Login

<%

// CONTENT_LENGTH will only be greater than 0
// if we Submitted a Form using the POST Method.
// If this is the case then check the User's Name & Password against the database.
// Else Display the Form for the User to Log In.
if (Request.ServerVariables("CONTENT_LENGTH") > 0) {

/********** SET UP CONNECTION & COMMAND OBJECTS **********/

     var adCmdText = 0x0001;

     var strDSN = "DRIVER={Microsoft Access Driver (*.mdb)};
                             DBQ=" + Server.MapPath("calendar.mdb") + ";"

     var Cm = Server.CreateObject("ADODB.Command");

     Cm.ActiveConnection = strDSN;

     Cm.CommandText = "SELECT * FROM Users WHERE " +
                                       "Name='" + Request("Name") + "' AND " +
                                       "Password='" + Request("Password") + "' "

     Cm.CommandType = adCmdText;

     rs = Cm.Execute();

/********** END OF SET UP CONNECTION & COMMAND OBJECTS **********/

     if (rs.EOF) { // means the Username's Name/Password wasn't found
          rs.Close();
          rs = null;
          conn.Close();
          conn = null;

          Session("Authenticated") = 0; // Person is NOT "Authenticated"
          Response.Redirect("login.asp"); // Make the Log In again.
     }
     else {// Person is "Authenticated"
          rs.Close();
          rs = null;
          conn.Close();
          conn = null;

          Session("Authenticated") = 1; // set the Session variable to 1
          Response.Redirect(Session("sPage")); // redirect the Person back to the original page
    }
}
else {

%>

<HTML>
<HEAD><TITLE>Calendar Administration</TITLE></HEAD>

<BODY>

<FORM ACTION="login.asp" METHOD="POST">
     Name: <INPUT TYPE="text" NAME="Name">
     Password: <INPUT TYPE="password" NAME="Password">
     <INPUT TYPE="SUBMIT" VALUE="Login Now">
</FORM>

</BODY>
</HTML>

<%

}

%>