<%
	SQL = "SELECT * FROM Users WHERE UserID = " & Request.Form("UserID")
	Set Conn = Server.CreateObject("ADODB.Connection")
	Conn.Open Application("dBConnection")
	Set RS = Server.CreateObject("ADODB.Recordset")
	RS.Open SQL, Conn
	if RS.EOF then
		'If the userID is invalid we send the user back to the login page.
		Response.Redirect "login.asp?MSG=Invalid+Account"
	else
		iCount = RS.Fields.Count - 1
		for i=0 to iCount
			Session(RS(i).name) = RS(i).value
		next
	end if
	RS.Close
	Set RS = Nothing
	Conn.Close
	Set Conn = Nothing
%>