<!--#include file='dbconnection.inc'--> 

<% 

'Dimension variables
Dim rsCheckUser   'Holds the recordset for the records in the database
Dim strSQL          'Holds the SQL query to query the database 
Dim strUserName 	'Holds the user name

'Initalise the strUserName variable
strUserName = Request.Form("txtUserName")

'Create an ADO recordset object
Set rsCheckUser = Server.CreateObject("ADODB.Recordset")

'Initialise the strSQL variable with an SQL statement to query the database
strSQL = "SELECT password, ID, username, admin, lastname, aim, email, suspend FROM tblUsers WHERE username ='" & strUserName & "'"

'Open the recordset with the SQL query 
rsCheckUser.Open strSQL, adoCon

'If the recordset finds a record for the username entered then read in the password for the user
If NOT rsCheckUser.EOF Then

	'Read in the password for the user from the database
	If (Request.Form("txtUserPass")) = rsCheckUser("password") Then
	

	     If rsCheckUser("suspend") = 0 Then
		 'Write the HTML to display the current record in the recordset

			Session("userGood") = True
			Session("userID") = rsCheckUser("ID")
			Session("userName") = rsCheckUser("username")
			Session("userAdmin") = rsCheckUser("admin")
		 	Session("lastName") = rsCheckUser ("lastname")
			Session("aIm") = rsCheckUser ("aim")
			Session("Email") = rsCheckUser ("email")
		 Else 
		 Response.Redirect("solosocios.asp?mode=suspend")
		 End If
	 
		
	'Reset server objects
	rsCheckUser.Close
	Set rsCheckUser = Nothing
	Set adoCon = Nothing

	'Redirect to the authorised user page and send the users name
		response.redirect Request.Form("ref")
		response.end


	End If
End If



		

'Reset server objects
rsCheckUser.Close
Set rsCheckUser = Nothing
Set adoCon = Nothing

'If the script is still running then the user must not be authorised
Session("userGood") = False

'Redirect to the unautorised user page
Response.Redirect"entrar.asp?url=2"
%>