www.gusucode.com > 6KBBS ASP版 V7.1 > 6KBBS ASP版 V7.1\code\bbs\admin\AdminCheck.asp
<!--#include file="AdminConn.asp"--><!--#include file="../inc/md5.asp"--><meta http-equiv="Content-Type" content="text/html; charset=gb2312"> <link rel=stylesheet type=text/css href=pic/css.css> <STYLE type=text/css>BODY { SCROLLBAR-FACE-COLOR: #749AEC; SCROLLBAR-HIGHLIGHT-COLOR:#749AEC; SCROLLBAR-3DLIGHT-COLOR: #749AEC; SCROLLBAR-ARROW-COLOR:#F4F6FC; SCROLLBAR-TRACK-COLOR: #B0C7F4; SCROLLBAR-DARKSHADOW-COLOR: #749AEC} </style> <title>管理员登陆</title> <body bgcolor="#799ae1"> <% function checknum(str) if isnull(str) or str="" then exit function else if not isnumeric(str) then response.write"<center>非法操作导致程序中止!</center>" response.end else checknum=int(str) end if end if end function dim action,lgname,lgpwd,adminid,login,lgpwdmd5,wrongnum wrongnum=checknum(session(prefix&"wrongnum")) if isnull(wrongnum) or wrongnum="" then wrongnum=0 if wrongnum>=3 then %> <table align="center" border="2" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="500"> <tr> <td class=td1 width="100%" height="30" background="Pic/lbg.gif"> <img border="0" src="Pic/home.gif"> 管理员登陆:</td> </tr> <tr> <td class=td2 width="450" bgcolor="#FFFFFF"> <p style="margin: 5"><br>对不起。你已经连续3次输入错误,现在不能登陆。<br><br></td> </tr> </table><% response.end end if action=request.querystring("action") select case action case""%> <form method="POST" action="admincheck.asp?action=check"> <div align="center"> <table border="2" rules=none cellpadding="0" style="border-collapse: collapse" width="500"> <tr> <td class=td1 width="100%" height="30" background="Pic/lbg.gif"> <img border="0" src="Pic/home.gif"> 管理员登陆:</td> </tr> <tr> <td class=td2 bgcolor="#FFFFFF"> <table border="0" width="100%" cellpadding="0" style="border-collapse: collapse" id="table1" height="100%"> <tr> <td width="128"> <img border="0" src="Pic/clipboard.gif" width="128" height="128"></td> <td> <table border="0" width="100%" cellpadding="0" style="border-collapse: collapse" id="table2"> <tr> <td class=td2 width="100" bgcolor="#FFFFFF" height="28" align="right"> <p style="margin: 5">用户名:</td> <td width="300" bgcolor="#FFFFFF"> <input type="text" name="lgname" size="20"></td> </tr> <tr> <td class=td2 width="100" bgcolor="#FFFFFF" height="28" align="right"> <p style="margin: 5">密<font color="#FFFFFF">。</font>码:</td> <td width="300" bgcolor="#FFFFFF"> <input type="password" name="lgpwd" size="20"></td> </tr> <tr> <td class=td2 width="100" bgcolor="#FFFFFF" height="28" align="right"> <p style="margin: 5">验证码:</td> <td width="300" bgcolor="#FFFFFF"><input type="text" name="adminid" size="5" maxlength="4"> <img src=../Code.asp></td> </tr> </table> </td> </tr> </table> </td> </tr> <tr> <td width="450" bgcolor="#F4F6FC" height="32" align="center" background="Pic/lbg2.jpg"> <input type="submit" value=" 登 陆 " name="B1"> <input type="reset" value=" 重 置 " name="a1"></td> </tr> </table></div> </form> <%case"check" login=true lgname=Replace(Request.Form("lgname"),"'","") lgpwd=Replace(Request.Form("lgpwd"),"'","") dim rec,passpwd function pname(str) pname=true if Instr(str,"=")>0 or Instr(str,"%")>0 or Instr(str,chr(32))>0 or Instr(str,"?")>0 or Instr(str,"&")>0 or Instr(str,";")>0 or Instr(str,",")>0 or Instr(str,"'")>0 or Instr(str,".")>0 or Instr(str,chr(34))>0 or Instr(str,chr(9))>0 or Instr(str,"")>0 or Instr(str,"$")>0 or Instr(str,chr(255))>0 or Instr(str,":") or instr(str,"|")>0 or instr(str,"#")>0 or instr(str,"`")>0 or instr(str,"\")>0 or instr(str,"(")>0 or instr(str,"[")>0 or instr(str,"-")>0 or instr(str,"~") then pname=false end if end function if pname(lgname)=false then login=false else lgpwdmd5=md5(lgpwd) adminid=Replace(Request.Form("adminid"),"'","") if session("adminid")<>adminid or not isnumeric(adminid) then login=false else if conn.execute("select top 1 bd from admin where name='"&lgname&"' and password='"&lgpwdmd5&"' and bd=0").eof then login=false else login=true end if end if end if if login=false then session(prefix&"wrongnum")=wrongnum+1 response.redirect"admincheck.asp" elseif login=true then session(prefix&"wrongnum")=0 session(prefix&"adlgname")=lgname session(prefix&"adlgpwd")=lgpwd %><script>top.location="index.asp"</script><% end if case"exit" session(prefix&"adlgname")="" session(prefix&"adlgpwd")="" response.redirect"admincheck.asp" %> <%end select%>