Hello,

I'm trying to apply a "Restrict access to page" behavior to a page, based on username, password and access level.
I have multiple levels who are authorized to the page.
In my login page I have set the appropiate setting to check on the user's level field in the database.
I've done this before with one level check, and that works fine, but now with the multiple check, there's no check on the level at all.

Any ideas, help would be welcome !

Thanks,

Wim

Code :

<%
' *** Restrict Access To Page: Grant or deny access to this page
MM_authorizedUsers="1,2,13,14,15,16,17"
MM_authFailedURL="upload_login.asp"
MM_grantAccess=false
If Session("MM_Username" <> "" Then
If (true Or CStr(Session("MM_UserAuthorization")="" Or _
(InStr(1,MM_authorizedUsers,Session("MM_UserAuthorization")>=1) Then
MM_grantAccess = true
End If
End If
If Not MM_grantAccess Then
MM_qsChar = "?"
If (InStr(1,MM_authFailedURL,"?" >= 1) Then MM_qsChar = "&"
MM_referrer = Request.ServerVariables("URL"
if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?" & Request.QueryString()
MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" & Server.URLEncode(MM_referrer)
Response.Redirect(MM_authFailedURL)
End If
%>

Wim Conix
www.image-belle.com

Problem solved.

Handcoded IF...THEN restriction and works fine now.

Thanks for reading anyway,

Wim

Wim Conix
www.image-belle.com