www.gusucode.com > Follow me超级搜索引擎 > admin/loginchk.asp
<!--#include file="../conn.asp"--> <% dbpath="../" dblink s=Trim(Request.Form("s")) s2=Request.Form("s2") If s2<>s Then Response.Write("<script language=javascript>alert('请输入正确的认证码!');this.location.href='login.asp';</script>") Response.End end if user=replace(trim(request.form("user")),"'","''") password=replace(trim(request.form("password")),"'","''") if instr(user,"%") or instr(user,"#") or instr(user,"?") or instr(user,"|") then response.write "<script language=javascript>alert('您的姓名含有非法字符!');this.location.href='login.asp';</script>" response.end end if '====================检测姓名中是否含有非法字符 if instr(password,"%") or instr(password,"#") or instr(password,"?") or instr(password,"|") then response.write "<script language=javascript>alert('您的密码含有非法字符!');this.location.href='login.asp';</script>" response.end end if '====================检测密码中是否含有非法字符 sql="select * from adminuser where username='"&user&"' and pass='"&password&"'" set rs=conn.execute(sql) if rs.eof then Response.Write("<script language=javascript>alert('管理员姓名和密码错误!');this.location.href='login.asp';</script>") Response.End else Session("admin")=user session.Timeout=30 Response.Redirect("index.asp") '=================如果验证成功刚引向管理员页面 end if conn.close set conn=nothing %> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=gb2312"> <title>无标题文档</title> </head> <body> </body> </html>