📄 login.asp
字号:
<!--#include file="top.asp"-->
<%
if session("user_name")="" then
strTemp=trim(request("user_name"))
If Instr(strTemp,"select%20") or Instr(strTemp,"insert%20") or Instr(strTemp,"delete%20from") or Instr(strTemp,"count(") or Instr(strTemp,"drop%20table") or Instr(strTemp,"update%20") or Instr(strTemp,"truncate%20") or Instr(strTemp,"asc(") or Instr(strTemp,"mid(") or Instr(strTemp,"char(") or Instr(strTemp,"xp_cmdshell") or Instr(strTemp,"exec%20master") or Instr(strTemp,"net%20localgroup%20administrators") or Instr(strTemp,":") or Instr(strTemp,"net%20user") or Instr(strTemp,"'") or Instr(strTemp,"%20or%20") then
%> <script language=vbs>
<!--
msgbox"大哥,您输入有误,还是再输一次吧!!"
window.location.href="index.asp"
-->
</script>
<% response.end
End If
user_name=replace(strTemp,"'","''")
user_pass=trim(request("user_pass"))
if user_name="" or user_pass="" then
errmsg=errmsg+"<br>"+"<li>用户名和用户密码不能为空!"
founderr=true
end if
sql="select * from [user] where user_name='"&user_name&"'"
rs.open sql,conn,3,3
if rs.eof then
errmsg=errmsg+"<br>"+"<li>您输入的用户不存在!"
founderr=true
elseif user_pass=rs("user_pass") then
session("user_name")=rs("user_name")
rs("user_lasttime")=now()
rs("user_lastip")=request.servervariables("remote_addr")
rs.update
else
errmsg=errmsg+"<br>"+"<li>您输入的密码错误!"
founderr=true
end if
rs.close
if founderr=true then
%>
<table width="780" border="0" cellspacing="0" cellpadding="5" align="center">
<tr>
<td bgcolor=<%sql="select * from sys"
rs.open sql,conn,3,3%>
<%=rs("sys_color")%>
<%rs.close%>><div align="center"><%=errmsg%>
</div>
</td>
</tr>
<%else
response.redirect "index.asp"
end if
else
response.redirect "index.asp"
end if%>
</table>
<!--#include file="copy.asp"-->⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -