<% Response.Expires=0 Response.Buffer = True username = Request.Form("bmsUsername") password = Request.Form("bmsPassword") If username = "" OR password = "" Then %> <% Response.End End If strQ = "SELECT id_bmsUsers,bmsUsername,bmsFirstName,bmsSurname FROM bmsWebUsers " & _ "WHERE bmsUsername = '" & username & "' AND bmsPassword = '" & password & "' " & _ "AND bmsAdmin = 'true';" %> <% Set rsLogin = objConn.Execute(strQ) If rsLogin.EOF Then %> <% Response.End End If Session("id_user") = rsLogin("id_bmsUsers") Session("username") = rsLogin("bmsUsername") Session("firstName") = rsLogin("bmsFirstName") Session("surname") = rsLogin("bmsSurname") objConn.close Set objConn = Nothing Response.Redirect "adminFS.asp" %>