user_chklogin.asp

江西旅行网整站源码下载 希望对大家有用 经过测试 安全可用

<%@language=vbscript codepage=936 %>
<%
Option Explicit
Response.Expires = -1
Response.Buffer = False
%>
<!--#include file="../conn.asp"-->
<!--#include file="../inc/md5.asp"-->
<!--#include file="../inc/function.asp"-->
<!--#include file="../API/API_Config.asp"-->
<!--#include file="../API/API_Function.asp"-->
<%
Dim sql, rs
Dim CookieDate
Dim UserPassword, RndPassword, CheckCode, TempUserName
Action = Trim(Request("action"))

If Action = "xmlstat" Then
    Response.ContentType = "text/xml; charset=gb2312"
ElseIf Action = "xml" Then
    Dim UserInfReceived, rootNode
    Set UserInfReceived = CreateObject("Microsoft.XMLDOM")
    UserInfReceived.async = False
    UserInfReceived.Load Request
    Set rootNode = UserInfReceived.getElementsByTagName("root")
    If rootNode.Length < 1 Then
        FoundErr = True
        ErrMsg = ErrMsg & "输入数据为空"
    Else
        UserName = ReplaceBadChar(rootNode(0).selectSingleNode("username").Text)
        UserPassword = ReplaceBadChar(rootNode(0).selectSingleNode("password").Text)
        CheckCode = LCase(ReplaceBadChar(rootNode(0).selectSingleNode("checkcode").Text))
        CookieDate = rootNode(0).selectSingleNode("cookiesdate").Text
        If CookieDate = "" Or (Not IsNumeric(CookieDate)) Then
            CookieDate = 0
        Else
            CookieDate = CLng(CookieDate)
        End If
        If UserName = "" Then
            FoundErr = True
            ErrMsg = ErrMsg & "用户名不能为空！"
        Else
            TempUserName = UserName
        End If
        If UserPassword = "" Then
            FoundErr = True
            ErrMsg = ErrMsg & "密码不能为空！"
        End If
    End If
    Set UserInfReceived = Nothing
    Response.ContentType = "text/xml; charset=gb2312"
Else
    UserName = ReplaceBadChar(Trim(Request("UserName")))
    UserPassword = ReplaceBadChar(Trim(Request("UserPassword")))
    CheckCode = LCase(ReplaceBadChar(Trim(Request("CheckCode"))))
    CookieDate = Trim(Request("CookieDate"))
    If CookieDate = "" Or (Not IsNumeric(CookieDate)) Then
        CookieDate = 0
    Else
        CookieDate = CLng(CookieDate)
    End If
    ComeUrl = Trim(Request("ComeUrl"))
    If InStr(ComeUrl, "Reg/") > 0 Then ComeUrl = strInstallDir & "User/Index.asp"
    If ComeUrl = "" Then
        ComeUrl = Request.ServerVariables("HTTP_REFERER")
    End If
    If ComeUrl = "" Then ComeUrl = strInstallDir & "Index.asp"
    If UserName = "" Then
        FoundErr = True
        ErrMsg = ErrMsg & "<br><li>用户名不能为空！</li>"
    Else
        TempUserName = UserName
    End If
    If UserPassword = "" Then
        FoundErr = True
        ErrMsg = ErrMsg & "<br><li>密码不能为空！</li>"
    End If
End If
Dim strTempMsg,iIndex,arrAPIs,strLoginParams
If FoundErr <> True Then
    '保存用户名
    TempUserName = UserName
    If CheckUserLogined() = False Then
        If Action = "xmlstat" Then
            FoundErr = True
            ErrMsg = ""
        Else
            '恢复可能被替换的用户名
            UserName = TempUserName
            sPE_Items(conPassword,1) = UserPassword
            UserPassword = MD5(UserPassword, 16)
            Set rs = Server.CreateObject("adodb.recordset")
            sql = "select UserID,UserName,UserPassword,LastPassword,LastLoginIP,LastLoginTime,LoginTimes from PE_User where UserName='" & UserName & "'"
            rs.Open sql, Conn, 1, 3
            If rs.bof And rs.EOF Then
                FoundErr = True
                ErrMsg = ErrMsg & "{a}用户不存在！！！{b}"
            Else
                If UserPassword <> rs(2) Then
                    Dim tempPassword
                    tempPassword = sPE_Items(conPassword,1)
                    MD5OLD = 0
                    tempPassword = MD5(tempPassword,16)
                    Md5OLD = 1
                    If tempPassword <> rs(2) Then
                        FoundErr = True
                        ErrMsg = ErrMsg & "{a}密码错误！！！{b}"
                    Else
                        rs("UserPassword") = UserPassword
                    End If
                Else
                    If EnableCheckCodeOfLogin = True Then
                        If Trim(Session("CheckCode")) = "" Then
                            FoundErr = True
                            ErrMsg = ErrMsg & "{a}验证码超时失效。{b}"
                        End If
                        If CheckCode <> Session("CheckCode") Then
                            FoundErr = True
                            ErrMsg = ErrMsg & "{a}验证码错误，请重新输入。{b}"
                        End If
                    End If
                    '加入整合接口支持
                    If Not FoundErr Then
                        If API_Enable Then
                            If createXmlDom Then
                                sPE_Items(conAction, 1) = "login"
                                sPE_Items(conUsername, 1) = UserName
                                'sPE_Items(conPassword, 1) = UserPassword
                                sPE_Items(conSavecookie, 1) = CookieDate
                                sPE_Items(conUserip, 1) = UserTrueIP
                                prepareXml True
                                SendPost
                                If FoundErr Then
                                    ErrMsg = "{a}" & ErrMsg & "{b}"
                                End If
                            Else
                                FoundErr = True
                                ErrMsg = ErrMsg & "{a}登陆服务暂时不可用。[APIError-XmlDom-Runtime]{b}"
                            End If
                        End If
                    End If
                    '完毕
                    If Not FoundErr Then
                        RndPassword = GetRndPassword(16)
                        rs("LastPassword") = RndPassword
                        rs("LastLoginIP") = UserTrueIP
                        rs("LastLoginTime") = Now()
                        rs("LoginTimes") = rs("LoginTimes") + 1
                        rs.Update
                        Select Case CookieDate
                            Case 0
                                'not save
                            Case 1
                                Response.Cookies(Site_Sn).Expires = Date + 1
                            Case 2
                                Response.Cookies(Site_Sn).Expires = Date + 31
                            Case 3
                                Response.Cookies(Site_Sn).Expires = Date + 365
                        End Select
                        Response.Cookies(Site_Sn)("UserName") = UserName
                        Response.Cookies(Site_Sn)("UserPassword") = UserPassword
                        Response.Cookies(Site_Sn)("LastPassword") = RndPassword
                        Response.Cookies(Site_Sn)("CookieDate") = CookieDate
                        Dim iNum, questurl, xmlquest
                        If Action = "xml" Then
                            Call CheckUserLogined
                            Call showuserxml
                        Else
                            If API_Enable Then
                                sPE_Items(conSyskey,1) = MD5(UserName & API_Key,16)