Redirect after login based on Access Level

[Dougsie]

Hi All

I have been working through the tutorial on
[url]http://dmxzone.com/showDetail.asp?TypeId=28&NewsId=7645[/url] to try and work out how
to redirect a user to a page based on their access level (E.G. people with
acces level 1 go to page1.asp with access level 2 go to page2.asp). I have
worked through the tutorial but as soon as I insert the code to redirect the
user it starts to go wrong. When I try to signin the username and password are
not recognised. The txtfields and database fields are all linked correctly
because as soon as I remove the redirect code it works as it should.

The redirect code is as follows:

' redirect user based on Access level
If Session("MM_UserAuthorization") = "2" Then
MM_redirectLoginSuccess = "../AccessLevel1.asp"
ElseIf Session("MM_UserAuthorization") = "3" Then
MM_redirectLoginSuccess = "../AccessLevel2.asp"
Else MM_redirectLoginSuccess = "?Action=Failed"
End If

The complete code is at the bottom of this message

Any help would be greatly appreciated as I can't see were I am going wrong..

Cheers....Doug

<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" +
Server.HTMLEncode(Request.QueryString)
MM_valUsername=CStr(Request.Form("txtUsername"))
If MM_valUsername <> "" Then
MM_fldUserAuthorization="AccessLevelId"
MM_redirectLoginSuccess="welcome.asp"
MM_redirectLoginFailed="default.asp?Action=Failed"
MM_flag="ADODB.Recordset"
set MM_rsUser = Server.CreateObject(MM_flag)
MM_rsUser.ActiveConnection = MM_ConMiddlehavenResources_STRING
MM_rsUser.Source = "SELECT FldUsername, FldPassword, UserId"
If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source &
"," & MM_fldUserAuthorization
MM_rsUser.Source = MM_rsUser.Source & " FROM TblUsers WHERE FldUsername='" &
Replace(MM_valUsername,"'","''") &"' AND FldPassword='" &
Replace(Request.Form("txPassword"),"'","''") & "'"
MM_rsUser.CursorType = 0
MM_rsUser.CursorLocation = 2
MM_rsUser.LockType = 3
MM_rsUser.Open
If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
' username and password match - this is a valid user
Session("MM_Username") = MM_valUsername
If (MM_fldUserAuthorization <> "") Then
Session("MM_UserAuthorization") =
CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization ).Value)
Else
Session("MM_UserAuthorization") = ""
End If

' redirect user based on Access level (added by Doug)
If Session("MM_UserAuthorization") = "2" Then
MM_redirectLoginSuccess = "../AccessLevel1.asp"
ElseIf Session("MM_UserAuthorization") = "3" Then
MM_redirectLoginSuccess = "../AccessLevel2.asp"
Else MM_redirectLoginSuccess = "?Action=Failed"
End If

if CStr(Request.QueryString("accessdenied")) <> "" And false Then
MM_redirectLoginSuccess = Request.QueryString("accessdenied")
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginSuccess)
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginFailed)
End If
%>

[Darklomba]

I think there's and End If missing in the code you're inserting.

Try that.