<%@ Language=VBScript %> <% 'This page is dual mode (so that only 1 file is necessary). Either: '1. When form submitted (btnLogin or btnCancel non-blank) validate the login. ' If Cancel pressed (btnCancel non-blank) pass control back to page given by querystring sUrlIfBad. ' If name or password not found redisplay this page otherwise pass to page given by querystring sUrlIfGood. 'or '2. Display form & obtain user name & password. %> <% Option Explicit %> <% 'inputs dim sBtnCancel : sBtnCancel = Request.QueryString("btnCancel") dim sBtnLogin : sBtnLogin = Request.QueryString("btnLogin") dim sUrlIfBad : sUrlIfBad = Request.QueryString("sUrlIfBad") dim sUrlIfGood : sUrlIfGood = Request.QueryString("sUrlIfGood") dim sUserName : sUserName = Request.QueryString("sUserName") dim sUserPassword : sUserPassword = Request.QueryString("sUserPassword") if sBtnCancel <> "" then Session("lUserId") = "" Session("sUserName") = "" Response.Redirect sUrlIfBad Response.End end if dim sError if sBtnLogin <> "" then dim con : set con = GetCon dim sSql : sSql = "SELECT lUserId" _ & " FROM tblUsers" _ & " WHERE sUserName = '" & sUserName & "'" _ & " AND sUserPassword = '" & sUserPassword & "'" dim rs : Set rs = Server.CreateObject("ADODB.Recordset") rs.open sSql, con, adOpenStatic, adLockReadOnly if rs.EOF then Session("lUserId") = "" Session("sUserName") = "" sError = gsHtmlQueryStatusBError & "Your login name and/or password are invalid, please re-enter." & gsHtmlQueryStatusEError else Session("lUserId") = rs("lUserId") Session("sUserName") = sUserName ' Response.Redirect "../test/ShowAll.asp" Response.Redirect sUrlIfGood end if end if %> <% if sError = "" then Response.Write "Please enter your user name and password before access to the given WEB page will be granted." else Response.Write sError end if %>

method=get>

User name:	>
Password: