login.asp

后台管理系统

<!--#include file="conn.asp"-->
<!--#include file="md5.asp"-->
<!--#include file="validate.asp"-->
<%
username=trim(request.Form("username"))
password=trim(request.Form("userpassword"))
verifycode=trim(request.form("verifycode"))
'检测是否已经填写
call checklen(username&"|"&password&"|"&verifycode,"请填写帐号!\n|请填写密码!\n|请填写验证码!")
'检测长度
call maxlen(username&"|"&password&"|"&verifycode,"请填写的帐号长度小于20个字节!\n|请填写的密码长度小于20个字节!\n|请填写的验证码长度小于4个字节!","20|20|4")
'过滤危险字符
call checkletter(username&"|"&password&"|"&verifycode,"帐号填写不合法!\n|密码填写不合法!\n|验证码填写不合法!","<script>|?|'|$|%|&")
'检测验证码输入是否正确
if cstr(session("getcode"))<>cstr(trim(request("verifycode"))) then
str_alert=str_alert&"!您输入的验证码和系统产生的不一致，请重新输入。\n"
end if
set rs=server.CreateObject("adodb.recordset")
sql="select * from product_admin where username='"&username&"' and userpassword='"&md5(password)&"'"
rs.open sql,conn,1,1
if rs.eof or err then
str_alert=str_alert&"!您输入的帐号和密码不正确,请重新输入!\n"
end if
'如果输入非法
if len(str_alert)<>0 then
response.Write("<script language=javascript>window.alert('"&str_alert&"');this.location.href='index.htm';</script>")
response.end()
end if
if not (rs.eof or err ) then
response.Cookies("username")=rs("username")
session("AdminName")=rs("username")
rs.close
set rs=nothing
conn.close
set conn=nothing
 session("flag")=true
 response.Write"<script language=javascript>this.location.href='admin_index.asp';</script>"
else
response.Write"<script language=javascript>this.location.href='index.htm';</script>"
end if
 %>