<%
Username="user"
Password="pass"
' if any of the variables do not match, create error message
if Request.Form("login") <> Username or Request.Form("password") <> Password then
    MsgErr = "<h3>Authorization Failed.</h3>"
    Response.Write MsgErr
    ' if correct, set the session variable and proceed
Else
    Session("someStringValue") = true
    ' redirect
    If Len(Request("requester")) > 0 Then
        Response.Redirect (Request("requester"))
    Else
        Response.Redirect "protected.asp"
    End if
End if
%>
<html>
<head>
    <title>Results -- Login</title>
    <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
    <meta name="GENERATOR" content="Microsoft FrontPage 6.0">
    <meta name="ProgId" content="FrontPage.Editor.Document">
</head>

<body bgcolor="#FFFFFF">
    <FORM ACTION="login.asp" METHOD="post">
    <h3>Login</h3>
        <TABLE BORDER=0> 
            <TR>
                <TD ALIGN="right">User name:</TD>
                <TD><INPUT TYPE="text" NAME="login" size="10" VALUE=''/></TD>
            </TR>
            <TR>
                <TD ALIGN="right">Password:</TD>
                <TD><INPUT TYPE="password" NAME="password" size="10" VALUE=''/></TD>
            </TR>
            <TR>
                <TD><input TYPE="hidden" NAME="requester" VALUE="<%=Server.HtmlEncode(Request("requester"))%>"></TD>
                <TD></TD>
            </TR>
            <TR>
                <TD align="left"><INPUT TYPE="submit" VALUE="Login"/></TD>
                <TD></TD>
            </TR>
        </TABLE>
    </FORM>
</body>
</html>