Hi, trying to set up this fictional e-commerce website here, and I'm having trouble with sending users with specific permissions to different sections of the website when they try to log in. For example, an Admin would be sent to an Admin page, while a user would be set elsewhere.
IF typeID = 1 then
Session("fail") = false
Session("login") = false
Session("admin") = true
Response.Redirect("admin.aspx")
ELSE IF typeID = 2 then
Session("fail") = false
Session("login") = true
Session("admin") = false
Response.Redirect("loginconfirm.aspx")
ELSE
Session("fail") = true
Session("login") = false
Session("admin") = false
Response.Redirect("login.aspx")
END IF
What I'm trying to do is to, once a username and password have been verified as existing, the code will read the typeID value, and send them to the right page, and assign a session.
However, I have no clue how to pull in the typeID value from the Database using VB. I'm fairly certain I need to use a Dim to declare the variable, but I don't really know how to work it:
<%
Dim typeID
typeID=
%>
Any help would be greatly appriciated!typeID is a value indicate what kind of user that is. am I safe to assume that typeID is also stored at ur sql table?
if so... modify your sql select statement a little bit, and typeID will = to whatever that field u got from ur sql table.typeID is a value indicate what kind of user that is. am I safe to assume that typeID is also stored at ur sql table?
if so... modify your sql select statement a little bit, and typeID will = to whatever that field u got from ur sql table.
Yeah, I probably should have said that.
typeID is a text value in my SQL Table. I use 1 and 2 (1 being admin, 2 being user)
I'm not entirely sure what you mean by modifying the SQL statement. I'm fairly certain it should be reading the values of all the fields associated with the found record.
Here's the SQL, just incase I am wrong:
SELECT * FROM users WHERE username = ? AND password = ?
Here's where my "?"s come from:
<Parameters>
<Parameter Name="@username" Value='<%# IIf((Request.Form("username") <> Nothing), Request.Form("username"), "") %>' Type="WChar" />
<Parameter Name="@password" Value='<%# IIf((Request.Form("password") <> Nothing), Request.Form("password"), "") %>' Type="WChar" />
</Parameters>i hope this suggestion won't cause any major change on ur programming. but i personally perfer to use the 3-tier architect:
interface (aspx/code-behind) <-> object (custom cs file or vb) <-> db (sql)
i would have an object (lets call that verifyLogin.cs) with few methods.
1 method (will call isVerify() )
and 1 method (will call typeIDis() )
public class verifyLogin(string username, string password) {//constructor
private int typeID
public bool isVerify(string username, string password){
//all sql look up goes here
typeID = reader["typeID"];
if found, return true;
else return false;
}
public int typeIDis(){return typeID}
}// end class
in ur aspx-code behind page, u create an object using ur text boxes (username/password) as input....
int typeID;
verifyLogin vl = new verifyLogin(txtusername.text, txtpw.text);
if vl.isVerify() {
//now u know user succesffully login
typeID = vl.typeIDis();
//go to whereever u need to go
}
else {//fail login, go somewhere else}
IF typeID = 1 then
Session("fail") = false
Session("login") = false
Session("admin") = true
Response.Redirect("admin.aspx")
ELSE IF typeID = 2 then
Session("fail") = false
Session("login") = true
Session("admin") = false
Response.Redirect("loginconfirm.aspx")
ELSE
Session("fail") = true
Session("login") = false
Session("admin") = false
Response.Redirect("login.aspx")
END IF
What I'm trying to do is to, once a username and password have been verified as existing, the code will read the typeID value, and send them to the right page, and assign a session.
However, I have no clue how to pull in the typeID value from the Database using VB. I'm fairly certain I need to use a Dim to declare the variable, but I don't really know how to work it:
<%
Dim typeID
typeID=
%>
Any help would be greatly appriciated!typeID is a value indicate what kind of user that is. am I safe to assume that typeID is also stored at ur sql table?
if so... modify your sql select statement a little bit, and typeID will = to whatever that field u got from ur sql table.typeID is a value indicate what kind of user that is. am I safe to assume that typeID is also stored at ur sql table?
if so... modify your sql select statement a little bit, and typeID will = to whatever that field u got from ur sql table.
Yeah, I probably should have said that.
typeID is a text value in my SQL Table. I use 1 and 2 (1 being admin, 2 being user)
I'm not entirely sure what you mean by modifying the SQL statement. I'm fairly certain it should be reading the values of all the fields associated with the found record.
Here's the SQL, just incase I am wrong:
SELECT * FROM users WHERE username = ? AND password = ?
Here's where my "?"s come from:
<Parameters>
<Parameter Name="@username" Value='<%# IIf((Request.Form("username") <> Nothing), Request.Form("username"), "") %>' Type="WChar" />
<Parameter Name="@password" Value='<%# IIf((Request.Form("password") <> Nothing), Request.Form("password"), "") %>' Type="WChar" />
</Parameters>i hope this suggestion won't cause any major change on ur programming. but i personally perfer to use the 3-tier architect:
interface (aspx/code-behind) <-> object (custom cs file or vb) <-> db (sql)
i would have an object (lets call that verifyLogin.cs) with few methods.
1 method (will call isVerify() )
and 1 method (will call typeIDis() )
public class verifyLogin(string username, string password) {//constructor
private int typeID
public bool isVerify(string username, string password){
//all sql look up goes here
typeID = reader["typeID"];
if found, return true;
else return false;
}
public int typeIDis(){return typeID}
}// end class
in ur aspx-code behind page, u create an object using ur text boxes (username/password) as input....
int typeID;
verifyLogin vl = new verifyLogin(txtusername.text, txtpw.text);
if vl.isVerify() {
//now u know user succesffully login
typeID = vl.typeIDis();
//go to whereever u need to go
}
else {//fail login, go somewhere else}