%
action=Request("action")
if action = "logout" then
Session("user_id")=""
Session("fullname")=""
Response.Redirect Request.ServerVariables("HTTP_REFERER")
end if
If action="" AND session("user_id") = "" AND NOT Request("inpSubmit")="Login" then
displayLoginForm Request.ServerVariables("HTTP_REFERER"),""
End If
If action="" AND NOT session("user_id")="" then
If Not Session("site")=nSite Then 'CHECK FOR DIFFERENT SITE
displayLoginForm Request.ServerVariables("HTTP_REFERER"),""
Else
displayLogout()
End If
End If
if action = "login" then
sEmail = Request("inpEmail")
sPassword = Request("inpPassword")
sTarget = Request("inpTarget")
set adoCn = createobject("ADODB.Connection")
adoCn.Open strConn
set adoRs = Server.CreateObject("ADODB.Recordset")
adoRs.Open "SELECT * FROM users where email='"& sEmail &"'", adoCn, 1
If adoRs.recordcount = 0 then
adoRs.close
adoCn.close
set adoRs=nothing
set adoCn=nothing
displayLoginForm sTarget,"Wrong Email!"
response.end
end if
if adoRs("password") = sPassword then
Session.Timeout=60
Session("user_id") = adoRs("user_id")
Session("fullname") = adoRs("fullname")
Session("site") = nSite
adoRs.close
adoCn.close
set adoRs=nothing
set adoCn=nothing
if Not sTarget="" then
Response.Redirect Replace(sTarget,"%5F","_")
else
displayLogout()
end if
else
adoRs.close
adoCn.close
set adoRs=nothing
set adoCn=nothing
displayLoginForm sTarget, "Wrong Password!"
response.end
end if
end if
sub displayLoginForm(sTarget,sMsg)
%>
<%
}
end sub
sub displayLogout()
%>
<%
end sub
%>