login.asp

功能最强大的ASP网站

<!--#include file="../inc/conn.asp"-->
<!--#include file="../inc/func2.asp"-->
<%
username=request("username")
userpass=request("userpass")
if username=""  then mesg="用户名不能为空<br>"
if userpass="" then mesg=mesg&"密码不能为空<br>"

username = replace(username,"'","")
username = replace(username," ","")
username = replace(username,"&","")

if mesg<>"" then
	PopErr mesg
end if


set rs=server.createobject("adodb.recordset")
sql="select * from [user] where username='"&username&"'"
rs.open sql,conn,1,1
if rs.eof then
	PopErr "对不起,用户名或密码错"
end if

if rs("userpass")<>userpass then
	PopErr "对不起,用户名或密码错"
end if

session("username")=username
session("usernameID")=rs("ID")
session("userlevel")=rs("level")
session("manageuser")=rs("manageuser")
'session("ManageuserIsAgent")=IsAgent(session("manageuser"))
session("GroupCode")=rs("Menu")
GroupCode=rs("Menu")
rs.close
set rs=nothing

set rs = conn.execute("select * from usergroup where groupcode='"&GroupCode&"'")
session("IsAdmin")=rs("IsAdmin")
rs.close
set rs=nothing

set rs = conn.execute ("select * from usergroupfun where groupcode='"&GroupCode&"'")
do while not rs.eof 
 UFunCode = UFunCode & "," & rs("Funcode") & ","
rs.movenext
loop
session("UFunCode")=UFunCode
rs.close
set rs=nothing

set rs=server.createobject("adodb.recordset")
sql="select * from config "
rs.open sql,conn,1,1

do while not rs.eof
	session(rs("name"))=rs("config")
rs.movenext
loop
rs.close
set rs=nothing
call WriteLog("","成功","用户登录","用户登录成功")
Response.Redirect "../userlogin.asp"

Function WriteLog(OpName,IsSucc,OpType,ReMark)
sql = "insert into oplog (username,opname,issucc,optype,remark) values ('" & session("username") & "','" & OpName & "','" & IsSucc & "', '" & OpType & "', '" & Remark & "') "
conn.execute (sql)
end function
%>