📄 conn.asp

📁 电子商务网络购物系统
💻 ASP
字号:
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<%
Server.ScriptTimeout = 90

Dim adoCon 
Dim strCon
Dim rsConn
Dim lngLoggedInUserID
Dim strUsername
Dim strPassword
Dim strUserCode
Dim strLoggedInUserCode
Dim strSQL
Dim strSalt
Dim strCode
Dim strDatabaseDateFunction
Dim strDbPathAndName
Dim intGroupID

Const strVersion = "version 2.0官方正式简体中文版"
strSalt = "5CB237B1D85"
Const strCodeField = "&#076;_&#099;&#111;&#100;&#101;"
lngLoggedInUserID = 0
intGroupID = 0
Const blnMassMailier = True
Set adoCon = Server.CreateObject("ADODB.Connection")

'--------------------- 设定数据库的名称和路径 ---------------------------------
'数据库的虚拟路径
strDbPathAndName = Server.MapPath("database/#TimesBoard.mdb")

'数据库的物理路径
'strDbPathAndName = (" c:\Inetpub\wwwroot\forum\admin\database\#TimesBoard.mdb")

'Access 2000----------------------------------------------------------------
strCon = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & strDbPathAndName

'Access 2002
'strCon = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & strDbPathAndName 


strDatabaseDateFunction = "Now()"

adoCon.connectionstring = strCon
adoCon.Open
strUsername = Trim(Mid(Request.Form("name"), 1, 15))
strPassword = LCase(Trim(Mid(Request.Form("password"), 1, 15)))
Set rsConn = Server.CreateObject("ADODB.Recordset")
If strUsername <> "" Then
	strUsername = Replace(strUsername, "password", "", 1, -1, 1)
	strUsername = Replace(strUsername, "salt", "", 1, -1, 1)
	strUsername = Replace(strUsername, "author", "", 1, -1, 1)
	strUsername = Replace(strUsername, "code", "", 1, -1, 1)
	strUsername = Replace(strUsername, "username", "", 1, -1, 1)
	strUsername = formatSQLInput(strUsername)
	strSQL = "SELECT timesuser.Username, timesuser.Password, timesuser.Salt, timesuser.grpid, timesuser.userid, timesuser.usercode "
	strSQL = strSQL & "FROM timesuser "
	strSQL = strSQL & "WHERE timesuser.Username = '" & strUsername & "';"
	rsConn.Open strSQL, adoCon
	If NOT rsConn.EOF Then
		strPassword = strPassword & rsConn("Salt")
		strPassword = HashEncode(strPassword) 
		If strPassword = rsConn("Password") Then
			strUsername = rsConn("Username")
			lngLoggedInUserID = CLng(rsConn("userid"))
			strUserCode = rsConn("usercode")
			intGroupID = CInt(rsConn("grpid"))
			Response.Cookies("Forum")("UID") = strUserCode
		End If
	End If
	rsConn.Close
End If
strLoggedInUserCode = Request.Cookies("Forum")("UID")
If strLoggedInUserCode <> "" Then
	strLoggedInUserCode = formatSQLInput(strLoggedInUserCode)
	strSQL = "SELECT timesuser.userid, timesuser.Username, timesuser.grpid "
	strSQL = strSQL & "FROM timesuser "
	strSQL = strSQL & "WHERE usercode = '" & strLoggedInUserCode & "';"
	rsConn.Open strSQL, adoCon
	If NOT rsConn.EOF Then
		strUsername = rsConn("Username")
		lngLoggedInUserID = CLng(rsConn("userid"))
		intGroupID = CInt(rsConn("grpid"))
	Else
		lngLoggedInUserID = 0
		intGroupID = 0
	End If
	rsConn.Close
End If
If intGroupID <> 1 Then 
	Set rsConn = Nothing
	adoCon.Close
	Set adoCon = Nothing
	Response.Redirect "../nopermission.asp"
End If
%>
<!--#include file="functions/filters.asp" -->
<!--#include file="functions/common.asp" -->
<!--#include file="functions/hash.asp" -->
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -