user_pass.asp

驴友格子(access)版v1.50 (中国驴友网开发http://www.hikers.cn) 后台管理：admin 管理员用户名：admin 管理员密码：admin (md5加密后

<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>
<!--#include file="inc/conn.asp"-->
<!--#include file="md5.asp"-->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<link href="../css/css.css" rel="stylesheet" type="text/css">
<title>出现错误啦！</title>
<style type="text/css">
<!--
body {
	background-image: url(images/right_bg.gif);
}
-->
</style></head>
<body>
<%
dim server_v1,server_v2
dim G_useradmin1
dim G_userpass1,G_userpass2
dim rs
server_v1=Cstr(Request.ServerVariables("HTTP_REFERER"))'本地路径
server_v2=Cstr(Request.ServerVariables("SERVER_NAME"))'服务器路径
if mid(server_v1,8,len(server_v2))<>server_v2 then
response.write ("<table cellSpacing=0 borderColorDark=#ffffff cellPadding=0  width=600 align=center borderColorLight=#c89f7b border=1>")
response.write  ("<tr align=center>")
response.write    ("<td height=36>你提交的路径有误，禁止从站点外部提交数据,请关闭窗口！</td>")
response.write  ("</tr>")
response.write ("<tr align=center>")
response.write ("<form><td height=30>")
response.write ("<INPUT TYPE='BUTTON' value='关闭窗口' onClick='window.close()'> ")
response.write ("</td></form>")
response.write ("</tr>")
response.write ("</table>")
response.end
end if

G_useradmin1=request("G_useradmin1")
if G_useradmin1="" then
response.write"<SCRIPT language=JavaScript>alert('用户名不能为空！');" 
response.write"javascript:history.go(-1)</SCRIPT>" 
response.end
end if
if request.form("G_userpass1")="" then
response.write"<SCRIPT language=JavaScript>alert('密码不能为空！');" 
response.write"javascript:history.go(-1)</SCRIPT>" 
response.end
end if

G_userpass1=md5(request.form("G_userpass1"))
set rs=server.CreateObject("ADODB.RecordSet")
rs.open "select * from G_user where G_useradmin='" & G_useradmin1 & "'",conn,1
if rs.eof then
response.write"<SCRIPT language=JavaScript>alert('用户名或者密码错误！1');" 
response.write"javascript:history.go(-1)</SCRIPT>" 
response.end
end if
if G_userpass1<>rs("G_userpass") then
response.write"<SCRIPT language=JavaScript>alert('用户名或者密码错误！2');" 
response.write"javascript:history.go(-1)</SCRIPT>" 
response.end
else
session("user")=rs("G_useradmin")
session("id")=rs("G_userid")
response.Redirect("login.asp")
rs.close
end if%>
</body>
</html>