<% DIM U,P U=trim(Request.Form("txtUSER")) P=trim(Request.Form("txtPWD")) Session("USER")=U if len(u)=0 or len(p)=0 then Session("eMSG")="user&password is null!" Response.Redirect "../DISCUSS/DISCUSS.ASP" else dim sqlSTR Session("cnSTR")="DRIVER={Microsoft Access Driver (*.mdb)};DBQ=" & SERVER.mappath("DISCUSS.MDB") Set Session("CN")=Server.CreateObject("ADODB.Connection") Session("CN").open Session("cnSTR") sqlSTR="Select * from RegUSER Where USER_ID='" & U & "'" Set RS=server.CreateObject("Adodb.Recordset") RS.Open sqlSTR , session("CN"),1 ' if RS.RecordCount =0 then Session("CN").EXECUTE "INSERT INTO RegUSER Values('" & U & "','" & P & "','Y')" Response.Redirect "../DISCUSS/DISCUSS_MAIN.HTM" else RS.MoveFirst if trim(RS("Password"))=P then Response.Redirect "../DISCUSS/DISCUSS_MAIN.HTM" else Session("eMSG")="the password not the same!" Response.Redirect "../DISCUSS/DISCUSS.ASP" end if end if end if %>