<%@ Language=JScript %> <% var username = prepSQL(Request.Form("username")); var pwd = prepSQL(Request.Form("pwd")); var destination = String(Request.QueryString("dest")); //Check if the username and password is correct var rs = Server.CreateObject("adodb.recordset"); var sql = "SELECT id FROM [user] WHERE username = '" + username + "' AND pwd = '" + pwd + "'"; rs.Open(sql, connStr); if (!(rs.EOF || rs.BOF)) { Session("userid") = String(rs("id")) Session("username") = String(rs("username")); Response.Cookies.Expires = "01-01-2010"; Response.Cookies("username") = username; Response.Redirect(destination); } else { if (destination.indexOf("?") > -1) destination += "&"; else destination += "?"; Response.Redirect(destination + "error=login"); } %>