<% response.buffer = true varUsername = trim(Replace(request("username"), "'", "''")) varPassword = trim(Replace(request("password"), "'", "''")) %> <% if varUsername = "" OR varPassword = "" then %> <% else set con = server.createobject("ADODB.Connection") con.open Application("CString") con.CommandTimeout = 1000 SQLCheckUser = "SELECT * FROM users WHERE username = '" & varUsername & "' AND password = '" & varPassword & "'" set rsUser = con.execute(SQLCheckUser) if rsUser.EOF then con.close set con = nothing set rsUser = nothing %> <% response.end else Session("Logged") = rsUser("userid") Session("RealName") = rsUser("RealName") Session("SecurityLevel") = rsUser("userlevel") Session("Admin_Menu") = rsUser("Menu") Session("Admin_Pages") = rsUser("Pages") Session("Admin_Documents") = rsUser("Documents") Session("Admin_Events") = rsUser("Events") Session("Admin_Features") = rsUser("Features") Session("Admin_Gallery") = rsUser("Gallery") Session("Admin_Members") = rsUser("Members") Session("Admin_Vehicles") = rsUser("Vehicles") con.close set con = nothing set rsUser = nothing session("ActiveProject") = -99 response.redirect("frame_main.asp?cache="&now()) end if end if %>