<%if request.Form("sub")="sub" then
username=trim(request.form("username"))
username=replace(username,"'","")
password=trim(request.form("password"))
password=replace(password,"'","")
password=md5(password)
if username="" or password="" then
response.Redirect("login.asp")
else
set rs=server.CreateObject("adodb.recordset")
sql="select * from y_admin where y_username='"&username&"'and y_password='"&password&"'"
rs.open sql,conn,1,1
if not rs.eof then
session("yd631")="yd631"
response.Redirect("list.asp")
else
response.Redirect("login.asp")
end if
end if
response.End()
end if
%>
|