求朋友帮忙写段 ASP 登陆验证代码咯！ 知道的朋友帮忙下咯！

<%@language="vbscript" codepage="936" %>
<%
'先连接数据库，一下是数据库连接代码，根据自己情况更改路径
Dim Conn,ConnStr,SiteDataPath
SiteDataPath="Database\#DuDao.mdb"

ConnStr = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath(SiteDataPath)
Set Conn = Server.CreateObject("ADODB.Connection")
Conn.open ConnStr
If Err Then
Err.Clear
Set Conn = Nothing
Response.Write "数据库连接出错，请检查数据库连接文件中的数据库参数设置。"
Response.End
End If

dim sql,rs
dim username,password
username=ReplaceBadChar(trim(request("username")))
password=ReplaceBadChar(trim(Request("userpsw")))

'验证数据库密码和用户名是否为空
if UserName="" then
FoundErr=True
Alert "用户名不能为空！","-1"
end if
if Password="" then
FoundErr=True
Alert "密码不能为空！","-1"
end if

if FoundErr<>True then
password=Md5(password)
sql="select * from biao where password='"&password&"' and admin='"&username&"'"
set rs=conn.execute(sql)
if rs.bof and rs.eof then
FoundErr=True
Alert "用户名或密码错误！！","-1"
else
if password<>rs("password") then
FoundErr=True
Alert "用户名或密码错误！！","-1"
else
'定义session失效时间和一些必要的session变量
session.Timeout=60
session("AdminName")=username
session("Super")=true
rs.close
set rs=nothing

Response.Redirect "mainframe.asp"
end if
end if
rs.close
set rs=nothing
End if
Conn.Close
Set Conn=nothing

'================================
'函数名:Alert
'功能：返回Javascript对话框
'调用方法：Alert "提示信息","-1"
'================================
Function Alert(message,gourl)
message = replace(message,"'","\'")
If gourl="-1" then
Response.Write ("")
ElseIf gourl="-2" then
Response.Write ("")
Else
Response.Write ("")
End If
Response.End()
End Function

'**************************************************
'函数名：ReplaceBadChar
'作 用：过滤非法的SQL字符
'参 数：strChar-----要过滤的字符
'返回值：过滤后的字符，如：LinkSiteName = ReplaceBadChar(LinkSiteName)
'**************************************************
Function ReplaceBadChar(strChar)
If strChar = "" Or IsNull(strChar) Then
ReplaceBadChar = ""
Exit Function
End If
Dim strBadChar, arrBadChar, tempChar, i
strBadChar = "+,',--,%,^,&,?,(,),<,>,[,],{,},/,\,;,:," & Chr(34) & "," & Chr(0) & ""
arrBadChar = Split(strBadChar, ",")
tempChar = strChar
For i = 0 To UBound(arrBadChar)
tempChar = Replace(tempChar, arrBadChar(i), "")
Next
tempChar = Replace(tempChar, "@@", "@")
ReplaceBadChar = tempChar
End Function
%>

思路：
check.asp 页面先接受然后从数据库匹配用户名和密码，然后做验证。提示那个简单、