<%@ LANGUAGE = VBScript %> <% 'Ensure that this page is not cached. Response.Expires = 0 Dim userid, password, username userid = Session("user") If (userid = "") Then ' new visitor continue userid=Request.Form("userid") password=Request.Form("password") If (userid="") Then Response.Redirect("login.asp") Else ' verify current member ' Define our connection object dim strConn, cxn, rst dim mdbPath dim strSelect ' initial connection info mdbpath=Server.MapPath("/toronto/mdb/ncuto.mdb") strConn="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & mdbPath strSelect="select * from people where userid = '" & userid & "' and " &_ " pswd = '" & password & "' " ' get connection set cxn = Server.CreateObject("ADODB.Connection") cxn.CommandTimeout = 15 cxn.ConnectionTimeout = 30 cxn.Open strConn ' execute query Set rst = cxn.Execute (strSelect, , adCmdText) If (not rst.EOF) Then username = rst.fields("lname").value + " " + rst.fields("fname").value Else ' illegal user username="0" End if ' release db resource rst.Close cxn.Close Set rst = nothing Set cxn = nothing If (username = "0") Then response.Redirect "loginFailed.asp" Else ' initialeze Session Value. Session("user") = userid Response.Redirect("member.asp") End if End if Else Response.Redirect("member.asp") End if %>