关于登陆会员需要认证的，菜鸟搞不定。如何从数据库做比较？

<%
dim conn,connstr,startime,TimesDB,rs,UserAgent
startime=timer()
UserAgent = Trim(Lcase(Request.Servervariables("HTTP_USER_AGENT")))
If InStr(UserAgent,"teleport") > 0 or InStr(UserAgent,"webzip") > 0 or InStr(UserAgent,"flashget")>0 or InStr(UserAgent,"offline")>0 Then
Response.Write "请不要采用teleport/Webzip/Flashget/Offline等工具来浏览商城！"
Response.End
End If

Function SafeRequest(ParaName,ParaType)
Dim ParaValue
ParaValue=Request(ParaName)
If ParaType=1 then
If not isNumeric(ParaValue) then
Response.write "<center>参数" & ParaName & "必须为数字型，请正确操作！</center>"
Response.end
End if
Else
ParaValue=replace(ParaValue,"'","''")
End if
SafeRequest=ParaValue
End function


Function FormatSQL(strChar)
if strChar="" then
FormatSQL=""
else
FormatSQL=replace(replace(replace(replace(replace(replace(replace(replace(strChar,"'","’"),"*","×"),"?","？"),"(","（"),")","）"),"<","〈"),".","。"),";","；")
end if
End Function

TimesDB="database/afuShop#.asp"
connstr="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath(""×DB&"")
On Error Resume Next
Set conn = Server.CreateObject("ADODB.Connection")
conn.open connstr
If Err Then
err.Clear
Set Conn = Nothing
Response.Write "数据库连接出错，请检查连接字串。"'
Response.End
End If
%>
<!--#include file="func.asp"-->
<%
dim username,UserPassword,comeurl,passcode
username=FormatSQL(replace(trim(request.form("username")),"'",""))
UserPassword=md5(FormatSQL(replace(trim(request.Form("UserPassword")),"'","")))
if not isnumeric(request.form("passcode")) then
response.Write "<script LANGUAGE='javascript'>alert('登录失败！验证码必须是数字，请正确填写！');history.go(-1);</script>"
conn.Close
set conn=nothing
response.end
end if
passcode=Cint(request.form("passcode"))
comeurl=request.servervariables("HTTP_REFERER")
if comeurl="" then
comeurl="default.asp"
end if
if username="" or UserPassword="" then
response.Write "<script LANGUAGE='javascript'>alert('登录失败！请检查您的登录名和密码！');history.go(-1);</script>"
conn.Close
set conn=nothing
response.end
end if

if passcode<>Session("GetCode") then
response.Write "<script LANGUAGE='javascript'>alert('登录失败！验证码错误！');history.go(-1);</script>"
conn.Close
set conn=nothing
response.end
end if


set rs=server.CreateObject("adodb.recordset")
rs.Open "select * from [user] where UserPassword='"&UserPassword&"' and username='"&username&"' " ,conn,1,3
if not(rs.bof and rs.eof) then

if UserPassword=rs("UserPassword") and passcode=Session("GetCode") then
'认证开通


if rs("kaitong") = 0 then
rs.close
set rs=nothing
conn.close
set conn=nothing
response.Write"<script LANGUAGE='javascript'>alert('请等待开通！');history.go(-1);</script>"




end if
response.Cookies("timesshop")("username")=trim(request.form("username"))
rs("LastLogin")=now()
rs("UserLogins")=rs("UserLogins")+1
rs("Img") = Request.ServerVariables("REMOTE_ADDR")
rs.Update
rs.Close
set rs=nothing
conn.Close
set conn=nothing
session("strusername")=request.Cookies("timesshop")("username")

else
response.write "<script LANGUAGE='javascript'>alert('登录失败，请检查您的登录名和密码！');history.go(-1);</script>"
rs.Close
set rs=nothing
conn.Close
set conn=nothing
response.end
end if

else
response.write "<script LANGUAGE='javascript'>alert('登录失败！请检查您的登录名和密码！');history.go(-1);</script>"
rs.Close
set rs=nothing
conn.Close
set conn=nothing
response.end
end if
%>