check_login.asp

商城源码程序(上海数字商城整站) 功能列表： 商品管理

<!--#include file="conn.asp"-->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<title>无标题文档</title>
</head>

<body>
<%
admin_name=trim(request("admin_name"))
strTemp=trim(request("admin_name"))
If Instr(strTemp,"select%20") or Instr(strTemp,"insert%20") or Instr(strTemp,"delete%20from") or Instr(strTemp,"count(") or Instr(strTemp,"drop%20table") or Instr(strTemp,"update%20") or Instr(strTemp,"truncate%20") or Instr(strTemp,"asc(") or Instr(strTemp,"mid(") or Instr(strTemp,"char(") or Instr(strTemp,"xp_cmdshell") or Instr(strTemp,"exec%20master") or Instr(strTemp,"net%20localgroup%20administrators")  or Instr(strTemp,":") or Instr(strTemp,"net%20user") or Instr(strTemp,"'") or Instr(strTemp,"%20or%20") then
%>		<script language=vbs>
<!--
  msgbox"小样！想干嘛！"
  window.location.href="login.asp" 
-->
</script>
<%response.end
End If
admin_pass=trim(request("admin_pass"))
verifycode=trim(Request("verifycode"))
verifycode2=trim(Request("verifycode2"))
if verifycode<>verifycode2 then
response.Write "<script language=javascript>alert('验证码不正确!');window.location.href='login.asp';</script>"
response.End()
end if
if admin_name="" or admin_pass="" then
response.Write "<script language=javascript>alert('用户名或密码不能为空!');window.location.href='login.asp';</script>"
response.end
end if
sql="select * from sys_admin where admin_name='"&admin_name&"'"
response.Write(sql)
'response.End()
set rs=server.CreateObject("adodb.recordset")
rs.open sql,conn,1,1
if rs.eof and rs.bof then
response.Write "<script language=javascript>alert('用户名不存在!');window.location.href='login.asp';</script>"
else
if trim(rs("admin_pass"))<>md5(admin_pass) then
response.Write "<script language=javascript>alert('密码错误!');window.location.href='login.asp';</script>"
else
session("admin_name")=trim(rs("admin_name"))
session("proview")=trim(rs("proview"))
response.redirect("index.asp")
end if
end if
%>
</body>
</html>