why doesn't my code work?

[nabbs]

hi there

I am trying to create a login page where if the user is a first time user then i wanna make them change their password. if they type in the wrong user name or password i want to alert them that they have entered the wrong details.
If everything is correct, then i want to log them in.

I have a problem with the following code:

Set RS = Server.CreateObject("ADODB.Recordset&quot
sql = "SELECT * FROM stafflogin WHERE username = '"&user&"' AND Password = '"&password&"' AND accessed = 'Yes'"
RS.Open (sql), myconn', adOpenStatic

If not RS.EOF Then
Response.cookies(user).expires = date+1
Response.write "You are logged in as "& user
Else
if rs.eof then
Response.write "you are loggin in for the first time please change your password"
else
response.write "Invalid Login"
end if
End If

Conn.close
Set Conn = Nothing


I would appreciate it if anyone could correct my code or send me some new code.. i have a deadline for tonite!!!

Many thanx.

 

[gsc1ugs]

There u go

<!-- #INCLUDE FILE=&quot;connect.inc&quot; -->
<%

val = CLng(Request.QueryString(&quot;mode&quot)

if val = 1 then
Call validate
else
Call login
end if

Sub Login
%>
<FORM METHOD=POST ACTION='login.asp?mode=1' id=form1 name=form1>

<TABLE BORDER=0>
<TR>
<TD WIDTH=30></TD>
<TD>
<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=4 BGCOLOR=&quot;#FF0137&quot; WIDTH=&quot;300&quot;>
<TR>
<TD ALIGN=&quot;RIGHT&quot; WIDTH=&quot;150&quot;><B><FONT FACE=&quot;Arial&quot; SIZE=2 COLOR=&quot;White&quot;>
Username </B></TD>
<TD>
<INPUT NAME=&quot;UserName&quot; TYPE=&quot;TEXT&quot; SIZE=&quot;25&quot;></TD>
</TR>
<TR>
<TD VALIGN=&quot;CENTER&quot; ALIGN=&quot;RIGHT&quot;><B><FONT FACE=&quot;Arial&quot; SIZE=2 COLOR=&quot;#FFFFFF&quot;>
Password</B></TD>
<TD VALIGN=&quot;CENTER&quot;><FONT FACE=&quot;Arial&quot; SIZE=&quot;2&quot; COLOR=&quot;#FFFFFF&quot;>
<INPUT NAME=&quot;Password&quot; TYPE=&quot;PASSWORD&quot; SIZE=&quot;25&quot;>
</TD>
</TR>
<TR>
<TD></TD>
<TD ALIGN=&quot;LEFT&quot; VALIGN=&quot;CENTER&quot;>
<INPUT TYPE=SUBMIT VALUE=&quot;Login&quot; id=SUBMIT1 name=SUBMIT1>
<INPUT TYPE=RESET VALUE=&quot;Clear&quot; id=RESET1 name=RESET1>
</TD>
</TR>
</TABLE>
</TD>
</TR>
</TABLE>

</FORM>
<%

End Sub

Sub Validate

Command = &quot;SELECT Username, Password FROM tblUsers &quot;
Command = Command & &quot;WHERE username = '&quot; & Request.Form(&quot;UserName&quot & &quot;' AND &quot;
Command = Command & &quot;password = '&quot; & Request.Form(&quot;Password&quot & &quot;';&quot;
Set rs = GobjConnect.Execute(Command)

If rs.BOF And rs.EOF Then
Response.write &quot;Either your username or password are incorrect and login has been denied. Please go back to correct this error.&quot;
Else
REM Create login session
Session(&quot;Logon&quot = TRUE
Session(&quot;Username&quot = Request.Form(&quot;Username&quot
Response.Write &quot;<b> Whoopee </b>&quot;
End if
rs.Close
GobjConnect.Close
Session(&quot;loggedIn&quot = 0

'Set RS = Server.CreateObject(&quot;ADODB.Recordset&quot
'sql = &quot;SELECT * FROM stafflogin WHERE username = '&quot;&user&&quot;' AND Password = '&quot;&password&&quot;' AND accessed = 'Yes'&quot;
'RS.Open (sql), myconn', adOpenStatic

'If not RS.EOF Then
'Response.cookies(user).expires = date+1
'Response.write &quot;You are logged in as &quot;& user
'Else
'if rs.eof then
'Response.write &quot;you are loggin in for the first time please change your password&quot;
'else
'response.write &quot;Invalid Login&quot;
'end if
'End If

'Conn.close
End sub
%> Regards gsc1ugs
&quot;Cant see wood for tree's...!&quot;