<%
UserID = Request.Form("UserID")
Password = Request.Form("Password")

'Open connection to database and validate
Set objConn = Server.CreateObject("ADODB.Connection")

objConn.Open Session("ConnectString")
sqlTable1 = "SELECT * FROM Table1 WHERE UserID = '" & UserID & "' and Password = '" & Password & "'"
sqlTable2 = "SELECT * FROM Table2 WHERE UserID = '" & UserID & "' and Password = '" & Password & "'"

set objRS = objConn.Execute(sqlTable1)

if NOT objRS.EOF Then
Session("Valid") = "True"
objRS.Close
set objRS = Nothing
objConn.Close
set objConn = Nothing
Response.Redirect "/Members"
ELSE
set objRS = objConn.Execute(sqlTable2)

if NOT objRS.EOF Then
Session("Valid") = "True"
objRS.Close
set objRS = Nothing
Conn.Close
set objConn = Nothing
Response.Redirect "/Members"
ELSE
Session("Valid") = "False"
%>

<script language="javascript">
javascript:alert ('Invalid UserID/Password! Please try again. All logon attempts are recorded.')
history.go(-1)
</script>

<%
end if
end if
%>

And then on the pages you want to protect, just enter this code:

<%
If Session("Valid") <> "True" Then
Response.Redirect "/Logon.asp"
End If
%>

By Marc W.