%
if request("action")="login" then
tname=request("name")
tpass=request("password")
sql="select * from user2009"
rs.open sql,conn,3,3
loginok=false
findname=false
do while not rs.eof and findname=false
if rs("name")=tname then
if rs("pass")=tpass then
loginok=true
findname=true
end if
end if
rs.movenext
loop
if loginok then
session("username")="admin"
response.redirect "index.asp"
else
response.redirect "index.asp"
end if
rs.close
end if
%>
<%
function kbbs(stru)
if not isnull(stru) then
stru = replace(stru, ">", ">")
stru = replace(stru, "<", "<")
stru = Replace(stru, CHR(32)& chr(32), " ")
stru = Replace(stru, CHR(32), " ")
stru = Replace(stru, CHR(9), " ")
stru = Replace(stru, CHR(34), """)
stru = Replace(stru, CHR(39), "'")
stru = Replace(stru, CHR(13), "
")
stru = Replace(stru, CHR(10), " ")
kbbs = stru
end if
end function
%>