login.asp

程序网络论坛HigroupBBS v4.00 默认管理员帐号密码都是Marcos

<!--#include file="MarcosCB.asp"-->
<%
	getConn()
	
	dim str,theAct,userName,passWord,pageCode,pageTitle,pageOther,rs_tmp
	
	theAct=getPost("theAct")
	
	if theAct="checkLogin" then
		userName=replace(getPost("userName"),"'","''")
		passWord=replace(getPost("passWord"),"'","''")
		sql="select passWord,isLocked,userId,userLevel,userName from Marcos_User where userName='" & userName & "'"
		set rs_sys=conn.execute(sql)
		if rs_sys.eof then
			echo "<script>alert('对不起，这个用户并不存在！');history.back();</script>"
			closeConn()
			response.end
		 else
			if rs_sys(0)=md5(passWord) then
				if rs_sys(1) then
					echo "<script>alert('对不起，该帐号已经被锁定，请联系管理员！');history.back();</script>"
					closeConn()
					response.end
				 else
				 	if noGuest<>"True" then
						if getValue("userNameEx")<>userName then
						 	conn.execute("delete from Marcos_Online where userName='"&userName&"'")
							set rs_tmp=conn.execute("select onlineId from Marcos_Online where userName='"&getValue("userName")&"'")
							if rs_tmp.eof then
								sql="insert into Marcos_Online(userName,lastLoginIp,lastActiveTime,lastPlace,lastPlaceLink) "&_
									"values('"&userName&"','"&ip&"','"&now()&"','用户登录','login.asp')"
							 else
								sql="update Marcos_Online set lastActiveTime='"&now()&"',lastPlace='用户登录',lastPlaceLink='login.asp"&_
									"',userName='"&userName&"' where userName='"&getValue("userName")&"'"
							end if
						 else
							sql="update Marcos_Online set lastActiveTime='"&now()&"',lastPlace='用户登录',lastPlaceLink='login.asp"&_
								"',userName='"&userName&"' where userName='"&getValue("userNameEx")&"'"
						end if
					 else
						conn.execute("delete from Marcos_Online where userName='"&userName&"'")
						sql="insert into Marcos_Online(userName,lastLoginIp,lastActiveTime,lastPlace,lastPlaceLink) "&_
							"values('"&userName&"','"&ip&"','"&now()&"','用户登录','login.asp')"
					end if
			 		setValue "userId",rs_sys(2)
					setValue "userName",rs_sys(4)
					setValue "passWord",rs_sys(0)
					setValue "userLevel",rs_sys(3)
					setValue "userNameEx",rs_sys(4)
					conn.execute("update Marcos_User set visitCount=visitCount+1,lastLogin='"&now()&"',lastIP='" & ip & "' where userName='" & userName & "'")
					conn.execute(sql)
					locate "index.asp"
				end if
			 else
				echo "<script>alert('对不起，用户名或者密码错误！');history.back();</script>"
				closeConn()
				response.end
			end if
		end if
	 else
		if theAct="out" then
			application(m&"visitorNum")=application(m&"visitorNum")+1
			if noGuest<>"True" then
				sql="update Marcos_Online set lastActiveTime='"&now()&"',lastPlace='退出登录',lastPlaceLink='login.asp"&_
					"',userName='游客"&application(m&"visitorNum")&"' where userName='"&getValue("userName")&"'"
			 else
				sql="delete from Marcos_Online where userName='"&getValue("userName")&"'"
			end if
	 		setValue "userId",""
			setValue "userName","游客"&application(m&"visitorNum")
			setValue "passWord",""
			setValue "userLevel",""
			setValue "userNameEx","游客"&application(m&"visitorNum")
			session(m&"onlineFlag")=""
			conn.execute(sql)
			locate "index.asp"
		end if
	end if
	
	str=getMainCode(mySkinId)
	
	pageTitle="<a href=login.asp>用户登录</a>"
	pageOther="<script>document.title+=' - 填写登录资料';</script>"
	
	showHead str,pageTitle,pageOther
	showBody()
	showFoot(str)
	
	sub showBody()
		pageCode=getPageCode(mySkinId,"PageLogin")
		echo pageCode
	end sub
	
	closeConn()
%>