<% dim conn dim strconn If Session("ID") <> "my_session" then strconn = "DRIVER=Microsoft Access Driver (*.mdb);DBQ=" & _ Server.MapPath("_private/db/users.mdb") 'change the path as necessary set conn = server.createobject("adodb.connection") conn.open strconn 'Replace single quotes in username/password with two single quotes 'to protect from SQL Injection Attack username = Replace(Request.Form("username"), "'", "''") password = Replace(Request.Form("password"), "'", "''") SQL = "SELECT * FROM my_users WHERE username = '" & username & "'" & _ "AND password ='" & password & "';" set oRs = conn.Execute(SQL) If oRs.EOF then Response.Redirect("login.htm") Else session("ID") = "my_session" 'any word you'd like End If Set conn = Nothing Set oRs = Nothing End if %> Members

We're sorry. Your user ID and password have not been validated. Only members of AFT have access to these services. Please login.

Member Login
User Name:
Password: