请帮小弟我看一下

请帮我看一下
我制作了一个登录界面，想实现以下验证功能， 登录者必须填入正确的用户名和密码，还有下拉菜单中要选择和用户名对应的部门名称时，才允许登录，任何一个错误都不允许登录。 

  用户名：______ 
  密码：________ 
  下拉菜单：（给了几个部门选择,比如，采购部、结算部，人力部等等，各个部门的值输入如：0000，0002，0003等等） 

我在数据库中都已经把用户名和密码和部门数据都做好了。只要其他人输入就可以了。 
我的数据库表假如如下： 
数据库表：id password buid 
  a001 123456 0000 
  a002 654321 0002 

如何去做这个三方判断呢？本人实在很菜，用DWR8的用户验证功能只能够实现 user，password两个选项的验证，麻烦大家在我下面的代码修改一下应该如何去实现我要的效果，麻烦拉。完成结分。谢谢啦。 

<%@LANGUAGE="VBSCRIPT"%> 
<!--#include file="Connections/hhd.asp" --> 
<% 
Dim Recordset1 
Dim Recordset1_numRows 

Set Recordset1 = Server.CreateObject("ADODB.Recordset") 
Recordset1.ActiveConnection = MM_hhd_STRING 
Recordset1.Source = "SELECT * FROM dbo.userid" 
Recordset1.CursorType = 0 
Recordset1.CursorLocation = 2 
Recordset1.LockType = 1 
Recordset1.Open() 

Recordset1_numRows = 0 
%> 
<% 
' *** Validate request to log in to this site. 
MM_LoginAction = Request.ServerVariables("URL") 
If Request.QueryString <>"" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request.QueryString) 
MM_valUsername=CStr(Request.Form("id")) 
If MM_valUsername <> "" Then 
  MM_fldUserAuthorization="" 
  MM_redirectLoginSuccess="new.asp" 
  MM_redirectLoginFailed="wro.html" 
  MM_flag="ADODB.Recordset" 
  set MM_rsUser = Server.CreateObject(MM_flag) 
  MM_rsUser.ActiveConnection = MM_hhd_STRING 
  MM_rsUser.Source = "SELECT bmid, password" 
  If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization 
  MM_rsUser.Source = MM_rsUser.Source & " FROM dbo.userid WHERE bmid='" & Replace(MM_valUsername,"'","''") &"' AND password='" & Replace(Request.Form("passworda"),"'","''") & "'" 
  MM_rsUser.CursorType = 0 
  MM_rsUser.CursorLocation = 2 
  MM_rsUser.LockType = 3 
  MM_rsUser.Open 
  If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then 
  ' username and password match - this is a valid user 
  Session("MM_Username") = MM_valUsername 
  If (MM_fldUserAuthorization <> "") Then 
  Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value) 
  Else 
  Session("MM_UserAuthorization") = "" 
  End If 
  if CStr(Request.QueryString("accessdenied")) <> "" And false Then 
  MM_redirectLoginSuccess = Request.QueryString("accessdenied") 
  End If 
  MM_rsUser.Close 
  Response.Redirect(MM_redirectLoginSuccess) 
  End If 
  MM_rsUser.Close 
  Response.Redirect(MM_redirectLoginFailed) 
End If 
%>

------解决方案--------------------
LZ不是刚刚发了一帖么。。关于验证部门的。

VBScript code

<%
id=request.form("id")
buid=request.form("buid")'这里接收你登陆页面传过来的员工部门的值
set rs2=Server.CreateObject("ADODB.Recordset") 
sql2 = "select buid from dbo.userid where bmid='" & Replace(MM_valUsername,"'","''")"
rs2.open sql2,hhd,1,1
buid2=rs2("buid2")    '获取你的表中的该员工的部门值
if buid<>buid2 then   '拿你页面传过来的部门值和该员工应该属于的部门值比较
response.write("你不属于该部门")
endif
%>