<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" +
Server.HTMLEncode(Request.QueryString)
MM_valUsername=CStr(Request.Form("Username"))
If MM_valUsername <> "" Then
MM_fldUserAuthorization="userGroup"
MM_redirectLoginSuccess="Assigned.asp"
MM_redirectLoginFailed="login_Failed.asp"
MM_flag="ADODB.Recordset"
set MM_rsUser = Server.CreateObject(MM_flag)
MM_rsUser.ActiveConnection = MM_Conn_STRING
MM_rsUser.Source = "SELECT first_Name, pwd, AccountID"
If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source &
"," & MM_fldUserAuthorization
MM_rsUser.Source = MM_rsUser.Source & " FROM dbo.Users WHERE first_Name='" &
Replace(MM_valUsername,"'","''") &"' AND pwd='" &
Replace(Request.Form("Password"),"'","''") & "'"
MM_rsUser.CursorType = 0
MM_rsUser.CursorLocation = 2
MM_rsUser.LockType = 3
MM_rsUser.Open
If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
' username and password match - this is a valid user
Session("MM_Username") = MM_valUsername
Session("MM_UserID") = (MM_rsUser.Fields.Item("AccountID").Value)
If (MM_fldUserAuthorization <> "") Then
Session("MM_UserAuthorization") =
CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization ).Value)
Else
Session("MM_UserAuthorization") = ""
End If
'redirect user based on Usergroup level
if Session("MM_UserAuthorization") = "Sales" then
MM_redirectLoginSuccess = "sales.asp"
elseif Session ("MM_UserAuthorization") = "Direct" then
MM_redirectloginSuccess = "Direct.asp"
elseif Session ("MM_UserAuthorization") = "HR" then
MM_redirectloginSuccess = "HR.asp"
else
MM_redirectLoginSuccess ="?Action=Failed" End if
if CStr(Request.QueryString("accessdenied")) <> "" And false Then
MM_redirectLoginSuccess = Request.QueryString("accessdenied")
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginSuccess)
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginFailed)
End If
%>
Untitled Document
| |
|