0) { String queryString = request.getQueryString(); String tempStr = ""; for (int i=0; i < queryString.length(); i++) { if (queryString.charAt(i) == '<') tempStr = tempStr + "<"; else if (queryString.charAt(i) == '>') tempStr = tempStr + ">"; else if (queryString.charAt(i) == '"') tempStr = tempStr + """; else tempStr = tempStr + queryString.charAt(i); } MM_LoginAction += "?" + tempStr; } String MM_valUsername=request.getParameter("@@frmUsername@@"); if (MM_valUsername != null) { String MM_fldUserAuthorization="@@fldAuthorization@@"; String MM_redirectLoginSuccess="@@redirectSuccess@@"; String MM_redirectLoginFailed="@@redirectFailed@@"; String MM_redirectLogin=MM_redirectLoginFailed; Driver MM_driverUser = (Driver)Class.forName(MM_@@connection@@_DRIVER).newInstance(); Connection MM_connUser = DriverManager.getConnection(MM_@@connection@@_STRING,MM_@@connection@@_USERNAME,MM_@@connection@@_PASSWORD); String MM_pSQL = "SELECT @@fldUsername@@, @@fldPassword@@"; if (!MM_fldUserAuthorization.equals("")) MM_pSQL += "," + MM_fldUserAuthorization; MM_pSQL += " FROM @@table@@ WHERE @@fldUsername@@=\'" + MM_valUsername.replace('\'', ' ') + "\' AND @@fldPassword@@=\'" + request.getParameter("@@frmPassword@@").toString().replace('\'', ' ') + "\'"; PreparedStatement MM_statementUser = MM_connUser.prepareStatement(MM_pSQL); ResultSet MM_rsUser = MM_statementUser.executeQuery(); boolean MM_rsUser_isNotEmpty = MM_rsUser.next(); if (MM_rsUser_isNotEmpty) { // username and password match - this is a valid user session.putValue("@@MM_username@@", MM_valUsername); if (!MM_fldUserAuthorization.equals("")) { session.putValue("@@MM_userAuthorization@@", MM_rsUser.getString(MM_fldUserAuthorization).trim()); } else { session.putValue("@@MM_userAuthorization@@", ""); } if ((request.getParameter("accessdenied") != null) && @@redirectToReferrer@@) { MM_redirectLoginSuccess = request.getParameter("accessdenied"); } MM_redirectLogin=MM_redirectLoginSuccess; } MM_rsUser.close(); MM_connUser.close(); response.sendRedirect(response.encodeRedirectURL(MM_redirectLogin)); return; } %> ]]>