<% UserNotFound = false UserNotAuthorized = false action = Ucase(left(Request.Form("action"),3)) Select Case action Case "LOG" Set RS = Conn.Execute("SELECT * FROM tblusertable WHERE tblusertable.email = '" & Request("email") & "' AND tblusertable.password = '" & Request("pwd") & "'") if not RS.BOF and not RS.EOF then if RS("role") = "" or IsNull(RS("role")) then UserNotAuthorized = true else Session("uid") = RS("uid") Session("email") = RS("email") Session("lname") = RS("lname") Session("fname") = RS("fname") Session("role") = RS("role") ' Response.Redirect("mainmenu.asp") Response.Redirect("mainmenu.asp") end if Else if Session("userid") <> Request("email") and Not IsEmpty(Request("email"))then ' if RS.BOF or RS.EOF then UserNotFound = true end if end if RS.Close Set RS = Nothing Conn.Close End select %>

		MHC Staff Login Email  Password  forgot password?

<%if UserNotfound then%> <%end if%> <%if UserNotAuthorized then%> <%end if%>