checkhy.asp

mlm双轨制直销系统V8.0免费版 可用于： 1、直拨、回拨电话卡公司。 2、保健品、药品公司。 3、在线销售商品等等。 4、其他类型用到双轨制模式的线上开盘公司。

<%
dim sql_injdata
SQL_injdata = "'|exec|=|>|<|;|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
SQL_inj = split(SQL_Injdata,"|")

If Request.QueryString<>"" Then
	For Each SQL_Get In Request.QueryString
		For SQL_Data=0 To Ubound(SQL_inj)
			if instr(Request.QueryString(SQL_Get),Sql_Inj(Sql_DATA))>0 Then
				Response.Write "<Script Language=JavaScript>alert('◆≡≡≡系 统 提 示≡≡≡◆\n\n您的输入含有非法字符!');history.back(-1)</Script>"
				Response.end
			end if
		next
	Next
End If

If Request.Form<>"" Then
	For Each Sql_Post In Request.Form
		For SQL_Data=0 To Ubound(SQL_inj)
			if instr(Request.Form(Sql_Post),Sql_Inj(Sql_DATA))>0 Then
				Response.Write "<Script Language=JavaScript>alert('◆≡≡≡系 统 提 示≡≡≡◆\n\n您的输入含有非法字符!');history.back(-1)</Script>"
				Response.end
			end if
		next
	next
end if
%>
<!-- #include file="include/adovbs.inc" -->
<!-- #include file="include/dataconn.asp" -->

<%

name = trim(request("txtname"))
password = trim(request("txtpassword"))
if instr(name,"'")>0 then
	response.write"<SCRIPT language=JavaScript>alert('◆≡≡≡系 统 提 示≡≡≡◆\n\n您的输入含有非法字符。');"
	response.write"location.href='default.asp'</SCRIPT>"
	response.End
end if
if instr(password,"'")>0 then
	response.write"<SCRIPT language=JavaScript>alert('◆≡≡≡系 统 提 示≡≡≡◆\n\n您的输入含有非法字符。');"
	response.write"location.href='default.asp'</SCRIPT>"
	response.End
end if
verifycode=trim(Request.Form("verifycode"))
verifycode2=trim(Request.Form("verifycode2"))
if verifycode<>verifycode2 then
	response.write"<SCRIPT language=JavaScript>alert('◆≡≡≡系 统 提 示≡≡≡◆\n\n您输入的验证码不正确。');"
	response.write"location.href='default.asp'</SCRIPT>"
else
	session("verifycode")=""
	
	set rs = server.CreateObject("adodb.recordset")
	
	sql = "select * from hyclub where HyNumber = '" & name & "' and Hypassword = '" & password & "' "
	
	'Response.Write sql
	'Response.End
	
	rs.Open sql,conn
	
	'Response.Write rs.RecordCount 
	'Response.End 
	if rs.RecordCount >0 then
		if rs("IsApproved")=true then
			session("HyID")  = rs("HyID") '用户ID
			session("HyNumber") =rs("HyNumber") '
			session("addtime") = rs("addtime")
            session("u_id")=rs("hyid")
			session("user_id")=rs("id")
			session("hylevel")=rs("hylevel")
	set dl=conn.execute("select ispassed from dlclub where hid="&rs("id")&"")
	if not dl.eof then
	if dl("ispassed")=true then 
	session("dlpassed")="true"
	else
	session("dlpassed")="false"
	end if
	end if
	set paramrs = server.CreateObject("adodb.recordset")	
	sql = "select * from Setting_other"	
	paramrs.Open sql,conn

	if paramrs.RecordCount >0 then
		while not paramrs.eof
			FuncName=paramrs("FuncName")
			session(FuncName)=paramrs("FuncValue")
			paramrs.movenext
		wend
	end if
			
			Response.Redirect "Usermain.asp"
		else%>
	<script language="javascript">
		alert("◆≡≡≡系 统 提 示≡≡≡◆\n\n未审核会员不允许登陆，请检查!");
		history.back();
	</script>			
	<%end if	
			
	else%>
	<script language="javascript">
		alert("◆≡≡≡系 统 提 示≡≡≡◆\n\n会员帐号或者密码错误，请检查!");
		history.back();
	</script>	
	<%
		'Response.Redirect "default.asp"
	end if
end if
	%>