Function AuthenticateUser() 'Record SQL statement to find the entered studen

1. Function AuthenticateUser()
2.  
3.     'Record SQL statement to find the entered student number
4.    
5.         'sql = "SELECT * FROM users WHERE userId= '" & Request.Form("user") & "'"
6.         'sql = "SELECT * FROM users WHERE password= '" & Request.Form("pword") & "'"
7.         Dim command As New SqlCommand(sql, conn)
8.         sql = "select * from users where userid=@CustLogin and password=@pword"
9.         Set rs = Server.CreateObject("ADODB.RecordSet")
10.         rs.cursorType = adOpenStatic
11.         'rs.Open sql, conn
12.         conn.Open() command.ExecuteNonQuery() conn.Close()
13.    
14.             'Test to determine if a record was found.
15.             If rs.RecordCount = 0 then
16.                 Response.Write "[User ID not found]"
17.                
18.             'check if user has has proper security level to change current record
19.             'ElseIf rs("Level") > "3" then
20.                 'Response.Write "You do not have access to this account. See Administrator."
21.                 'closeall()
22.             Else
23.                 Response.Redirect("logged_in_lol.asp")
24.                 user = rs("userId")
25.                 Session("Admyn") = rs("Admin")
26.             End If
27.                    
28.                     Response.Redirect("logged_in_lol.asp")
29.                    
30.             'End If
31. End Function