<% action = request.form("action") if len(Session("memberlogin")) = 0 then Session("memberlogin") = "" if len(action) > 0 and action = "Login" then login = request.form("loginname") password = request.form("loginpassword") set rsLogin = Conn.execute("SELECT * FROM login WHERE (login = '"& login &"') and (password= '" & password & "')") if not rsLogin.eof then Session("memberlogin") = rsLogin("login") Session("memberpasswd") = rsLogin("password") response.redirect "report.asp" else Session("memberlogin") = "" Session("memberpasswd") = "" end if end if end if if len(action) > 0 and action = "Logout" then Session("memberlogin") = "" Session("memberpasswd") = "" Session.abandon end if %>