, "gallerytop.asp") > 0 then
referer = replace(referer, "gallerytop.asp", "gallery.asp")
end if
end if
response.redirect(referer)
end if
if Request.ServerVariables("request_method") = "POST" then
doForm = true
else
doForm = false
end if
status = goodUsernameAndPassword
if doForm then
referer = request("referer")
username = request("username")
password = request("password")
if username = "" or password = "" then
if username = "" then
'missing username
status = missingUsername
end if
if password = "" then
'missing password
if status = missingUsername then
status = missingBoth
else
status = missingPassword
end if
end if
else
dsn="DBQ=" & Server.Mappath("md.mdb") & ";Driver={Microsoft Access Driver (*.mdb)};"
Set objConn = Server.CreateObject("ADODB.Connection")
objConn.Open dsn
Set loginRec = Server.CreateObject("ADODB.Recordset")
loginRec.Open "select * from login where username = '" & username & "'", objConn
if loginRec.EOF then
' bad username
status = badUsername
else
' username found
if loginRec("password") <> password then
' bad password
status = badPassword
else 'successful login
session("time1") = Now()
session("username") = username
session("access") = loginRec("access")
dim FileObject
dim myDirectory
dim myFile
dim Out
On Error Resume Next
Set FileObject = Server.CreateObject("Scripting.FileSystemObject")
myDirectory = Request.ServerVariables("APPL_PHYSICAL_PATH")
myFile = myDirectory & "testenend.txt"
Set Out= FileObject.OpenTextFile (myFile, 8, TRUE)
Out.WriteLine(pad(Session("sid"), 12) & pad("Secure Login", 25) & pad(Session("time0"), 25) & pad(Session("time1"), 25) & pad(Session("time2"), 25) & pad(Session("username"), 20) & pad(Session("ip"), 17) & pad(Session("access"), 3))
Set Out = Nothing
On Error Goto 0
' Selected constants from adovbs.inc
Const adSearchForward = 1
Const adBookmarkFirst = 1
Const adAffectCurrent = 1
' Find the appropriate record. Using session id is the
' easiest way since I use this as the primary key.
' This line positions us on the appropriate record.
rstActiveUsers.Find "sid = " & Session.SessionID, 0, adSearchForward, adBookmarkFirst
' Now that we're on the record, delete it.
' I use the EOF to make sure we've got one.
If Not rstActiveUsers.EOF Then
rstActiveUsers("time1") = session("time1")
rstActiveUsers("username") = session("username")
rstActiveUsers("access") = session("access")
rstActiveUsers.update
End If
if referer = "" then
referer = "/index.html"
end if
if session("access") = "2" then
response.redirect("pdm_client.asp")
end if
if session("access") = "3" then
response.redirect("pdm_mdc.asp")
end if
response.redirect(referer)
end if
end if
loginRec.close
set loginRec = nothing
set objConn = nothing
end if
else
referer = Request.ServerVariables("HTTP_REFERER")
if referer = "" then
referer = "/index.htm"
else
if instr(referer, "gallerytop.asp") > 0 then
referer = replace(referer, "gallerytop.asp", "gallery.asp")
end if
end if
end if
%>
Machine Device - Innovative solutions for all your equipment needs