adminlogin.jsp

jsp做的一个论坛

<%@ page contentType="text/html; charset=gb2312"%>
<%@ page import="java.sql.*"%> 
<%@ page import="java.util.*"%>
<%@ page import="java.util.Date"%>
<%@ page import="java.text.*"%>
<%@ include file="../inc/conn.jsp"%>
<%
  String username = new String(request.getParameter("username").getBytes("iso-8859-1"));
  String pass = new String(request.getParameter("password").getBytes("iso-8859-1"));
  String rand = (String)session.getAttribute("rand");
  String useryz = request.getParameter("useryz");
  if (rand.equals(useryz))
     {
    String sql="select * from clubuser where clubuser_name='"+username+"' and clubuser_password='"+pass+"' and bbsadmin=1";
    ResultSet rs=stmt.executeQuery(sql);
     //rs.next();
	 if (rs.next())
	    {
		String bbsuser=rs.getString("clubuser_nickname");
		String name=rs.getString("clubuser_name");
		String bz=rs.getString("bbsmanager");
		String bbsadmin=rs.getString("bbsadmin");
		String payuser=rs.getString("payuser");
	    session.setAttribute("bbsuser",bbsuser);
	    session.setAttribute("name",name);
	    session.setAttribute("bz",bz);
	    session.setAttribute("bbsadmin",bbsadmin);
	    session.setAttribute("payuser",payuser);
	 
	 //String sqlstr="update clubuser set clubuser_lasttime=getdate(),tili=tili+100 where clubuser_name='"+(String)session.getAttribute("name")+"'";
     //stmt.executeUpdate(sqlstr);
	 
	    out.print("<script language='javascript'>");
	    out.print("window.location.href='manage.jsp';");
	    out.print("</script>");
	    out.close();
	    }
	 else
	   {
  	     out.print("<script>");
         out.print("alert('用户名或密码错误');");
         out.print("window.location.href='index.jsp';");
         out.print("</script>");		   
		}
	 stmt.close(); 
     conn.close();
	}
  else
	{
  	     out.print("<script>");
         out.print("alert('验证码输入有误!请核对!');");
         out.print("window.location.href='index.jsp';");
         out.print("</script>");	
	}
%>