Problem with ASP - possibly Request.Querystring()

M

Max

Hello. This is the first time I've posted to a newsgroup, and I do
this because I'm in desperate need of help.
I'm working a user management system, and when I activate a user that
has registered to my system, the current admin user logged in gets
logged out.
I can't seem to work out how - I can't even trace back where some of
the variables are coming from (for example, the "ref" part of the
Request.QueryString method).

Could someone please tell me (by email) where my problem is? Thank you
kindly.

This is the page that gets called when an admin user clicks on the
"Activate User" link (and after this page, I've included the page
which links to this page via the "Activate User" link):-

<!--#include file="inc_common.asp" -->
<!--#include file="inc_viewuser.asp" -->
<!--#include file="inc_validatecode.asp" -->
<% Server.Execute("a_header.asp") %>
<%
If Request.QueryString("ref") <> "logout" AND rs_viewuser("status") =
"Pending" AND rs_viewuser("authority") = "user" Then
Response.Redirect("logout.asp?userCode=" &
Request.QueryString("userCode") & "&redir=activate")
%><title>1</title>
<%
Else
code = rs_viewuser("code")
If isCodeValid = True AND Request.QueryString("auth") = "admin" Then
Set RS = Server.CreateObject ("ADODB.RecordSet")
Sql = "SELECT * FROM tbl_authors WHERE code='" & code & "'"
RS.Open Sql,adoCon,2,3
RS("authority") = "admin"
RS.Update
RS.Close
%><title>2</title>
<%
ElseIf isCodeValid = True AND (Request.QueryString("ref") = "logout"
or str_users_authority = "admin") Then
Set RS = Server.CreateObject ("ADODB.RecordSet")
Sql = "SELECT * FROM tbl_authors WHERE code='" & code & "'"
RS.Open Sql,adoCon,2,3
RS("status") = "Active"
RS.Update
RS.Close
%><title><%=ref%></title>
<%
End If
%>
<title><%=pageTitle%> .:. Activate User</title>

<% If isCodeValid = false Then %>
<p align="center">The user code entered was not valid. Please try
again.
</p>
<% ElseIf rs_viewuser("code") = "Active" Then %>
<p align="center"><b><%=str_name%></b>Your account is already active!
&nbsp;<a href="default.asp">Click
here</a> to view your account info.
</p>
<% ElseIf rs_viewuser("code") <> "Disabled" AND str_users_authority <>
"admin" Then %>
<p align="center">Thank you, <%=str_name%>! &nbsp; Your account is now
active. &nbsp; <a href="login.asp">Click
here</a> to log in.
</p>
<% ElseIf rs_viewuser("code") <> "Disabled" AND str_users_authority =
"admin" Then %>
<p align="center">Thank you! &nbsp; <%=str_name%>'s account is now
active. &nbsp; <a href="javascript:history.go(-1)">Click
here</a> to go back.
</p>
<% Else %>
<div align="center">
<center>
<table border="0" cellpadding="0" cellspacing="0"
style="border-collapse: collapse" bordercolor="#111111" width="100%">
<tr>
<td colspan="2">
<p align="center">Your account has been suspended.&nbsp; If you
believe your account should
be active, please <a href="mailto:<%=adminEmail%>">email the
Webmaster</a>.</td>
</tr>
<tr>
<td height="8" colspan="2"></td>
</tr>
<tr>
<td colspan="2">
<p align="center">Reason(s) for suspension:</td>
</tr>
<tr>
<td height="8" colspan="2"></td>
</tr>
<tr>
<td width="25%" height="1"></td>
<td width="75%" height="1">
<ul>
<li><b><%=str_users_suspensionreason%></b></li>
</ul>
</td>
</tr>
</table>
</center>
</div>
<% End If %>
<% End If %>
<% Server.Execute("a_footer.asp") %>




*****This is the page that links to the above page:-*****

<!--#include file="inc_common.asp" -->
<!--#include file="inc_checklogin.asp" -->
<!--#include file="inc_userlist.asp" -->
<% Server.Execute("a_header.asp") %>
<%
If str_users_authority = "user" Then
Response.Redirect("noentry.asp?entryType=noAdmin")
ElseIf str_users_name = "" Then
Response.Redirect("noentry.asp")
Else
%>

<title><%=pageTitle%> .:. <%=str_users_name%> - Viewing User
List</title>
<table border="0" cellpadding="0" cellspacing="0"
style="border-collapse: collapse" bordercolor="#111111" width="100%"
height="14">
<tr>
<td width="100%" height="14">
<img border="0" src="images/user-list.gif"></td>
</tr>
</table>
<br>
<div align="center">
<center>
<table border="0" cellpadding="0" cellspacing="0"
style="border-collapse: collapse" bordercolor="#111111" width="100%">
<tr>
<td width="700">
<!-- Begin inner set of tables -->
<p><b>Active Users</b></p>
<div align="left">
<table border="1" cellpadding="0" cellspacing="1"
style="border-collapse: collapse" bordercolor="<%=tableColor%>"
width="100%">
<tr>
<th width="35%" bgcolor="<%=tableColor%>"
class="sortLink"><a href="userlist.asp?orderType=name&ascDescType=desc"><img
src="images/arrow-down.gif" alt="Sort by Username Descending"
width="10" height="10" border="0"></a>
Username <a
href="userlist.asp?orderType=name&ascDescType=asc"><img
src="images/arrow-up.gif" alt="Sort by Username Ascending" width="10"
height="10" border="0"></a></th>
<th width="20%" bgcolor="<%=tableColor%>"
class="sortLink"> <a
href="userlist.asp?orderType=authority&ascDescType=desc"><img
src="images/arrow-down.gif" alt="Sort by Authority Descending"
width="10" height="10" border="0"></a>
Authority <a
href="userlist.asp?orderType=authority&ascDescType=asc"><img
src="images/arrow-up.gif" alt="Sort by Authority Ascending"
width="10" height="10" border="0"></a></th>
<th width="45%" bgcolor="<%=tableColor%>">Options</th>
</tr>
<%
While not rs_userlist.EOF
If rs_userlist("status") = "Active" Then
%>
<tr>
<td width="35%"><a href="viewprofile.asp<% If
rs_userlist("code") <> str_users_code Then
%>?mode=viewUser&userCode=<%=rs_userlist("code")%><% End If
%>"><%=rs_userlist("name")%></a>&nbsp;</td>
<td width="20%"><% If rs_userlist("authority") = "admin"
Then %>
Administrator <% ElseIf rs_userlist("authority") =
"mod" Then %>
Moderator <% ElseIf rs_userlist("authority") = "user"
Then %>
User <% End If %></td>
<td width="45%"> <p align="center"><a
href="updateprofile.asp<% If rs_userlist("code") <> str_users_code
Then %>?userCode=<%=rs_userlist("code")%><% End If %>">
Edit Profile</a>
<% If rs_userlist("code") <> str_users_code Then %>
| <a
href="deleteuser.asp?userCode=<%=rs_userlist("code")%>"
onclick="return confirm('Are you SURE you want to delete this
user?')">Delete
User</a>
<% End If %>
</td>
</tr>
<%
End If
rs_userlist.MoveNext()
WEnd
%>
</table>
</div>
<p><b>Pending Users</b></p>
<div align="left">
<table border="1" cellpadding="0" cellspacing="1"
style="border-collapse: collapse" bordercolor="<%=tableColor%>"
width="100%">
<tr>
<th width="35%" bgcolor="<%=tableColor%>">Username</th>
<th width="20%" bgcolor="<%=tableColor%>">Authority</th>
<th width="45%" bgcolor="<%=tableColor%>">Options</th>
</tr>
<%
iCount = 0
rs_userlist.MoveFirst()
While not rs_userlist.EOF
If rs_userlist("status") = "Pending" Then
iCount = iCount + 1
%>
<tr>
<td width="35%"><a
href="viewprofile.asp?mode=viewUser&userCode=<%=rs_userlist("code")%>"><%=rs_userlist("name")%></a>&nbsp;</td>
<td width="20%"><% If rs_userlist("authority") = "mod"
Then %>
Moderator <% ElseIf rs_userlist("authority") = "user"
Then %>
User <% End If %></td>
<td width="45%"> <p align="center"><a
href="activate.asp?userCode=<%=rs_userlist("code")%>">
Activate User</a> | <a
href="updateprofile.asp?userCode=<%=rs_userlist("code")%>">Edit
Profile</a> | <a
href="deleteuser.asp?userCode=<%=rs_userlist("code")%>"
onclick="return confirm('Are you SURE you want to delete this
user?')">
Delete User</a></td>
</tr>
<%
End If
rs_userlist.MoveNext()
WEnd
%>
<% If iCount = 0 Then %>
<tr>
<td width="35%">No pending users found</td>
<td width="20%"></td>
<td width="45%"></td>
</tr>
<% End If %>
</table>
</div>
<p><b>Suspended Users</b></p>
<div align="left">
<table border="1" cellpadding="0" cellspacing="1"
style="border-collapse: collapse" bordercolor="<%=tableColor%>"
width="100%">
<tr>
<th width="35%" bgcolor="<%=tableColor%>">Username</th>
<th width="20%" bgcolor="<%=tableColor%>">Authority</th>
<th width="45%" bgcolor="<%=tableColor%>">Options</th>
</tr>
<%
iCount = 0
rs_userlist.MoveFirst()
While not rs_userlist.EOF
If rs_userlist("status") = "Disabled" Then
iCount = iCount + 1
%>
<tr>
<td width="35%"><a
href="viewprofile.asp?mode=viewUser&userCode=<%=rs_userlist("code")%>"><%=rs_userlist("name")%></a>&nbsp;</td>
<td width="20%"><% If rs_userlist("authority") = "mod"
Then %>
Moderator <% ElseIf rs_userlist("authority") = "user"
Then %>
User <% End If %></td>
<td width="45%"> <p align="center"><a
href="updateprofile.asp?userCode=<%=rs_userlist("code")%>">
Edit Profile</a> | <a
href="deleteuser.asp?userCode=<%=rs_userlist("code")%>"
onclick="return confirm('Are you SURE you want to delete this
user?')">
Delete User</a></td>
</tr>
<%
End If
rs_userlist.MoveNext()
WEnd
%>
<% If iCount = 0 Then %>
<tr>
<td width="35%">No suspended users found</td>
<td width="20%"></td>
<td width="45%"></td>
</tr>
<% End If %>
</table>
</div>
<%
'Close adoCon and rs_userlist
rs_userlist.Close
set rs_userlist = Nothing
%>
<td>&nbsp;
</table>
</div>
<!-- End inner set of tables -->
</td>
</tr>
</table>
</center>
</div>
<% Server.Execute("a_footer.asp") %>
<% End If %>
 
M

MD WebsUnlimited.com

What is in the includes? What is in the global.asa?

--
Mike -- FrontPage MVP '97-'02
http://www.websunlimited.com
FrontPage Add-ins Since '97 2003 / 2002 / 2000 Compatible
----------------------------------------------------------------------------
--------------------
If you think I'm doing a good job, let MS know at (e-mail address removed)

Max said:
Hello. This is the first time I've posted to a newsgroup, and I do
this because I'm in desperate need of help.
I'm working a user management system, and when I activate a user that
has registered to my system, the current admin user logged in gets
logged out.
I can't seem to work out how - I can't even trace back where some of
the variables are coming from (for example, the "ref" part of the
Request.QueryString method).

Could someone please tell me (by email) where my problem is? Thank you
kindly.

This is the page that gets called when an admin user clicks on the
"Activate User" link (and after this page, I've included the page
which links to this page via the "Activate User" link):-

<!--#include file="inc_common.asp" -->
<!--#include file="inc_viewuser.asp" -->
<!--#include file="inc_validatecode.asp" -->
<% Server.Execute("a_header.asp") %>
<%
If Request.QueryString("ref") <> "logout" AND rs_viewuser("status") =
"Pending" AND rs_viewuser("authority") = "user" Then
Response.Redirect("logout.asp?userCode=" &
Request.QueryString("userCode") & "&redir=activate")
%><title>1</title>
<%
Else
code = rs_viewuser("code")
If isCodeValid = True AND Request.QueryString("auth") = "admin" Then
Set RS = Server.CreateObject ("ADODB.RecordSet")
Sql = "SELECT * FROM tbl_authors WHERE code='" & code & "'"
RS.Open Sql,adoCon,2,3
RS("authority") = "admin"
RS.Update
RS.Close
%><title>2</title>
<%
ElseIf isCodeValid = True AND (Request.QueryString("ref") = "logout"
or str_users_authority = "admin") Then
Set RS = Server.CreateObject ("ADODB.RecordSet")
Sql = "SELECT * FROM tbl_authors WHERE code='" & code & "'"
RS.Open Sql,adoCon,2,3
RS("status") = "Active"
RS.Update
RS.Close
%><title><%=ref%></title>
<%
End If
%>
<title><%=pageTitle%> .:. Activate User</title>

<% If isCodeValid = false Then %>
<p align="center">The user code entered was not valid. Please try
again.
</p>
<% ElseIf rs_viewuser("code") = "Active" Then %>
<p align="center"><b><%=str_name%></b>Your account is already active!
&nbsp;<a href="default.asp">Click
here</a> to view your account info.
</p>
<% ElseIf rs_viewuser("code") <> "Disabled" AND str_users_authority <>
"admin" Then %>
<p align="center">Thank you, <%=str_name%>! &nbsp; Your account is now
active. &nbsp; <a href="login.asp">Click
here</a> to log in.
</p>
<% ElseIf rs_viewuser("code") <> "Disabled" AND str_users_authority =
"admin" Then %>
<p align="center">Thank you! &nbsp; <%=str_name%>'s account is now
active. &nbsp; <a href="javascript:history.go(-1)">Click
here</a> to go back.
</p>
<% Else %>
<div align="center">
<center>
<table border="0" cellpadding="0" cellspacing="0"
style="border-collapse: collapse" bordercolor="#111111" width="100%">
<tr>
<td colspan="2">
<p align="center">Your account has been suspended.&nbsp; If you
believe your account should
be active, please <a href="mailto:<%=adminEmail%>">email the
Webmaster</a>.</td>
</tr>
<tr>
<td height="8" colspan="2"></td>
</tr>
<tr>
<td colspan="2">
<p align="center">Reason(s) for suspension:</td>
</tr>
<tr>
<td height="8" colspan="2"></td>
</tr>
<tr>
<td width="25%" height="1"></td>
<td width="75%" height="1">
<ul>
<li><b><%=str_users_suspensionreason%></b></li>
</ul>
</td>
</tr>
</table>
</center>
</div>
<% End If %>
<% End If %>
<% Server.Execute("a_footer.asp") %>




*****This is the page that links to the above page:-*****

<!--#include file="inc_common.asp" -->
<!--#include file="inc_checklogin.asp" -->
<!--#include file="inc_userlist.asp" -->
<% Server.Execute("a_header.asp") %>
<%
If str_users_authority = "user" Then
Response.Redirect("noentry.asp?entryType=noAdmin")
ElseIf str_users_name = "" Then
Response.Redirect("noentry.asp")
Else
%>

<title><%=pageTitle%> .:. <%=str_users_name%> - Viewing User
List</title>
<table border="0" cellpadding="0" cellspacing="0"
style="border-collapse: collapse" bordercolor="#111111" width="100%"
height="14">
<tr>
<td width="100%" height="14">
<img border="0" src="images/user-list.gif"></td>
</tr>
</table>
<br>
<div align="center">
<center>
<table border="0" cellpadding="0" cellspacing="0"
style="border-collapse: collapse" bordercolor="#111111" width="100%">
<tr>
<td width="700">
<!-- Begin inner set of tables -->
<p><b>Active Users</b></p>
<div align="left">
<table border="1" cellpadding="0" cellspacing="1"
style="border-collapse: collapse" bordercolor="<%=tableColor%>"
width="100%">
<tr>
<th width="35%" bgcolor="<%=tableColor%>"
class="sortLink"><a href="userlist.asp?orderType=name&ascDescType=desc"><img
src="images/arrow-down.gif" alt="Sort by Username Descending"
width="10" height="10" border="0"></a>
Username <a
href="userlist.asp?orderType=name&ascDescType=asc"><img
src="images/arrow-up.gif" alt="Sort by Username Ascending" width="10"
height="10" border="0"></a></th>
<th width="20%" bgcolor="<%=tableColor%>"
class="sortLink"> <a
href="userlist.asp?orderType=authority&ascDescType=desc"><img
src="images/arrow-down.gif" alt="Sort by Authority Descending"
width="10" height="10" border="0"></a>
Authority <a
href="userlist.asp?orderType=authority&ascDescType=asc"><img
src="images/arrow-up.gif" alt="Sort by Authority Ascending"
width="10" height="10" border="0"></a></th>
<th width="45%" bgcolor="<%=tableColor%>">Options</th>
</tr>
<%
While not rs_userlist.EOF
If rs_userlist("status") = "Active" Then
%>
<tr>
<td width="35%"><a href="viewprofile.asp<% If
rs_userlist("code") <> str_users_code Then
%>?mode=viewUser&userCode=<%=rs_userlist("code")%><% End If
%>"><%=rs_userlist("name")%></a>&nbsp;</td>
<td width="20%"><% If rs_userlist("authority") = "admin"
Then %>
Administrator <% ElseIf rs_userlist("authority") =
"mod" Then %>
Moderator <% ElseIf rs_userlist("authority") = "user"
Then %>
User <% End If %></td>
<td width="45%"> <p align="center"><a
href="updateprofile.asp<% If rs_userlist("code") <> str_users_code
Then %>?userCode=<%=rs_userlist("code")%><% End If %>">
Edit Profile</a>
<% If rs_userlist("code") <> str_users_code Then %>
| <a
href="deleteuser.asp?userCode=<%=rs_userlist("code")%>"
onclick="return confirm('Are you SURE you want to delete this
user?')">Delete
User</a>
<% End If %>
</td>
</tr>
<%
End If
rs_userlist.MoveNext()
WEnd
%>
</table>
</div>
<p><b>Pending Users</b></p>
<div align="left">
<table border="1" cellpadding="0" cellspacing="1"
style="border-collapse: collapse" bordercolor="<%=tableColor%>"
width="100%">
<tr>
<th width="35%" bgcolor="<%=tableColor%>">Username</th>
<th width="20%" bgcolor="<%=tableColor%>">Authority</th>
<th width="45%" bgcolor="<%=tableColor%>">Options</th>
</tr>
<%
iCount = 0
rs_userlist.MoveFirst()
While not rs_userlist.EOF
If rs_userlist("status") = "Pending" Then
iCount = iCount + 1
%>
<tr>
<td width="35%"><a
Click to expand...
 
K

Kevin Spencer

Your best bet would be to ask the person who wrote the code.

--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
Big things are made up
of lots of little things.

Max said:
Hello. This is the first time I've posted to a newsgroup, and I do
this because I'm in desperate need of help.
I'm working a user management system, and when I activate a user that
has registered to my system, the current admin user logged in gets
logged out.
I can't seem to work out how - I can't even trace back where some of
the variables are coming from (for example, the "ref" part of the
Request.QueryString method).

Could someone please tell me (by email) where my problem is? Thank you
kindly.

This is the page that gets called when an admin user clicks on the
"Activate User" link (and after this page, I've included the page
which links to this page via the "Activate User" link):-

<!--#include file="inc_common.asp" -->
<!--#include file="inc_viewuser.asp" -->
<!--#include file="inc_validatecode.asp" -->
<% Server.Execute("a_header.asp") %>
<%
If Request.QueryString("ref") <> "logout" AND rs_viewuser("status") =
"Pending" AND rs_viewuser("authority") = "user" Then
Response.Redirect("logout.asp?userCode=" &
Request.QueryString("userCode") & "&redir=activate")
%><title>1</title>
<%
Else
code = rs_viewuser("code")
If isCodeValid = True AND Request.QueryString("auth") = "admin" Then
Set RS = Server.CreateObject ("ADODB.RecordSet")
Sql = "SELECT * FROM tbl_authors WHERE code='" & code & "'"
RS.Open Sql,adoCon,2,3
RS("authority") = "admin"
RS.Update
RS.Close
%><title>2</title>
<%
ElseIf isCodeValid = True AND (Request.QueryString("ref") = "logout"
or str_users_authority = "admin") Then
Set RS = Server.CreateObject ("ADODB.RecordSet")
Sql = "SELECT * FROM tbl_authors WHERE code='" & code & "'"
RS.Open Sql,adoCon,2,3
RS("status") = "Active"
RS.Update
RS.Close
%><title><%=ref%></title>
<%
End If
%>
<title><%=pageTitle%> .:. Activate User</title>

<% If isCodeValid = false Then %>
<p align="center">The user code entered was not valid. Please try
again.
</p>
<% ElseIf rs_viewuser("code") = "Active" Then %>
<p align="center"><b><%=str_name%></b>Your account is already active!
&nbsp;<a href="default.asp">Click
here</a> to view your account info.
</p>
<% ElseIf rs_viewuser("code") <> "Disabled" AND str_users_authority <>
"admin" Then %>
<p align="center">Thank you, <%=str_name%>! &nbsp; Your account is now
active. &nbsp; <a href="login.asp">Click
here</a> to log in.
</p>
<% ElseIf rs_viewuser("code") <> "Disabled" AND str_users_authority =
"admin" Then %>
<p align="center">Thank you! &nbsp; <%=str_name%>'s account is now
active. &nbsp; <a href="javascript:history.go(-1)">Click
here</a> to go back.
</p>
<% Else %>
<div align="center">
<center>
<table border="0" cellpadding="0" cellspacing="0"
style="border-collapse: collapse" bordercolor="#111111" width="100%">
<tr>
<td colspan="2">
<p align="center">Your account has been suspended.&nbsp; If you
believe your account should
be active, please <a href="mailto:<%=adminEmail%>">email the
Webmaster</a>.</td>
</tr>
<tr>
<td height="8" colspan="2"></td>
</tr>
<tr>
<td colspan="2">
<p align="center">Reason(s) for suspension:</td>
</tr>
<tr>
<td height="8" colspan="2"></td>
</tr>
<tr>
<td width="25%" height="1"></td>
<td width="75%" height="1">
<ul>
<li><b><%=str_users_suspensionreason%></b></li>
</ul>
</td>
</tr>
</table>
</center>
</div>
<% End If %>
<% End If %>
<% Server.Execute("a_footer.asp") %>




*****This is the page that links to the above page:-*****

<!--#include file="inc_common.asp" -->
<!--#include file="inc_checklogin.asp" -->
<!--#include file="inc_userlist.asp" -->
<% Server.Execute("a_header.asp") %>
<%
If str_users_authority = "user" Then
Response.Redirect("noentry.asp?entryType=noAdmin")
ElseIf str_users_name = "" Then
Response.Redirect("noentry.asp")
Else
%>

<title><%=pageTitle%> .:. <%=str_users_name%> - Viewing User
List</title>
<table border="0" cellpadding="0" cellspacing="0"
style="border-collapse: collapse" bordercolor="#111111" width="100%"
height="14">
<tr>
<td width="100%" height="14">
<img border="0" src="images/user-list.gif"></td>
</tr>
</table>
<br>
<div align="center">
<center>
<table border="0" cellpadding="0" cellspacing="0"
style="border-collapse: collapse" bordercolor="#111111" width="100%">
<tr>
<td width="700">
<!-- Begin inner set of tables -->
<p><b>Active Users</b></p>
<div align="left">
<table border="1" cellpadding="0" cellspacing="1"
style="border-collapse: collapse" bordercolor="<%=tableColor%>"
width="100%">
<tr>
<th width="35%" bgcolor="<%=tableColor%>"
class="sortLink"><a href="userlist.asp?orderType=name&ascDescType=desc"><img
src="images/arrow-down.gif" alt="Sort by Username Descending"
width="10" height="10" border="0"></a>
Username <a
href="userlist.asp?orderType=name&ascDescType=asc"><img
src="images/arrow-up.gif" alt="Sort by Username Ascending" width="10"
height="10" border="0"></a></th>
<th width="20%" bgcolor="<%=tableColor%>"
class="sortLink"> <a
href="userlist.asp?orderType=authority&ascDescType=desc"><img
src="images/arrow-down.gif" alt="Sort by Authority Descending"
width="10" height="10" border="0"></a>
Authority <a
href="userlist.asp?orderType=authority&ascDescType=asc"><img
src="images/arrow-up.gif" alt="Sort by Authority Ascending"
width="10" height="10" border="0"></a></th>
<th width="45%" bgcolor="<%=tableColor%>">Options</th>
</tr>
<%
While not rs_userlist.EOF
If rs_userlist("status") = "Active" Then
%>
<tr>
<td width="35%"><a href="viewprofile.asp<% If
rs_userlist("code") <> str_users_code Then
%>?mode=viewUser&userCode=<%=rs_userlist("code")%><% End If
%>"><%=rs_userlist("name")%></a>&nbsp;</td>
<td width="20%"><% If rs_userlist("authority") = "admin"
Then %>
Administrator <% ElseIf rs_userlist("authority") =
"mod" Then %>
Moderator <% ElseIf rs_userlist("authority") = "user"
Then %>
User <% End If %></td>
<td width="45%"> <p align="center"><a
href="updateprofile.asp<% If rs_userlist("code") <> str_users_code
Then %>?userCode=<%=rs_userlist("code")%><% End If %>">
Edit Profile</a>
<% If rs_userlist("code") <> str_users_code Then %>
| <a
href="deleteuser.asp?userCode=<%=rs_userlist("code")%>"
onclick="return confirm('Are you SURE you want to delete this
user?')">Delete
User</a>
<% End If %>
</td>
</tr>
<%
End If
rs_userlist.MoveNext()
WEnd
%>
</table>
</div>
<p><b>Pending Users</b></p>
<div align="left">
<table border="1" cellpadding="0" cellspacing="1"
style="border-collapse: collapse" bordercolor="<%=tableColor%>"
width="100%">
<tr>
<th width="35%" bgcolor="<%=tableColor%>">Username</th>
<th width="20%" bgcolor="<%=tableColor%>">Authority</th>
<th width="45%" bgcolor="<%=tableColor%>">Options</th>
</tr>
<%
iCount = 0
rs_userlist.MoveFirst()
While not rs_userlist.EOF
If rs_userlist("status") = "Pending" Then
iCount = iCount + 1
%>
<tr>
<td width="35%"><a
Click to expand...
 
M

Max A

Hi Mike, below are the includes used in the 2 asp files that I posted.
My web app doesn't have a global.asa.

Thanks for your help.

***inc_common.asp***
<%
If isCommonCreated <> True Then
'Set the script timeout in seconds
Server.ScriptTimeout = 90

'Set Dimension Variables
Dim strDataBasePath 'Holds the path to the database
Dim cString 'Holds the connection string
Dim adoCon 'Holds the ado connection
Dim strSQL 'Holds SQL string

'Set the variable to hold an ADO connection
Set adoCon = Server.CreateObject("ADODB.Connection")

'----------------------------------------------------------------------
--------------
'Change this value to the path of the database
strDataBasePath = "users.mdb"
'----------------------------------------------------------------------
--------------

'Connection string for the database
'If the following line does not work comment it out with a ' at the
start of the line and uncomment another string
cString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" &
Server.MapPath(strDataBasePath)

'Uncomment this connection string if you are using Access Database 2000
or 2002
'cString = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" &
Server.MapPath(strDataBasePath)

'Uncomment this connection string if you are using a DSN (note: DSN is
slower than the above connection strings)
'cString = "DSN=NAME_OF_DSN"
'Replace the NAME_OF_DSN with the DSN

adoCon.Open cString

'Request the users details

'Set the variable to the value in the users cookie
str_userscode = Request.Cookies("Login")("userCode")

'If the users code is not empty then
IF str_userscode <> "" THEN
'Create a new record set
Set rsUserLog = Server.CreateObject("ADODB.RecordSet")

'Set the new sql string
StrSql="SELECT * FROM tbl_authors WHERE code='" & str_userscode & "';"

'Open the recordset and execute the sql
rsUserLog.open StrSql,cString

'If there is no record matching the users cookie details then set the
vairbales to empty
If rsUserLog.EOF Then
Response.cookies("Login")("userCode") = ""
'If there is a record to match then
Else
'Set the database values to variables
str_users_name = rsUserLog("name")
str_users_password = rsUserLog("pass")
str_users_fullname = rsUserLog("fullname")
str_users_email = rsUserLog("email")
str_users_phone = rsUserLog("phone")
str_users_department = rsUserLog("department")
str_users_authority = rsUserLog("authority")
str_users_date = rsUserLog("signupdate")
str_users_code = rsUserLog("code")
str_users_status = rsUserLog("status")
str_users_suspensionreason = rsUserLog("suspensionreason")
End If

'Close and clean up
rsUserLog.Close
set rsUserLog = Nothing

'If users code is empty then user is a Guest
Else
Response.cookies("Login")("userCode") = ""
End If

'-----------------------------------------------------------------------
---------------------
'This section finds all information about the style of the webpage so it
can be displayed.

'Create a new record set
set rsPageAttributes = Server.CreateObject("ADODB.RecordSet")

'Set the new sql string
pageSql = "SELECT * FROM tbl_admin"

'Open the recordset and execute the sql
rsPageAttributes.open pageSql,cString

adminEmail = rsPageAttributes("adminEmail")
bgColor = rsPageAttributes("bgColor")
tableColor = rsPageAttributes("tableColor")
menuColor = rsPageAttributes("menuColor")
fontColor = rsPageAttributes("fontColor")
fontFace = rsPageAttributes("fontFace")
fontSize = rsPageAttributes("fontSize")
fontWeight = rsPageAttributes("fontWeight")
aLinkColor = rsPageAttributes("aLinkColor")
aLinkUnderline = rsPageAttributes("aLinkUnderline")
aLinkWeight = rsPageAttributes("aLinkWeight")
aHoverColor = rsPageAttributes("aHoverColor")
aHoverUnderline = rsPageAttributes("aHoverUnderline")
aHoverWeight = rsPageAttributes("aHoverWeight")
menuLinkColor = rsPageAttributes("menuLinkColor")
menuLinkHoverColor = rsPageAttributes("menuLinkHoverColor")
pageTitle = rsPageAttributes("siteTitle")
homePage = rsPageAttributes("homePage")
mailServer = rsPageAttributes("mailHost")
mailType = rsPageAttributes("mailType")
sendConfEmail = rsPageAttributes("sendConfEmail")
errorColor = rsPageAttributes("errorColor")

'Close and clean up
rsPageAttributes.Close
set rsPageAttributes = Nothing

'-----------------------------------------------------------------------
---------------------
Else
Dim isCommonCreated
isCommonCreated = True
End If
'-----------------------------------------------------------------------
---------------------
'Function to print header logo
Function printLogo
'Create a new record set
set rsPrintLogo = server.createobject("ADODB.RecordSet")

'Set the new sql string
logoSql = "SELECT * FROM tbl_admin"

'Open the recordset and execute the sql
rsPrintLogo.open logoSql,cString

binaryLogo = rsPrintLogo("headerLogo")

'Close and clean up
rsPrintLogo.Close
Set rsPrintLogo = Nothing
printLogo = rsPrintLogo
End Function
'-----------------------------------------------------------------------
---------------------

'-----------------------------------------------------------------------
---------------------
'Function to return the state of adoCon in a string value
Function GetState(intState)
Select Case intState
Case 0
GetState = "adStateClosed"
Case 1
GetState = "adStateOpen"
End Select
'Syntax: GetState(adoCon.state)
End Function
'-----------------------------------------------------------------------
---------------------
%>


***inc_viewuser.asp***
<%
Function rs_viewuser(desField)
'Create new SQL string
If Request.QueryString("userCode") <> "" Then
viewuserSQL = "SELECT * FROM tbl_Authors WHERE code='" &
Request.QueryString("userCode") & "'"
Else
viewuserSQL = "SELECT * FROM tbl_Authors WHERE code='" &
str_users_code & "'"
End If

'Create a new recordsheet
Set RS = Server.CreateObject ("ADODB.RecordSet")

'Open the record sheet and execute SQL
RS.Open viewuserSQL,cString
retField = RS(desField)
RS.Close
Set RS = Nothing

rs_viewuser = retField
End Function

Function getUserCode(username, email)

'Create new SQL string
viewuserSQL = "SELECT * FROM tbl_authors WHERE name='" & username & "'
AND email='" & email & "'"

'Create a new recordsheet
Set RS = Server.CreateObject ("ADODB.RecordSet")

'Open the record sheet and execute SQL
RS.Open viewuserSQL,cString
If RS.EOF Then
retCode = ""
Else
retCode = RS("code")
End If
RS.Close
Set RS = Nothing

getUserCode = retCode
End Function
%>


***inc_validatecode.asp***
<%
Dim str_code
str_code = Request.QueryString("userCode")
Dim isCodeValid
Dim str_status, str_name

'Create new SQL string
validateSQL = "SELECT * FROM tbl_Authors WHERE code = '" & str_code &
"'"

'Create a new recordsheet
Set rs_validate = Server.CreateObject ("ADODB.RecordSet")

'Open the record sheet and execute SQL
rs_validate.open validateSQL,adoCon

'If the code is not a valid on then set isCodeValid to false
If rs_validate.EOF _
Or rs_validate.BOF Then
isCodeValid = false
Else
isCodeValid = true
str_status = rs_validate("status")
str_name = rs_validate("name")
str_authority = rs_validate("authority")
End If

'Close adoCon and rs_validate
set rs_validate = Nothing
%>


***inc_checklogin.asp***
<%
Dim str_code
str_code = Request.cookies("Login")("userCode")

'Create new SQL string
strSQL = "SELECT code " & _
"FROM tbl_Authors WHERE name='" & str_users_name & "' AND
code='" & str_code & "' AND pass='" & str_users_password & "'"

'Create a new recordsheet
Set rs_check = Server.CreateObject ("ADODB.RecordSet")

'Open the record sheet and execute SQL
rs_check.open strSQL,adoCon

If rs_check.EOF OR rs_check.BOF Then
Response.Redirect "noentry.asp"
End If
%>


***inc_userlist.asp***
<%
orderType = Request.QueryString("orderType")
ascDescType = Request.QueryString("ascDescType")
If orderType <> "name" AND orderType <> "authority" Then
orderType = "signupdate"
End If
If ascDescType <> "DESC" Then
ascType = "ASC"
End If

'Create new SQL string
validateSQL = "SELECT * FROM tbl_Authors ORDER BY " & orderType & " " &
ascDescType

'Create a new recordsheet
Set rs_userlist = Server.CreateObject ("ADODB.RecordSet")

'Open the record sheet and execute SQL
rs_userlist.open validateSQL,adoCon
%>
 
D

David C. Holley

First, you need only post to one newsgroup.
Second, EVERYTIME you SET an object variable you need to SET it to
NOTHING (SET rs = NOTHING) before the script ends.
Third, in glancing through the code, I didn't see anything that would
UPDATE the admin user's account. Please post back and explain the
process by which a user is logged out AND what you mean by the ADMIN
user is logged out. Need some clarity.

David H
(Also, its not neccessary to post all of your code.)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Uncaught ReferenceError: item is not defined at HTMLButtonElement.onclick in the: <button onclick="item.inserir()">Inserir dados</button> 1
Can someone tell me if this a real tracker? Or is it one designed to show you a different message at certain times, ie. acting like one? 0
Having trouble centering contents of td ? 3
Image shifts to the right when export the page to pdf 4
Help with my responsive home page 2
I am using 2 loops, 1 for input and 1 for td. Can we achieve the same functionality with 1 loop in Jquery? 4
Nested Loop Insert Page Break 1
Sort by number of characters 1

Members online

Total: 25 (members: 2, guests: 23)
Robots: 402

Forum statistics

Threads
473,755
Messages
2,569,536
Members
45,020
Latest member
GenesisGai

Latest Threads

Top