home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
bombers.k12.ar.us
/
bombers.k12.ar.us.tar
/
bombers.k12.ar.us
/
survey_unconfigured
/
LoginAction.asp
< prev
next >
Wrap
Text File
|
2006-10-25
|
5KB
|
107 lines
<!--#Include File="Include/Top_inc.asp"-->
<%
'***********************************************************************
' Application: SelectSurveyASP Advanced v8.1.11
' Author: Aaron Baril for ClassApps.com
' Page Description: This page works with Login.asp, and is the page that
' checks the user's password and logs the user into the
' application. A user is known to be logged into the
' application when the appropriate cookie has been set
' on his/her machine.
'
' COPYRIGHT NOTICE
'
' See attached Software License Agreement
'
' (c) Copyright 2002 - 2006 by ClassApps.com. All rights reserved.
'***********************************************************************
%>
<!--#Include File="Include/Config_inc.asp"-->
<!--#Include File="Include/Utility_inc.asp"-->
<!--#Include File="Include/adovbs_inc.asp"-->
<!--#Include File="Include/Constants_inc.asp"-->
<!--#Include File="Include/CurrentUser_inc.asp"-->
<!--#Include File="Include/SurveySecurity_inc.asp"-->
<%
Dim strSQL
Dim rsLogin
Dim flgValidLogin
Dim lngSecurityLevel
'Initialization
Set rsLogin = Server.CreateObject("ADODB.Recordset")
strSQL = "SELECT username, user_password, active_yn " & _
"FROM sur_user " & _
"WHERE username = " & SQLEncode(Request.Form("txtUserName")) & _
" AND user_password = " & SQLEncode(Request.Form("txtPassword"))
rsLogin.Open ConvertSQL(strSQL), SURVEY_APP_CONNECTION, adOpenForwardOnly, adLockReadOnly, adCmdText
'If there are no records returned, the login credentials were not valid
If rsLogin.EOF = True Then
flgValidLogin = False
Else
rsLogin.MoveFirst
'Make sure the user is active
If rsLogin("active_yn") = SUR_BOOLEAN_POSITIVE Then
flgValidLogin = True
Else
'Since the login failed due to an inactive account, set a cookie indicating inactive and
'redirect the user to the login page
Response.Cookies(SUR_APPLICATION_LOGIN_COOKIE)(SUR_COOKIE_LOGIN) = SUR_LOGIN_INACTIVE
'If the Survey ID or EID were passed to the login page as part of the querystring, include
'it when redirecting back to the Login page
If Len(Request.Form("SurveyID")) > 0 Then
Response.Redirect "Login.asp?SurveyID=" & Request.Form("SurveyID")
ElseIf Len(Request.Form("EID")) > 0 Then
Response.Redirect "Login.asp?EID=" & Request.Form("EID")
Else
Response.Redirect "Login.asp"
End If
End If
End If
rsLogin.Close
Set rsLogin = Nothing
'If the login was successful, create a cookie that indicates that the user has
'been validated successfully; otherwise, create a cookie that says that the login failed
If flgValidLogin = False Then
Response.Cookies(SUR_APPLICATION_LOGIN_COOKIE)(SUR_COOKIE_LOGIN) = SUR_LOGIN_FAILED
'Since the login failed, redirect the user to the login page.
'If the Survey ID or EID were passed to the login page as part of the querystring, include
'it when redirecting back to the Login page
If Len(Request.Form("SurveyID")) > 0 Then
Response.Redirect "Login.asp?SurveyID=" & Request.Form("SurveyID")
ElseIf Len(Request.Form("EID")) > 0 Then
Response.Redirect "Login.asp?EID=" & Request.Form("EID")
Else
Response.Redirect "Login.asp"
End If
Else 'Valid login
'Clear out the session when first logging in. This is necessary if a user accesses the application with
'report sharing or takes a survey anonymously, and then tries to log in.
Session.Abandon
Response.Cookies(SUR_APPLICATION_LOGIN_COOKIE)(SUR_COOKIE_LOGIN) = SUR_LOGIN_VALIDATED
Response.Cookies(SUR_APPLICATION_COOKIE)(SUR_USERNAME) = Request.Form("txtUserName")
'If a survey ID or EID were passed to this page, redirect the user to take that survey
If Len(Request.Form("SurveyID")) > 0 Then
Response.Redirect "TakeSurvey.asp?SurveyID=" & Request.Form("SurveyID")
ElseIf Len(Request.Form("EID")) > 0 Then
Response.Redirect "TakeSurvey.asp?EID=" & Request.Form("EID")
Else
'If the user is has "Create" or "Admin" permission, redirect to the MySurveysList page; otherwise, redirect to the
'TakeSurveyList page
lngSecurityLevel = GetSecurityLevel()
If lngSecurityLevel = SUR_SECURITY_LEVEL_CREATE Or lngSecurityLevel = SUR_SECURITY_LEVEL_ADMIN Then
Response.Redirect "SurveyList.asp"
Else
Response.Redirect SUR_APPLICATION_DEFAULT_HOME_PAGE
End If
End If
End If
%>