<% uname=Request.Form("un") pass=Request.Form("pw") Response.Write un Session("UserName")=uname Response.Write Session("UserName") dim strCon set Connect=Server.CreateObject("ADODB.connection") strcon = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" _ & Server.MapPath("database/users.mdb") _ & ";User ID=;" Connect.ConnectionString = strCon if Connect.State=1 then Connect.Close Connect.open set rst = Server.CreateObject("ADODB.Recordset") SQL ="SELECT * FROM user1 where uname='" & Session("UserName") & "' and pass='" & pass & "'" if rst.State=1 then rst.Close rst.Open SQL, Connect, 3, 1, 1 if rst.EOF then Response.Redirect "default.asp?Login=false" else if rst("right")=2 then response.redirect "viewall.asp" elseif rst("right")=1 then Response.Redirect "admin.asp" else Response.Redirect "user.asp" end if end if if Connect.State=1 then connect.Close if Connect.State=1 then set connect=nothing if rst.State=1 then rst.Close if rst.State=1 then set rst=nothing %>