<%
if session("GLOBAL_STAFFID")="" then
response.Redirect("/default.asp?badlogin=2")
end if
%>
<?
if(!$_SESSION["GLOBAL_STAFFID"])
{
header("location: default.asp?badlogin=2");
}
?>
The session variable "GLOBAL_STAFFID" is created with this login script:
<%
User=request.form("u")
Psw=request.Form("p")
if User="" or psw="" then
response.Redirect("default.asp?badlogin=1")
end if
set db=server.CreateObject("ADODB.Connection")
SQL="SELECT StaffID, Paterno, Materno, Nombre FROM staff where user='" & user & "' and psw='" & psw & "'"
db.open "BDO"
set rs=db.execute(SQL)
if rs.bof and rs.eof then
db.close
session("GLOBAL_FULLNAME")=""
session("GLOBAL_STAFFID")=""
response.Redirect("default.asp?badlogin=1")
else
session("GLOBAL_FULLNAME")=rs("Paterno") & " " & rs("Materno") & " " & rs("Nombre")
session("GLOBAL_STAFFID")=rs("StaffID")
session.Timeout=10
db.close
response.Redirect("home.asp")
end if
%>
<?
$Usr=$_POST["u"];
$Psw=$_POST["p"];
if(!$Usr || !$Psw)
{
header("location: default.asp?badlogin=1");
}
// not sure the odbc syntax here, but a
// mysql query to authenticate would be something
// like this
$result=mysql_query("SELECT StaffID, Paterno, Materno, Nombre FROM staff where user='$Usr' and psw='$Psw'");
$num=mysql_numrows($result);
if($num < 1)
{
header("location: default.asp?badlogin=1");
}
else
{
header("location: home.asp");
}
?>
if you left off the "else" statement of this last bit of code, you can put this in the header of every page on your site and it will only redirect if the user has bad authentication.. this will prevent someone from going directly to home.asp
