bbslogin.asp

安全性好,适用于制作论坛和进行资源下载的个人和大型网站使用!

<!--#include file="mdb.asp"-->
<!--#Include File="Check_hx.asp"-->
<!--#include file="inc/config.asp"-->
<!--#include file="inc/md5.asp"-->
<%
server_v1=Cstr(Request.ServerVariables("HTTP_REFERER"))
server_v2=Cstr(Request.ServerVariables("SERVER_NAME"))
if mid(server_v1,8,len(server_v2))<>server_v2 then
Response.Write("<script language=javascript>alert('你提交的路径有误，禁止从站点外部提交数据请不要乱改参数！');this.location.href='userlogin.asp';</script>") 
response.end
end if
dim sql,rs
dim username,password,CookieDate,userhidden
username=replace(trim(request("username")),"'","")
password=replace(trim(Request("password")),"'","")
CookieDate=trim(request("CookieDate"))
userhidden=trim(request("userhidden"))
if not IsNumeric(userhidden) and userhidden="" then userhidden=2
if request.QueryString("hx66")="login" then
if UserName="" then
	response.write"<SCRIPT language=JavaScript>alert(' 用 户 名 不 能 为 空 ， 请 返 回 ！ ');"
	response.write"javascript:history.go(-1)</SCRIPT>"
	response.end
end if
if Password="" then
	response.write"<SCRIPT language=JavaScript>alert(' 密 码 不 能 为 空 ， 请 返 回 ！' );"
		response.write"javascript:history.go(-1)</SCRIPT>"
		response.end
end if
if FoundErr<>True then
	password=md5(password)
	set rs=server.createobject("adodb.recordset")
	sql="select * from [User] where username='" & username & "' and password='" & password &"'"
	rs.open sql,conn,1,3
	if rs.bof and rs.eof then
		response.write"<SCRIPT language=JavaScript>alert('你输入的用户名或密码错误 ，请返回 ！');"
		response.write"javascript:history.go(-1)</SCRIPT>"
		response.end
	else
		if rs("userlock")=1 then
			response.write"<SCRIPT language=JavaScript>alert(' 此账号已被锁定，请和管理员联系！');"
			response.write"javascript:history.go(-1)</SCRIPT>"
			response.end
		elseif rs("userlock")=2 then
			response.write"<SCRIPT language=JavaScript>alert(' 此账号尚未通过审核验证，请稍后访问！');"
			response.write"javascript:history.go(-1)</SCRIPT>"
			response.end
		else
				rs("LastLoginIP")=Request.ServerVariables("REMOTE_ADDR")
				rs("LastLoginTime")=now()
				rs("LoginTimes")=rs("LoginTimes")+1
				rs.update
				call SaveCookie_HX_USER()
				rs.close
				set rs=nothing
				response.redirect "bbs/default.asp"
		end if
	end if
	rs.close
	set rs=nothing
end if

sub SaveCookie_HX_USER()
      		Response.Cookies("HX_USER")("User_Name")=username
		Response.Cookies("HX_USER")("User_Pwd")=password
                Response.Cookies("HX_USER")("uid")=rs("userid")
                Response.Cookies("HX_USER")("Grade")=rs("userGrade")
                Response.Cookies("HX_USER")("LoginTimes")=rs("LoginTimes")
                Response.Cookies("HX_USER")("userhidden") = userhidden
	select case CookieDate
		case 0
			Response.Cookies("HX_USER")("CookieDate") = CookieDate
		case 1
		   	Response.Cookies("HX_USER").Expires=Date+1
			Response.Cookies("HX_USER")("CookieDate") = CookieDate
		case 2
			Response.Cookies("HX_USER").Expires=Date+31
			Response.Cookies("HX_USER")("CookieDate") = CookieDate
		case 3
			Response.Cookies("HX_USER").Expires=Date+365
			Response.Cookies("HX_USER")("CookieDate") = CookieDate
	end select
                Response.Cookies("HX_CHECK")("uid")=rs("userid")
                Response.Cookies("HX_CHECK").Expires=Date+365
end sub

elseif request.QueryString("hx66")="logout" then
	Response.Cookies("HX_USER")("User_Name")=""
	Response.Cookies("HX_USER")("User_Pwd")=""
        Response.Cookies("HX_USER")("uid")=""
        Response.Cookies("HX_USER")("Grade")=""
        Response.Cookies("HX_USER")("LoginTimes")=""
        Response.Cookies("HX_USER")("userhidden")=""
	response.Redirect"bbs/default.asp"
end if
%>