<% Response.Buffer = true %>
<%
Session("DatabasePath") = "Path to your database"
If Request.Form("btnLogin") = "Login" AND Request.Form("txtName") <> "" _
AND Request.Form("txtPassword") <> "" Then
'-- Declare your variables
Dim DataConnection, cmdDC, RecordSet
Dim RecordToEdit, Updated, strUserName, strPassword
strUserName = Request.Form("txtName")
strPassword = Request.Form("txtPassword")
'-- Create object and open database
Set DataConnection = Server.CreateObject("ADODB.Connection")
DataConnection.Open "DRIVER={Microsoft Access Driver (*.mdb)};" & _
"DBQ=" & Session("DatabasePath") & ";"
Set cmdDC = Server.CreateObject("ADODB.Command")
cmdDC.ActiveConnection = DataConnection
...
%>
<%
'-- default SQL
SQL = "SELECT * FROM tblSecurity"
If Request.Form("name") <> "" Then
SQL = "SELECT tblSecurity.* FROM tblSecurity WHERE " & _
"tblSecurity.userID='LoveMyBirds" & strUserID & "' AND " & _
"tblSecurity.password ='Parrotsfly" & strPassword & _
"' OR tblSecurity.email ='" & strEmail & "'"
End If
cmdDC.CommandText = SQL
Set RecordSet = Server.CreateObject("ADODB.Recordset")
'-- Cursor Type, Lock Type
'-- ForwardOnly 0 - ReadOnly 1
'-- KeySet 1 - Pessimistic 2
'-- Dynamic 2 - Optimistic 3
'-- Static 3 - BatchOptimistic 4
RecordSet.Open cmdDC, , 0, 2
...
<%
If Not RecordSet.EOF Then
Dim struserLevel
struserLevel = RecordSet.Fields("userLevel")
Session("userLevel") = struserLevel
Else
'The user was not validated...
'Take them to a page which tells them they were not validated...
Response.Redirect "https://seipr.angelfire.com/Images/Registration.html"
End If
End If
%>
<%
If Session("userLevel") < 'desired access level' Then
Response.Redirect "upgrade.asp?" & Request.ServerVariables("SCRIPT_NAME")
End If
%>