<% Dim strEMail, strPassword strEMail = Request("EMail") strPassword = Request("Password") Dim rsUsers set rsUsers = Server.CreateObject("ADODB.Recordset") strSQL = "SELECT * FROM tblUsers WHERE EmailAddress = '" & strEMail & "';" rsUsers.Open strSQL, strConn If rsUsers.EOF Then ' User not found Session("EMailAddress") = Request("EMail") If Request("SecondTry") = "True" then ' User's had two goes Response.Redirect "register.asp?NotFound=True" ' - must register Else ' Username wrong; password wrong Response.Redirect "login.asp?SecondTry=True" ' - allow another go End If Else 'One or more users found - check password While Not rsUsers.EOF If UCase(rsUsers("Password")) = UCase(strPassword) Then ' password matched Dim strName, strValue For Each strField in rsUsers.Fields strName = strField.Name ' populate session variables strValue = strField.value Session(strName) = strValue Next Session("blnValidUser") = True Response.Redirect "UserLog.asp" ' successful login Else rsUsers.MoveNext End If Wend Session("EMailAddress") = Request("EMail") ' if we get this far then... ' ...password doesn't match any of DB entries If Request("SecondTry") = "True" then ' User's had two goes Response.Redirect "register.asp" ' - must reregister Else ' Username right; password wrong Response.Redirect "login.asp?SecondTry=True&WrongPW=True" '- allow another go End If End If %> <% rsUsers.Close Set rsUsers = Nothing Set strConn = Nothing %>