[INDENT]<%
' *** login to site
MM_LAction = Request.ServerVariables("URL")
If Request.QueryString<>"" Then MM_LAction = MM_LAction + "?" + Server.HTMLEncode(Request.QueryString)
MM_valUsername=CStr(Request.Form("MyUsr"))
If MM_valUsername <> "" Then
MM_fldUserAuthorization=""
MM_redirectLoginSuccess="Main.asp"
MM_redirectLoginFailed="loginfailed.asp"
MM_flag="ADODB.Recordset"
set MM_rsUserName = Server.CreateObject(MM_flag)
MM_rsUserName.ActiveConnection = MM_VBPack1Conn_STRING
MM_rsUserName.Source = "SELECT UserUsername, UserPassword"
If MM_fldUserAuthorization <> "" Then MM_rsUserName.Source = MM_rsUserName.Source & "," & MM_fldUserAuthorization
MM_rsUserName.Source = MM_rsUserName.Source & " FROM tblUsers WHERE UserUsername='" & Replace(MM_valUsername,"'","''") &"' AND UserPassword='" & Replace(Request.Form("MyPws"),"'","''") & "'"
MM_rsUserName.CursorType = 0
MM_rsUserName.CursorLocation = 2
MM_rsUserName.LockType = 3
MM_rsUserName.Open
If Not MM_rsUserName.EOF Or Not MM_rsUserName.BOF Then
' username and password match - this is a valid user
Session("MM_Username") = MM_valUsername
If (MM_fldUserAuthorization <> "") Then
Session("MM_UserAuthorization") = CStr(MM_rsUserName.Fields.Item(MM_fldUserAuthorization).Value)
Else
Session("MM_UserAuthorization") = ""
End If
if CStr(Request.QueryString("accessdenied")) <> "" And false Then
MM_redirectLoginSuccess = Request.QueryString("accessdenied")
End If
MM_rsUserName.Close
Response.Redirect(MM_redirectLoginSuccess)
End If
MM_rsUserName.Close
Response.Redirect(MM_redirectLoginFailed)
End If
%>[/INDENT]