<%@ Language=VBScript %> <% Dim strMessage, strUsername, strPassword, strChecked On Error Resume Next Session("UserID")="Guest" Session("AccessLevel")=ACCESS_LEVEL_GUEST If Request("btnSubmit") = "Login" Then If Request("remember_password") = "1" Then Response.Cookies("username") = Request("username") Response.Cookies("username").Expires = DateAdd("y", 1, Now()) Response.Cookies("password") = Request("password") Response.Cookies("password").Expires = DateAdd("y", 1, Now()) strChecked = " checked" Else Response.Cookies("username") = "" Response.Cookies("password") = "" strChecked = "" End If if cLoginMethod = LOGIN_HARDCODED then ' username and password are hardcoded If StrComp(cPassword, Request("password"), vbBinaryCompare) = 0 _ and StrComp(cUserName, Request("username"), vbBinaryCompare) = 0 Then Session("UserID") = Request("username") Session("AccessLevel")=ACCESS_LEVEL_USER Response.Redirect Replace("Catalogo1900-2004-aggiornato_list.asp", "%20", " ") Else strMessage = "Invalid Login" Session.Abandon End If else ' username and password are stored in the database Set rs = server.CreateObject ("ADODB.Recordset") set dbConnection = server.CreateObject ("ADODB.Connection") dbConnection.ConnectionString = strConnection dbConnection.Open Call ReportError strSQL = "select * from " & cLoginTable & " where " & AddWrappers(cUserNameField) & _ "='" & Replace(Trim(Request("username")),"'","''") & "' and " & AddWrappers(cPasswordField) & _ "='" & Replace(Trim(Request("password")),"'","''") & "'" rs.open strSQL, dbConnection Call ReportError If Not rs.EOF Then Session("UserID") = Request("username") Session("AccessLevel") = ACCESS_LEVEL_USER if Request("username")=cAdminUserID then _ Session("AccessLevel") = ACCESS_LEVEL_ADMIN Response.Redirect Replace("Catalogo1900-2004-aggiornato_list.asp", "%20", " ") Else strMessage = "Invalid Login" Session.Abandon End If end if Else strChecked = " checked" End If If Request("username") <> "" Then strUsername = Request("username") Else strUsername = Request.Cookies("username") End If If Request("password") <> "" Then strPassword = Request("password") Else strPassword = Request.Cookies("password") End If %> Login
 
 
Login
 
Username:
Password:
 ">
Remember Password:
 >
<%=strMessage%>