<% Response.Expires=0 Response.Buffer = True bmsUsername = Request.Form("bmsUsername") bmsPassword = Request.Form("bmsPassword") If bmsUsername = "" OR bmsPassword = "" Then %> <% Response.End End If DIM objConn DIM rsLogin DIM strSQL DIM logUserID DIM logUserAdmin DIM logDateIn DIM logTimeIn logDateIn = Request.Form("logDate") logTimeIn = Request.Form("logTime") strSQL = "SELECT sosWebUsers.id_bmsUsers,sosWebUsers.bmsUsername," & _ "sosWebUsers.bmsFirstName,sosWebUsers.bmsSurname,sosWebUsers.bmsActive,sosWebUsers.bmsDelete " & _ "FROM sosWebUsers WHERE bmsUsername = '" & bmsUsername & "' AND bmsPassword = '" & bmsPassword & "' ;" %> <% Set objConn = Server.CreateObject("ADODB.Connection") objConn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath("../users/sosjhb.mdb") Set rsLogin = objConn.Execute(strSQL) If rsLogin.EOF Then %> <% IF rsLogin("bmsDelete") = "true" THEN %> <% If rsLogin("bmsActive") = "false" THEN %> <% Response.End End If End If End If Session("id_bmsUsers") = rsLogin("id_bmsUsers") Session("bmsUsername") = rsLogin("bmsUsername") Session("bmsFirstName") = rsLogin("bmsFirstName") Session("bmsSurname") = rsLogin("bmsSurname") Session("logDate") = logDateIn Session("logTime") = logTimeIn rsLogin.Close Set rsLogin = Nothing objConn.Close Set objConn = Nothing Response.Redirect "../shared/index.asp" %>