<participant>
	<insertText location="aboveHTML+81"><![CDATA[<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString <> "" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request.QueryString)
MM_valUsername = CStr(Request.Form("@@frmUsername@@"))
If MM_valUsername <> "" Then
  Dim MM_fldUserAuthorization
  Dim MM_redirectLoginSuccess
  Dim MM_redirectLoginFailed
  Dim MM_loginSQL
  Dim MM_rsUser
  Dim MM_rsUser_cmd
  
  MM_fldUserAuthorization = "@@fldAuthorization@@"
  MM_redirectLoginSuccess = "@@redirectSuccess@@"
  MM_redirectLoginFailed = "@@redirectFailed@@"

  MM_loginSQL = "SELECT @@fldUsername@@, @@fldPassword@@"
  If MM_fldUserAuthorization <> "" Then MM_loginSQL = MM_loginSQL & "," & MM_fldUserAuthorization
  MM_loginSQL = MM_loginSQL & " FROM @@table@@ WHERE @@fldUsername@@ = ? AND @@fldPassword@@ = ?"
  Set MM_rsUser_cmd = Server.CreateObject ("ADODB.Command")
  MM_rsUser_cmd.ActiveConnection = MM_@@connection@@_STRING
  MM_rsUser_cmd.CommandText = MM_loginSQL
  MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param1", @@param1Type@@, 1, @@param1Size@@, MM_valUsername) ' @@param1TypeDisplayName@@
  MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param2", @@param2Type@@, 1, @@param2Size@@, Request.Form("@@frmPassword@@")) ' @@param2TypeDisplayName@@
  MM_rsUser_cmd.Prepared = true
  Set MM_rsUser = MM_rsUser_cmd.Execute

  If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then 
    ' username and password match - this is a valid user
    Session("@@MM_username@@") = MM_valUsername
    If (MM_fldUserAuthorization <> "") Then
      Session("@@MM_userAuthorization@@") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
    Else
      Session("@@MM_userAuthorization@@") = ""
    End If
    if CStr(Request.QueryString("accessdenied")) <> "" And @@redirectToReferrer@@ Then
      MM_redirectLoginSuccess = Request.QueryString("accessdenied")
    End If
    MM_rsUser.Close
    Response.Redirect(MM_redirectLoginSuccess)
  End If
  MM_rsUser.Close
  Response.Redirect(MM_redirectLoginFailed)
End If
%>]]></insertText>
	<searchPatterns whereToSearch="directive">
		<searchPattern paramNames="frmUsername,fldAuthorization,redirectSuccess,redirectFailed,fldUsername,fldPassword,table,connection,param1Type,param1Size,param2Type,param2Size,frmPassword,MM_username,MM_userAuthorization,redirectToReferrer" isOptional="false" limitSearch="all"><![CDATA[/' \*\*\* Validate request to log in to this site\.(?:\r\n|\r(?!\n)|\n)[ \t]*MM_LoginAction = Request\.ServerVariables\("URL"\)(?:\r\n|\r(?!\n)|\n)[ \t]*If Request\.QueryString\s*<>\s*"" Then MM_LoginAction = MM_LoginAction \+ "\?" \+ Server\.HTMLEncode\(Request\.QueryString\)(?:\r\n|\r(?!\n)|\n)[ \t]*MM_valUsername = CStr\(Request\.Form\("([^\r\n]*?)"\)\)(?:\r\n|\r(?!\n)|\n)[ \t]*If MM_valUsername\s*<>\s*"" Then(?:\r\n|\r(?!\n)|\n)[ \t]*Dim MM_fldUserAuthorization(?:\r\n|\r(?!\n)|\n)[ \t]*Dim MM_redirectLoginSuccess(?:\r\n|\r(?!\n)|\n)[ \t]*Dim MM_redirectLoginFailed(?:\r\n|\r(?!\n)|\n)[ \t]*Dim MM_loginSQL(?:\r\n|\r(?!\n)|\n)[ \t]*Dim MM_rsUser(?:\r\n|\r(?!\n)|\n)[ \t]*Dim MM_rsUser_cmd(?:\r\n|\r(?!\n)|\n)[ \t]*(?:\r\n|\r(?!\n)|\n)[ \t]*MM_fldUserAuthorization = "([^\r\n]*?)"(?:\r\n|\r(?!\n)|\n)[ \t]*MM_redirectLoginSuccess = "([^\r\n]*?)"(?:\r\n|\r(?!\n)|\n)[ \t]*MM_redirectLoginFailed = "([^\r\n]*?)"(?:\r\n|\r(?!\n)|\n)[ \t]*(?:\r\n|\r(?!\n)|\n)[ \t]*MM_loginSQL = "SELECT ([^\r\n]*?), ([^\r\n]*?)"(?:\r\n|\r(?!\n)|\n)[ \t]*If MM_fldUserAuthorization\s*<>\s*"" Then MM_loginSQL = MM_loginSQL & "," & MM_fldUserAuthorization(?:\r\n|\r(?!\n)|\n)[ \t]*MM_loginSQL = MM_loginSQL & " FROM ([^\r\n]*?) WHERE [^\r\n]*? = \? AND [^\r\n]*? = \?"(?:\r\n|\r(?!\n)|\n)[ \t]*Set MM_rsUser_cmd = Server\.CreateObject \("ADODB\.Command"\)(?:\r\n|\r(?!\n)|\n)[ \t]*MM_rsUser_cmd\.ActiveConnection = MM_([^\r\n]*?)_STRING(?:\r\n|\r(?!\n)|\n)[ \t]*MM_rsUser_cmd\.CommandText = MM_loginSQL(?:\r\n|\r(?!\n)|\n)[ \t]*MM_rsUser_cmd\.Parameters\.Append MM_rsUser_cmd\.CreateParameter\("param1", ([^\r\n]*?), 1, ([^\r\n]*?), MM_valUsername\)(?:\s*'[^\r\n]*)?(?:\r\n|\r(?!\n)|\n)[ \t]*MM_rsUser_cmd\.Parameters\.Append MM_rsUser_cmd\.CreateParameter\("param2", ([^\r\n]*?), 1, ([^\r\n]*?), Request\.Form\("([^\r\n]*?)"\)\)(?:\s*'[^\r\n]*)?(?:\r\n|\r(?!\n)|\n)[ \t]*MM_rsUser_cmd\.Prepared = true(?:\r\n|\r(?!\n)|\n)[ \t]*Set MM_rsUser = MM_rsUser_cmd\.Execute(?:\r\n|\r(?!\n)|\n)[ \t]*(?:\r\n|\r(?!\n)|\n)[ \t]*If Not MM_rsUser\.EOF Or Not MM_rsUser\.BOF Then (?:\r\n|\r(?!\n)|\n)[ \t]*' username and password match - this is a valid user(?:\r\n|\r(?!\n)|\n)[ \t]*Session\("([^\r\n]*?)"\) = MM_valUsername(?:\r\n|\r(?!\n)|\n)[ \t]*If \(MM_fldUserAuthorization\s*<>\s*""\) Then(?:\r\n|\r(?!\n)|\n)[ \t]*Session\("([^\r\n]*?)"\) = CStr\(MM_rsUser\.Fields\.Item\(MM_fldUserAuthorization\)\.Value\)(?:\r\n|\r(?!\n)|\n)[ \t]*Else(?:\r\n|\r(?!\n)|\n)[ \t]*Session\("[^\r\n]*?"\) = ""(?:\r\n|\r(?!\n)|\n)[ \t]*End If(?:\r\n|\r(?!\n)|\n)[ \t]*if CStr\(Request\.QueryString\("accessdenied"\)\)\s*<>\s*"" And ([^\r\n]*?) Then(?:\r\n|\r(?!\n)|\n)[ \t]*MM_redirectLoginSuccess = Request\.QueryString\("accessdenied"\)(?:\r\n|\r(?!\n)|\n)[ \t]*End If(?:\r\n|\r(?!\n)|\n)[ \t]*MM_rsUser\.Close(?:\r\n|\r(?!\n)|\n)[ \t]*Response\.Redirect\(MM_redirectLoginSuccess\)(?:\r\n|\r(?!\n)|\n)[ \t]*End If(?:\r\n|\r(?!\n)|\n)[ \t]*MM_rsUser\.Close(?:\r\n|\r(?!\n)|\n)[ \t]*Response\.Redirect\(MM_redirectLoginFailed\)(?:\r\n|\r(?!\n)|\n)[ \t]*End If(?=\r\n|\r|\n|%>)/i]]></searchPattern>
	</searchPatterns>
	<quickSearch>CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)</quickSearch>
</participant>

<!-- participant modified by hand: we should not match the ending of the CreateParameter lines -->
