<% Function zEncryptPassword(Password,KeyToUse) '# dead simple. i'll probably improve the encryption later Dim zstrEncryptedPassword,zintLetterCode,zintKeyCode zstrEncryptedPassword = "" For counter = 1 To Len(Password) zintLetterCode = Asc(Mid(Password,counter,1)) zintKeyCode = CInt(Mid(KeyToUse,counter,1)) zstrEncryptedPassword = zstrEncryptedPassword & Chr(zintLetterCode + zintKeyCode) Next zEncryptPassword = zstrEncryptedPassword End Function Sub validateLogin() z1_Username = Server.HTMLEncode(z1_Username) Dim zstrSQLLogin zstrSQLLogin = "SELECT * FROM userInfo WHERE userInfo.Username LIKE '" & z1_Username & "' AND userInfo.Password LIKE '" & zstrPassword & "'" zobjRSLogin.Open zstrSQLLogin, zobjConn, adOpenForwardOnly, adLockReadOnly, adCmdText If zobjRSLogin.EOF Then zblnValidUser = False End If If zblnValidUser Then Response.Cookies("KAOS_NEWS")("password") = zEncryptPassword(zstrPassword,zobjRSLogin("EncCode")) Response.Cookies("KAOS_NEWS")("userid") = zobjRSLogin("UserID") Response.Cookies("KAOS_NEWS")("username") = z1_Username Response.Cookies("KAOS_NEWS")("accesslevel") = zobjRSLogin("AccessLevel") Response.Cookies("KAOS_NEWS").Expires = Date + 60 'cookie lasts 60 days 'Response.Cookies("KAOS_NEWS").Path = "/kaos" End If zstrPassword = "" 'remove password so it isnt used later zobjRSLogin.Close Set zobjRSLogin = Nothing End Sub If Request.QueryString("logout") = "yes" Then Response.Cookies("KAOS_NEWS").Expires = Date - 1000 zblnValidUser = True Else Dim z1_Username,zstrPassword z1_Username = Trim(Request.Form("authusername")) zstrPassword = Trim(Request.Form("authpassword")) Dim zblnValidUser,zobjRSLogin zblnValidUser = True Set zobjRSLogin = Server.CreateObject("ADODB.Recordset") Call validateLogin() End If zobjConn.Close Set zobjConn = Nothing If Not zblnValidUser Then Response.Redirect "ui_index.asp?msg=the username/password you submitted are incorrect." Else Response.Redirect "ui_index.asp" End If %>