<%
'First we create a connection object
Set Conn = Server.CreateObject("ADODB.Connection")

'Next, we open the connection object by calling the connection string
'that FrontPage created and stored in the global.asa file when the "store"
'connection was created
Conn.Open Application("store_ConnectionString")

'Then we create a record set object and a SQL statement
Set RS = Conn.Execute ("SELECT * From Customers WHERE username = '" & Request.Form("username") & "' AND password = '" & Request.Form("password") & "'")

'Loop through the database to check for the users information
Do until RS.EOF
Pass = RS("Password")
Name = RS("username")
RS.MoveNext
loop

'Close the recordset and database connection
RS.Close
Conn.Close

'If the password given is not in the database then we don't do anything.
'Otherwise, we create the session objects
IF pass = "" Then
Message = "The Password you entered is either wrong or not found in our database. Please press the BACK button and try again."
Else
Session("Password") = Pass
Session("username") = Name

'Now we will check to see it there is a session object for an original URL.
'This would have been created (as you will see later) if the user first tried
'to visit a protected page. If so, we send them there. If not, we stay here.
IF Session("Ori_URL") = "" Then 'do nothing
Else
Response.redirect(session("Ori_URL"))
End IF
End IF
%>