[CODE]
<%
If Request.QueryString("step") = "2" THEN
str_username = Replace(Request.Form("username"), "'", "''")
str_password = Replace(Request.Form("password"), "'", "''")

Set rs_login = Server.CreateObject ("ADODB.RecordSet")
strSQL = "SELECT * FROM tbl_authors WHERE name='" & str_username & "' AND pass='" & str_password & "'"
rs_login.open strSQL,adoCon

if rs_login.EOF _
or rs_login.BOF Then
Response.Redirect("badlogin.asp")
else
Response.Cookies("Login")("userCode") = rs_login("code")
if adminEmail = "mail@mail.net" AND str_password = "admin" then
Response.Redirect("setup.asp?setup=firstTime")
else
if str_users_authority = "mod1" Then
Response.redirect("mydefault.asp")
else
if str_users_authority = "mod2" Then
Response.redirect("index3.asp")
End if
End if
End if
End if
End if
%>
[/CODE}