<!-- #include file="admin.asp" -->
<%
	dim username,password
	if request("username") = "" and request("password") = "" then
		response.redirect "index.asp"
	else
		username = request("username")
		password = request("password")
		set rs = Server.CreateObject("ADODB.Recordset") 
		sql = "select * from admin where id = '"&username&"' and password = '"&password&"'"
		rs.open sql,conn,1,3 
		if rs.eof then
			session("login") = "no"
		else  
			session("login") = "yes"
			session("id") = rs("id")
		end if
		response.redirect "index.asp"
	end if
%>

	<% rs.close %>
	<% conn.close %>
	<% set rs = nothing %>
	<% set conn = nothing %>