<%Option Explicit%>
	<!--#include file="mConstants.asp"-->
<%
dim username, pass, id

Dim lStrResult, RS, strSQL

username = lcase(Request("user"))
pass = lcase(Request("pass"))

response.write username & pass

Set RS = Server.CreateObject("ADODB.recordset")
strSQL = "Select * from users where userid='" & username & "'"
RS.Open strSQL, Conn, adOpenKeyset, AdLockReadOnly 

if not RS.EoF then
	if pass = lcase(RS("password")) then
		      session.timeout = 60
		      session("Logged")=True
			  session("Name") = RS("firstname") & " " & RS("surname")
			  session("userID") = username
			  session("Role") = RS("Role")
  			  response.redirect "default.asp"			  
	else
		response.redirect "Logon.asp?message=1"
	end if
else 
	response.redirect "Logon.asp?message=1"
end if

set RS=nothing
%>