📄 admin_login.asp
字号:
<%
Option Explicit
Response.buffer = True
Response.Expires = -1
Response.ExpiresAbsolute = Now() - 1
Response.CacheControl = "no-cache"
%>
<!--#Include File="../Conn.asp"-->
<!--#Include File="../Inc/Md5.asp"-->
<!--#Include File="Admin_CheckCode.asp"-->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<link href="Admin_Style.css" rel="stylesheet" type="text/css">
<title><%=SiteName%> —— 网站后台登陆</title>
<script language="javascript" src="../js/Common.js"></script>
<script language="javascript" src="../js/InstallDir.js"></script>
</head>
<body>
<%
Select Case Action
Case "": Call LoginForm()
Case "Login": Call ChkLogin()
Case "Logout": Call AdminLogout()
End Select
CloseConn()
Function GetRndPassword(PasswordLen)
Dim Ran, i, strPassword
strPassword = ""
For i = 1 To PasswordLen
Randomize
Ran = CInt(Rnd * 2)
Randomize
If Ran = 0 Then
Ran = CInt(Rnd * 25) + 97
strPassword = strPassword & UCase(Chr(Ran))
ElseIf Ran = 1 Then
Ran = CInt(Rnd * 9)
strPassword = strPassword & Ran
ElseIf Ran = 2 Then
Ran = CInt(Rnd * 25) + 97
strPassword = strPassword & Chr(Ran)
End If
Next
GetRndPassword = strPassword
End Function
Function CheckComefrom(StrComeURL, StrCurrentURL)
If Trim(StrComeURL) = "" Then
CheckComefrom = False
Else
If LCase(Left(StrComeURL, InStrRev(StrComeURL, "/"))) <> LCase(Left(StrCurrentURL, InStrRev(StrCurrentURL, "/"))) Then
CheckComefrom = False
Else
CheckComefrom = True
End If
End If
End Function
Sub ShowErrorMsg(ErrorMsg)
Dim strError
strError = strError & "<html><head><title>错误信息</title><meta http-equiv='Content-Type' content='text/html; charset=gb2312'>" & vbCrLf
strError = strError & "<br><table cellpadding=5 cellspacing=1 border=0 width=400 style='border:1px solid #70777b' align=center>" & vbCrLf
strError = strError & " <tr align='center' style='background:#0650D2; color:#FFFFFF;'><td height='25'><strong>错误信息</strong></td></tr>" & vbCrLf
strError = strError & " <tr style='background:#F0F1F5;'><td height='100' valign='top'><b>产生错误的可能原因:</b><font color=red>" & ErrorMsg & "</font></td></tr>" & vbCrLf
strError = strError & " <tr align='center' style='background:#F0F1F5;'><td>"
If ComeUrl <> "" Then
strError = strError & "<a href='"& ComeUrl &"'>【返回上一页】</a>"
Else
strError = strError & "<a href='javascript:window.opener=null;window.close();'>【关闭】</a>"
End If
strError = strError & "</td></tr>" & vbCrLf
strError = strError & "</table>" & vbCrLf
strError = strError & "</body></html>" & vbCrLf
Response.Write strError
End Sub
Sub AdminLogout()
Session("CheckCode") = ""
Response.Cookies("Admin_"& EL_Sn)("AdminID") = ""
Response.Cookies("Admin_"& EL_Sn)("AdminName") = ""
Response.Cookies("Admin_"& EL_Sn)("AdminPassword") = ""
Response.Cookies("Admin_"& EL_Sn)("AdminRndPassword") = ""
Response.Redirect "Admin_Login.asp"
End Sub
Sub InitCmd(ObjCmd, SPName)
On Error Resume Next
ObjCmd.ActiveConnection = Conn
ObjCmd.CommandText = SPName
ObjCmd.CommandType = 4
ObjCmd.Prepared = True
If Err Then
Err.Clear
Response.Write "初始化对象错误"
End If
End Sub
Sub ChkLogin()
On Error Resume Next
Dim AdminID, AdminName, Password, CheckCode, RndPassword, ManageCode
Dim LoginCmd, Passed
If ComeURL = "" Then
Response.Clear()
Response.Write "<font color=red>禁止直接输入地址访问后台页面</font>"
Call InsertLog(1, ComeURL, "直接输入地址访问后台页面", "")
Call CloseConn()
Response.End()
Else
Dim Current_URL
Current_URL = "http://" & Trim(Request.ServerVariables("HTTP_HOST"))
Current_URL = Current_URL & Trim(Request.ServerVariables("SCRIPT_NAME"))
If CheckComefrom(ComeURL, Current_URL) = False Then
Response.Clear()
Response.Write "<font color=red>系统不能处理外部地址提交的数据</font>"
Call InsertLog(1, ComeURL, "试图从系统外部地址提交的数据", "")
Call CloseConn()
Response.End()
End If
End If
AdminName = Trim(Request.Form("AdminName"))
Password = Trim(Request.Form("Password"))
CheckCode = UCase(Request.Form("CheckCode"))
ManageCode = Trim(Request.Form("ManageCode"))
If CheckCode <> Session("CheckCode") Or CheckCode ="" Then
ShowErrorMsg("验证码错误")
Exit Sub
End If
If EnableSiteManageCode = True Then
If ManageCode <> SiteManageCode Then
ShowErrorMsg("管理认证码错误")
Exit Sub
End If
End If
Password = MD5(Password, 32)
RndPassword = GetRndPassword(32)
Set LoginCmd = Server.CreateObject("ADODB.COMMAND")
InitCmd LoginCmd, "EL_SP_CheckUserLogin"
LoginCmd.Parameters.Append LoginCmd.CreateParameter("RETURN", 2, 4)
LoginCmd.Parameters.Append LoginCmd.CreateParameter("@CheckType", 3, 1, 4, 1)
LoginCmd.Parameters.Append LoginCmd.CreateParameter("@UserName", 200, 1, 50, AdminName)
LoginCmd.Parameters.Append LoginCmd.CreateParameter("@Password", 200, 1, 32, Password)
LoginCmd.Parameters.Append LoginCmd.CreateParameter("@RndPassword", 200, 1, 32, RndPassword)
LoginCmd.Parameters.Append LoginCmd.CreateParameter("@RemoteIp", 200, 1, 15, RemoteIp)
LoginCmd.Parameters.Append LoginCmd.CreateParameter("@UserID", 3, 2, 4)
LoginCmd.Execute()
Passed = LoginCmd(0)
AdminID = LoginCmd(6)
Set LoginCmd = Nothing
Select Case Passed
Case 0:
ShowErrorMsg("用户名或密码错误")
Call InsertLog(2, ComeURL, "登陆失败:用户名或密码错误", AdminName)
Exit Sub
Case 2:
ShowErrorMsg("您的IP("& RemoteIp &")不允许登陆本系统")
Call InsertLog(2, ComeURL, "登陆失败:使用非法IP登陆", AdminName)
Exit Sub
End Select
Call InsertLog(2, ComeURL, "登陆成功", AdminName)
Response.Cookies("Admin_"& EL_Sn)("AdminID") = AdminID
Response.Cookies("Admin_"& EL_Sn)("AdminName") = AdminName
Response.Cookies("Admin_"& EL_Sn)("AdminPassword") = Password
Response.Cookies("Admin_"& EL_Sn)("AdminRndPassword") = RndPassword
Response.Cookies("Admin_"& EL_Sn)("AdminManageCode") = ManageCode
Response.Redirect "Admin_Index.asp"
End Sub
Sub InsertLog(ByVal LogType, ByVal PostURL, ByVal LogText, ByVal Editor)
Dim LogCmd, tmp, strParameters, wObject, ScriptName, l
ScriptName = Request.ServerVariables("SCRIPT_NAME")
tmp = Request.ServerVariables("QUERY_STRING")
If tmp <> "" Then
strParameters = "=========== [METHOD: GET] ==========="& VBCRLF & tmp
End If
tmp = ""
For Each wObject In Request.Form
tmp = tmp & wObject & "=" & Request.Form(wObject) & VBCRLF
Execute wObject & "=""" & Trim(Request.Form("" & wObject & "")) & """"
Next
If tmp <> "" Then
strParameters = strParameters & VBCRLF & "=========== [METHOD: POST] ==========="& VBCRLF & tmp
End If
If strParameters <> "" Then
l = Len(strParameters)
Else
l = 1
End If
Set LogCmd = Server.CreateObject("ADODB.COMMAND")
Call InitCmd(LogCmd, "EL_SP_Log")
With LogCmd
.Parameters.Append .CreateParameter("@Type", 3, 1, 4, 0)
.Parameters.Append .CreateParameter("@ArrLogID", 200, 1, 500, "")
.Parameters.Append .CreateParameter("@LogType", 3, 1, 4, LogType)
.Parameters.Append .CreateParameter("@ScriptName", 200, 1, 255, ScriptName)
.Parameters.Append .CreateParameter("@Parameters", 203, 1, l, strParameters)
.Parameters.Append .CreateParameter("@PostURL", 200, 1, 255, PostURL)
.Parameters.Append .CreateParameter("@LogText", 200, 1, 255, LogText)
.Parameters.Append .CreateParameter("@RemoteIp", 200, 1, 15, RemoteIp)
.Parameters.Append .CreateParameter("@Editor", 200, 1, 50, Editor)
.Execute()
End With
Set LogCmd = Nothing
End Sub
Sub LoginForm()
%>
<script language="javascript">
function CheckInput(frm){
if(frm.AdminName.value.trim()==""){
alert("请输入用户名");
frm.AdminName.focus();
return false;
}
if(frm.Password.value.trim()==""){
alert("请输入密码");
frm.Password.focus();
return false;
}
<%If EnableSiteManageCode = True Then%>
if(frm.ManageCode.value.trim()==""){
alert("请输入管理认证码");
frm.ManageCode.focus();
return false;
}
<%End If%>
if(frm.CheckCode.value.trim()==""){
alert("请输入验证码");
frm.CheckCode.focus();
return false;
}
SubmitOnce(frm);
return;
}
function CheckBrowser() {
var app = navigator.appName;
var verStr = navigator.appVersion;
if(app.indexOf('Netscape') != -1) {
alert('你使用的是Netscape、Firefox或者其他非IE浏览器,可能会导致无法使用后台的部分功能。建议您使用 IE6.0 或以上版本。');
} else if(app.indexOf('Microsoft') != -1) {
if (verStr.indexOf('MSIE 3.0')!=-1 || verStr.indexOf('MSIE 4.0') != -1 || verStr.indexOf('MSIE 5.0') != -1 || verStr.indexOf('MSIE 5.1') != -1)
alert('您的浏览器版本太低,可能会导致无法使用后台的部分功能。建议您使用 IE6.0 或以上版本。');
}
}
window.onload = function(){
CheckBrowser();
document.Login.AdminName.focus();
}
</script>
<table width="100%" border="0" cellspacing="1" cellpadding="0">
<form name="Login" action="Admin_Login.asp?Action=Login" method="post" onSubmit="return CheckInput(this)">
<tr>
<td height="100"></td>
</tr>
<tr>
<td align="center">
<table width="350" border="0" cellpadding="0" cellspacing="1" class="Border">
<tr align="center">
<td colspan="2" class="top_25"><strong>后 台 管 理 登 陆</strong></td>
</tr>
<tr class="td_25">
<td colspan="2" height="5"></td>
</tr>
<tr class="td_25">
<td width="95" align="right">用户名:</td>
<td width="250"><input name="AdminName" type="text" id="AdminName"></td>
</tr>
<tr class="td_25">
<td align="right">密 码:</td>
<td><input name="Password" type="password" id="Password"></td>
</tr>
<%If EnableSiteManageCode = True Then%>
<tr class="td_25">
<td align="right" valign="middle">管理认证码:</td>
<td valign="middle"><input name="ManageCode" type="text" id="ManageCode"></td>
</tr>
<%End If%>
<tr class="td_25">
<td align="right" valign="middle">验证码:</td>
<td valign="middle"><input name="CheckCode" type="text" id="CheckCode" size="6">
<img src="<%=InstallDir%>Inc/CheckCode.asp?t=<%=Now()%>" style='border: 1px solid #ffffff; cursor:hand;' onClick="this.src='<%=InstallDir%>Inc/CheckCode.asp?t='+Math.random()" alt="看不清楚,刷新验证码"></td>
</tr>
<tr class="td_25">
<td colspan="2" align="center" valign="middle" class="td_50"><input name="Submit" type="submit" value="登陆系统">
<input name="Submit" type="button" value="关闭系统" onClick="window.opener=null;window.close();"></td>
</tr>
</table>
</td>
</tr>
</form>
</table>
<%
End Sub
%>
</body>
</html>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -