"" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request.QueryString) MM_valUsername=CStr(Request.Form("@@frmUsername@@")) If MM_valUsername <> "" Then MM_fldUserAuthorization="@@fldAuthorization@@" MM_redirectLoginSuccess="@@redirectSuccess@@" MM_redirectLoginFailed="@@redirectFailed@@" MM_flag="ADODB.Recordset" set MM_rsUser = Server.CreateObject(MM_flag) MM_rsUser.ActiveConnection = MM_@@connection@@_STRING MM_rsUser.Source = "SELECT @@fldUsername@@, @@fldPassword@@" If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization MM_rsUser.Source = MM_rsUser.Source & " FROM @@table@@ WHERE @@fldUsername@@='" & Replace(MM_valUsername,"'","''") &"' AND @@fldPassword@@='" & Replace(Request.Form("@@frmPassword@@"),"'","''") & "'" MM_rsUser.CursorType = 0 MM_rsUser.CursorLocation = 2 MM_rsUser.LockType = 3 MM_rsUser.Open If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then ' username and password match - this is a valid user Session("@@MM_username@@") = MM_valUsername If (MM_fldUserAuthorization <> "") Then Session("@@MM_userAuthorization@@") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value) Else Session("@@MM_userAuthorization@@") = "" End If if CStr(Request.QueryString("accessdenied")) <> "" And @@redirectToReferrer@@ Then MM_redirectLoginSuccess = Request.QueryString("accessdenied") End If MM_rsUser.Close Response.Redirect(MM_redirectLoginSuccess) End If MM_rsUser.Close Response.Redirect(MM_redirectLoginFailed) End If %> ]]> \s*""\s+And\s+(\w+)\s+Then/]]>