>< % > >Dim de_usrnam, de_paswrd >de_usrnam=ucase(trim(request.form("de_usrnam"))) >de_paswrd=ucase(trim(request.form("de_pwrd"))) > >Dim ag_RS, ag_SQL, wheretogo, de_type >de_type = "AGENT" >Set ag_RS = Server.CreateObject("ADODB.Recordset") > >' Run the select command to verify the password >ag_sql = "SELECT * FROM agpeople WHERE upper(p_code) = '" & de_usrnam & "' AND upper(p_string) ='" & de_paswrd &"' AND p_type ='" & de_type &"'" >Set ag_RS = objConn.Execute(ag_sql) > >If NOT ag_RS.EOF Then >>' Suggested in place of the above...
> > SESSION("USERCODE") = ag_RS("p_code") > SESSION("USERNAME") = ag_RS("p_name") > > ' get the agent name > Dim ag3_SQL, ag3_RS, agentref > agentref = ag_RS("p_mcode") > ag3_SQL = "SELECT ref, name FROM KFSMA WHERE smau6 = 2 AND ref = '" & agentref & "'" > > Set ag3_RS = objConn4.Execute(ag3_SQL) > > If NOT ag3_RS.EOF Then > SESSION("USERWORK") = ag3_RS("name") > Else > SESSION("USERWORK") = "NOT FOUND" > End If > > > ag3_RS.Close > Set ag3_RS = Nothing > > ag_RS.Close > Set ag_RS = Nothing > > objConn.Close > Set objConn = Nothing > > response.redirect ("agent.asp") > >>