<!-- #include file="conn.asp"-->
<%
adminlogin=Request.Form("username")
adminlogin=replace(adminlogin,"%","")
adminlogin=replace(adminlogin,"+","")
adminlogin=replace(adminlogin,"&","")
adminlogin=replace(adminlogin,"'","")
adminlogin=replace(adminlogin,"?","")
Set rsbbs2 = Server.CreateObject("ADODB.Recordset")
sorbbs2 = "Select * from settings where admin='" & adminlogin & "'"
rsbbs2.Open sorbbs2,Sur,1,3
%>

<%
if rsbbs2.eof then
call yonlen
else
parolam = rsbbs2("password") 
If request.form("password") = parolam Then
Session("admin") = rsbbs2("admin")

Response.Redirect "kose.asp"
Else
response.redirect ("login.asp")
End If
End If
%>
<% sub yonlen
response.redirect "login.asp"
end sub
%>