<%
Response.Expires = -1000 'Makes the browser not cache this page
Response.Buffer = True 'Buffers the content so our Response.Redirect will work

Dim Error_Msg

login = Request.Form("login")
If login = "login_again" Then
    Session("UserLoggedIn") = ""
    ShowLogin
Else
    If Session("UserLoggedIn") = "true" Then
        AlreadyLoggedIn
    Else 
        If login = "true" Then
            CheckLogin
        Else
            ShowLogin
        End If
    End If
End If

Sub ShowLogin 
Response.Write(Error_Msg & "<br>")

%>
<html>

<head>
<title>Windsor Distribution User Login </title>
</head>

<body>

<form name="form1" action="login_copy(1).asp" method="post">
  <input type="hidden" name="login" value="true"><p><big><font color="#0000FF"><strong>Windsor
  Distribution Delivery Database:</strong></font></big></p>
  <p><strong><big>User Name:</big>&nbsp; <input type="text" name="username" size="20"><br>
  <big>Password :&nbsp;&nbsp;</big> <input type="password" name="userpwd" size="20"></strong><br>
  <input type="submit" value="Login"> </p>
</form>
<% 
End Sub

Sub AlreadyLoggedIn
%>

<p>You are already logged in. Do you want to logout or login as a different user? </p>

<form name="form2" action="login_copy(1).asp" method="post">
  <input type="hidden" name="login" value="login_again"><p><input type="submit"
  name="button1" value="Yes"> </p>
</form>
<%
End Sub

Sub CheckLogin
Dim Conn, cStr, sql, RS, username, userpwd
username = Request.Form("username")
userpwd = Request.Form("userpwd")
Set Conn = Server.CreateObject("ADODB.Connection")
cStr = "DRIVER={Microsoft Access Driver (*.mdb)};"
cStr = cStr & "DBQ=" & Server.MapPath("search\users.mdb") & ";"
Conn.Open(cStr)
sql = "select username from USER where USERNAME = '" & LCase(username) & "'"
sql = sql & " and PASSWORD = '" & LCase(userpwd) & "'"
sql = sql & " and PACKFURN = 1"
sql = sql & " and ACCLEVEL = 1"
Set RS = Conn.Execute(sql)
If RS.BOF And RS.EOF Then
Else
    Session("UserLoggedIn") = "true"
    Response.Redirect "packsearchpro.asp"
End If
sql = "select username from USER where USERNAME = '" & LCase(username) & "'"
sql = sql & " and PASSWORD = '" & LCase(userpwd) & "'"
sql = sql & " and PACKFURN = 1"
sql = sql & " and ACCLEVEL = 0"
Set RS = Conn.Execute(sql)
If RS.BOF And RS.EOF Then
Else
    Session("UserLoggedIn") = "true"
    Response.Redirect "packsearch.asp"
End If
sql = "select username from USER where USERNAME = '" & LCase(username) & "'"
sql = sql & " and PASSWORD = '" & LCase(userpwd) & "'"
sql = sql & " and SCREENNUM = 5"
Set RS = Conn.Execute(sql)
If RS.BOF And RS.EOF Then
Else
    Session("UserLoggedIn") = "true"
    Response.Redirect "packsearch5.asp"
End If
sql = "select username from USER where USERNAME = '" & LCase(username) & "'"
sql = sql & " and PASSWORD = '" & LCase(userpwd) & "'"
sql = sql & " and PACKFURN = 0"
sql = sql & " and ACCLEVEL = 0"
Set RS = Conn.Execute(sql)
If RS.BOF And RS.EOF Then
    Error_Msg = "Login Failed. Try Again."
    ShowLogin
Else
    Session("UserLoggedIn") = "true"
    Response.Redirect "apptsearch.asp"
End If
sql = "select username from USER where USERNAME = '" & LCase(username) & "'"
sql = sql & " and PASSWORD = '" & LCase(userpwd) & "'"
sql = sql & " and PACKFURN = 0"
sql = sql & " and ACCLEVEL = 1"
Set RS = Conn.Execute(sql)
If RS.BOF And RS.EOF Then
Else
    Session("UserLoggedIn") = "true"
    Response.Redirect "apptsearchpro.asp"
End If
sql = "select username from USER where USERNAME = '" & LCase(username) & "'"
sql = sql & " and PASSWORD = '" & LCase(userpwd) & "'"
sql = sql & " and SCREENNUM = 6"
Set RS = Conn.Execute(sql)
If RS.BOF And RS.EOF Then
Else
    Session("UserLoggedIn") = "true"
    Response.Redirect "apptsearch6.asp"
End If

End Sub
%>
</body>
</html>