<%@ language=VBScript %> <% ' /////////////////////////////////////////////////////// ' // Dimac CMS ' // Copyright 2004-2008 Dimac Development AB, Sweden ' // www.Dimac.net ' // ' // NOTE: ' // You are not allowed to remove this ' // Copyright information without written ' // permission from Dimac Development. ' /////////////////////////////////////////////////////// Dim vKey vKey = GetSettingValue("EncryptKey", "..\..\SiteResources\Data\") tUserName = Trim(Request.Form("Username")) tPassword = Trim(Request.Form("Password")) tPassword = Encrypt(tPassword ,vKey) Session("lang") = Request.Form("selLang") Set Conn = Server.CreateObject("ADODB.Connection") Set Rs = Server.CreateObject("ADODB.Recordset") Conn.Open GetConStr ("..\..\SiteResources\Data\") ' --------------------------------------------------------- ' // Check if name & password is valid ' --------------------------------------------------------- SQL = "SELECT * From Users " SQL = SQL & "WHERE LoginName = '" & tUserName & "' " SQL = SQL & "AND LoginPassword = '" & tPassword & "'" If (tUserName = "'or''='") OR (tPassword = "'or''='") THEN Session("ValidUser") = "FALSE"' Response.Redirect("invalid.asp") End If set Rs = Conn.Execute(SQL) IF RS.eof THEN Session("ValidUser") = "FALSE"' Response.Redirect("invalid.asp") End if Session("ValidUser") = "TRUE" Session("InAdmin") = "TRUE" Session("ValidAdminUser") = "TRUE" Session("User_ID") = Trim(RS("UserID").value) Session("User_Name") = Trim(RS("FirstName").value) & " " & Trim(RS("LastName").value) Session("User_Type") = Trim(RS("UserType").value) Session("User_Group") = Trim(RS("UserGroup").value) Session("User_isPublisher") = Trim(RS("isPublisher").value) 'Added by aamk 4/12/08 Session("Member_Level") = 5 ' --------------------------------------------------------- ' // Load user document rights ' --------------------------------------------------------- SQL = "SELECT * From UserGroups " SQL = SQL & "WHERE ID = " & RS("UserGroup").value set Rs = Conn.Execute(SQL) IF RS.eof THEN Response.Write("Error in Usergroup check.") Response.End End if Session("User_Read") = RS("vRead").value Session("User_Create") = RS("vCreate").value Session("User_Edit") = RS("vEdit").value Session("User_Delete") = RS("vDelete").value Session("DocID") = 0 ' --------------------------------------------------------- response.redirect("../Default.asp") %>