default.asp

公共选修课报名及成绩查询管理系统。ASP.NET+ACCESS的组合

<!--#include file="config.asp"-->
<!--#include file="md5.asp"-->
<%
If Request("menu")="out" Then
	Session.abandon
End If
%>
<%
if Request("Menu")="login" then

	'过滤敏感字符及系统命名字符
	X_LogName=Replace(Replace(Replace(Replace(Replace(Replace(Replace(trim(Request("LogName")),"'","''"),"update",""),"insert",""),"and",""),"or",""),"del",""),"none","")

	set rs=server.createobject("adodb.recordset")
	sql="select * from T_Admin where A_Name='"&X_LogName&"'"
	Rs.open sql,conn,1,3
		If rs.bof and rs.eof and X_LogName<>"" then
			Conn.Execute("Insert into [T_Log] (L_What,L_IP) values ('非法登录:帐号"&Request("LogName")&"密码"&Request("LogPwd")&"','"&Request.ServerVariables("REMOTE_ADDR")&"') ")
			Response.write"<script language='javascript'>alert(""登录失败！\n\n非合法用户请勿登录本系统，您的ＩＰ已经被记录！"");location.href=""default.asp"";</script>"
		Else
			 If Rs("A_Pass")=md5(Trim(Replace(Request("LogPwd"),"'",""))) then
				Session("X_A_Id")=Rs("A_Id")
				Session("X_A_Name")=Replace(Replace(Replace(Replace(Replace(Replace(trim(Request("LogName")),"'","''"),"update",""),"insert",""),"and",""),"or",""),"del","")
				Session("X_A_Pass")=md5(Trim(Replace(Request("LogPwd"),"'","")))
				Session("X_A_IP")=Rs("A_IP")

				'记录登录情况
				  Rs("A_Count")=Rs("A_Count")+1
				  Rs("A_IP")=Request.ServerVariables("REMOTE_ADDR")
				  Rs("A_LastT")=now()
				  Rs.update 
				  Rs.close    
				  set Rs=nothing
				Conn.Execute("Insert into [T_Log] (L_Use,L_What,L_IP) values (true,'成功登录','"&Request.ServerVariables("REMOTE_ADDR")&"') ")
				'每次登录自动删除十天前日志
				Conn.Execute("delete * From [T_Log] Where L_LastT < "&SqlNow&"-10 ")
				Response.write"<script language='javascript'>alert(""登录成功！\n\n现在进入管理页面,先阅读首页说明文档！"");location.href=""Main.asp"";</script>"
				Response.End
			 Else
				Conn.Execute("Insert into [T_Log] (L_What,L_IP) values ('非法登录:帐号"&Request("LogName")&"密码"&Request("LogPwd")&"','"&Request.ServerVariables("REMOTE_ADDR")&"') ")
				Response.Write "<script language='javascript'>alert('登录失败！\n\n非合法用户请勿登录本系统，您的ＩＰ已经被记录！');history.back();</script>"
				Rs.update 
				Rs.close    
				set Rs=nothing
			 End If
		End If
End If
%>
<%
IF Request("POST")="True" Then
	Session("X_A_Name")=Replace(Replace(Replace(Replace(Replace(Replace(trim(Request("LogName")),"'","''"),"update",""),"insert",""),"and",""),"or",""),"del","")
	Session("X_A_Pass")=md5(Trim(Replace(Request("LogPwd"),"'","")))
	Response.Redirect "main.asp"
End IF
%>
<html>
<head>
<title><%response.write  webname%>-----系统名称：VPEI学生成绩管理系统---管理入口</title>
<link rel="stylesheet" type="text/css" href="images/vpei.css">
</head>
<body topmargin=10><a href=http://vpei.dxswm.com target=_blank><font color=#FFFFFF>VPEI</font></a>
<TABLE height=180 cellSpacing=1 cellPadding=0 width=400 bgColor=#000000 border=0 align=center>
<tr bgcolor=#FFFFFF><td background=images/cent.gif align=center height=25 class=topic>管理员登录入口</td></tr>
<form method="post" action="default.asp">
<input type="hidden" name="menu" value="login">
<TR bgcolor="#FFFFFF">
    <TD vAlign=center align=center class=txt>
	<br>

管理帐号： 
        <input type="text" name="LogName" size="10" maxlength="20">
        <br>
        <br>
        管理密码： 
        <input  type="password" name="LogPwd" size="10" maxlength="31">
<br><br></TD></TR>
<tr bgcolor="#FFFFFF"><td background=images/cent.gif align=center height=25><input  type="submit" value="确&nbsp;&nbsp;定">&nbsp;&nbsp;<input  type="reset" value="重&nbsp;&nbsp;写"></td></tr>
</FORM>       
</table><a href=http://vpei.dxswm.com target=_blank><font color=#FFFFFF>VPEI</font></a>
</body></html>