login.asp

源码源源码 源码 源码码源 码源 码源 码源 码

<!--#include file="conn.asp"-->
<!--#include file="inc/md5.asp"-->
<%dim user,password
user=trim(request.form("user"))
password=trim(request.form("password"))
ComeUrl=trim(request("ComeUrl"))
dim GetCode,valicode
GetCode=trim(request("Code"))
valicode=trim(session("Code"))

if ComeUrl="" then
	ComeUrl=Request.ServerVariables("HTTP_REFERER")
	if ComeUrl="" then ComeUrl="default.asp" end if
end if
if not isnumeric(GetCode)  then
response.write"<script>alert(""验证码格式错误！"");location.href=""javascript:history.go(-1)"";</script>"
response.end
end if
if GetCode<>valicode then
response.write"<script>alert(""验证码错误！"");location.href=""javascript:history.go(-1)"";</script>"
response.end
end if
if user="" then
response.write"<script>alert(""用户名不能为空！"");location.href=""javascript:history.go(-1)"";</script>"
response.end
end if
if user<>"" and  instr(user,chr(39))>0 or instr(user,chr(34))>0  then
response.write"<script>alert(""用户名非法！"");location.href=""javascript:history.go(-1)"";</script>"
response.end
end if

if password="" or instr(password,chr(39))>0 then
response.write"<script>alert(""密码不能为空！"");location.href=""javascript:history.go(-1)"";</script>"
response.end
end if
								  								  
set rs=server.createobject("adodb.recordset")
sql="select username,userid,userpassword,userlock,userpass,logintimes,LastLoginIP,LastLogintime from [myweb_user] where username='"&user&"' and userpassword='"&md5(password)&"'"
rs.open sql,conn,1,3
if rs.eof and rs.bof then
response.write"<script>alert(""用户名或者密码错误"");location.href=""javascript:history.go(-1)"";</script>"
else
    if rs("userpass")=false then
     response.write"<script>alert(""您还没有通过认证"");location.href=""javascript:history.go(-1)"";</script>"
     response.end
    end if	
							    
    if rs("userlock")=true then
     response.write"<script>alert(""您的帐号被锁定"");location.href=""javascript:history.go(-1)"";</script>"
     response.end
    else
    rs.update
    rs("logintimes")=rs("logintimes")+1
    rs("LastLoginIP")=Request.ServerVariables("REMOTE_ADDR")
    rs("LastLogintime")=date()
    rs.update
    end if
   
session("userid")=rs("userid")
session("ty_username")=rs("username")
response.redirect ComeUrl
    
end if
rs.close
%>