<% Response.Buffer = "True"%>
<!--#include FILE="config.asp"-->
<%
	dim objCnn
	dim objRstUser
	dim varUserId, varUserPassword
	dim varQueryString
	dim strQueryLogin

	varUserId = Request.Form("txtUserId")
	varUserPassword = Request.Form("txtUserPassword")

	call openDatabaseConnection(objCnn)
	call associateRecordset(objCnn,objRstUser)

	strQueryLogin = "SELECT * FROM tblmAdmin " _
					  & "WHERE UserId='" & varUserId & "' AND Password='" & varUserPassword & "'"
	objRstUser.Open(strQueryLogin)
	
	If objRstUser.Recordcount = 0 then
		call closeRecordset(objRstUser)
		call closeDatabaseConnection(objCnn)
		Session("error") = "Invalid ID or password. Please try again."
		Response.Redirect("adminlogin.asp")
	Else		
		Session("AdminId") = objRstUser("UserId")
		Session("AdminName") = objRstUser("Name")
		call closeRecordset(objRstUser)
		call closeDatabaseConnection(objCnn)
		Response.Redirect("admincp.asp")
	End if
%>