<%@ Language=VBScript %>
<!--#include file="include/dbcommon.asp"-->
<%if request.form("a")="logout" or request.querystring("a")="logout" then
	session.Abandon()
	Response.Cookies("username")=""
	Response.Cookies("password")=""
	Response.Redirect "login.asp"
	response.end
end if%>
<!--#include file="libs/smarty.asp"-->
<%

dbConnection = ""
db_connect()
DoEvent "BeforeProcessLogin dbConnection"

myurl=SESSION("MyURL")
SESSION("MyURL")=""

defaulturl=""
		defaulturl="menu.asp"





strMessage=""

pUsername=postvalue("username")
pPassword=postvalue("password")

if request.form("btnSubmit") <> "Login" then
	if request.Cookies("username")<>"" or request.Cookies("password")<>"" then smarty.Add "checked"," checked"
end if

if request.form("btnSubmit") = "Login" then
	if request.form("remember_password") = 1 then
		Response.Cookies("username") = pUsername
		Response.Cookies("username").Expires = DateAdd("yyyy", 1, Now())
		Response.Cookies("password") = pPassword
		Response.Cookies("password").Expires = DateAdd("yyyy", 1, Now())
		smarty.Add "checked"," checked"
	else
		Response.Cookies("username") = ""
		Response.Cookies("password") = ""
		smarty.Add "checked",""
	end if
'   	 username and password are stored in the database
   	Set rs = server.CreateObject("ADODB.Recordset")

	
	strUsername = pUsername
	strPassword = pPassword
		
	Set rsTemp = server.CreateObject("ADODB.Recordset")
	rsTemp.Open "select * from [uid] where 1=0",dbConnection,1,2

	if FieldNeedQuotes(rsTemp,cUserNameField) then 
		strUsername="'" & db_addslashes(strUsername) & "'"
	else
		strUsername=my_numeric(strUsername)
	end if
	if FieldNeedQuotes(rsTemp,cPasswordField) then 
		strPassword="'" & db_addslashes(strPassword) & "'"
	else
		strPassword=my_numeric(strPassword)
	end if
	rsTemp.close
		
	strSQL = "select * from [uid] where " & AddFieldWrappers(cUserNameField) & _
		"=" & strUsername & " and " & AddFieldWrappers(cPasswordField) & 	"=" & strPassword
	RetVal = True
	DoEvent "RetVal = BeforeLogin(pUsername, pPassword)"
	if RetVal = False then strSQL="select * from [uid] where 1<0"

	rs.Open strSQL,dbConnection, 1, 2
	'Call ReportError
 	if not rs.EOF then
		strPassword = pPassword
		   		if CStr(rs(cUserNameField))=pUsername and CStr(rs(cPasswordField))=strPassword then
			SESSION("UserID") = pUsername
   			SESSION("AccessLevel") = ACCESS_LEVEL_USER

				SESSION("GroupID") = ""

		

	
			DoEvent "AfterSuccessfulLogin pUsername,pPassword"
			if myurl<>"" then
				response.Redirect myurl
			else
				response.Redirect defaulturl
			end if
			response.End
		else
			DoEvent "AfterUnsuccessfulLogin pUsername,pPassword"
			strMessage = "Invalid Login"
		end if
		rs.MoveNext
	else
		DoEvent "AfterUnsuccessfulLogin pUsername,pPassword"
		strMessage = "Invalid Login"
	end if
	rs.close
end if

SESSION("MyURL")=myurl
if myurl<>"" then
	smarty.Add "url",myurl
else
	smarty.Add "url",defaulturl
end if
if request.form("username")<>"" or request.querystring("username")<>"" then
	smarty.Add "value_username","value=""" & my_htmlspecialchars(pUsername) & """"
else
	smarty.Add "value_username","value=""" & my_htmlspecialchars(request.Cookies("username")) & """"
end if


if request.form("password")<>"" then
	smarty.Add "value_password","value=""" & my_htmlspecialchars(pPassword) & """"
else
	smarty.Add "value_password","value=""" & my_htmlspecialchars(request.Cookies("password")) & """"
end if

if request.querystring("message")="expired" then strMessage = "Your session has expired. Please login again."


smarty.Add "message",strMessage

templatefile = "login.htm"
DoEvent "BeforeShowLogin smarty,templatefile"
smarty_display(templatefile)

%>