<%
if request.form("func") = "Login" and Request.Form("uname") > "" and Request.Form("pword") > "" then
username = Trim(Request.Form("uname"))
password = Trim(Request.Form("pword"))
'Call the function IllegalChars to check for illegal characters
If IllegalChars(username)=True OR IllegalChars(password)=True Then
response.write "كلمة السر أو اسم المستخدم غير صحيح"
Else
sql = "Select username, password from members WHERE username = '"& username & "' AND password = '"& password & "'"
set rec = Con.execute(sql)
if rec.eof then
response.write "كلمة السر أو اسم المستخدم غير صحيح"
else
Session("member_username") = rec("username")
Session("member_password") = rec("password")
response.redirect "../members/"
end if
end if
End If
Function IllegalChars(sInput)
Dim sBadChars, iCounter
IllegalChars=False
sBadChars=array("select", "drop", ";", "--", "insert", "delete", "xp_", _
"#", "%", "&", "'", "(", ")", "/", "\", ":", ";", "<", ">", "=", "[", "]", "?", "`", "|")
For iCounter = 0 to uBound(sBadChars)
If Instr(sInput,sBadChars(iCounter))>0 Then
IllegalChars=True
End If
Next
End function
%>
