<% User_Name=request.form("edtUserName") User_Password=request.form("edtPassWord") if User_Name<>"" and User_Password<>"" then User_Password=Md5(User_Password) DbOpen set rs=server.CreateObject("adodb.recordset") sq="select * from sd_user where username='" & User_Name & "' and password='"& User_Password &"' " rs.open sq,conn,1,1 if rs.recordcount=0 then response.Write("") response.End else session("blogusername")=rs("username") session("blogpassword")=rs("password") session.timeout=999 response.Redirect"main.asp" response.End end if rs.close set rs=nothing end if %>