www.gusucode.com > Follow me超级搜索引擎 > admin/loginchk.asp

    <!--#include file="../conn.asp"-->

<%  
dbpath="../"
dblink
       s=Trim(Request.Form("s"))
	   s2=Request.Form("s2")
	   If s2<>s Then
	   	   Response.Write("<script language=javascript>alert('请输入正确的认证码！');this.location.href='login.asp';</script>")
		   Response.End
	   end if
	   user=replace(trim(request.form("user")),"'","''")
       password=replace(trim(request.form("password")),"'","''")
	   if instr(user,"%") or instr(user,"#") or instr(user,"?") or instr(user,"|") then
	   response.write "<script language=javascript>alert('您的姓名含有非法字符！');this.location.href='login.asp';</script>"
	   response.end 
	   end if                               '====================检测姓名中是否含有非法字符
	   if instr(password,"%") or instr(password,"#") or instr(password,"?") or instr(password,"|") then
	   response.write "<script language=javascript>alert('您的密码含有非法字符！');this.location.href='login.asp';</script>"
	   response.end 
	   end if                              '====================检测密码中是否含有非法字符
	   sql="select * from adminuser where username='"&user&"' and pass='"&password&"'"
	   set rs=conn.execute(sql)
	   if rs.eof then
	   	   Response.Write("<script language=javascript>alert('管理员姓名和密码错误！');this.location.href='login.asp';</script>")
		   Response.End
       else 
	Session("admin")=user
	session.Timeout=30
	   Response.Redirect("index.asp")        '=================如果验证成功刚引向管理员页面
	   end if
	   conn.close
	   set conn=nothing
%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>无标题文档</title>
</head>

<body>

</body>
</html>