Thread: Authentication GURU...or vb guru Needed URGENTLY PLEASE

i have created a login form with username password
which checks my sql7 database for the user password then checks to see the rights of the user and if the user has user rights it puts them to my next user area form Apprasal.asp if no it sends them to an unsuccessfull.htm form

my question is this...i want my user to be taken to the apprasaisal page with the user personal details on it but it only shoes the first record in the database ad not teh users record
and when i use the
request.form("Password")on the appraisal page i cannot get that password value off the form.....and im using the form tag with
post method ???

can anyone tell me whats going on...im really stuck on this and its holding me up to complete my project that i have been doing for 4 months now.

here is my login form script

<%@LANGUAGE="VBSCRIPT"%>
<!--#include file="../../Connections/Conn_wasp.asp" -->
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Request.QueryString
MM_valUsername=CStr(Request.Form("Username"))
If MM_valUsername <> "" Then
MM_fldUserAuthorization="Rights"
MM_redirectLoginSuccess="../Users/Appraisal.asp"
MM_redirectLoginFailed="../messages/Failure.asp"
MM_flag="ADODB.Recordset"
set MM_rsUser = Server.CreateObject(MM_flag)
MM_rsUser.ActiveConnection = MM_Conn_wasp_STRING
MM_rsUser.Source = "SELECT FirstName, Password"
If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization
MM_rsUser.Source = MM_rsUser.Source & " FROM dbo.Users WHERE FirstName='" & MM_valUsername &"' AND Password='" & CStr(Request.Form("Password")) & "'"
MM_rsUser.CursorType = 0
MM_rsUser.CursorLocation = 2
MM_rsUser.LockType = 3
MM_rsUser.Open
If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
' username and password match - this is a valid user
Session("MM_Username") = MM_valUsername
If (MM_fldUserAuthorization <> "") Then
Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
Else
Session("MM_UserAuthorization") = ""
End If
if CStr(Request.QueryString("accessdenied")) <> "" And false Then
MM_redirectLoginSuccess = Request.QueryString("accessdenied")
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginSuccess)
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginFailed)
End If
%>


and here is my Appraisal form script to get the value of the passowrd for the query to take the user to his record when he is logged in


<%
set Recordset1 = Server.CreateObject("ADODB.Recordset")
Recordset1.ActiveConnection = MM_Conn_wasp_STRING
Recordset1.Source = "SELECT * FROM dbo.Users WHERE Password LIKE '%" + Replace(Recordset1__VarPassword, "'", "''") + "%'"
Recordset1.CursorType = 0
Recordset1.CursorLocation = 2
Recordset1.LockType = 3
Recordset1.Open()
Recordset1_numRows = 0
%>