<%@ language=VBscript %> <% '********************************************* '* Filename: front_login.asp '* Montessori Homewood Project '* Copyright 2002 Carnegie Mellon University '* Bryan Valentini '* '********************************************* %> <% Response.Buffer = TRUE %> HMS Login Homewood Montessori

<% 'version of login, 1 for older students, 2 for younger students ' -1 value, version not set Dim versionLogin, database versionLogin = -1 'update login for either group by checking strings passed If(Request.QueryString("version")="1") Then versionLogin = 1 v1_start ElseIf(Request.QueryString("version")="2") Then versionLogin = 2 v2_start Else transfer "error.asp" End If %> <% ' VERSION OF LOGIN FOR OLDER STUDENTS ' VERSION 1 Sub v1_start() status = "INVALID" If Request.Form("Message") ="TRUE" and Request.Form("pwd1") <>"" Then validate Request.Form("user"), Request.Form("pwd1"), status If status = "INVALID" Then warning = "

Invalid Name or Password. Please try again.

" Else transfer "menu.asp" End If End If %>



  Student ID:

  Password:  


                  

<% Response.Write warning %>


<% End Sub 'END VERSION 1 %> <% ' VERSION OF LOGIN FOR YOUNGER STUDENTS ' VERSION 2 Sub v2_start() If(Request.Form("Phonetemp") <> "") Then validate "", Request.Form("Phonetemp"), status If(status="VALID") Then transfer "menu.asp" End If End If %> <% End Sub ' END VERSION 2 %> <% '<------------------------------- LOGIN FUNCTIONS ----------------------------->' Sub saveSessionVars(dbConn) Session("Auth") = "VERIFIED" Session("User") = dbConn("StudentID") Session("LastName") = dbConn("LastName") Session("FirstName") = dbConn("FirstName") Session("TeacherMail") = dbConn("TeacherMail") Session("EList") = "" End Sub Sub transfer(page) Response.Clear Response.Redirect(page) End Sub 'This function checks the variables for valid id information. Depending 'on the version, it will check the userID and passwd(for older students), 'or just the phone number(for younger students) for validity. For the younger 'students version of the login, the phone number is passed as the password. Sub validate(username, passwd, status) Dim oRS, oConn Set oRS = Server.CreateObject("ADODB.Recordset") Set oConn = Server.CreateObject("ADODB.Connection") oConn.ConnectionString = "Driver={Microsoft Access Driver (*.mdb)};DBQ=" & Server.MapPath(Application("student_records")) oConn.Open oRS.Open "SELECT * FROM Students", oConn, 2, 3 status = "INVALID" If(versionLogin = 1) Then oRS.Find "StudentID = '" & LCase(username) & "'" If oRS.EOF = FALSE Then If passwd = oRS("Password") Then status = "VALID" End If End If Else oRS.Find "Phone = '" & passwd & "'" 'Check if using proper login by looking at grade If oRS.EOF = FALSE Then If (Asc(oRS("Grade"))-48)>3 Then Response.Redirect("front_login.asp?version=1") End If status = "VALID" End If End If If(status="VALID") Then saveSessionVars(oRS) End If oRS.Close Set RS = Nothing oConn.Close Set oConn = Nothing End Sub %>