<!-- #include virtual="/includes/functions.asp" -->
<%
	email = fixsql(request.form("email"))
	validate email, ""
	
	password = fixsql(request.form("password"))
	validate password, ""
	
	set objDB = OpenDatabase(false)
	
	SQL = "SELECT * FROM Users WHERE email='" & email & "' AND password='" & password & "' AND Approved = 1 AND Active = 1"
	set rsUser = CreateRecordSet(objDB, SQL)
	
	if NOT rsUser.eof then
		session("userID") = rsUser("ID")
		session("distributorID") = rsUser("DistributorID")
		session("name") = rsUser("FirstName")
		session("usertype") = rsUser("UserType")
		
		if session("UserType") = "E" then
			session.timeout = 300
			session("regionID") = rsUser("RegionID")
			session("primaryuser") = rsUser("PrimaryContact")
		else
			session.timeout = 300
			session("primaryuser") = rsUser("PrimaryContact")
		end if		
		
		SQL = "Select Top 1 TimeStamp from Userlogins where UserID = '" & rsUser("ID") & "' order by TimeStamp desc"
		set rsLastLogin = CreateRecordset(objDB, SQL)
		if rsLastLogin.recordcount > 0 then
			session("lastlogin") = rsLastLogin("TimeStamp")
		else
			session("lastlogin") = date
		end if
		rsLastLogin.close
		set rsLastLogin = nothing
		
		SQL = "Insert into UserLogins (UserID) VALUES ('" & rsUser("ID") & "')"
		UpdateDB objDB, SQL
		
		redirect = "../index.asp"
	else
		redirect = "../login.asp?fail=true"
	end if
	
	rsUser.close
	set rsUser = nothing
	objDB.close
	set objDB = nothing
	
	response.redirect(redirect)
%>