check.asp

这是一个关于企业物流平台的东东

<!--#include file="../conn/conn.asp"-->
<% 
    '对输入的验证码进行判断
	dim verifycode,verifycode2
	verifycode=trim(Request.Form("verifycode"))
	verifycode2=trim(Request.Form("verifycode2"))
	if verifycode<>verifycode2 then
		response.write"<SCRIPT language=JavaScript>alert('您输入的验证码不正确。');"
		response.write"location.href='index.asp'</SCRIPT>"
		founderr=true
	else
		session("verifycode")=""
%>
<%  
     '对输入的用户名和密码分别进行非法字符的过滤
	if request("action")="login" then
		admin_name=request("admin_name")
		admin_pass=request("admin_pass")
		username=trim(replace(request("admin_name"),"'",""))
		password=trim(replace(request("admin_name"),"'",""))
		
		for i=1 to len(username)
		user=mid(username,i,1)
		if user="'" or user="%" or user="<" or user=">" or user="&" or user="|" then
			response.write "<script language=JavaScript>" & "alert('您的用户名含有非法字符,请重新输入！');" & "history.back()" & "</script>"
			response.end
		end if
		next
		for i=1 to len(password)
		pass=mid(password,i,1)
		if pass="'" or pass="%" or pass="<" or pass=">" or upass="&" or pass="|" then
			response.write "<script language=JavaScript>" & "alert('您的密码含有非法字符,请重新输入！');" & "history.back()" & "</script>"
			response.end
		end if
		next%>
<%
        '判断用户是否存在
		set rs=server.createobject("adodb.recordset")
		sql="select * from admin where admin_name='"&admin_name&"' and admin_pwd='"&admin_pass&"'"
		rs.open sql,conn,1,3
		if rs.eof then
			response.write "<br><br><br><br><font size=2><center>对不起，您输入的用户名、密码或验证码有误，请重新输入，谢谢！<br><br>本软件建议您使用IE6.0以上版本，分辨率：1024*768<br><br><a href=index.asp>返回</a></font>"
		else
			session("admin_name")=request("admin_name")
			response.Redirect("admin.asp")
		end if 
		rs.close
		set rs=nothing
		conn.close
		set conn=nothing
	end if
end if
%>