 |
| |
| |
| <%
'Create DB Connection
Dim sDB, sConn 'as String
Dim conn
Dim m_sError
sDB = "retina.mdb" 'The Database Name
sConn = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath("access_db/" & sDB)
Set conn = Server.CreateObject("ADODB.Connection")
conn.Open sConn
sUserName = request("username")
sPassword = request("password")
If request("step") = "1" Then
Dim sSQL
Dim objRS
sSQL = "SELECT id ,username, password FROM members WHERE authorized = true"
Set objRS= conn.Execute(sSQL)
If Not (objRS.BOF AND objRS.EOF) Then
Do Until objRS.EOF
If lcase(clean(sUserName)) = lcase(objRS("username")) Then
If lcase(clean(sPassword)) = lcase(objRS("password")) Then
Response.Cookies("retinauser") = objRS("id")
Set conn = Nothing
Response.Redirect "/indexloggedin.asp"
Else
m_sError = "Password did not match."
End If
Else
m_sError = "You are not authorized to enter the admin area."
End If
objRS.MoveNext
Loop
End If
End If
sPassword = ""
Response.Write doLoginForm()
Set conn = Nothing
Public Function clean(sString)
' MySQL escape character is \ , quote character is ' .. double up both to be safe
If sString <> "" Then clean = replace(replace(replace(sString,"\","\\"),"""","""),"'","'")
End Function
Function doLoginForm
Dim sTemp
sTemp = ""
doLoginForm = sTemp
End Function
%> |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
|
|
