www.gusucode.com > 云枫工作室企业网站源码 1 > 云枫工作室企业网站源码 1.0/云枫工作室企业网站源码(asp无限制版)1.0/web/admin/chkadmin.asp
<!--#include file="conn.asp"--> <!--#include file="md5.asp"--> <% Function FormatSQL(strChar) if strChar="" then FormatSQL="" else FormatSQL=replace(replace(replace(replace(replace(replace(replace(replace(strChar,"'","’"),"*","×"),"?","?"),"(","("),")",")"),"<","〈"),".","。"),";",";") end if End Function Function SafeRequest(ParaName,ParaType) Dim ParaValue ParaValue=Request(ParaName) If ParaType=1 then If not isNumeric(ParaValue) then Response.write "<center>参数" & ParaName & "必须为数字型!</center>" Response.end End if Else ParaValue=replace(ParaValue,"'","''") End if SafeRequest=ParaValue End function dim admin,UserPassword,passcode admin=FormatSQL(replace(trim(request.form("admin")),"'","")) UserPassword=md5(FormatSQL(replace(trim(request.Form("UserPassword")),"'",""))) if not isnumeric(request.form("passcode")) then response.Write "<script LANGUAGE='javascript'>alert('[ 系统提示 ]\n\n登录失败!验证码必须是数字,请正确填写!');parent.navigate('index.asp');</script>" conn.Close set conn=nothing response.end end if passcode=Cint(request.form("passcode")) set rs=server.CreateObject("adodb.recordset") rs.Open "select * from [Manage_admin] where UserPassword='"&UserPassword&"' and admin='"&admin&"' " ,conn,1,1 if rs.bof and rs.eof then response.write "<script language=javascript>window.alert('[系统提示]\n\n登陆失败!用户名或密码不正确!');parent.navigate('index.asp')</script>" rs.Close set rs=nothing conn.Close set conn=nothing response.end else if passcode<>Session("GetCode") then response.Write "<script LANGUAGE='javascript'>alert('[ 系统提示 ]\n\n登录失败!验证码错误');parent.navigate('index.asp');</script>" rs.Close set rs=nothing conn.Close set conn=nothing response.end end if if UserPassword=rs("UserPassword") and admin=rs("admin") then session("admin")=trim(rs("admin")) session("rank")=int(rs("rank")) session.Timeout=120 rs.Close set rs=nothing conn.Close set conn=nothing response.Redirect "Index_admin.asp" else response.write "<script LANGUAGE='javascript'>alert('[ 系统提示 ]\n\n登录失败!密码错误');parent.navigate('index.asp');</script>" rs.Close set rs=nothing conn.Close set conn=nothing end if end if %>