Pannello di Controllo

<%@ Language=VBScript%> <% '-------------------------------------------------------- 'Purpose: Login 'Date: 07 April 2001 'Commenti: '-------------------------------------------------------- Response.Buffer = True Dim strConn, objRs, strsql, strsql2,id1 Dim submitted, login, password, Livello, Login2,Emergenza %> Pannello di Controllo

<% submitted = Request.Querystring("submitted") If submitted then strConn = Application("dbfile") Function FixSQL(stringa) stringa = Replace(stringa, "'", "''") stringa = Replace(stringa, "%", "[%]") stringa = Replace(stringa, "[", "[[]") stringa = Replace(stringa, "]", "[]]") stringa = Replace(stringa, "_", "[_]") stringa = Replace(stringa, "#", "[#]") FixSQL = stringa End function fusername = fixsql(request.form("login")) fpass = fixsql(request.form("password")) strsql = "Select id, login, password FROM tbl_login " strsql = strsql & "WHERE login ='" &fusername& "' AND password = '" &fpass&"'" response.write strsql & "
" set objRs = objConn.Execute(strsql) If objRs.EOF then 'Non e' valido, mandalo indietro response.redirect "pnc.asp" Else 'e' valido, fallo entrare session("login") = True objRs.close Set objRs = Nothing strsql = "Select Livello FROM tbl_login " strsql = strsql & "WHERE login ='" &fusername& "' AND password = '" &fpass&"'" Set objRs = Server.CreateObject("ADODB.Recordset") set objRs = objConn.Execute(strsql) Livello = objRs("Livello") objRs.close Set objRs = Nothing strsql = "Select Permesso FROM tbl_login " strsql = strsql & "WHERE login ='" &fusername& "' AND password = '" &fpass&"'" Set objRs = Server.CreateObject("ADODB.Recordset") set objRs = objConn.Execute(strsql) Permesso = objRs("Permesso") objRs.close Set objRs = Nothing strsql = "Select Codice FROM tbl_login " strsql = strsql & "WHERE login ='" &fusername& "' AND password = '" &fpass&"'" Set objRs = Server.CreateObject("ADODB.Recordset") set objRs = objConn.Execute(strsql) Nome = objRs("Codice") objRs.close Set objRs = Nothing objConn.Close Set objConn = Nothing If (Livello="1") then response.redirect "pnc_int_x.asp?Login="&Nome&"&User="&Permesso&"" else If (Livello="2") then response.redirect "pnc150340.asp?Login="&Nome&"&User="&Permesso&"" else response.redirect "documentazione.asp?Login="&Permesso&"" end if end if end if else 'show the form %>

AUTHENTICATION AREA

<% if session("login") and Submitted then response.redirect "pnc.asp?Login="&Nome&"&User="&Permesso&"&id1="&codice&"" else %><% response.write "

Per favore, inserisci login/password.

"%> <% end if %>

Login:
Password:

<% end if Response.end Response.Clear %>