This is strange... I simply access a database, check that the company, username, and password all exist, and that they are associated with other. If the user has admin permissions, I take him straight to the invoicing page, if not, then he can only access the 'enter time sheets' type screens... I accomplish this with a simple Response.Redirect
However, I'm getting a HTTP Error 405 - Resource not allowed page when I attempt to Response.Redirect to these pages (which definately exist). I'm running XP SP2, and running the development site on my laptop using IIS (http://localhost). I'm pretty sure that it's a permissions thing, not coding, because, if I run the script using the 'preview' feature of my favourite ASP editor (Absolute Edit - great Intellisense - even parses your include files and classes and Server.CreateObject objects!) it works!!! However, when I run it in IE, it breaks at the Response.Redirect lines. Can anyone suggest anything? I'm really banging my head against a wall here - Also, http://localhost has stopped working on my laptop - Normally when you run the default web site in IIS you get a really cool help system about ASP/IIS, but it's broken, with a 'permission denied' error at line 40 of localstart.asp (GetObject). Maybe these two things are related... Here's the code, just in case, but, as I said, it works in Absolute Edit's preview mode (presumably because it is making requests of IIS using my logged on (administrator) credentials - not IUSR). Any pointers GREATLY appreciated. I'll keep fiddling, but I've been playing with this for 2 days now, even spent 4 hours on a plane yesterday (until the battery died) flying between Tbilisi and London trying to get a simple damn Response.Redirect to work! HELP! Regards Mark Wills <!--#include file="connections/ts.asp"--> <% 'if logging in find client ID and client name associated with engineer that is logging in Dim objConn, objRS, SQL, objC,BadLogin, qs, url If Request.Form("submitted")="y" Then qs="&username=" & Request.Form("username") & "&company=" & Request.Form("company") Badlogin=False Set objConn=Server.CreateObject("ADODB.Connection") objConn.Open MM_ts_STRING SQL="SELECT ID,CompanyName FROM tblCompanies WHERE CompanyName='" & Request.Form("Company") & "'" _ & " AND CompanyActive='y'" Set objC=objConn.Execute(SQL) SQL="SELECT UserName,ID,ClientID,StartupScreen,UserLevel,CompanyID FROM tblUsers WHERE " _ & "UserName='" & Request.Form("username") & "' AND UserPassword='" _ & Request.Form("Password") & "' AND AccountActive='y'" Set objRS=objConn.Execute(SQL) *** NOTE: THESE RESPONSE.REDIRECTS WORK FINE!!!! ITS THE ONES AT THE END THAT DONT!!!! *** If (objC.Eof) Then Response.Redirect("default.asp?c=bad" & qs) If (objRS.Eof) Then Response.Redirect("default.asp?u=bad" & qs) If objC("ID")<>objRS("CompanyID") Then 'both the user and the company exist, but they aren't members of each other! Response.Redirect("default.asp?co=bad" & qs) End If 'if we get to here the user is authenticated... Session("MM_Username")=objRS("UserName") Session("MM_UserAuthorization")=objRS("UserLevel") Session("CompanyName")=objC("CompanyName") Session("CompanyID")=objC("ID") If objRS("UserLevel")="admin" OR objRS("UserLevel")="god" Then url="./invoicing/invoicing.asp" Else url="./timesheets/overview.asp" End If Set objRS=Nothing Set objC=Nothing objConn.Close Set objConn=Nothing Response.Redirect(url) End If %> http://www.natalie-merchant-online.com --------------------------------- How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos. Get Yahoo! Photos [Non-text portions of this message have been removed] --------------------------------------------------------------------- Home : http://groups.yahoo.com/group/active-server-pages --------------------------------------------------------------------- Post : [email protected] Subscribe : [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] --------------------------------------------------------------------- Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/active-server-pages/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
