<% dim tmpUserID,tmpPassword dim dbConn,sqlUsers,rsUsers,Ecode tmpUserID = ltrim(rtrim(Request.Form("txtUserName"))) tmpPassword=ltrim(rtrim(Request.Form("txtPassword"))) set dbConn=Server.CreateObject("ADODB.Connection") dbConn.Open ConnectionString sqlUsers="select * from drawing where username='"&tmpUserID&"'" set rsUsers = dbConn.Execute(sqlUsers) If rsUsers.eof then rsUsers.Close dbConn.close set rsUsers=nothing set dbConn=nothing Session("Message") = "Invalid username. Please, Try again." response.redirect "storeslogin.asp" end if If Trim(rsUsers("password")) = Trim(tmpPassword) then session("storesLoggedIn")="yes" Session("LoggedIn") = "yes" Session("storesUserID") = tmpUserID session("ecode")=rsUsers("off_empcode") session("empname")=rsusers("OFF_NAME") session("incharge")=rsusers("OFF_NAME") session("username")= tmpUserID session("section")=rsusers("SEC_OFF_ID") session("section_cd")=rsusers("SEC_CODE") Session("form_password")=trim(tmpPassword) Session("password")=trim(rsusers("password")) rsUsers.Close dbConn.close set rsUsers=nothing set dbConn=nothing Response.Redirect "storesmainmenu.asp" else rsUsers.Close dbConn.close set rsUsers=nothing set dbConn=nothing Session("Message") = "Invalid password. Please, try again." response.redirect "storeslogin.asp" end if %>