| ||
|
|
| |
| ||
| ||
| Inside Technique : Adding Site Registration : User Management The amount of site management needed is dependent upon your site's purpose and goals. For this demonstration we create a very simple site management page, userlist.asp, that allows you to select and edit any user. Since this page gives you complete access to all users, it should be appropriately secured on any production system.
<%@ Language=VBScript %>
<% option explicit %>
<HTML>
<HEAD>
<!-- #include virtual="/inc/utility.asp" -->
</HEAD>
<BODY>
<%
Dim oRS, oCmd, oConn
Const ACTIONSAVE = "Save..."
set oConn = GetConnection()
Response.Write(OutputHeader() & "<H2>User Manager</H2>")
if Request.Form("action")=ACTIONSAVE then
' Update user
Set oCmd = GetStoredProcedure(oConn,"sp_SaveUser")
oCmd.Parameters.append oCmd.CreateParameter("u_id", adInteger, adParamInput,10,Request.QueryString("u_id"))
oCmd.Parameters.append oCmd.CreateParameter("u_name", adVarChar, adParamInput,50,Request.Form("u_name"))
oCmd.Parameters.append oCmd.CreateParameter("u_password", adVarChar, adParamInput,50,Request.Form("u_password"))
oCmd.Parameters.append oCmd.CreateParameter("u_firstname", adVarChar, adParamInput,50,Request.Form("u_firstname"))
oCmd.Parameters.append oCmd.CreateParameter("u_lastname", adVarChar, adParamInput,50,Request.Form("u_lastname"))
oCmd.Parameters.append oCmd.CreateParameter("u_email", adVarChar, adParamInput,50,Request.Form("u_email"))
oCmd.execute()
end if
if Request.QueryString("u_id")<>"" then
' Get user information
Set oCmd = GetStoredProcedure(oConn,"sp_GetUser")
oCmd.Parameters.append oCmd.CreateParameter("u_name", adInteger, adParamInput,10,Request.QueryString("u_id"))
set oRS = oCmd.execute()
Response.Write("<A HREF=""userlist.asp"">User List</A>")
if oRS.eof then
' Bad user id
Response.Write("User not found")
else
Response.Write(BuildForm("edituser","post"))
Response.Write(BuildInput("hidden","u_id",Request.QueryString("u_id"),"",""))
Response.Write("<TABLE>")
Response.Write("<TR><TD>User Name</TD>")
Response.Write("<TD>" & BuildInput("text","u_name",escapeString(oRS.fields("u_name")),20,50) & "</TD></TR>")
Response.Write("<TR><TD>Password</TD>")
Response.Write("<TD>" & BuildInput("text","u_password",oRS.fields("u_password"),12,12) & "</TD></TR>")
Response.Write("<TR><TD>First Name</TD>")
Response.Write("<TD>" & BuildInput("text","u_firstname",escapeString(oRS.fields("u_firstname")),20,50) & "</TD></TR>")
Response.Write("<TR><TD>Last Name</TD>")
Response.Write("<TD>" & BuildInput("text","u_lastname",escapeString(oRS.fields("u_lastname")),20,50) & "</TD></TR>")
Response.Write("<TR><TD>Email Name</TD>")
Response.Write("<TD>" & BuildInput("text","u_email",escapeString(oRS.fields("u_email")),20,50) & "</TD></TR>")
Response.Write("<TR><TD COLSPAN=2>"
Response.Write(BuildInput("submit","action",ACTIONSAVE,"","") & "</TD></TR>")
Response.Write("</TABLE>")
end if
else
' Output all users.
Set oRS = GetTable(oConn,"t_user")
Response.Write("<UL>")
while not oRS.eof
Response.Write("<LI><A HREF=""?u_id=" & oRS.fields("u_id") & """>" & oRS.fields("u_name"))
oRS.movenext
wend
Response.Write("</UL>")
end if
%>
</BODY>
</HTML>
This page is interesting in that it provides three pieces of functionality. In its default form (userlist.asp) it displays a list of all the site's users. When called with a user id (userlist.asp?u_id=23) it returns a form for editing the user. If called with a user id plus the appropriate form submission, the user's data will be updated and the form will be redisplayed. All of this is handled by the large if-then blocks:
if Request.Form("action")=ACTIONSAVE then
' Save user information
end if
if Request.QueryString("u_id")<>"" then
' Output form
else
' Output list of users
end if
Next we wrap up our introduction to adding site membership and explain how to download and install the demonstration. Page 1:Adding Site Registration © 1997-2000 InsideDHTML.com, LLC. All rights reserved. |