admin_login.asp

FLASH留言本 后台地址： MxGbook/index.asp 后台用户名：admin 后台密码： stonemx.com

<!--#include file="../MxGbook_conn.asp" -->
<!--#include file="Md5.asp" -->
<%     
	Session.TimeOut=30
	if Trim(Request.Form("action"))="login" then
		dim validatecode,username,userpwd,manage,pass
		username=Trim(Request.Form("username"))
		userpwd=Trim(Request.Form("userpwd"))
		validatecode=Trim(Request.Form("validatecode"))
				
		if username="" or userpwd="" then
			Response.Redirect ("Index.asp")
		end if
		if validatecode="" or Trim(Session("hrb521_com_ValidateCode"))<>validatecode then
  		 response.write "<Script language='JavaScript'>window.alert('验证码错误，请返回重新输入！');history.back(-1);</Script>"
  		 response.End()
  	    end if
		for i=1 to len(username)  
			manage=mid(username,i,1)
			if manage="'" or manage="%" or manage="<" or manage=">" or manage="&" then 
				response.write "<script language=javascript>alert('用户名或者密码错误！');location.href('index.asp');<"&"/script>"
				response.End()
			end if
		next
		for i=1 to len(userpwd)  
			pass=mid(userpwd,i,1)
			if pass="'" or pass="%" or pass="<" or pass=">" or pass="&" then  
				response.write "<script language=javascript>alert('用户名或者密码错误！');location.href('index.asp');<"&"/script>"
				response.End()
			end if
		next
		set rs=server.createobject("adodb.recordset")
		sql="select * from st_admin where username='"&username&"'and userpwd='"&md5(userpwd)&"'"
		rs.open sql,conn,1,1
		if not rs.eof then
			session("admin")=username
			rs.close
			set rs=nothing
			response.redirect"admin_main.asp"
		else
				response.write "<script language=javascript>alert('用户名或者密码错误！');location.href('index.asp');<"&"/script>"
				response.End()
		end if
	end if
	if request("action")="loginout" then
		session("admin")=""
		response.redirect"index.asp"
	end if
%>