<% dim tmpUserID,tmpPassword dim dbConn,sqlUsers,rsUsers,Ecode tmpUserID = ltrim(rtrim(Request.Form("txtUserName"))) tmpPassword=ltrim(rtrim(Request.Form("txtPassword"))) set dbConn=Server.CreateObject("ADODB.Connection") dbConn.Open ConnectionString sqlUsers="select a.off_empcode as oempcode,a.*,b.*,b.bldg,b.dgcode, c.off_empcode,c.OFF_NAME,c.SEC_OFF_ID,c.SEC_CODE from cicusers a,dopt b,drawing c where a.username='"&tmpUserID&"' and a.off_empcode=b.EMP_CODE and b.section=c.SEC_CODE" set rsUsers = dbConn.Execute(sqlUsers) If rsUsers.eof then rsUsers.Close dbConn.close set rsUsers=nothing set dbConn=nothing Session("Message") = "Invalid username. / You are not entitled to use OSR ! Please, Try again./contact Administrator" response.redirect "storeslogin.asp" end if If Trim(rsUsers("password")) = Trim(tmpPassword) then session("storesLoggedIn")="yes" Session("LoggedIn") = "yes" Session("storesUserID") = tmpUserID session("ecode")=rsUsers("oempcode") session("empname")=rsusers("name") session("incharge")=rsusers("OFF_NAME") session("username")= tmpUserID session("section")=rsusers("SEC_OFF_ID") session("section_cd")=rsusers("SEC_CODE") Session("form_password")=trim(tmpPassword) Session("password")=trim(rsusers("password")) rsUsers.Close dbConn.close set rsUsers=nothing set dbConn=nothing Response.Redirect "storesmainmenu.asp" else rsUsers.Close dbConn.close set rsUsers=nothing set dbConn=nothing Session("Message") = "Invalid password. Please, try again." response.redirect "storeslogin.asp" end if %>