<% dim tmpUserID,tmpPassword dim dbConn,sqlUsers,rsUsers,Ecode tmpUserID = ltrim(rtrim(Request.Form("txtUserName"))) tmpPassword=ltrim(rtrim(Request.Form("txtPassword"))) set dbConn=Server.CreateObject("ADODB.Connection") dbConn.Open ConnectionString sqlUsers="select * from storesusers where User_Name='"&tmpUserID&"'" set rsUsers = dbConn.Execute(sqlUsers) If rsUsers.eof then rsUsers.Close dbConn.close set rsUsers=nothing set dbConn=nothing Session("Message") = "Invalid username. Please, Try again." response.redirect "adminlogin.asp" end if If Trim(rsUsers("User_Pass")) = Trim(tmpPassword) then Session("sadminLoggedIn") = "yes" Session("storesUserID") = tmpUserID session("deal_hand")=rsusers("deal_hand") session("permission")=rsusers("Permissions") Session("form_password")=trim(tmpPassword) Session("password")=trim(rsusers("User_Pass")) rsUsers.Close dbConn.close set rsUsers=nothing set dbConn=nothing if session("permission")="S" then Response.Redirect "supervisormenu.asp" else Response.Redirect "adminmenu.asp" end if else rsUsers.Close dbConn.close set rsUsers=nothing set dbConn=nothing Session("Message") = "Invalid password. Please, try again." response.redirect "adminlogin.asp" end if %>