Here is yet another login script.

This one lets you have different types of users.
Example:
AuthID = admin, staff or user
Authstatus = active, inactive

First off on the login page. The username and password fields must be entered or the page doens't do anything when you hit submit.

Example Accounts:

Username Password AuthID AuthStatus
admin admin admin active
staff staff staff active
user user user active
baduser baduser user inactive


To protect a page use the following

Admin Protect pages.

<!--include file="admincheck.asp"-->

---- admincheck.asp -------

<% if Session("AuthID") <> "admin" or Session("userid") = "" then Response.Redirect "default.asp" %>

----- end of admincheck.asp----------


Staff and admin protected pages:

<!--#include file="staffcheck.asp"-->

-------staffcheck.asp-------

<% if Session("AuthID") = "user" or Session("userid") = "" then Response.Redirect "default.asp" %>

---------end of staffcheck.asp-----

Do not allow a user that hasn't logged in access to your pages.

<!--#include file="usercheck.asp"-->

-----------usercheck.asp-----------

<% if Session("AuthID") = "" or Session("userid") = "" then Response.Redirect "default.asp" %>

--------end of userhceck.asp-----------

Depending on the AuthID the user will be redirect to the one of the following:

Admin - adminwelcome.asp
Staff - staffwelcome.asp
user - userwelcome.asp

baduser - Your account has been suspended. Please contact administrator to resolve this issue.

Now that I explaine the structure. Here is the code itself.

-------------- default.asp-----------

<html>
<head><title>Process Home Page</title></head>
<body>
<h3>Process</h3>
<p>
your code here.......
<!--#include file="login.asp"-->
</body>
</html>

--------------- default.asp ------------


---------- login.asp ---------

<html>
<head>
<title>Login Administrator Page</title>
<SCRIPT ID=clientEventHandlersJS LANGUAGE=javascript>
<!--

function form1_onsubmit() {
if (form1.username.value == "" || form1.password.value == "")
return false;
}

//-->
</SCRIPT>
</head>
<body>
<form action="process.asp" method=post id=form1 name=form1 LANGUAGE=javascript onsubmit="return form1_onsubmit()">
Username: <input type="text" name="username" size="25" maxlength="25"><br>
Password: <input type="password" name="password" size="25" maxlength="25"><br>
<input type="submit" name="Login" value="Login"> <input type="reset" value="Reset">
</form>

</body>
</html>

---------end of login.asp -------------

connection to db
--------- inc_dbstring.asp---------
<%
Dim strConnect
strConnect = "Driver={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.Mappath("login.mdb")
%>

----------- end of inc_dbstring.asp-------

process the login from user
------------- process.asp -------------

<!--#include file="inc_dbstring.asp"-->
<%

Dim conn,rs,strsql
set conn = server.CreateObject("ADODB.Connection")
set rs = server.CreateObject("ADODB.Recordset")
conn.Open strConnect
'use the replace statement to ensure that sql query can not be interjected in to your query string. example: Username x password: x' or 'x=x
strsql = "Select * From tblusers where username = '" & (replace(Request.Form("username"), "'", "''") & "' and Password = '" & (replace(Request.Form("password"), "'", "''") & "'"
set rs = conn.Execute (strsql)

if rs.eof or rs.bof then

Response.write "Username or Password incorrect."
else

if (rs("authstatus")) = "inactive" then
response.write "Your account has been suspended. <br> Please contact "
response.write "administrator to resolve this issue."

else

session("authid") = rs("authid")
session("authcode") = rs("authstatus")
session("userid") = rs("userid")

dim page
page = session("authid") + "welcome.asp"

response.redirect page

end if
end if

%>

----------- end of process.asp ---------------


---------- adminwelcome.asp -------------

<!--#include file="admincheck.asp"-->
<html>
<head><title>Administration Page</title></head>
<body>
Welcome to the <b><font color="blue">Administration</font></b> Page.
<p>
</body>
</html>

------------end fo adminwelcome.asp ------------

-----------staffwelcome.asp -----------
<!--#include file="staffcheck.asp"-->
<html>
<head><title>User Page</title></head>
<body>
Welcome to the <b><font color="blue">Staff</font></b> Page.
<p>
</body>
</html>

----------end of staffwelcome.asp ----------

----------usercheck.asp ----------

<!--#include file="usercheck.asp"-->
<html>
<head><title>User Page</title></head>
<body>
Welcome to the <b><font color="blue">User</font></b> Page.
<p>
</body>
</html>

-----------end of usercheck.asp-------------

I do have to give credit to Programmers Resource for this example code:

<% if Session("AuthID") <> "admin" or Session("userid") = "" then Response.Redirect "default.asp" %>

I believe I first found that code on this site a long time ago.
I have change it some from how I found it but the orginal code was from the Snippets or Articles section.

I hope you find this code useful.

See the demo

Download from here