<% Response.Buffer = True 'Buffers the content so our Response.Redirect will work Session("BlnAdministrator")=false %> <%=sSiteTitle%> <% 'if form has not been filled in then display it otherwise check the details submitted If Request.Form<>"" Then If Request.form("checkbox") ="1" Then Response.Cookies("UsernameCookie") = Request.Form("txtUsername") Response.Cookies("PasswordCookie") = Request.Form("txtPassword") Response.Cookies("RememberMeCookie") = "1" Response.Cookies("UsernameCookie").expires = Now() + 60 Response.Cookies("PasswordCookie").expires = Now() + 60 Response.Cookies("RememberMeCookie").expires = Now() + 60 Else Response.Cookies("RememberMeCookie") = "" Response.Cookies("UsernameCookie") = "" Response.Cookies("PasswordCookie") = "" End If '=== call checklogin subroutine CheckLoginForm Else '=== call showlogin subroutine ShowLoginForm End If '=== begin subroutine showlogin Sub ShowLoginForm %>
" method="post">
Username : " name="txtUsername" type="text" class="input">
Password : " name="txtPassword" type="password" class="input">
 
Remember me >

<% '=== end showloginform subroutine End Sub '===begin subroutine checkloginform Sub CheckLoginForm Dim txtUsername, txtPassword txtUsername=Request.Form("txtUsername") txtPassword=Request.Form("txtPassword") 'basic guard again SQL injection If InStr(1,txtUsername,"'",1) > 0 and InStr(1,txtPassword,"'",1) > 0 then Response.redirect "Login.asp" Else 'check to see if the form details filled in match 'username' and 'password' in config.asp If txtUsername = sUsername AND txtPassword = sPassword Then 'if the correct login details are filled in then set up a Session Object and redirect 'visitor to admin page Session("BlnAdministrator") = True Response.Redirect "email.asp" Else 'if the correct details are filled in then show the subroutine showloginform again 'and the statement below ShowLoginForm response.write "
" & "Your login failed, please try again" & "
" End If End If End Sub '=== end subroutine checkloginform %>