hello!

lads and lass's that use the log in features in dw ultradev and mx, this may come in useful.

i've been looking for a way i can log a user into a site and then find out all there info based on they user id. the problem with the login server behavior in ultra dev and mx is you loose all the info from the form etc cos the form submits to itself. also the sql is set up to select only the 'username', 'password' and 'level' columns (if your defining an access level that is).

so a bit of mucking around and i think i got a way round. look at your log in page and find the line:

MM_rsUser.Source = "SELECT USERNAME, PASSWORD"

and change it so the sql grabs the id column too:

MM_rsUser.Source = "SELECT USERID, USERNAME, PASSWORD"

then look for the line:

if CStr(Request.QueryString("accessdenied")) <> "" And false Then
MM_redirectLoginSuccess = Request.QueryString("accessdenied")
End If

and add the line:

Session("userid") = MM_rsUser.Fields.Item("USERID").Value

which should start a session called 'userid' based on the column 'USERID' based on the username and password.

then you can request it on your next pages as:

<%= Session("userid") %>

this can be used for a record set or what ever.

this is working for my site at the moment (which is cool!) but if anyone can see any serious security flaws etc in it, it would be great if they could let me know.

hope this helps out there,

have kool weekends,

jake


---
You are currently subscribed to activeserverpages as: [email protected]
To unsubscribe send a blank email to [EMAIL PROTECTED]

Reply via email to