<% 'Declare variables Dim oConnection, oRecordset, sSQL Dim sUserName, sPassword 'Receive the form values and assign to sUserName and sPassword variables sUsername = Request.Form("txtUsername") sPassword = Request.Form("txtPwd") If sUsername=sAdminUsername AND sPassword=sAdminpassword Then Session("blnValidMember") = True Session("Admin")=True response.redirect "admin/approve.asp" Else 'Create a connection odject and a recordset object Set oConnection = Server.CreateObject("ADODB.Connection") Set oRecordset = Server.CreateObject("ADODB.Recordset") 'Set an active connection to the Connection object oConnection.Open sConnString 'Create a variable called sSQL which holds an SQL statement to query against the database sSQL = "SELECT UserName, MembersPassword FROM tblMembers WHERE Username ='" & sUserName & "'" & _ " AND MembersPassword = '" & sPassword & "'" 'Query the database and return a recordset oRecordset.Open sSQL, oConnection 'If the recordset finds a table row corresponding to the username and password entered - then valid login If NOT oRecordset.EOF Then 'If its a valid login then set the session variable to True Session("blnValidMember") = True 'redirect the user to the members.asp as they have logged in properly Response.Redirect susername + "members.asp" Else 'if not valid username and password then set the session to false Session("blnValidMember") = False 'Redirect to the no_access.asp - not a valid username and password Response.Redirect "no_access.asp" End If 'Close Objects and free up memory oRecordset.Close Set oRecordset = Nothing oConnection.Close Set oConnection=Nothing End If %>