<% 'Create DB Connection Dim sDB, sConn 'as String Dim conn Dim m_sError sDB = "retina.mdb" 'The Database Name sConn = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath("access_db/" & sDB) Set conn = Server.CreateObject("ADODB.Connection") conn.Open sConn sUserName = request("username") sPassword = request("password") If request("step") = "1" Then Dim sSQL Dim objRS sSQL = "SELECT id ,username, password FROM members WHERE authorized = true" Set objRS= conn.Execute(sSQL) If Not (objRS.BOF AND objRS.EOF) Then Do Until objRS.EOF If lcase(clean(sUserName)) = lcase(objRS("username")) Then If lcase(clean(sPassword)) = lcase(objRS("password")) Then Response.Cookies("retinauser") = objRS("id") Set conn = Nothing Response.Redirect "/indexloggedin.asp" Else m_sError = "Password did not match." End If Else m_sError = "You are not authorized to enter the admin area." End If objRS.MoveNext Loop End If End If sPassword = "" Response.Write doLoginForm() Set conn = Nothing Public Function clean(sString) ' MySQL escape character is \ , quote character is ' .. double up both to be safe If sString <> "" Then clean = replace(replace(replace(sString,"\","\\"),"""","""),"'","'") End Function Function doLoginForm Dim sTemp sTemp = "
" _ & "" If m_sError <> "" Then sTemp = sTemp & "" sTemp = sTemp & "" _ & "" _ & "
" &m_sError & "
username
password
Sign-Up
" _ & "
" doLoginForm = sTemp End Function %>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Webpage designed by istore4u.
Copyright 2005 [ istore4u.com ]. All rights reserved.
Revised: January 18, 2006.