<%@ Language=VBScript %> <% DIM conn,conString,userRS,userSQL,formAction,retUsername //On Error Resume Next Set conn = Server.CreateObject("ADODB.Connection") conn.Open "DRIVER={Microsoft Access Driver (*.mdb)};" & application("conString") formAction = request.QueryString("action") if formAction = 1 then DIM username,password username = request.Form("IDUsername") password = request.Form("IDPassword") userSQL = "SELECT user_id,user_name,user_password,permission_name FROM user,permissions WHERE user_name = '" & username & "' AND user_password = '" & password & "' AND user.permission_id = permissions.permission_id" Set userRS = conn.Execute(userSQL) if NOT userRS.EOF then if StrComp(userRS("user_name"),username) = 0 then Session("SessionUser") = username Session("SessionUserID") = userRS("user_id") Session("SessionPermissions") = userRS("permission_name") response.Redirect "index.asp" end if end if end if %> User Login

Login

<% if formAction = 1 then %> Invalid User name or password. <% end if %>
User name:
Password:
<% if formAction = 1 then conn.close set conn = nothing end if %>