<!-- #include file="db.inc" -->
<% ' logowanie do witryny
Session("status") = 0
Session("admin") = 0

Dim user,pass
user = Trim(LCase(Request.Form("user")))
pass = Trim(LCase(Request.Form("pass")))

' autoryzacja
Dim sql

'czy administrator ?
if user="admin" then
	' odczytanie hasla z bazy
	sql="select pass from admin"
	set rs=dbc.Execute(sql)

	if Trim(LCase(rs("pass")))=pass then
		Session("status") = 1
		Session("admin") = 1
		response.redirect("witam.asp?idk=0")
	else
		Session("status") = 0
		response.redirect("login.asp?login=no")
	end if
else
	sql="select id,login,pass from user where login = '" & user & "'"
	set rs=dbc.Execute(sql)

	if not rs.eof then
		if Trim(LCase(rs("pass")))=pass then
			Session("status") = 1
			response.redirect("witam.asp?idk=" & rs("id"))
		else
			Session("status") = 0
			response.redirect("login.asp?login=no")
		end if
	else
		Session("status") = 0
		Session("admin") = 0
		response.redirect("login.asp?login=no")
	end if

end if
%>