<% on error resume next 'universal login for instructors and students 'created 10/11 Anil Kumar 'anil.kumar@asu.edu sMsg=""&request.QueryString("msg") if request.ServerVariables("REQUEST_METHOD")="POST" then dim objConn if IsEmpty(objConn) then open_db() '****************************************************************************************************** 'Attention: we must add the sqlSafe function here to convert the mark "'". Otherwise, when the people type anything including "'" as username, ' they can login to our system even without typing in a password, this is a security problem. So this function is necessary. ' Commented By Ziwen Guo, Dec 2002. '****************************************************************************************************** sUser=sqlSafe(trim(request.Form("username"))) 'LOGIC: '************************************************ 'first check [user] database for login 'if login does not exist 'check [instructors] database 'if username still does not exist 'send an error message back to user. '************************************************ set rs1=Server.CreateObject("ADODB.Recordset") 'first query to [user] SQL1="SELECT * FROM [user] WHERE UserName = '" & sUser & "'" 'response.Write objConn & SQLQuery rs1.Open SQL1,objConn,adOpenKeyset if (not rs1.EOF) and (not rs1.BOF) then '=========================================================== 'username found in [user].. so authenticate it if trim(request.Form("password"))=trim(rs1("password")) then 'set session variables and blah blah.. if open_stud_doors()=true then if (rs1("presurvey_completion")=true) or (rs1("Code")="guest") then response.Redirect "stud/pickmodule.asp" else response.Redirect "../enroll/email.asp?SrvOnly=1" end if end if else sMsg=sMsg& "Login Unsuccessful. Please check your username and password and try again.
" end if else '============================================================ 'username not found in [user] so query [instructors] 'first close the recordset set rs2=Server.CreateObject("ADODB.Recordset") 'next query to [instructors] SQL2="SELECT * FROM [instructors] WHERE Name = '" & sUser & "'" 'response.Write objConn & SQLQuery rs2.Open SQL2,objConn,adOpenKeyset if (not rs2.EOF) and (not rs2.BOF) then 'username found in [instructors].. so authenticate it if trim(request.Form("password"))=trim(rs2("password")) then 'set session variables and blah blah.. select case rs2("privilege") case 1 if open_admin_doors()=true then response.Redirect "admin/" end if case else if open_instr_doors()=true then response.Redirect "instr/" end if end select else sMsg=sMsg& "Login Unsuccessful. Please check your username and password and try again.
" end if else sMsg=sMsg& "Login Unsuccessful. Please check your username and password and try again.
" end if end if end if %>
<%=sMsg%>

Please type in your Username and Password, then hit the ENTER button
Username:
Password:
(Case Sensitive)
Forgot your password, click here.
Don't Have an Account? Click Here.
<% function open_stud_doors() Session("LoggedIn")=true Session("UserName")=rs1("username") Session("usrFname")=rs1("firstname") Session("usrLname")=rs1("lastname") Session("FullName")=rs1("firstname")& " " &rs1("lastname") Session.Timeout=60 open_stud_doors=true end function function open_instr_doors() Session("LoggedIn")=true Session("UserName")=rs2("name") Session("FullName")=rs2("FullName") Session("InstructorID")=rs2("instructorID") Session("usertype")="instr" Session.Timeout=60 set rsInst1=Server.CreateObject("ADODB.Recordset") SQLInst1="SELECT DISTINCT(InstitutionID) FROM InstitutionInstructor WHERE InstructorID=" & rs2("InstructorID") rsInst1.open SQLInst1,objConn,adOpenKeyset if not rsInst1.eof then Session("affiliated")=true open_instr_doors=true end function function open_admin_doors() Session("LoggedIn")=true Session("UserName")=rs2("name") Session("FullName")=rs2("FullName") Session("InstructorID")=rs2("instructorID") Session("usertype")="admin" Session.Timeout=240 open_admin_doors=true end function %>