Its a simple login form that I have made using Classic ASP, where the user and the admin can login using the same form.
In the "Users" table in database I have created a field called "status" with DATA TYPE as BIT(i.e "0" or "1") value is accepted. By default value is "0" for every new registered user.
I have passed a query where if the status is "0" that particular User or Admin should be redirected to Authentication.asp page where he'll answer some questions and onclick of SUBMIT the status value in the database will be set to "1".
"1" indicates that user or admin has filled the authentication form and can be redirected to his desired page rather then redirecting him to Authentication.asp page.
For that I have used If-elseif-else statement. I rechecked it many times it doesn't seem that there is any thing missing with my if-else statements. But I'm always redirected to authentication page even if I manually entered "1" as the status in the status column in database. here's my code.
Session("Username")=request.form("user_name")
if request.Form("sub_but") <> "" then
sql = "SELECT * FROM Users WHERE UserName='"&request.form("user_name")&"' AND Password='"&request.form("pwd")&"'"
rs.open sql, con, 1, 2
if rs.EOF then
response.Write("<script language='javascript'>{attention_emp();}</script>")
else
if(rs("status")=1 & rs("login_type")="admin") then
Response.Redirect ("admin.asp")
elseif(rs("status")=1 & rs("login_type")="emp") then
response.Redirect("leave.asp")
else
response.Redirect("auth.asp")
end if
end if
rs.close
end if
Best Answer
Do not use "&" use the following:
In vbScript "&" is a string concatenation operator not a logical operator. Here is a list of vbScript operators.
EDIT also note that string comparisons are case sensitive. I've changed the comparison to convert the database output to lower case. This could also be a factor in your problem.
Also take note of @Mirko comment!!!
EDIT 2 To Clarify from comments
If you are still always getting redirected to the authentication page the actual cause needs to be determined. Hard coding the conditional statement should help rule it out as being the cause. Another method for debugging is to pull apart the statement instead of redirecting. See below:
This will help you determine what is true and what is false in you if and if/else statements. Once you have done that is should become clearer as to what is causing the behavior you are getting. Once you have isolated and fixed the problem, put back the redirect.