<%@LANGUAGE="VBSCRIPT" %>
<!--#include file="dbconn.asp" --> 
<!--#include file="mail.asp" -->
<%
queryaction = request.form("hidqueryaction")
if queryaction = "checklogin" then
usernm = request.Form("txtUser")
userpwd = request.Form("txtPassword")
dim rs 			
set rs = server.CreateObject("ADODB.Recordset")
sqlstr = "select * from tblUser where UserName = '" & usernm & "' and Password ='"& userpwd & "' "
rs.Open  sqlstr,db
if rs.EOF then
	response.Redirect("login_user.asp?errmsg=2")
else
	'rs.movefirst	
	session("USERID")= rs("UserId")
	session("USERNAME")= usernm
	sqlstr = "UPDATE tblUser SET Online = '1' where UserId = " & session("USERID")
	db.execute sqlstr
	response.Redirect("active_topics.asp")
end if

end if
%>
<%
if  (queryaction = "verify")  then	
	usernm = request.Form("txtUser")
	dim rs11 			
	set rs11 = server.CreateObject("ADODB.Recordset")
	sqlstr11 = "select * from tblUser where UserName = '" & usernm & "' and Role = 'U'" 
	rs11.Open  sqlstr11,db
	
	if rs11.EOF then
		response.Redirect("forgot_password.asp?errmsg=4")
	else		
		call mailForPassword(usernm)	
	end if
	response.Redirect("login_user.asp?errmsg=5")	
end if
%>