<% Response.Expires=0 Response.Buffer = True username = Request.Form("bmsUsername") password = Request.Form("bmsPassword") If username = "" OR password = "" Then %> <% Response.End End If strQ = "SELECT id_bmsUsers,bmsUsername,bmsFirstName,bmsSurname FROM bmsWebUsers " & _ "WHERE bmsUsername = '" & username & "' AND bmsPassword = '" & password & "' " & _ "AND bmsAdmin = 'true';" Dim objConn Set objConn = Server.CreateObject("ADODB.Connection") objConn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath("../../users/btlsa.mdb") %> <% Set rsLogin = objConn.Execute(strQ) If rsLogin.EOF Then %> <% Response.End End If Session("id_user") = rsLogin("id_bmsUsers") Session("username") = rsLogin("bmsUsername") Session("firstName") = rsLogin("bmsFirstName") Session("surname") = rsLogin("bmsSurname") objConn.close Set objConn = Nothing IF Session("currentPage") = "" THEN Response.Redirect "../index.asp" ELSE Response.Redirect(Session("currentPage")) END IF %>