<% 'First we create a connection object Set Conn = Server.CreateObject("ADODB.Connection") 'Next, we open the connection object by calling the connection string 'that FrontPage created and stored in the global.asa file when the "store" 'connection was created Conn.Open Application("store_ConnectionString") 'Then we create a record set object and a SQL statement Set RS = Conn.Execute ("SELECT * From Customers WHERE username = '" & Request.Form("username") & "' AND password = '" & Request.Form("password") & "'") 'Loop through the database to check for the users information Do until RS.EOF Pass = RS("Password") Name = RS("username") RS.MoveNext loop 'Close the recordset and database connection RS.Close Conn.Close 'If the password given is not in the database then we don't do anything. 'Otherwise, we create the session objects IF pass = "" Then Message = "The Password you entered is either wrong or not found in our database. Please press the BACK button and try again." Else Session("Password") = Pass Session("username") = Name 'Now we will check to see it there is a session object for an original URL. 'This would have been created (as you will see later) if the user first tried 'to visit a protected page. If so, we send them there. If not, we stay here. IF Session("Ori_URL") = "" Then 'do nothing Else Response.redirect(session("Ori_URL")) End IF End IF %>