M
Max
Hello. This is the first time I've posted to a newsgroup, and I do
this because I'm in desperate need of help.
I'm working a user management system, and when I activate a user that
has registered to my system, the current admin user logged in gets
logged out.
I can't seem to work out how - I can't even trace back where some of
the variables are coming from (for example, the "ref" part of the
Request.QueryString method).
Could someone please tell me (by email) where my problem is? Thank you
kindly.
This is the page that gets called when an admin user clicks on the
"Activate User" link (and after this page, I've included the page
which links to this page via the "Activate User" link):-
<!--#include file="inc_common.asp" -->
<!--#include file="inc_viewuser.asp" -->
<!--#include file="inc_validatecode.asp" -->
<% Server.Execute("a_header.asp") %>
<%
If Request.QueryString("ref") <> "logout" AND rs_viewuser("status") =
"Pending" AND rs_viewuser("authority") = "user" Then
Response.Redirect("logout.asp?userCode=" &
Request.QueryString("userCode") & "&redir=activate")
%><title>1</title>
<%
Else
code = rs_viewuser("code")
If isCodeValid = True AND Request.QueryString("auth") = "admin" Then
Set RS = Server.CreateObject ("ADODB.RecordSet")
Sql = "SELECT * FROM tbl_authors WHERE code='" & code & "'"
RS.Open Sql,adoCon,2,3
RS("authority") = "admin"
RS.Update
RS.Close
%><title>2</title>
<%
ElseIf isCodeValid = True AND (Request.QueryString("ref") = "logout"
or str_users_authority = "admin") Then
Set RS = Server.CreateObject ("ADODB.RecordSet")
Sql = "SELECT * FROM tbl_authors WHERE code='" & code & "'"
RS.Open Sql,adoCon,2,3
RS("status") = "Active"
RS.Update
RS.Close
%><title><%=ref%></title>
<%
End If
%>
<title><%=pageTitle%> .:. Activate User</title>
<% If isCodeValid = false Then %>
<p align="center">The user code entered was not valid. Please try
again.
</p>
<% ElseIf rs_viewuser("code") = "Active" Then %>
<p align="center"><b><%=str_name%></b>Your account is already active!
<a href="default.asp">Click
here</a> to view your account info.
</p>
<% ElseIf rs_viewuser("code") <> "Disabled" AND str_users_authority <>
"admin" Then %>
<p align="center">Thank you, <%=str_name%>! Your account is now
active. <a href="login.asp">Click
here</a> to log in.
</p>
<% ElseIf rs_viewuser("code") <> "Disabled" AND str_users_authority =
"admin" Then %>
<p align="center">Thank you! <%=str_name%>'s account is now
active. <a href="javascript:history.go(-1)">Click
here</a> to go back.
</p>
<% Else %>
<div align="center">
<center>
<table border="0" cellpadding="0" cellspacing="0"
style="border-collapse: collapse" bordercolor="#111111" width="100%">
<tr>
<td colspan="2">
<p align="center">Your account has been suspended. If you
believe your account should
be active, please <a href="mailto:<%=adminEmail%>">email the
Webmaster</a>.</td>
</tr>
<tr>
<td height="8" colspan="2"></td>
</tr>
<tr>
<td colspan="2">
<p align="center">Reason(s) for suspension:</td>
</tr>
<tr>
<td height="8" colspan="2"></td>
</tr>
<tr>
<td width="25%" height="1"></td>
<td width="75%" height="1">
<ul>
<li><b><%=str_users_suspensionreason%></b></li>
</ul>
</td>
</tr>
</table>
</center>
</div>
<% End If %>
<% End If %>
<% Server.Execute("a_footer.asp") %>
*****This is the page that links to the above page:-*****
<!--#include file="inc_common.asp" -->
<!--#include file="inc_checklogin.asp" -->
<!--#include file="inc_userlist.asp" -->
<% Server.Execute("a_header.asp") %>
<%
If str_users_authority = "user" Then
Response.Redirect("noentry.asp?entryType=noAdmin")
ElseIf str_users_name = "" Then
Response.Redirect("noentry.asp")
Else
%>
<title><%=pageTitle%> .:. <%=str_users_name%> - Viewing User
List</title>
<table border="0" cellpadding="0" cellspacing="0"
style="border-collapse: collapse" bordercolor="#111111" width="100%"
height="14">
<tr>
<td width="100%" height="14">
<img border="0" src="images/user-list.gif"></td>
</tr>
</table>
<br>
<div align="center">
<center>
<table border="0" cellpadding="0" cellspacing="0"
style="border-collapse: collapse" bordercolor="#111111" width="100%">
<tr>
<td width="700">
<!-- Begin inner set of tables -->
<p><b>Active Users</b></p>
<div align="left">
<table border="1" cellpadding="0" cellspacing="1"
style="border-collapse: collapse" bordercolor="<%=tableColor%>"
width="100%">
<tr>
<th width="35%" bgcolor="<%=tableColor%>"
class="sortLink"><a href="userlist.asp?orderType=name&ascDescType=desc"><img
src="images/arrow-down.gif" alt="Sort by Username Descending"
width="10" height="10" border="0"></a>
Username <a
href="userlist.asp?orderType=name&ascDescType=asc"><img
src="images/arrow-up.gif" alt="Sort by Username Ascending" width="10"
height="10" border="0"></a></th>
<th width="20%" bgcolor="<%=tableColor%>"
class="sortLink"> <a
href="userlist.asp?orderType=authority&ascDescType=desc"><img
src="images/arrow-down.gif" alt="Sort by Authority Descending"
width="10" height="10" border="0"></a>
Authority <a
href="userlist.asp?orderType=authority&ascDescType=asc"><img
src="images/arrow-up.gif" alt="Sort by Authority Ascending"
width="10" height="10" border="0"></a></th>
<th width="45%" bgcolor="<%=tableColor%>">Options</th>
</tr>
<%
While not rs_userlist.EOF
If rs_userlist("status") = "Active" Then
%>
<tr>
<td width="35%"><a href="viewprofile.asp<% If
rs_userlist("code") <> str_users_code Then
%>?mode=viewUser&userCode=<%=rs_userlist("code")%><% End If
%>"><%=rs_userlist("name")%></a> </td>
<td width="20%"><% If rs_userlist("authority") = "admin"
Then %>
Administrator <% ElseIf rs_userlist("authority") =
"mod" Then %>
Moderator <% ElseIf rs_userlist("authority") = "user"
Then %>
User <% End If %></td>
<td width="45%"> <p align="center"><a
href="updateprofile.asp<% If rs_userlist("code") <> str_users_code
Then %>?userCode=<%=rs_userlist("code")%><% End If %>">
Edit Profile</a>
<% If rs_userlist("code") <> str_users_code Then %>
| <a
href="deleteuser.asp?userCode=<%=rs_userlist("code")%>"
onclick="return confirm('Are you SURE you want to delete this
user?')">Delete
User</a>
<% End If %>
</td>
</tr>
<%
End If
rs_userlist.MoveNext()
WEnd
%>
</table>
</div>
<p><b>Pending Users</b></p>
<div align="left">
<table border="1" cellpadding="0" cellspacing="1"
style="border-collapse: collapse" bordercolor="<%=tableColor%>"
width="100%">
<tr>
<th width="35%" bgcolor="<%=tableColor%>">Username</th>
<th width="20%" bgcolor="<%=tableColor%>">Authority</th>
<th width="45%" bgcolor="<%=tableColor%>">Options</th>
</tr>
<%
iCount = 0
rs_userlist.MoveFirst()
While not rs_userlist.EOF
If rs_userlist("status") = "Pending" Then
iCount = iCount + 1
%>
<tr>
<td width="35%"><a
href="viewprofile.asp?mode=viewUser&userCode=<%=rs_userlist("code")%>"><%=rs_userlist("name")%></a> </td>
<td width="20%"><% If rs_userlist("authority") = "mod"
Then %>
Moderator <% ElseIf rs_userlist("authority") = "user"
Then %>
User <% End If %></td>
<td width="45%"> <p align="center"><a
href="activate.asp?userCode=<%=rs_userlist("code")%>">
Activate User</a> | <a
href="updateprofile.asp?userCode=<%=rs_userlist("code")%>">Edit
Profile</a> | <a
href="deleteuser.asp?userCode=<%=rs_userlist("code")%>"
onclick="return confirm('Are you SURE you want to delete this
user?')">
Delete User</a></td>
</tr>
<%
End If
rs_userlist.MoveNext()
WEnd
%>
<% If iCount = 0 Then %>
<tr>
<td width="35%">No pending users found</td>
<td width="20%"></td>
<td width="45%"></td>
</tr>
<% End If %>
</table>
</div>
<p><b>Suspended Users</b></p>
<div align="left">
<table border="1" cellpadding="0" cellspacing="1"
style="border-collapse: collapse" bordercolor="<%=tableColor%>"
width="100%">
<tr>
<th width="35%" bgcolor="<%=tableColor%>">Username</th>
<th width="20%" bgcolor="<%=tableColor%>">Authority</th>
<th width="45%" bgcolor="<%=tableColor%>">Options</th>
</tr>
<%
iCount = 0
rs_userlist.MoveFirst()
While not rs_userlist.EOF
If rs_userlist("status") = "Disabled" Then
iCount = iCount + 1
%>
<tr>
<td width="35%"><a
href="viewprofile.asp?mode=viewUser&userCode=<%=rs_userlist("code")%>"><%=rs_userlist("name")%></a> </td>
<td width="20%"><% If rs_userlist("authority") = "mod"
Then %>
Moderator <% ElseIf rs_userlist("authority") = "user"
Then %>
User <% End If %></td>
<td width="45%"> <p align="center"><a
href="updateprofile.asp?userCode=<%=rs_userlist("code")%>">
Edit Profile</a> | <a
href="deleteuser.asp?userCode=<%=rs_userlist("code")%>"
onclick="return confirm('Are you SURE you want to delete this
user?')">
Delete User</a></td>
</tr>
<%
End If
rs_userlist.MoveNext()
WEnd
%>
<% If iCount = 0 Then %>
<tr>
<td width="35%">No suspended users found</td>
<td width="20%"></td>
<td width="45%"></td>
</tr>
<% End If %>
</table>
</div>
<%
'Close adoCon and rs_userlist
rs_userlist.Close
set rs_userlist = Nothing
%>
<td>
</table>
</div>
<!-- End inner set of tables -->
</td>
</tr>
</table>
</center>
</div>
<% Server.Execute("a_footer.asp") %>
<% End If %>
this because I'm in desperate need of help.
I'm working a user management system, and when I activate a user that
has registered to my system, the current admin user logged in gets
logged out.
I can't seem to work out how - I can't even trace back where some of
the variables are coming from (for example, the "ref" part of the
Request.QueryString method).
Could someone please tell me (by email) where my problem is? Thank you
kindly.
This is the page that gets called when an admin user clicks on the
"Activate User" link (and after this page, I've included the page
which links to this page via the "Activate User" link):-
<!--#include file="inc_common.asp" -->
<!--#include file="inc_viewuser.asp" -->
<!--#include file="inc_validatecode.asp" -->
<% Server.Execute("a_header.asp") %>
<%
If Request.QueryString("ref") <> "logout" AND rs_viewuser("status") =
"Pending" AND rs_viewuser("authority") = "user" Then
Response.Redirect("logout.asp?userCode=" &
Request.QueryString("userCode") & "&redir=activate")
%><title>1</title>
<%
Else
code = rs_viewuser("code")
If isCodeValid = True AND Request.QueryString("auth") = "admin" Then
Set RS = Server.CreateObject ("ADODB.RecordSet")
Sql = "SELECT * FROM tbl_authors WHERE code='" & code & "'"
RS.Open Sql,adoCon,2,3
RS("authority") = "admin"
RS.Update
RS.Close
%><title>2</title>
<%
ElseIf isCodeValid = True AND (Request.QueryString("ref") = "logout"
or str_users_authority = "admin") Then
Set RS = Server.CreateObject ("ADODB.RecordSet")
Sql = "SELECT * FROM tbl_authors WHERE code='" & code & "'"
RS.Open Sql,adoCon,2,3
RS("status") = "Active"
RS.Update
RS.Close
%><title><%=ref%></title>
<%
End If
%>
<title><%=pageTitle%> .:. Activate User</title>
<% If isCodeValid = false Then %>
<p align="center">The user code entered was not valid. Please try
again.
</p>
<% ElseIf rs_viewuser("code") = "Active" Then %>
<p align="center"><b><%=str_name%></b>Your account is already active!
<a href="default.asp">Click
here</a> to view your account info.
</p>
<% ElseIf rs_viewuser("code") <> "Disabled" AND str_users_authority <>
"admin" Then %>
<p align="center">Thank you, <%=str_name%>! Your account is now
active. <a href="login.asp">Click
here</a> to log in.
</p>
<% ElseIf rs_viewuser("code") <> "Disabled" AND str_users_authority =
"admin" Then %>
<p align="center">Thank you! <%=str_name%>'s account is now
active. <a href="javascript:history.go(-1)">Click
here</a> to go back.
</p>
<% Else %>
<div align="center">
<center>
<table border="0" cellpadding="0" cellspacing="0"
style="border-collapse: collapse" bordercolor="#111111" width="100%">
<tr>
<td colspan="2">
<p align="center">Your account has been suspended. If you
believe your account should
be active, please <a href="mailto:<%=adminEmail%>">email the
Webmaster</a>.</td>
</tr>
<tr>
<td height="8" colspan="2"></td>
</tr>
<tr>
<td colspan="2">
<p align="center">Reason(s) for suspension:</td>
</tr>
<tr>
<td height="8" colspan="2"></td>
</tr>
<tr>
<td width="25%" height="1"></td>
<td width="75%" height="1">
<ul>
<li><b><%=str_users_suspensionreason%></b></li>
</ul>
</td>
</tr>
</table>
</center>
</div>
<% End If %>
<% End If %>
<% Server.Execute("a_footer.asp") %>
*****This is the page that links to the above page:-*****
<!--#include file="inc_common.asp" -->
<!--#include file="inc_checklogin.asp" -->
<!--#include file="inc_userlist.asp" -->
<% Server.Execute("a_header.asp") %>
<%
If str_users_authority = "user" Then
Response.Redirect("noentry.asp?entryType=noAdmin")
ElseIf str_users_name = "" Then
Response.Redirect("noentry.asp")
Else
%>
<title><%=pageTitle%> .:. <%=str_users_name%> - Viewing User
List</title>
<table border="0" cellpadding="0" cellspacing="0"
style="border-collapse: collapse" bordercolor="#111111" width="100%"
height="14">
<tr>
<td width="100%" height="14">
<img border="0" src="images/user-list.gif"></td>
</tr>
</table>
<br>
<div align="center">
<center>
<table border="0" cellpadding="0" cellspacing="0"
style="border-collapse: collapse" bordercolor="#111111" width="100%">
<tr>
<td width="700">
<!-- Begin inner set of tables -->
<p><b>Active Users</b></p>
<div align="left">
<table border="1" cellpadding="0" cellspacing="1"
style="border-collapse: collapse" bordercolor="<%=tableColor%>"
width="100%">
<tr>
<th width="35%" bgcolor="<%=tableColor%>"
class="sortLink"><a href="userlist.asp?orderType=name&ascDescType=desc"><img
src="images/arrow-down.gif" alt="Sort by Username Descending"
width="10" height="10" border="0"></a>
Username <a
href="userlist.asp?orderType=name&ascDescType=asc"><img
src="images/arrow-up.gif" alt="Sort by Username Ascending" width="10"
height="10" border="0"></a></th>
<th width="20%" bgcolor="<%=tableColor%>"
class="sortLink"> <a
href="userlist.asp?orderType=authority&ascDescType=desc"><img
src="images/arrow-down.gif" alt="Sort by Authority Descending"
width="10" height="10" border="0"></a>
Authority <a
href="userlist.asp?orderType=authority&ascDescType=asc"><img
src="images/arrow-up.gif" alt="Sort by Authority Ascending"
width="10" height="10" border="0"></a></th>
<th width="45%" bgcolor="<%=tableColor%>">Options</th>
</tr>
<%
While not rs_userlist.EOF
If rs_userlist("status") = "Active" Then
%>
<tr>
<td width="35%"><a href="viewprofile.asp<% If
rs_userlist("code") <> str_users_code Then
%>?mode=viewUser&userCode=<%=rs_userlist("code")%><% End If
%>"><%=rs_userlist("name")%></a> </td>
<td width="20%"><% If rs_userlist("authority") = "admin"
Then %>
Administrator <% ElseIf rs_userlist("authority") =
"mod" Then %>
Moderator <% ElseIf rs_userlist("authority") = "user"
Then %>
User <% End If %></td>
<td width="45%"> <p align="center"><a
href="updateprofile.asp<% If rs_userlist("code") <> str_users_code
Then %>?userCode=<%=rs_userlist("code")%><% End If %>">
Edit Profile</a>
<% If rs_userlist("code") <> str_users_code Then %>
| <a
href="deleteuser.asp?userCode=<%=rs_userlist("code")%>"
onclick="return confirm('Are you SURE you want to delete this
user?')">Delete
User</a>
<% End If %>
</td>
</tr>
<%
End If
rs_userlist.MoveNext()
WEnd
%>
</table>
</div>
<p><b>Pending Users</b></p>
<div align="left">
<table border="1" cellpadding="0" cellspacing="1"
style="border-collapse: collapse" bordercolor="<%=tableColor%>"
width="100%">
<tr>
<th width="35%" bgcolor="<%=tableColor%>">Username</th>
<th width="20%" bgcolor="<%=tableColor%>">Authority</th>
<th width="45%" bgcolor="<%=tableColor%>">Options</th>
</tr>
<%
iCount = 0
rs_userlist.MoveFirst()
While not rs_userlist.EOF
If rs_userlist("status") = "Pending" Then
iCount = iCount + 1
%>
<tr>
<td width="35%"><a
href="viewprofile.asp?mode=viewUser&userCode=<%=rs_userlist("code")%>"><%=rs_userlist("name")%></a> </td>
<td width="20%"><% If rs_userlist("authority") = "mod"
Then %>
Moderator <% ElseIf rs_userlist("authority") = "user"
Then %>
User <% End If %></td>
<td width="45%"> <p align="center"><a
href="activate.asp?userCode=<%=rs_userlist("code")%>">
Activate User</a> | <a
href="updateprofile.asp?userCode=<%=rs_userlist("code")%>">Edit
Profile</a> | <a
href="deleteuser.asp?userCode=<%=rs_userlist("code")%>"
onclick="return confirm('Are you SURE you want to delete this
user?')">
Delete User</a></td>
</tr>
<%
End If
rs_userlist.MoveNext()
WEnd
%>
<% If iCount = 0 Then %>
<tr>
<td width="35%">No pending users found</td>
<td width="20%"></td>
<td width="45%"></td>
</tr>
<% End If %>
</table>
</div>
<p><b>Suspended Users</b></p>
<div align="left">
<table border="1" cellpadding="0" cellspacing="1"
style="border-collapse: collapse" bordercolor="<%=tableColor%>"
width="100%">
<tr>
<th width="35%" bgcolor="<%=tableColor%>">Username</th>
<th width="20%" bgcolor="<%=tableColor%>">Authority</th>
<th width="45%" bgcolor="<%=tableColor%>">Options</th>
</tr>
<%
iCount = 0
rs_userlist.MoveFirst()
While not rs_userlist.EOF
If rs_userlist("status") = "Disabled" Then
iCount = iCount + 1
%>
<tr>
<td width="35%"><a
href="viewprofile.asp?mode=viewUser&userCode=<%=rs_userlist("code")%>"><%=rs_userlist("name")%></a> </td>
<td width="20%"><% If rs_userlist("authority") = "mod"
Then %>
Moderator <% ElseIf rs_userlist("authority") = "user"
Then %>
User <% End If %></td>
<td width="45%"> <p align="center"><a
href="updateprofile.asp?userCode=<%=rs_userlist("code")%>">
Edit Profile</a> | <a
href="deleteuser.asp?userCode=<%=rs_userlist("code")%>"
onclick="return confirm('Are you SURE you want to delete this
user?')">
Delete User</a></td>
</tr>
<%
End If
rs_userlist.MoveNext()
WEnd
%>
<% If iCount = 0 Then %>
<tr>
<td width="35%">No suspended users found</td>
<td width="20%"></td>
<td width="45%"></td>
</tr>
<% End If %>
</table>
</div>
<%
'Close adoCon and rs_userlist
rs_userlist.Close
set rs_userlist = Nothing
%>
<td>
</table>
</div>
<!-- End inner set of tables -->
</td>
</tr>
</table>
</center>
</div>
<% Server.Execute("a_footer.asp") %>
<% End If %>