www.gusucode.com > 动网论坛Dvbbs v8.3 > 动网论坛Dvbbs v8.3\code\源程序\admin_login.asp
<!--#include file="Conn.asp"--> <!-- #include file="inc/const.asp" --> <!-- #include file="inc/md5.asp" --> <!-- #include file="inc/myadmin.asp" --> <% Rem =============================================================== Rem 开启使用允许IP登陆功能 Chk_IPLogin : 0- 关闭,1=开启 Const Chk_IPLogin = 1 Rem =============================================================== Rem =============================================================== Rem CHECK_CODE 设置为1 开通登录验证码,设置为0关闭登录验证码,以方便视障人士如盲人等朋友使用。 Const CHECK_CODE=1 Rem =============================================================== Dim Rs,sql,i Dvbbs.LoadTemplates("Admin") template.ChildFolder="Admin" 'Set Rs=Dvbbs.Execute("Select H_Content From Dv_Help Where H_ID=1") 'Response.Write Rs(0) 'template.value = Rs(0) 'Response.End Dvbbs.Stats="论坛管理登录" Admin_Login() Dvbbs.PageEnd() Sub Admin_Login() 'Response.Write Dvbbs.CacheData(33,0) Dvbbs.Head() If (Dvbbs.GroupSetting(70)="1" and Dvbbs.UserGroupID>1 and Dvbbs.UserID>0) or Dvbbs.Master or Dvbbs.UserID=0 Then Dvbbs.Master = True Else Dvbbs.Master = False End If If Not Dvbbs.Master Then Response.Redirect "showerr.asp?action=OtherErr&ErrCodes=<li>您不是系统管理员!" If Dvbbs.Master And Session("flag")<>"" Then Response.Redirect Dvbbs.CacheData(33,0) & "index.asp" If Request.form("reaction")="chklogin" Then ChkLogin() Else Admin_Login_Main() End If End Sub Sub Admin_Login_Main() Dim version If IsSqlDataBase = 1 Then version="SQL 版"&fversion Else version="ACCESS 版"&fversion 'Response.Write Replace(template.html(1),"{$path}",Dvbbs.CacheData(33,0) & "images/") Response.Write Replace(template.html(1),"{$path}","") %> <style type="text/css"> body { background:#fff; background-image : url("skins/images/body_bg.gif");background-repeat: repeat-x ; } td { font-size:12px;} input { border:1px solid #999; } .button { color: #135294; border:1px solid #666; height:21px; line-height:18px; background:url("images/button_bg.gif")} div#nifty{margin: 0 10%;background: #ABD4EF;width: 420px;word-break:break-all; margin-top:60px;} b.rtop, b.rbottom{display:block;background: #FFF} b.rtop b, b.rbottom b{display:block;height: 1px;overflow: hidden; background: #ABD4EF} b.r1{margin: 0 5px} b.r2{margin: 0 3px} b.r3{margin: 0 2px} b.rtop b.r4, b.rbottom b.r4{margin: 0 1px;height: 2px} </style> <center> <div id="nifty"> <b class="rtop"><b class="r1"></b><b class="r2"></b><b class="r3"></b><b class="r4"></b></b> <div style="width:403px; height:26px; line-height:26px; background:none; font-size:12px; text-align:left;"><%=dvbbs.Forum_info(0)%> -- 管理登录</div> <div style="width:403px; height:46px; background:#166CA3;"><img src="images/login.gif" alt="" /></div> <div style="width:401px !important; width:403px; height:auto; background:#fff; border-left:1px solid #649EB2; border-right:1px solid #649EB2; "> <table width="100%" border="0" cellspacing="3" cellpadding="0"> <form action="admin_login.asp" method="post"> <input name="reaction" type="hidden" value="chklogin" /> <%If Dvbbs.UserID=0 Or (Dvbbs.UserGroupID>1 And Dvbbs.GroupSetting(70)="0") Then%> <tr> <td align="right" width="35%"><b>前台用户名:</b></td> <td align="left"><input name="adduser" type="text" tabindex="2"/></td> </tr> <tr> <td align="right" width="35%"><b>前台密码:</b></td> <td align="left"><input name="password2" type="password" tabindex="3"/></td> </tr> <%End If%> <tr> <td align="right"><b>用户名:</b></td> <td align="left"><input name="username" type="text" tabindex="4"/></td> </tr> <tr> <td align="right"><b>密 码:</b></td> <td align="left"><input name="password" type="password" tabindex="5"/></td> </tr> <%If CHECK_CODE=1 Then%> <tr> <td align="right"><b>附加码:</b></td> <td align="left"><%=Dvbbs.GetCode%></td> </tr> <%End If%> <tr> <td align="right"></td> <td align="left"><input class="button" type="submit" name="submit" value="登 录"/></td> </tr> </form> </table> </div> <div style="width:401px !important; width:403px; height:20px; background:#F7F7E7; border:1px solid #649EB2; border-top:1px solid #ddd; margin-bottom:5px; font-size:12px; line-height:20px; "> <%=Dvbbs.Forum_info(0)%> <%If Dvbbs.UserID>0 Then Response.Write Version%></div> <b class="rbottom"><b class="r4"></b><b class="r3"></b><b class="r2"></b><b class="r1"></b> </div> </body> </html> <% End Sub Sub ChkLogin() Dim ip Dim UserName Dim PassWord UserName=Replace(Request("username"),"'","") PassWord=md5(request("password"),16) If CHECK_CODE=1 Then If Dvbbs.forum_setting(120)=1 Then 'modifty by reoaiq at 091022 If Request("codestryuyin")="" Then Response.Redirect "showerr.asp?action=OtherErr&ErrCodes=<li>请返回输入确认码。<b>返回后请刷新登录页面后重新输入正确的信息。</b>" Exit Sub Elseif Session("getcode")="9999" then Session("getcode")="" Elseif Session("getcode")="" then Response.Redirect "showerr.asp?action=OtherErr&ErrCodes=<li>请不要重复提交,如需重新登录请返回登录页面。<b>返回后请刷新登录页面后重新输入正确的信息。</b>" Exit Sub ElseIf LCase(Cstr(Trim(Session("getcode"))))<>Lcase(Cstr(Trim(Request("codestryuyin")))) Then Response.Redirect "showerr.asp?action=OtherErr&ErrCodes=<li>您输入的确认码和系统产生的不一致,请重新输入。<b>返回后请刷新登录页面后重新输入正确的信息。</b>" Exit Sub End If Session("getcode")="" Else If Request("codestr")="" Then Response.Redirect "showerr.asp?action=OtherErr&ErrCodes=<li>请返回输入确认码。<b>返回后请刷新登录页面后重新输入正确的信息。</b>" Exit Sub Elseif Session("getcode")="9999" then Session("getcode")="" Elseif Session("getcode")="" then Response.Redirect "showerr.asp?action=OtherErr&ErrCodes=<li>请不要重复提交,如需重新登录请返回登录页面。<b>返回后请刷新登录页面后重新输入正确的信息。</b>" Exit Sub ElseIf LCase(Cstr(Trim(Session("getcode"))))<>Lcase(Cstr(Trim(Request("codestr")))) Then Response.Redirect "showerr.asp?action=OtherErr&ErrCodes=<li>您输入的确认码和系统产生的不一致,请重新输入。<b>返回后请刷新登录页面后重新输入正确的信息。</b>" Exit Sub End If Session("getcode")="" End If End If if UserName="" Or PassWord="" Then Response.Redirect "showerr.asp?action=OtherErr&ErrCodes=<li>请输入您的用户名或密码。<b>返回后请刷新登录页面后重新输入正确的信息。</b>" Exit Sub End If ip=Dvbbs.UserTrueIP Dim MemberName If Dvbbs.MemberName="" Or Request("adduser") <>"" Then MemberName=Dvbbs.Checkstr(Request("adduser")) Else MemberName=Dvbbs.MemberName End If Set Rs=Dvbbs.Execute("Select a.*,u.userpassword,u.usergroupid From "&admintable&" a Inner Join Dv_user u On a.adduser=u.userName Where a.UserName='"&username&"' And AddUser='"&MemberName&"'") If Rs.Eof And Rs.Bof Then Rs.Close Set Rs=Nothing Response.Redirect "showerr.asp?action=OtherErr&ErrCodes=<li>您输入的用户名和密码不正确或者您不是系统管理员。请<a href=admin_login.asp>重新输入</a>您的密码。<b>返回后请刷新登录页面后重新输入正确的信息。</b>" Exit Sub Else If Rs("AcceptIP")<>"" And Chk_IPLogin=1 Then If ChkLoginIP(Rs("AcceptIP"),ip)=False Then Response.Redirect "showerr.asp?action=OtherErr&ErrCodes=<li>你不是合法的后台管理员。请<a href=admin_login.asp>重新输入</a>您的密码。" Exit Sub End If End If If Trim(Rs("password"))<>PassWord then Response.Redirect "showerr.asp?action=OtherErr&ErrCodes=<li>您输入的用户名和密码不正确或者您不是系统管理员。请<a href=admin_login.asp>重新输入</a>您的密码。<b>返回后请刷新登录页面后重新输入正确的信息。</b>" Exit Sub Else If Dvbbs.MemberName="" Or Request("adduser") <>"" Then If Trim(Rs("userpassword"))<>md5(Request("password2"),16) Then Response.Redirect "showerr.asp?action=OtherErr&ErrCodes=<li>您输入的用户名和密码不正确或者您不是系统管理员。请<a href=admin_login.asp>重新输入</a>您的密码。<b>返回后请刷新登录页面后重新输入正确的信息。</b>" Exit Sub End If End If Dim Rs1 '在此验证GroupSetting(70),轻飘飘 Set Rs1=Dvbbs.Execute("Select GroupSetting From Dv_UserGroups Where UserGroupID="&Rs("usergroupid")) If Rs1.Eof Or Rs1.Bof Then Rs.Close Set Rs=Nothing Set Rs1=Nothing Response.Redirect "showerr.asp?action=OtherErr&ErrCodes=<li>您输入的用户名和密码不正确或者您不是系统管理员。请<a href=admin_login.asp>重新输入</a>您的密码。<b>返回后请刷新登录页面后重新输入正确的信息。</b>" Else If Split(Rs1(0),",")(70)="1" Then Dvbbs.Execute("Update "&admintable&" Set LastLogin="&SqlNowString&",LastLoginIP='"&ip&"' Where UserName='"&UserName&"'") Session("flag")=Rs("flag") Session.Timeout=45 Session("MemberName")=MemberName Response.Redirect Dvbbs.CacheData(33,0) & "index.asp" Else Response.Redirect "showerr.asp?action=OtherErr&ErrCodes=<li>您没有登陆后台管理的权限!" End If End If Rs.Close Set Rs=Nothing Set Rs1=Nothing End If End If End Sub Function ChkLoginIP(AcceptIP,ChkIp) Dim i,LoginIP,TempIP ChkLoginIP = False If Instr("|"&AcceptIP&"|","|"&ChkIp&"|") Then ChkLoginIP = True : Exit Function LoginIP = Split(ChkIp,".") TempIP = LoginIP(0)&"."&LoginIP(1)&"."&LoginIP(2)&".*" If Instr("|"&AcceptIP&"|","|"&TempIP&"|") Then ChkLoginIP = True : Exit Function TempIP = LoginIP(0)&"."&LoginIP(1)&".*.*" If Instr("|"&AcceptIP&"|","|"&TempIP&"|") Then ChkLoginIP = True : Exit Function TempIP = LoginIP(0)&".*.*.*" If Instr("|"&AcceptIP&"|","|"&TempIP&"|") Then ChkLoginIP = True : Exit Function End Function %>