<% session.timeout = 60 email = fixsql(request.form("email")) validate email, "" password = fixsql(request.form("password")) validate password, "" set objDB = OpenDatabase(true) SQL = "SELECT * FROM Users WHERE email='" & email & "' AND Approved = 1 AND Active = 1" set rsUser = CreateRecordSet(objDB, SQL) if NOT rsUser.eof then Set ObjMail = Server.CreateObject("CDO.Message") objMail.to = rsUser("Email") objMail.from = "website@prominentxtranet.com" objMail.subject = "Prominent Xtranet Password" objMail.textbody = "Your password for prominentxtranet.com is:" & vbcrlf & vbcrlf & rsUser("Password") objMail.send set objMail = nothing redirect = "../forgotpassword-final.asp" else redirect = "../forgotpassword.asp?fail=true" end if rsUser.close set rsUser = nothing objDB.close set objDB = nothing response.redirect(redirect) %>