<%
EPusername = Request.Form("EPusername")
EPpassword = Request.Form("EPpassword")
Dim Conn
Dim Rs
Dim dbPath
dbPath = Server.MapPath("Expro.mdb")
Set Conn = Server.CreateObject("ADODB.Connection")
Conn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & dbPath
if EPusername <> "" and EPpassword <> "" then
if EPusername = "manager" and EPpassword = "dbmanager" then response.redirect("dbmanage.asp")
sql="SELECT count(*) as EP from Members WHERE EPusername = '"+EPusername+"' and EPpassword = '"+EPpassword+"'"
set Rs = Conn.Execute (sql)
Rs.MoveFirst
if Rs("EP") > 0 then
session("Userlogged") = "YES"
sql="SELECT * from Members WHERE EPusername = '"+EPusername+"' and EPpassword = '"+EPpassword+"'"
set Rs = Conn.Execute (sql)
Rs.MoveFirst
session("MemberID") = Rs("MemberID")
else
session("Userlogged") = "NO"
end if
Rs.close
end if
%>
