I am now a very proud owner of "The Spooky Login".

Amazing enough I understand it and best of all I got it to work all by myself (the emails too!)!! This means if I could do it anyone can!!!!

Nonetheless, I have a question. On this site that I am designing there in an area called My Area. I am going to use this page, and the pages that go with it, when a user decides to log in.

Correct me if I am wrong. If I enable cookies and if the user leaves the area but stays on the site he could go back to those pages without having to log on again. Is this True or False.

If it is True then I'm ok. If its false then how do I make this occur.

Secondly, I cannot seem to figure out how the user gets assined an access level. How is that done? If and when this is clear to me can the following situation occur, if so, how?

The user logs on to My Area. He then browses around the site and decides to access a page that has an access level of 3. Since he also has this access level he MUST enter his User Name and password again to access this page. When he is done there the session for the access level 3 should end but not the session for the My Area.

I hope I explained what I would like to do clearly enough.

Dealer58

------------------
<script language = SimpleLogic>
{IF <At first you don't succeed,
THEN
(try,try again)OnWork
=SUCCESS>
ELSE;
IF <At first you don't succeed,
THEN
(forget it)OnSnap
=FAILURE>
End IF}
</script>

1) If a user logs in, as long as they are within your domain, they will continue to have access, whether they use cookies or not. They shouldnt need to log in again.
They are using a session which identifies them for the duration of their visit.
If cookies are enabled and are part of the login protection script, the user doesnt necessarily need to login, but will continue to have access to all pages (as they have logged in previously and a cookie was set)

2) You need to manually assign an access level if it required.
The reason is, if you allow self registration, how do you tell what level to give what user? you cant, so they all get a blank level.
You can go back and change the self registrations to give an access level, or enter them yourself if registrations are entered manually by you.

So a person with access level 1 or 3 can enter pages like so :

If Session("AccessLevel") = "1" OR Session("AccessLevel") = "3" then....

But only a person with a level of 3 can enter this page :

If Session("AccessLevel") = "3" then....

------------------
§þððk¥
"I am Spooky of Borg. Prepare to be assimilated, babycakes!"
Subscribe to OutFront News
Database / DRW Q & A
The Spooky Login!

Fortunately (at least for now) I am not going to need alot of access levels. At registration I want ALL users to have the Session variable for the My Area and 1 extra access level which we will call "Access Level 3". I'm pretty sure I know how to protect the pages. How do I "go back and change the self registrations to give an access level of 3" to every user?

Since I do not need all of these levels, just one besides the regular session variable, could a solution be to just assign 3 as a default for the Access Level field in the DB?

OR

Since I'm going to be using the e-mail authentication feature to activate the registarion can the Access Level of 3 be entered into the DB field when the user replys to the email.(preffered) If so, how?

Also, once this is accomlished, I want the Access Level 3 Session to end when the user exits the page. If he wants to Access the page with Access level 3 again then he'll have to re-enter his User Name and Password.
The question here is when he leaves the page is this how I end the Access Level 3 Session or is the syntax going to be different. I know that this syntax goes on the very bottom of the page, but is it correct.
<%Session("AccessLevel") = "3".abandon%>

Dealer58

objRs.fields.item(9).value = "3"

To clear it after page access, you cant explicitly abandon one session, but you can null it.

<%Session("AccessLevel") = null %>
That should force a login next time you enter that page if the script is expecting "3" as the answer to accesslevel.

To clear all sessions, you do :

<%session.abandon%>

------------------
§þððk¥
"I am Spooky of Borg. Prepare to be assimilated, babycakes!"
Subscribe to OutFront News
Database / DRW Q & A
The Spooky Login!

OK. I think I can handle it but I haven't gotten to that point yet.

Also on the register.asp page you have "User Name" I want to change this to read User ID but I cannot find where it is. I do not want to change the field name to User ID I only want it to say User ID because that is how I describe it on the site. In other words I only want to change the label but I cannot find in the pages where that comes from.

Dealer58

Never mind. I found it! Tricky Tricky!!

Dealer58

Uh OH!

Here is what I have on the protected page. Mind you that the user has not logged in. He doesn't have to to get to this page (Problem?)

<%
Response.buffer=True
If Session("AccessLevel") = "3" Then
Response.redirect "/pages/scripts/message.asp?Redirect=" &Request.Servervariables("URL")
End if
%>

Also, anything that I type into the page before lets me get to the protected page, registered user or not and I don't even need a password!!!

What am I doing wrong?

Dealer58

This message thread is going to make it to the "flaming folder" I promise!!

I have successfully changed the login to go to the My Area with the inc_protection.asp, so it seems, but I think its okay. I had this page password protected before and with another thing I found on the net and it worked ok!

On this page I have a from with a hidden field. The login field is named UserName, I didn't change it. In the hidden field when I use the value <%=Request("UserName")%> or <%=Request.form("UserName")%> it doesn't pick it up like it did for me before. Why?

Dealer58

PS I also did not solve the previous problem. And, I am making a mess of something that pretty much was working before!!

I know that I will get it to work with your login. Please be patient with me The reason why I am changing is because I know that with your login (in the end) this will work great with all of the automatic emails that I need to generate. The other method couldn't do that. (Wait till we get to the emails. WHOOOOWEEEE!)

2) Youll only pick up those variables from a form output or from a named cookie.
I think you are using neither?
What you are after, is <%=Session("Username")%>

------------------
§þððk¥
"I am Spooky of Borg. Prepare to be assimilated, babycakes!"
Subscribe to OutFront News
Database / DRW Q & A
The Spooky Login!

I made the changes. I am okay with the login to the My Area. (Answer no. 2 Above).

Then I went to the page where I changed = to <>. I got in without having to put in a Username and password. Then I closed all of my browsers. I opend up a new browser and tried to access the page again without a username and password. I was redirected (that was good). Then I went to login to the My Area. Got in and went to the same page again that asks for a username and Password to get to the protected page with AccessLevel <> "3". I only hit the submit button, got an alert to put in a Username, hit ok on the alert and I got to the protected page!! This is what I don't want. I want to force another Username and password entry to get to the protected pages in AccessLevel<> 3.

If I can accomplish this I can go ahead and change all of my pages that need it (about a days work). Then I will attack the emailing part and bother you again I'm sure)

What to do?

Dealer58

What is the access level you have given the current username that you are using?

(We nearly have flames!)

I just checked the DB. The AccessLevels are all blank. I made the change you stated above. Here's how it looks.

objRs.fields.item(5).value = cBool(ShowEmail)
objRs.fields.item(6).value = T2 : Password = T2
If Mode = "Add" then objRs.fields.item(7).value = Now()
If Mode = "Update" then objRs.fields.item(8).value = Now()
objRs.fields.item(9).value = "3"

I can see that we'll go back and forth here while I try to explain what it is I want to do. Therefore to cut down time I am emailing you the IP address where I am testing this site from with futher info.

Dealer58

I now have all users getting a default value of 3 for the AccessLevel. I must have crossed files when I FTPd them in. The line:

objRs.fields.item(9).value = "3"

is working fine now.

Dealer58

Heres a separate question, same topic. When the Users Session is created does the Session (or can the Session) remeber things (forced) like the users Email address. If so can this be used in a page when the user hits a submit button to

a) send him an email with CDONTS

and/or

b) Send his email address in an email to someone else (e.g. the someone else is pre-defined in a template)

If this can be done how.

This is step one of I do not know how many more.

Dealer58

Thats the answer that I was looking for.

Step 2

The scenario will be the follwing:

There will be 2 emails and entry to a DB.

One email goes to the user.

The other email goes to another user who we know at this time because he is being carried through hidden form fields. His email address must be fetched from the DB. (Or I could re-write the previous pages and carry his email too)

To make it simple, for the time being (it gets tougher)we want to send a note to both users. The notes will say

"(Live User) has what you want"
"Here's his email address"
him@address.com

The other note will say

"Contact(Carried User)"
"Here's his email address"
him2@address.com

I have the script you emailed me earlier today and I understand it for the most part.

However, I want to create an email template that will accept info and then submit to the DB. Can you give me some more pointers and then I should have enough info to start fooling around with it. I've never done this before.

Thanks Again
Dealer58

Spooky,

Now that I think about it, its not a good idea for me to carry the other users email address in a hidden field. It can be seen in the source view and that is a no-no. I need to fetch it from the DB. While I've been learning this stuff (I've looked at alot of source views) I came across a hidden field of a guys Credit Card number!!!!

[This message has been edited by Dealer58 (edited 05-25-2001).]

If so, youll need to write that in vb like so:

sbody = "line 1" & vbCrlf (Visible Line break)
sBody = sBody & "Line 2" & vbCrlf
sBody = sBody & "Line 3" & vbCrlf ...etc

You would process all of the scripts on the same page.

GetUserInfo
GetSalesInfo
SendUserMail
SendSellerEmail
AddDatabaseRecord

All of course would need to be custom asp

------------------
§þððk¥
"I am Spooky of Borg. Prepare to be assimilated, babycakes!"
Subscribe to OutFront News
Database / DRW Q & A
The Spooky Login!

I am working on the email issue. I still don't know what I am doing yet so I won't ask any questions about this issue for the moment.

Okay, just one. Is there any where that I can look at some of this custom ASP scripting that might give me some pointers?

For the Protecting Pages issue I came up with something intersting, AND IT WORKS!
Here's what I did. Tell me if you see something that I don't that might cause me a problem.

I am using the Spooky login for the My Area. I am not assigning any UserLevels.

For my page with the 2 submit buttons. I kept my Password script and changed the DB connection to the Users table in your DB.

In my PW script on the protected page I had
Session("Password") = Pass
Session("Username") = Name

Now I have

Session("Password") = Pass
Session("Username") = Name
Session("AccessLevel") = "3"

At the bottom of the page I have

<%Session("AccessLevel") = null %>

Now what is happening is the following.

The user can do as he wishes at the item view page, logged in to the My Area or not!

If he is logged into the My Area he doesn't get past the item view without a Username and PW!

If he is logged in to the My Area and he accesses the protected pages after Item View the User Session doesn't end!!

If you still have the URL you can check it out.

I still have to change the redirect and confirmation pages but I'll do that while I figure out how to do the emails since the confirmation and the emails go together.

How am I doing??

Dealer 58

I just amazed myself and its all thanks to you!

I'm really learning this stuff and I haven't forgotten the other things you taught me. In fact I'm even able to build on them alone!

Not only do I have the scenario from my last post but now on the Itemview page, in the form on the bottom, If its sold: no fields & no buttons; If the user is not logged into the My Area: fields and buttons; and if the user is logged in to the My Area: "You are logged in as Username" and buttons!

Now I am ready to tackle the emails.

Thanks Again
Dealer58

Start the emails on a fresh page, without the interference of the other code (while testing) just to see what is happening.
You could probably use the email function I have in the login, you just need a valid template name and a valid x_email variable.
So its not impossible

------------------
§þððk¥
"I am Spooky of Borg. Prepare to be assimilated, babycakes!"
Subscribe to OutFront News
Database / DRW Q & A
The Spooky Login!