<!-- #include virtual="/includes/functions.asp" -->
<%
session.timeout = 60
	username = fixsql(request.form("username"))
	validate username, ""
	
	password = fixsql(request.form("password"))
	validate password, ""
	
	set objDB = OpenDatabase(true)
	
	SQL = "SELECT * FROM Adminusers WHERE username='" & username & "' AND password='" & password & "'"
	set rsUser = CreateRecordSet(objDB, SQL)
	
	if NOT rsUser.eof then
		session("Admin") = rsUser("ID")
		redirect = "../home.asp"
	else
		redirect = "../index.asp?fail=true"
	end if
	
	rsUser.close
	set rsUser = nothing
	objDB.close
	set objDB = nothing
	
	response.redirect(redirect)
%>