Hello everyone! I just figured out how to set a cookie and everything, now Im working on making certain pages that are the users updatable by them.
Now I think I have set the cookie, what I want to do on my fake blog site is make it so that if someone is logged on they can update there webspace and only their webspace. The cookie should have the users ID_no in it, I want to make an IF THEN statement saying, "if the cookie IDnumber is the same as the page IDnumber then display update button. Make sense? here is my code:
Login:
<html>
Login<head>
<body text="black">
<font face="arial">
<center>
<%
If request("error")="1" then
response.write "Your username was not found in our database<br>"
End if
If request("error")="2" then
response.write "Your password did not match<br>"
End if
If request("error")="3" then
response.write "You must supply both a username and password<br>"
End if
%>
<br>
Please use your username and password to login to our secure area.<br>
<form method="post" action="verify.asp" name="form">
Username: <input type="text" name="username">
Password: <input type="password" name="password">
<input type="submit" name="submit" value="submit">
</form>
</font>
</center>
</body>
and the Verify page:
<%
Dim DatabaseConn
Dim RecordSet
Dim strSQL
Dim foundIt
Dim objConn
Dim password
Dim username
Set DatabaseConn = Server.CreateObject("ADODB.Connection")
DatabaseConn.Open "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath("profile.mdb")
Set RecordSet = Server.CreateObject("ADODB.Recordset")
strSQL = "SELECT personal.username, personal.password, personal.ID_no, * FROM personal"
RecordSet.Open strSQL, DatabaseConn
username=trim(request.form("username"))
password=trim(request.form("password"))
If username = "" or password = "" then
response.redirect ("login.asp?error=3")
End If
foundIt=False
Do Until RecordSet.EOF OR foundIt
If (StrComp(RecordSet("username"), username, vbTextCompare) = 0) Then
foundIt=True
Else
RecordSet.MoveNext
End If
Loop
If Not foundIt Then
RecordSet.Close
Set RS = Nothing
objConn.Close
Set objConn = Nothing
response.redirect("login.asp?error=1")
End If
If Not (StrComp(RecordSet("password"), password, vbBinaryCompare) = 0) Then
RecordSet.Close
Set RecordSet = Nothing
objConn.Close
Set objConn = Nothing
Response.Redirect("login.asp?error=2")
Else Session("Valid") = Request("username")
End If
%>
<%
ID=RecordSet("ID_no")
Response.Cookies("ID") = RecordSet("ID_no")
%>
<%Response.Redirect("welcome.asp?ID=" & RecordSet("ID_no"))%>
Code on updatable pages:
<%
Dim DatabaseConn
Dim RecordSet
Dim strSQL
Dim RecordNo
RecordNo = (Request.QueryString("ID"))
Set DatabaseConn = Server.CreateObject("ADODB.Connection")
DatabaseConn.Open "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath("profile.mdb")
Set RecordSet = Server.CreateObject("ADODB.Recordset")
strSQL = "SELECT personal.* FROM personal WHERE ID_no=" & RecordNo &""
RecordSet.CursorType = 2
RecordSet.LockType = 3
RecordSet.Open strSQL, DatabaseConn
%>
<!---------------------------------Page Start------------------------------------->
<html>
<body text="black" bgcolor="<%=RecordSet("bgColor")%>">
<center>
<table width="600" cellpadding="0" cellspacing="0" border="0">
<tr>
<td align="right">
<font face="arial" size="2">
<form name="form" action="update.asp" method="post">
<input type="hidden" name="ID_no" value="<% = RecordSet("ID_no")%>">
<%
Response.Buffer=TRUE
if Request.Cookies("ID") <> "ID_no" then
%>
<input type="submit" name="Submit" value="Update">
<% else %>
</form>
this is only the header, I know how to write an If then statement I just need to know how to make Cookie match with the id of the site and if it doesnt just display the page.
Thanks
Fidelity88
