<!--#include file="DB/connexion.asp"-->		
<!--#include file="Utils/IIF.asp"-->
<!--#include file="Utils/Security/Security.asp"-->	

<%	
' Valider que les informations passées sont sécuritaires
UID = Replace(Replace(Replace(Request.Form("UID"),"--",""),";",""),"'","''")
PWD = Replace(Replace(Replace(Request.Form("PWD"),"--",""),";",""),"'","''")
	 	 
NoMsgUID = IsSecureString(UID)
NoMsgPWD = IsSecureString(PWD)
		
If ((NoMsgUID <> 0) OR (NoMsgPWD <> 0)) Then
	NoMsg = IIF((NoMsgUID = 1) OR (NoMsgPWD = 1), 2, NoMsg)
	NoMsg = IIF((NoMsgUID = 2) OR (NoMsgPWD = 2), 3, NoMsg)
	NoMsg = IIF((NoMsgUID = 3) OR (NoMsgPWD = 3), 4, NoMsg) %>
	
	<!--#include file="DB/deconnexion.asp"-->
	
	<% Response.Redirect("seconnecter.asp?Msg=UNK_INDIVIDUAL_PASSWORD")
End If

SET RS_Individu = objConn.Execute("SELECT UID, PWD, IdMembre, Statut " & _
									"FROM T_Sel_Membre " & _
									"WHERE (UID='" & UID & "') AND (PWD='" & PWD & "') AND (Suppr = 0)")

IF RS_Individu.EOF THEN

	'Si l'individu innexistant
	Response.Redirect("membres.asp?Msg=UNK_INDIVIDUAL_PASSWORD")	
	Response.End

ELSE				   
				 
	' Obtenir l'identifiant de l'utilisateur
	IdMembre = RS_Individu("IdMembre")
	UID = RS_Individu("UID")			
 	   
	' Inactif
	IF RS_Individu("Statut") = "Inactif" THEN	
	
		Response.Redirect("membres.asp?Msg=NO_RIGHTS")	
		Response.End
	
	' Actif   
	ELSE   		

		' Ajuster le timeout de la session
		Session.Timeout = 15

		' Conserver certaines informations dans des variables de session  
		Session("LoggedIn") = UID & "78r2r897r3249834328480" 
		Session("UID") = UID
		Session("IdMembre") = IdMembre

		' Rediriger vers l'accès membre
		Response.Redirect("Membre/index.asp")
		 
	END IF

END IF

RS_Individu.Close
SET RS_Individu = Nothing
%>
<!--#include file="DB/deconnexion.asp"-->