<% Function fixquotes(theString) fixquotes=Replace(theString,"'","''") End Function set rs = Server.CreateObject("ADODB.Recordset") login = trim(fixquotes((request.form("uid")))) pwd = trim(fixquotes((request.form("pwd")))) if login = "" Then response.redirect "index.asp?Msg=" & Server.URLEncode("Enter Login") if pwd = "" then response.redirect "index.asp?Msg=" & Server.URLEncode("Enter Password") pasword = pwd logdate = date() & " " & time() con.BeginTrans selRight = "select a.loginId, a.login, a.pasword, a.linkNm, a.rights, a.userType, b.userId, b.userFnm, b.userLnm from admin a, users b where a.recordId = b.userId and a.login = '" & login &"' and a.pasword = '" & pasword & "' and a.tableNm = 'users'" rs.open selRight, con, 3,3 if not rs.eof then Session("loginId") = rs("loginId") Session("userId") = rs("userId") Session("login") = rs("login") Session("userType") = rs("userType") Session("linkNm") = rs("linkNm") Session("rights") = rs("rights") Session("userName") = rs("userFnm") & " " & rs("userFnm") Session.Timeout = 200 activity = "Login - " & Session("userName") ActivityLog Session("loginId"), Session("userId"), "Loged", "Y", "admin", "loginId", Session("loginId"), activity, logdate, logdate else Session("loginId") = "" Session("userId") = "" Session("login") = "" Session("userType") = "" Session("linkNm") = "" Session("rights") = "" Session("userName") = "" EMsg = "Invalid Login" end if rs.close con.CommitTrans set rs=nothing con.close set con = nothing if Trim(EMsg) <> "" Then Response.Redirect "index.asp?Msg=" & Server.URLEncode(EMsg) else Response.Redirect "userV.asp?id=" & Server.URLEncode(Session("userId")) ' Response.Redirect "index.asp?id=" & Server.URLEncode(Session("userId")) end if %>