This is probably really simple but I have hardly any experience with classic ASP Syntax. Basically I have login statement. Shown below:
<%if session("AccountID") = "0" or session("AccountID")="" then%>
<%
If request.form("SmPress") = "Pressed" Then
dim SQLVerifyEmail
SQLVerifyEmail = "SELECT * FROM Users WHERE UserName= '"&killchars(request.form("UserName"))&"' and Password = '"&killchars(request.form("Password"))&"' AND Status = 'A' AND Deleted = 'no' "
set RSVerifyEmail = MyConn.execute(SQLVerifyEmail)
If RSVerifyEmail.EOF Then
response.write ("<span class=loginerror>Incorrect login details.</span><br>")
Else
LastLogin2 = "UPDATE Users SET LastLogin = Convert(datetime,'"&now()&"',103) WHERE AccountID = '"&RSVerifyEmail("AccountID")&"' "
MyConn.execute(LastLogin2)
session("admin") = RSVerifyEmail("admin")
session("AccountID") = RSVerifyEmail("AccountID")
response.redirect "profile.asp"
End if
End if
%>
All I want to do is split it, so that if the session = admin it redirects to profile.asp, but if it is equal to an account ID then redirect to profile-user.asp. I tried the following but it through loads of errors:
ElseIF
LastLogin2 = "UPDATE Users SET LastLogin = Convert(datetime,'"&now()&"',103) WHERE AccountID = '"&RSVerifyEmail("AccountID")&"' "
MyConn.execute(LastLogin2)
session("admin") = RSVerifyEmail("admin") Then
response.redirect "profile.asp"
Else
session("AccountID") = RSVerifyEmail("AccountID")
response.redirect "profile-user.asp"
End if
End if
%>
Where am I going wrong?
Assuming you only set RSVerifyEmail("admin") = "True" on the admin profiles in your database: Give this a try:
<% if session("AccountID") = "0" or session("AccountID") = "" then %>
<%
If request.form("SmPress") = "Pressed" Then
dim SQLVerifyEmail
SQLVerifyEmail = "SELECT * FROM Users WHERE UserName= '"&killchars(request.form("UserName"))&"' and Password = '"&killchars(request.form("Password"))&"' AND Status = 'A' AND Deleted = 'no' "
set RSVerifyEmail = MyConn.execute(SQLVerifyEmail)
If RSVerifyEmail.EOF Then
response.write ("<span class=loginerror>Incorrect login details.</span><br>")
Else
LastLogin2 = "UPDATE Users SET LastLogin = Convert(datetime,'"&now()&"',103) WHERE AccountID = '"&RSVerifyEmail("AccountID")&"' "
MyConn.execute(LastLogin2)
' // Set only for admin session only for admins
IF RSVerifyEmail("admin") = "True" Then
RedirectWho = "admin"
session("admin") = RSVerifyEmail("admin")
Else
RedirectWho = "user"
End if
session("AccountID") = RSVerifyEmail("AccountID")
End if
set RSVerifyEmail = Nothing
' // redirect the logged in user or admin
If RedirectWho = "admin" Then
response.redirect "profile.asp"
ElseIf RedirectWho = "user" Then
response.redirect "profile-user.asp"
End if
End if
%>