user_chklogin.asp

个人博客

<!--#include file="Conn.asp"-->
<!--#include file="inc/md5.asp"-->
<!--#include file="inc/bloginfo.asp"-->
<%
dim sql,rs,rsreg
dim username,password,CookieDate
username=ReplaceBadChar(trim(request("username")))
password=trim(Request("password"))
CookieDate=trim(request("CookieDate"))
dim ComeUrl
ComeUrl=trim(request("ComeUrl"))
if ComeUrl="" then
	ComeUrl=Request.ServerVariables("HTTP_REFERER")
	if ComeUrl="" then ComeUrl="user_login.asp" end if
end if
'comeurl="user_index.asp"
if UserName="" then
	Response.Write"<script language=JavaScript>"
	Response.Write"alert(""对不起！用户名不能为空！"");"
	Response.Write"window.history.go(-1);"
	Response.Write"</script>"
end if
if Password="" then
	Response.Write"<script language=JavaScript>"
	Response.Write"alert(""对不起！密码不能为空！"");"
	Response.Write"window.history.go(-1);"
	Response.Write"</script>"
end if
if CookieDate="" then
	CookieDate=0
else
	CookieDate=Clng(CookieDate)
end if
set rs=conn.execute("select lockip from lockip where lockip='"&Request.ServerVariables("REMOTE_ADDR")&"'")
if not (rs.bof or rs.eof) then
	Response.Write"<script language=JavaScript>"
	Response.Write"alert(""对不起！你的IP已被锁定，不能登陆！"");"
	Response.Write"window.history.go(-1);"
	Response.Write"</script>"
else
	if ot_user then
		call ot_chklogin()
	else
		call ob_chklogin()
	end if	
end if
call CloseConn()

sub SaveCookie()
	Response.Cookies("oblog")("UserName")=username
	Response.Cookies("oblog")("Password") = PassWord
	if ot_user then
		Response.Cookies("oblog")("UserLevel")=rsreg("UserLevel")
	else	
		Response.Cookies("oblog")("UserLevel")=rs("UserLevel")
	end if
	Response.Cookies("oblog")("CookieDate") = CookieDate
	select case CookieDate
		case 0
			'not save
		case 1
		   	Response.Cookies("oblog").Expires=Date+1
		case 2
			Response.Cookies("oblog").Expires=Date+31
		case 3
			Response.Cookies("oblog").Expires=Date+365
	end select
end sub

sub ob_chklogin()
	password=md5(password)
	set rs=server.createobject("adodb.recordset")
	sql="select * from [user] where username='"& username & "' and UserPassword ='" & password &"'"
	rs.open sql,Conn,1,3
	if rs.bof and rs.eof then
		Response.Write"<script language=JavaScript>"
		Response.Write"alert(""对不起！用户名或密码错误！"");"
		Response.Write"window.history.go(-1);"
		Response.Write"</script>"
	else
		if rs("lockuser")="true" then
			Response.Write"<script language=JavaScript>"
			Response.Write"alert(""对不起！你的ID已被锁定，不能登陆！"");"
			Response.Write"window.history.go(-1);"
			Response.Write"</script>"
		else
			rs("LastLoginIP")=Request.ServerVariables("REMOTE_ADDR")
			rs("LastLoginTime")=blognow()
			rs("LoginTimes")=rs("LoginTimes")+1
			rs.update
			call SaveCookie()
			rs.close
			set rs=nothing
			call CloseConn()
			response.redirect ComeUrl
		end if
	end if
	rs.close
	set rs=nothing
end sub

sub ot_chklogin()
	password=md5(password)
	sql="select * from "&ot_usertable&" where "&ot_username&"='"& username & "' and "&ot_password&" ='" & password &"'"
	'response.Write(sql)
	set rs=ot_conn.execute(sql)
	if rs.bof and rs.eof then
		Response.Write"<script language=JavaScript>"
		Response.Write"alert(""对不起！用户名或密码错误！"");"
		Response.Write"window.history.go(-1);"
		Response.Write"</script>"
		exit sub
	else
		set rsreg=server.CreateObject("adodb.recordset")
		rsreg.open "select * from [user] where username='"& username &"'",conn,1,3
		if rsreg.eof then
			dim reguserlevel
			set rs=conn.execute("select reguserlevel,admincheckreg from bloginfo")
			reguserlevel=rs("reguserlevel")
			if rs("admincheckreg")="true" then
				reguserlevel=6
			end if
			rsreg.addnew
			rsreg("username")=username
			rsreg("userlevel")=reguserlevel
			rsreg("lockuser")="false"
			rsreg("userisbest")="false"
			rsreg("en_blogteam")="true"
			rsreg("adddate")=now()
			rsreg.update
			conn.execute("update bloginfo set usercount=usercount+1")
			rsreg.close
			set rsreg=nothing
			call PutApplicationValue()
		else
			rsreg("LastLoginIP")=Request.ServerVariables("REMOTE_ADDR")
			rsreg("LastLoginTime")=blognow()
			rsreg("LoginTimes")=rsreg("LoginTimes")+1
			rsreg.update
			call SaveCookie()
		end if	
	end if
	set rs=nothing	
	call CloseConn()
	response.redirect ComeUrl
end sub

function ReplaceBadChar(strChar)
	if strChar="" then
		ReplaceBadChar=""
	else
		ReplaceBadChar=replace(replace(replace(replace(replace(replace(replace(strChar,"'",""),"*",""),"?",""),"(",""),")",""),"<",""),".","")
	end if
end function
%>