AdminCheck.asp 6KBBS ASP版 V7.1 - ASP源码程序

www.gusucode.com > 6KBBS ASP版 V7.1 > 6KBBS ASP版 V7.1\code\bbs\admin\AdminCheck.asp
    <!--#include file="AdminConn.asp"--><!--#include file="../inc/md5.asp"--><meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<link rel=stylesheet type=text/css href=pic/css.css>
<STYLE type=text/css>BODY {
	SCROLLBAR-FACE-COLOR: #749AEC;  SCROLLBAR-HIGHLIGHT-COLOR:#749AEC; SCROLLBAR-3DLIGHT-COLOR: #749AEC; SCROLLBAR-ARROW-COLOR:#F4F6FC; SCROLLBAR-TRACK-COLOR: #B0C7F4; SCROLLBAR-DARKSHADOW-COLOR: #749AEC}
</style>
<title>管理员登陆</title>
  <body bgcolor="#799ae1">
<%
function checknum(str)
if isnull(str) or str=""  then
exit function
else
if not isnumeric(str) then
response.write"<center>非法操作导致程序中止!</center>"
response.end
else
checknum=int(str)
end if
end if
end function
dim action,lgname,lgpwd,adminid,login,lgpwdmd5,wrongnum
wrongnum=checknum(session(prefix&"wrongnum"))
if isnull(wrongnum) or wrongnum="" then wrongnum=0
if wrongnum>=3 then
%> 

  <table align="center" border="2" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="500">
  <tr>
    <td class=td1 width="100%" height="30" background="Pic/lbg.gif">&nbsp;<img border="0" src="Pic/home.gif"> 管理员登陆：</td>
  </tr>
  <tr>
    <td class=td2 width="450" bgcolor="#FFFFFF">
    <p style="margin: 5"><br>对不起。你已经连续3次输入错误，现在不能登陆。<br><br></td>
  </tr>
  </table><%
response.end
end if
action=request.querystring("action")
select case action
case""%>
<form method="POST" action="admincheck.asp?action=check">
<div align="center">
<table border="2" rules=none cellpadding="0" style="border-collapse: collapse" width="500">
  <tr>
    <td class=td1 width="100%" height="30" background="Pic/lbg.gif">&nbsp;<img border="0" src="Pic/home.gif"> 管理员登陆：</td>
  </tr>
  <tr>
    <td class=td2 bgcolor="#FFFFFF">
    <table border="0" width="100%" cellpadding="0" style="border-collapse: collapse" id="table1" height="100%">
		<tr>
			<td width="128">
			<img border="0" src="Pic/clipboard.gif" width="128" height="128"></td>
			<td>
			<table border="0" width="100%" cellpadding="0" style="border-collapse: collapse" id="table2">
		<tr>
    <td class=td2 width="100" bgcolor="#FFFFFF" height="28" align="right">
    <p style="margin: 5">用户名：</td>
    <td  width="300" bgcolor="#FFFFFF">
    <input type="text" name="lgname" size="20"></td>
  </tr>
  <tr>
    <td class=td2 width="100" bgcolor="#FFFFFF" height="28" align="right">
    <p style="margin: 5">密<font color="#FFFFFF">。</font>码：</td>
    <td width="300" bgcolor="#FFFFFF">
    <input type="password" name="lgpwd" size="20"></td>
  </tr>
  <tr>
    <td class=td2 width="100" bgcolor="#FFFFFF" height="28" align="right">
    <p style="margin: 5">验证码：</td>
    <td width="300" bgcolor="#FFFFFF"><input type="text" name="adminid" size="5" maxlength="4"> <img src=../Code.asp></td>
  </tr>

			</table>
			</td>
		</tr>
	</table>
	</td>
  </tr>
  <tr>
    <td width="450" bgcolor="#F4F6FC" height="32" align="center" background="Pic/lbg2.jpg">
    <input type="submit" value=" 登  陆 " name="B1">&nbsp;  <input type="reset" value=" 重  置 " name="a1"></td>
  </tr>
</table></div>
</form>
<%case"check"
login=true
lgname=Replace(Request.Form("lgname"),"'","")
lgpwd=Replace(Request.Form("lgpwd"),"'","")

dim rec,passpwd
function pname(str)
pname=true
if Instr(str,"=")>0  or Instr(str,"%")>0 or Instr(str,chr(32))>0  or Instr(str,"?")>0 or Instr(str,"&")>0 or Instr(str,";")>0 or Instr(str,",")>0  or Instr(str,"'")>0 or Instr(str,".")>0 or Instr(str,chr(34))>0 or Instr(str,chr(9))>0  or Instr(str,"")>0 or Instr(str,"$")>0 or Instr(str,chr(255))>0 or Instr(str,":") or instr(str,"|")>0  or instr(str,"#")>0 or instr(str,"`")>0 or instr(str,"\")>0 or instr(str,"(")>0 or instr(str,"[")>0 or instr(str,"-")>0 or instr(str,"~") then
pname=false
end if
end function
if pname(lgname)=false then
login=false
else
lgpwdmd5=md5(lgpwd)
adminid=Replace(Request.Form("adminid"),"'","")
if session("adminid")<>adminid or not isnumeric(adminid) then
login=false
else
if conn.execute("select top 1 bd from admin where name='"&lgname&"' and password='"&lgpwdmd5&"' and bd=0").eof then
login=false
else
login=true
end if
end if
end if
if login=false then
session(prefix&"wrongnum")=wrongnum+1
response.redirect"admincheck.asp"
elseif login=true then
session(prefix&"wrongnum")=0
session(prefix&"adlgname")=lgname
session(prefix&"adlgpwd")=lgpwd
%><script>top.location="index.asp"</script><%
end if

case"exit"
session(prefix&"adlgname")=""
session(prefix&"adlgpwd")=""
response.redirect"admincheck.asp"
%>

<%end select%>