<% Dim strEMail, strPassword strAdminUsername = Request("AdminUsername") strAdminPassword = Request("AdminPassword") Dim rsAdmin set rsAdmin = Server.CreateObject("ADODB.Recordset") strSQL = "SELECT * FROM tblAdmin WHERE cAdminUsername = '" & strAdminUsername & "';" rsAdmin.Open strSQL, strConn If rsAdmin.EOF Then ' User not found Session("AdminUsername") = Request("AdminUsername") If Request("SecondTry") = "True" then ' User's had two goes Response.Redirect "../main.asp?NotFound=True" ' - must register Else ' Username wrong; password wrong Response.Redirect "AdminLogin.asp?SecondTry=True" ' - allow another go End If Else 'One or more users found - check password While Not rsAdmin.EOF If UCase(rsAdmin("cAdminPassword")) = UCase(strAdminPassword) Then ' password matched Dim strName, strValue For Each strField in rsAdmin.Fields strName = strField.Name ' populate session variables strValue = strField.value Session(strName) = strValue Next Session("blnValidUser") = True Response.Redirect "AdminCom.asp" ' successful login Else rsAdmin.MoveNext End If Wend Session("AdminUsername") = Request("AdminUsername") ' if we get this far then... ' ...password doesn't match any of DB entries If Request("SecondTry") = "True" then ' User's had two goes Response.Redirect "AdminLogin.asp" ' - must reregister Else ' Username right; password wrong Response.Redirect "AdminLogin.asp?SecondTry=True&WrongPW=True" '- allow another go End If End If %> <% rsUsers.Close Set rsAdmin = Nothing Set strConn = Nothing %>