codice:<% ' *** Logout the current user. MM_Logout = CStr(Request.ServerVariables("URL")) & "?MM_Logoutnow=1" If (CStr(Request("MM_Logoutnow")) = "1") Then Session.Contents.Remove("MM_Username") Session.Contents.Remove("MM_UserAuthorization") MM_logoutRedirectPage = "index3.asp" ' redirect with URL parameters (remove the "MM_Logoutnow" query param). if (MM_logoutRedirectPage = "") Then MM_logoutRedirectPage = CStr(Request.ServerVariables("URL")) If (InStr(1, UC_redirectPage, "?", vbTextCompare) = 0 And Request.QueryString <> "") Then MM_newQS = "?" For Each Item In Request.QueryString If (Item <> "MM_Logoutnow") Then If (Len(MM_newQS) > 1) Then MM_newQS = MM_newQS & "&" MM_newQS = MM_newQS & Item & "=" & Server.URLencode(Request.QueryString(Item)) End If Next if (Len(MM_newQS) > 1) Then MM_logoutRedirectPage = MM_logoutRedirectPage & MM_newQS End If Response.Redirect(MM_logoutRedirectPage) End If %> <% ' *** Restrict Access To Page: Grant or deny access to this page MM_authorizedUsers="" MM_authFailedURL="amministrazione.asp" MM_grantAccess=false If Session("MM_Username") <> "" Then If (true Or CStr(Session("MM_UserAuthorization"))="") Or _ (InStr(1,MM_authorizedUsers,Session("MM_UserAuthorization"))>=1) Then MM_grantAccess = true End If End If If Not MM_grantAccess Then MM_qsChar = "?" If (InStr(1,MM_authFailedURL,"?") >= 1) Then MM_qsChar = "&" MM_referrer = Request.ServerVariables("URL") if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?" & Request.QueryString() MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" & Server.URLEncode(MM_referrer) Response.Redirect(MM_authFailedURL) End If %> <% Dim MM_editAction MM_editAction = CStr(Request.ServerVariables("SCRIPT_NAME")) If (Request.QueryString <> "") Then MM_editAction = MM_editAction & "?" & Server.HTMLEncode(Request.QueryString) End If ' boolean to abort record edit Dim MM_abortEdit MM_abortEdit = false %> <% If Not MM_abortEdit Then ' *** Validate request to log in to this site. MM_LoginAction = Request.ServerVariables("URL") If Request.QueryString <> "" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request.QueryString) MM_valUsername = CStr(Request.Form("user")) If MM_valUsername <> "" Then Dim MM_fldUserAuthorization Dim MM_redirectLoginSuccess Dim MM_redirectLoginFailed Dim MM_loginSQL Dim MM_rsUser Dim MM_rsUser_cmd MM_fldUserAuthorization = "" MM_redirectLoginSuccess = "amministrazione.asp" MM_redirectLoginFailed = "admerror.asp" MM_loginSQL = "SELECT [user], password" If MM_fldUserAuthorization <> "" Then MM_loginSQL = MM_loginSQL & "," & MM_fldUserAuthorization MM_loginSQL = MM_loginSQL & " FROM [user] WHERE [user] = ? AND password = ?" Set MM_rsUser_cmd = Server.CreateObject ("ADODB.Command") MM_rsUser_cmd.ActiveConnection = MM_db_STRING MM_rsUser_cmd.CommandText = MM_loginSQL MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param1", 200, 1, 100, MM_valUsername) ' adVarChar MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param2", 200, 1, 20, Request.Form("psw")) ' adVarChar MM_rsUser_cmd.Prepared = true Set MM_rsUser = MM_rsUser_cmd.Execute If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then ' username and password match - this is a valid user Session("MM_Username") = MM_valUsername If (MM_fldUserAuthorization <> "") Then Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value) Else Session("MM_UserAuthorization") = "" End If if CStr(Request.QueryString("accessdenied")) <> "" And false Then MM_redirectLoginSuccess = Request.QueryString("accessdenied") End If MM_rsUser.Close Response.Redirect(MM_redirectLoginSuccess) End If MM_rsUser.Close Response.Redirect(MM_redirectLoginFailed) End If End If %>
Rispondi quotando