<% If mode = "logout" AND usr_loggedIn Then Session("siteprotectLoggedIn") = False Response.Redirect("login.asp?mode=logout") End If If Request.Form <> "" Then Set RS = Server.CreateObject("ADODB.RecordSet") Sql = "SELECT * FROM tbl_users WHERE username='" & Replace(Request.Form("username"), "'", "") & "'" RS.CursorType = 2 RS.LockType = 3 RS.Open Sql, cString If NOT RS.EOF Then If Decrypt(RS("pass")) = Request.Form("password") Then If NOT sp_instantActivation AND NOT RS("active") AND RS("priv") > 2 Then notActive = True ElseIf sp_accountExpiration > 0 AND DateDiff("d", RS("activated"), Now()) >= sp_accountExpiration AND RS("priv") > 2 Then accountExpired = True Else RS("ip") = Request.ServerVariables("REMOTE_ADDR") Session("siteprotectLoggedIn") = True Response.Cookies("siteprotect")("username") = Encrypt(Request.Form("username")) Response.Cookies("siteprotect")("password") = Encrypt(Request.Form("password")) Response.Cookies("siteprotect")("priv") = RS("priv") Response.Cookies("siteprotect")("rememberMe") = Request.Form("rememberMe") Response.Cookies("siteprotect").Expires = #December 30, 2036# If Request.Form("redir") = "" OR InStr(LCase(Request.Form("redir")), "register") > 0 OR InStr(LCase(Request.Form("redir")), "login") > 0 OR InStr(LCase(Request.Form("redir")), "siteprotect.asp") > 0 Then Response.Redirect("default.asp") Else Response.Redirect(Request.Form("redir")) End If RS.Update End If Else badLogin = True End If Else badLogin = True End If RS.Close Set RS = Nothing End If If Request.Cookies("siteprotect")("rememberMe") = "True" AND Request.Form = "" Then login_username = Decrypt(Request.Cookies("siteprotect")("username")) login_password = Decrypt(Request.Cookies("siteprotect")("password")) login_rememberMe = " checked" Else login_username = Request.Form("username") login_password = "" If Request.Form("rememberMe") = "True" Then login_rememberMe = " checked" End If End If If Request.Form <> "" Then redir = Request.Form("redir") ElseIf Request.QueryString("redir") <> "" Then redir = Request.QueryString("redir") & "?" & Request.QueryString("qs") Else redir = Request.ServerVariables("HTTP_REFERER") End If If mode = "logout" Then redir = "default.asp" End If %> <%=gui(0)%><%=sp_title%> - Login<%=gui(1)%><%=gui(2)%>
Login:
<% If badLogin Then %>

Incorrect username / password

<% ElseIf mode = "logout" Then %>

You were successfully logged out

<% ElseIf mode = "registered" Then %>

Thanks for registering with us!  Please log in below

<% ElseIf NOT usr_loggedIn AND Len(Request.QueryString("redir")) > 0 Then %>

You must log in to access this page

<% ElseIf usr_loggedIn AND Len(Request.QueryString("redir")) > 0 Then %>

You are not authorized to access this page

<% ElseIf notActive Then %>

Your account has not been activated by the administrator yet.  Please contact the administrator for further assistance.

<% ElseIf accountExpired Then %>

Your account has expired.  Please contact the administrator for further assistance.

<% Else %>

Please enter your username and password

<% End If %>
Username:
Password:
>
Forgot your password?
<%=gui(3)%>