chkuserlogin.asp

迅捷网上调查系统管理

<!--#include file="../sys.asp" -->
<!--#include file="../sys/inc/prompt.inc" -->
<!--#include file="../sys/inc/char.asp" -->
<%
call conned()
response.buffer=true
Response.Expires=0
dim username,password,i,user,pass,sql,rs,savecookie
dim founderr,errmsg

founderr=false
username=trim(replace(request("username"),"'",""))
password=trim(replace(request("password"),"'",""))
savecookie=request("savecookie")


if Instr(request("username"),"=")>0 or Instr(request("username"),"%")>0 or Instr(request("username"),chr(32))>0 or Instr(request("username"),"?")>0 or Instr(request("username"),"&")>0 or Instr(request("username"),";")>0 or Instr(request("username"),",")>0 or Instr(request("username"),"'")>0 or Instr(request("username"),",")>0 or Instr(request("username"),chr(34))>0 or Instr(request("username"),"+") >0 then
	errmsg=errmsg+"<br>"+"<li>您的用户名中含有非法字符!"
	founderr=true
else
	username=username
end if 
	
	
	'--------------------------------------password
	if request("password")="" or strLength(request("password"))>12 then
	errmsg=errmsg+"<br>"+"<li>请输入您的密码(长度不能大于12)!"
	founderr=true
		else
	password=password
	end if

sql = "Select * From userinfo Where busername='"&Username&"' And bpassword='"&Password&"'"
set rs=server.createobject("adodb.recordset")

rs.open sql,conn,1,3
If rs.EOF and rs.bof Then
	founderr=true
	errmsg=errmsg+"<br>"+"<li>用户名和密码不正确！"
end if

if founderr=true then 
call error() 
else 
	
	select case rs("bclass")'1正式用户 |0待审核 |2被锁定 |3版主
	
	case 3 
		session("memberusername")=username
		Response.Cookies("soonhostmember")("username") = username
		Response.Cookies("soonhostmember")("password") = password
		response.cookies("soonhostmember")("auid")=rs("id")
		response.cookies("soonhostmember")("sex")=rs("bsex")
		response.cookies("soonhostmember")("mail")=rs("bmail")
		response.cookies("soonhostmember")("url")=rs("burl")
		response.cookies("soonhostmember")("taketime")=rs("btime")
		response.cookies("soonhostmember")("oicq")=rs("boicq")
		response.cookies("soonhostmember")("face")=rs("bface")
		response.cookies("soonhostmember")("public")=savecookie
		response.cookies("soonhostmember")("class")=3
		session("membersoonhost")="passed"
			if savecookie=1 then
				response.Cookies("soonhostmember").Expires=Date+365
			end if
		response.redirect"require.asp"	
		
	case else
		founderr=true
		errmsg=errmsg+"<br>"+"<li>您不是版主！"
		call error() 
		Response.End	
	end select
end if
Rs.Close
Conn.Close
Set Rs=Nothing
Set Conn=Nothing
'====================================================
'程序制做:迅捷网络.          http://www.soonhost.com
'迅捷主机网 -- 域名注册、主机租用、网站建设、脚本开发
'网址：http://www.soonhost.com
'msn:soonhost@hotmail.com
'请保留以上版权信息，谢谢合作！
'====================================================  
%>