proc_login.jsp

急着下个东西即然还要开通帐号

<%@ page contentType="text/html; charset=gb2312" %>
<%@ page import="beitian.db.*,java.sql.*"%>
<%@ page import="java.util.*"%>
<%@ page import="java.lang.*"%>
<%@ page import="com.chncup.commen.Log"%>
<%@ page import="com.chncup.commen.MD5"%>

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title></title>
</head>
<%

		 String VERIFYCODE = request.getParameter("VERIFYCODE");
      String snm=String.valueOf(session.getAttribute("RANDOMCODE"));
	 	  if (!VERIFYCODE.equals(snm)) {
	    %>
	      <script language="javascript">
		  	alert("验证码输入有误！");
		  	history.back();
		  </script>	
		  <%  
		     return;
		 }  
	  
     					
  //获取表单传来的用户信息数据
  String user_id = (request.getParameter("USERNAME")==null) ? "" : request.getParameter("USERNAME");
  String PASSWORD = (request.getParameter("PASSWORD")==null) ? "" : request.getParameter("PASSWORD");
  
  //PASSWORD = "L7"+PASSWORD+"l8";
  String MD5_password=com.chncup.commen.MD5.MD5(PASSWORD);
  /*String MD5_password="";
  
  if (PASSWORD.equals("chncup_7")) { 
     MD5_password= "6f4f5ce21a6d334f9c30fdebd8daa968";
  }   
  */
  //out.println("USERNAME = "+USERNAME);
  //out.println("PASSWORD = "+PASSWORD);
  //out.println("MD5_PASSWORD = "+MD5_password);
  
  String url="index.jsp";
  String sql = "select user_id,password from web_user  where user_id='"+user_id+"' and password='"+MD5_password+"'";
  DBOperation theDBOperation = new DBOperation();
      try {
         ResultSet rs=theDBOperation.getResultSet(sql);
         
        if(rs.next() & rs.getString("password").equals(MD5_password))
        {
           session.setAttribute("user_id",user_id);
           session.setAttribute("denglu_ok","denglu_ok");
           
       } else
           url="login.jsp";           
      }
      catch (Exception ex) {
        //message = "操作失败!";
        //System.out.println("登录日志失败:" + ex.toString());			        
        com.chncup.commen.Log.getLogger().error("登录日志失败:" + ex.getMessage()+" sSQL = " + sql);
      }
      String ipaddress=request.getRemoteAddr();
			       
			sql = "insert into user_login(user_id,ip_address) values('"+user_id+"','"+ipaddress+"')";
			     
			try {
			   int i=theDBOperation.executeSql(sql);
			}
			 catch (Exception ex) {
			  //  System.out.println("记录登录日志失败:" + ex.toString());
		     com.chncup.commen.Log.getLogger().error("记录登录日志失败:" + ex.getMessage() +" sSQL= "+ sql);
   	    ex.printStackTrace();
			}
      response.sendRedirect(url);
  
%> 
<body>
</body>
</html>