<% If Trim(Request.Form ("login_id")) = "" Then Response.Write "" Response.End End If If Trim(Request.Form ("password")) = "" Then Response.Write "" Response.End End If login_id = LCase(Trim(Request.Form ("login_id"))) Password = LCase(Trim(Request.Form ("password"))) query = "select * from T_staff where login_id='" & login_id & "';" set oRs = oConn.execute(query) If Not oRs.EOF Then 'login_id Found If oRs("password") = password Then 'Password match If oRs("Valid") = "Y" Then 'check admin right 'Response.Write "Successful Login" & "

" Session("login_id") = oRs("login_id") 'Session("SC_Staff_Type") = oRs("Staff_Type") Session("Staff_Name") = oRs("staff_name") oRs.close set oRs = nothing 'Response.Redirect ("https://www.icc.com.hk/mc6hotel/private/modules/main_page/index.asp") Response.Redirect ("index.asp") Else Response.Write "" %><% End If Else 'Password didn't match %> <% End If ELSE 'login_id Not in Database %> <% 'Response.Write "login_id Not Found" End If 'oRs.close 'set oRs = nothing %>