db map




<html><head><title>Login</title></head>
<body bgcolor="A0B0F0" link="000000" vlink="404040">
<center>
<!-version 11jul02 sgadd wasoxygen@hotmail.com->
<br>
<br>
<%
'Response.Expires = -1000 'Makes the browser not cache this page
Response.Buffer = True 'Buffers the content so our Response.Redirect will work

Dim Error_Msg, strFormat
Dim Conn, cStr, sql, RS, username, userpwd

Set Conn = Server.CreateObject("ADODB.Connection")
cStr = "DRIVER={Microsoft Access Driver (*.mdb)};"
cStr = cStr & "DBQ=" & Server.MapPath("\wasoxygen\db\books.mdb") & ";"
Conn.Open(cStr)

login = Request.Form("login")

If login = "login_again" Then
  Session("UserLoggedIn") = ""
  ShowLogin
ElseIf login = "logout" Then
  Session("UserLoggedIn") = ""
  Response.Redirect "books.asp"
ElseIf login = "adduser" Then

  strFormat = "MM/DD/YYYY HH:MM"

  sql = "INSERT INTO tblReaders (ReaderName, ReaderPW, "
  sql = sql & "ReaderLogin, ReaderInfo, JoinDate, LastLogin, "
  sql = sql & "BrowserInfo) VALUES ("
  sql = sql & "'" & HandleQuotes(Request.Form("newname")) & "', "
  sql = sql & "'" & HandleQuotes(Request.Form("newpw")) & "', "
  sql = sql & "'" & HandleQuotes(Request.Form("newlogin")) & "', "
  sql = sql & "'" & HandleQuotes(Request.Form("newinfo")) & "', "
  sql = sql & "'" & Now & "', '" & Now & "', '"
  sql = sql & HandleQuotes(Request.ServerVariables("HTTP_USER_AGENT")) 
  sql = sql & "; " & HandleQuotes(Request.ServerVariables("REMOTE_ADDR")) 
  sql = sql & "; " & HandleQuotes(Request.ServerVariables("REMOTE_USER")) & "')"

  Conn.Execute(sql)
  
  sql = "SELECT ReaderID, ReaderName FROM tblReaders WHERE ReaderLogin = " 
  sql = sql & "'" & HandleQuotes(Request.Form("newlogin")) & "'"

  Set RS = Conn.Execute(sql)

  Session("UserLoggedIn") = "true"
  Session("UserID") = RS("ReaderID")
  Session("username") = RS("ReaderName")
  Session.Timeout = 90

  Conn.Close
  Set Conn = Nothing

  Response.Redirect "books.asp"

ElseIf login = "newuser" Then
  Session("UserLoggedIn") = ""
%>

Welcome to the Book List.
<br><br>
<form name=form3 action=login.asp method=post>
<table>
<tr>
<td>Login : </td><td><input type=text size=20 maxlength=20 name=newlogin></td>
<td><font size=-2>your username</font></td></tr>
<tr>
<td>Password : </td><td><input type=password size=20 maxlength=20 name=newpw></td>
<td><font size=-2>your password</font></td></tr>
<tr>
<td>Name : </td><td><input type=text size=20 maxlength=20 name=newname></td>
<td><font size=-2>your real name</font></td></tr>
<tr>
<td>Info : </td><td><input type=text size=20 maxlength=255 name=newinfo></td>
<td><font size=-2>optional nonsense</font></td></tr>
</table>
<input type=submit value="   OK   ">
<input type=hidden name="login" value="adduser">
</form>

<%
Else
    If Session("UserLoggedIn") = "true" Then
        AlreadyLoggedIn
    Else
        If login = "true" Then
            CheckLogin
        Else
            ShowLogin
        End If
    End If
End If

Conn.Close
Set Conn = Nothing

Sub ShowLogin
Response.Write(Error_Msg & "<br>")
%>
<table><tr>
<form name=form1 action=login.asp method=post>
<td>Login : </td><td><input type=text name=username></td>
</tr><tr>
<td>Password : </td><td><input type=password name=userpwd></td>
</tr><tr>
<td colspan=2 align=center>
<input type=hidden name=login value=true>
<input type=submit value="  Login  ">
</td>
</form>
</tr></table>

<script language=javascript>
	document.form1.username.focus();
</script>

<br><br>

<form name=form5 action=login.asp method=post>
<input type=hidden name=login value="newuser">
First time here?<br>
<input type=submit value="  Join!  ">
</form>
<%
End Sub


Sub AlreadyLoggedIn
%>
You are already logged in as <%= Trim(Session("username"))%>.<br>
Do you want to login as a different user?
<form name=form2 action=login.asp method=post>
<input type=submit name=button1 value='Yes'>
<input type=hidden name=login value='login_again'>
</form>
<%
End Sub


Sub CheckLogin
  username = Request.Form("username")
  userpwd = Request.Form("userpwd")

  sql = "select ReaderName, ReaderID from tblReaders where ReaderLogin = '" & LCase(username) & "'"
  sql = sql & " and ReaderPW = '" & LCase(userpwd) & "'"
  Set RS = Conn.Execute(sql)
  If RS.BOF And RS.EOF Then
    Error_Msg = "<font color=red>Login Failed. Try Again.</font>"
    ShowLogin
  Else
    Session("UserLoggedIn") = "true"
    Session("username") = RS("ReaderName")
    Session("UserID") = RS("ReaderID")

    sql = "UPDATE tblReaders SET LastLogin = '" & Now & "', "
    sql = sql & " BrowserInfo = '" 
    sql = sql & HandleQuotes(Request.ServerVariables("HTTP_USER_AGENT")) 
    sql = sql & ";" & HandleQuotes(Request.ServerVariables("REMOTE_ADDR")) 
    sql = sql & ";" & HandleQuotes(Request.ServerVariables("REMOTE_USER")) & "' "
    sql = sql & " WHERE ReaderID = " & RS("ReaderID")
    Conn.Execute(sql)
    
  End If

  Conn.Close
  Set Conn = Nothing

  Select Case Session("destination")
  Case "addbook"
    Response.Redirect "add.asp"
  Case "grid1"
    Response.Redirect "grid1.asp"
  Case "mygrid1"
    Response.Redirect "mygrid1.asp"
  Case Else
    Response.Redirect "books.asp"
  End Select
End Sub


Function HandleQuotes(strIn)
  HandleQuotes = Replace(strIn, "'", "''")
End Function
%>


<br><br>
<b><a href="books.asp">Main Page</a></b>
<br><br><br><br>
<font size=-3><a href="loginsrc.htm">source</a></font></center>
</body>
</html>