
<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>
<% Option Explicit %>
<!--#include file="common.asp" -->
<%


'Set the response buffer to true as we maybe redirecting

Response.Buffer = True 
'response.write("Successfully Logined")

'Response.Write"Logged In"

Dim rsCheckUser 	'Database Recordset Variable
Dim strUserName 	'Holds the user name
Dim strUserPassword 	'Holds the user password
'Initalise the strUserName variable
strUserName = Request.Form("txtUserName")

'Create recorset object
Set rsCheckUser = Server.CreateObject("ADODB.Recordset")

'Initalise the strSQL variable with an SQL statement to query the database
strSQL = "SELECT tblConfiguration.Password, tblConfiguration.Username "
strSQL = strSQL & "FROM tblConfiguration "
strSQL = strSQL & "WHERE tblConfiguration.Username ='" & strUserName & "'"

'Query the database
rsCheckUser.Open strSQL, strCon

'If the recordset finds a record for the username entered then read in the password for the user
If NOT rsCheckUser.EOF Then
	'Read in the password for the user from the database
	If (Request.Form("txtUserPass")) = rsCheckUser("Password") Then
		
		'If the password is correct then set the session variable to True
		Session("blnIsUserGood") = True
		
		'Close Objects before redirecting
		Set rsCheckUser = Nothing
		Set strCon = Nothing
		Set adoCon = Nothing
		
		'Redirect to the admin menu page
		Response.Redirect"admin_menu.asp"
	End If
End If
		
'Reset server objects
rsCheckUser.Close
Set rsCheckUser = Nothing
Set strCon = Nothing
Set adoCon = Nothing
	
'If the script is still running then the user must not be authorised
Session("blnIsUserGood") = False

'Redirect to the unautorised user page

Response.Redirect"unauthorised_user_page.htm"
%>