well the best solution according to my knowledge would be a database with a table for your users or 2 tables called publishers and advertisers
then uses a sql query to get a record from the database if the user logged in using the correct name and password
and if the password or user name is incorrect display a message.
then create a session variable for your user name and password and check it on every page. this eliminates the parameters in the URL using your links
example of the query
Dim username
Dim password
Dim nConn
Password = Request.Form("txtNPassword")
username = Request.Form("txtUsername")
UserQuery = "Select * from table where columnname = '"+ username + "' and passwordcolumn = '"+ password + "'"
Set lRS = CreateObject("ADODB.RECORDSET")
lRS.Open UserQuery, lConn
the last 2 lines creates the record set you can use for checking if there is a record selected
you just need to create a connection to the database first
if you checked that there is variables then you can create session variables using this
session("SUsername") = Request.Form("txtUsername")
session("SPassword") = Request.Form("txtPassword")