<% Dim strUsername, strPassword strUsername = Request.Form("username") strPassword = Request.Form("password") If Session("Auth") = "OK" Then Response.Redirect("/secure/main.asp") Else Session("Auth") = "Retry" Dim objConn, objRS, strSQL set objConn=Server.CreateObject("ADODB.Connection") objConn.ConnectionString="PROVIDER=Microsoft.Jet.OLEDB.4.0;DATA SOURCE=" & server.mappath("/data/msy.mdb") & ";" objConn.Open set objRS=Server.CreateObject("ADODB.Recordset") strSQL="SELECT * FROM Roster where email = """ & strUsername & """" objRS.Open strSQL, objConn, 3, 3 If objRS.EOF Then objRS.Close Response.Redirect("/secure/login.asp") Else If objRS("password") = strPassword Then Session("Auth") = "OK" objRS.Close Response.Redirect("/secure/main.asp") Else objRS.Close Response.Redirect("/secure/login.asp") End If End If End If %>