<%@ LANGUAGE = "VBScript" %> <% username=valid_sql(request.form("username")) pass=valid_sql(request.form("pass")) 'Now verify the username and password set rs=db.execute("select * from users where username='" & username & "'") if rs.eof then Session("verified")=false Session("username")="" Session("privilages")="" response.redirect("index.asp?msg=" & Server.URLEncode("Error: Unknown User!")) else 'Check password matches if rs("password")=request.form("pass") then 'Valid user Session("verified")=true Session("username")=rs("username") Session("privilages")=rs("privilages") response.redirect("adminmain.asp") else Session("verified")=false Session("username")="" Session("privilages")="" response.redirect("index.asp?msg=" & Server.URLEncode("Error: Wrong password!")) end if end if %>