check.asp

一款用ASP写的办公自动化软件

<%@ codepage ="936" %>
<!--#include file=data/conn.asp-->
<% 
	'首先判断输入的验证码是否正确
	dim verifycode,verifycode2
	verifycode=trim(Request.Form("verifycode"))
	verifycode2=trim(Request.Form("verifycode2"))
	if verifycode<>verifycode2 then
	response.write"<SCRIPT language=JavaScript>alert('您输入的验证码不正确。');"
	response.write"location.href='index.asp'</SCRIPT>"
	else
	session("verifycode")=""
%>
<% 
	    '判断用户名与密码中是否含有非法字符
      if request("action")="login" then
		admin_name=request("admin_name")
		admin_pass=request("admin_pass")
			username=trim(request("admin_name"))'替换左右空格
			password=trim(request("admin_pass"))
			for i=1 to len(username)
			user=mid(username,i,1)
			if user="'" or user="%" or user="<" or user=">" or user="&" or user="|" then
			response.write "<script language=JavaScript>" & "alert('您的用户名含有非法字符,请重新输入！');" & "history.back()" & "</script>"
			response.end
			end if
			next
		   for i=1 to len(password)
		   pass=mid(password,i,1)
		   if pass="'" or pass="%" or pass="<" or pass=">" or upass="&" or pass="|" then
		   response.write "<script language=JavaScript>" & "alert('您的密码含有非法字符,请重新输入！');" & "history.back()" & "</script>"
		   response.end
		   end if
		   next
%>
<%
	set rs=server.createobject("adodb.recordset")
	sql="select * from users where username='"&admin_name&"' and userpwd='"&admin_pass&"'"
	rs.open sql,conn,1,3
		if rs.eof then
			response.write "<br><br><br><br><font size=2><center>对不起，您输入的用户名、密码或验证码有误，从重新输入，谢谢！<br><br>本软件建议您使用IE6.0以上版本，分辨率：1024*768<br><br>否则一切后果与本软件无关，特此声明！</font>"
		else
			session("admin_name")=admin_name
			response.Redirect("admin.asp")
		end if 
	rs.close
	set rs=nothing
	conn.close
	set conn=nothing
	end if
    end if
%>