<% Option Explicit Dim strError, strSQL, objRS 'see if the form has been submitted If Request.Form("action")="login" Then 'the form has been submitted '// validate the form 'check if a username has been entered If Request.Form("username") = "" Then _ strError = strError & "- Please enter a username
" & vbNewLine 'check if a password has been entered If Request.Form("password") = "" Then _ strError = strError & "- Please enter a password
" & vbNewLine '// check if an error has occured If strError = "" Then 'continue 'include database connection code %> <% '// create the SQL strSQL = "SELECT id,password FROM members WHERE username='" & _ fixQuotes(Request.Form("username")) & "'" '// run the SQL Set objRS = objConn.Execute (strSQL) '// see if there are any records returned If objRS.EOF Then 'no username found strError = "- Invalid username or password
" & vbNewLine Else 'check password If objRS("password")=Request.Form("password") Then 'username/password valid 'save session data Session("loggedin") = True Session("userid") = objRS("id") 'redirect to members area Response.Redirect ("default.asp") Response.End Else 'invalid password strError = "- Invalid username or password
" & vbNewLine End If End If End If If strError <> "" Then 'output the error message 'add extra HTML... strError = "

The following errors occured:" & _ "
" & vbNewLine & strError End If 'display message in URL.. (ie thank you for registering) If Request.QueryString("msg") <> "" And strError = "" Then strError = "

" & Request.QueryString("msg") & "

" End If End If Function fixQuotes(strData) fixQuotes = Replace(strData,"'","''") End Function're-set session data (ie log out)Session("loggedin")="" Session("userid")="" %> Members Area Login

Members Area Login

Please enter your username and password to access the Members Area.

<%=strError%>
Username ">
Password ">