<%
if session("staffName") = "" then
'get login info
strLogin = request.form("login")
strPassword = request.form("password")
'see if this works
Set rsCheck = Server.CreateObject("ADODB.Recordset")
rsCheck.Open "Select count(*) as xCount From staff Where staffLogin = '" & strLogin & "' and staffPassword = '" & strPassword & "'", dbConnect
if rsCheck("xCount") = 0 then
response.redirect "login.php"
else
Set rsSession = Server.CreateObject("ADODB.Recordset")
rsSession.Open "Select * From staff Where staffLogin = '" & strLogin & "' and staffPassword = '" & strPassword & "'", dbConnect
session("staffName") = rsSession("staffFirst") & " " & rsSession("staffLast")
end if
end if
%>
Lolly Ella - Admin