adminlogin.asp

请认真阅读您的文件包然后写出其具体功能(至少要20个字)。尽量不要让站长把时间都花费在为您修正说明上。压缩包解压时不能有密码。

<!--#include file="conn.asp"-->
<!--#include file="inc/md5.asp"-->
<!--#include file="inc/const.asp"-->
<%
if not anysale.isAdmin then call anysale.asNote("权限出错","你所在的用户组没有管理后台的权限,请用管理员帐号登录后再进行操作!") end if
select case request("action")
	case "chkLogin"
    	call chkLogin()
	case "logout"
		call logout()
	case else
		call main()
end select

sub main()

call anysale.minHead("后台登录","","")
%>
<script type="text/javascript">
//表单提交检查
function checkLogin() {
	var flag1 = check('用户名',$('admin').value,'adminNote',0,4,4,20)
	var flag2 = check('密码',$('password').value,'passwordNote',0,3,6,20)
	var flag3 = checkCode('验证码',$('passcode').value,'passcodeNote')
	var rtflag = flag1 && flag2 && flag3;
	return rtflag;
}
</script>
<div style="clear:both;height:100px;">&nbsp;</div>

<div class="bodyer">
 <form name="loginForm" id="loginForm" method="post">
 <ul class="loginL">
  <li><a href="javascript:anysale();" onclick="window.open('http://www.anysale.cn');"><img src="images/loginLogo.gif" alt="logo" width="95" height="38" /></a></li>
  <li class="f14" style="height:28px;line-height:28px;">传递网络价值!</li>
  <li>&nbsp;</li>
  <li>&nbsp;</li>
  <li>&nbsp;</li>
  <li>&nbsp;</li>
  <li>&nbsp;</li>
  <li>客服热线：755 8330 8835</li>
 </ul>
 <ul class="loginM"><li>&nbsp;</li></ul>
 <ul class="loginR">
  <li><h3>欢迎光临!</h3></li>
  <li>为确保安全，系统使用完毕后，请注销登录。</li>
  <li>&nbsp;</li>
  <li style="height:30px;"><h2 class="color">登录后台管理系统</h2></li>   
  <li style="height:28px;"><label for="admin" class="left">用户名&nbsp;&nbsp;&nbsp;&nbsp;<input type="text" name="admin" id="admin" onblur="check('用户名',this.value,'adminNote',0,4,4,20)" tabindex="1" maxlength="20" />&nbsp;&nbsp;</label> <span class="note"><span id="adminNote"></span></span></li>
  <li style="height:28px;"><label for="password" class="left">密&nbsp;&nbsp;&nbsp;&nbsp;码&nbsp;&nbsp;&nbsp;&nbsp;<input type="password" name="password" id="password" onblur="check('密码',this.value,'passwordNote',0,3,6,20)" tabindex="2" maxlength="20" />&nbsp;&nbsp;</label> <span class="note"><span id="passwordNote"></span></span></li>
  <li style="height:28px;"><label for="passcode" class="left">验证码&nbsp;&nbsp;&nbsp;
   <input name="passcode" type="text" id="passcode" tabindex="3" onfocus="setCode('code','passcodeNote');" onblur="checkCode('验证码',this.value,'passcodeNote');$('adminSubmit').focus();" maxlength="4" /> 
   <span id="code"></span>&nbsp;</label><span class="note"><span id="passcodeNote"></span></span>  </li>
  <li>&nbsp;</li>
  <li>
   <span style="margin:0 0 0 48px;"></span>
   <input type="button" id="adminSubmit" name="button" value="确 定" onclick="if(checkLogin()){getPage('adminlogin.asp?action=chkLogin','login',0,'loginForm');winNew('正在登录','<div class=anysaleLoad><ul class=winNote><li class=iLoad>&nbsp;</li><li class=left><ul><li class=f14>正在登录，请稍后...</li></ul></li></ul></div>',0,400,94);};" class="button" onmouseover="this.className='buttonH'" onmouseout="this.className='button'" />
  </li>
 </ul>
 </form>
</div>

<div style="clear:both;height:80px;">&nbsp;</div>
<%
anysale.minFoot

end sub

sub chkLogin()
	dim admin, password, password2
	dim rs
	admin=trim(replace(request("admin"),"'",""))
	password=md5(replace(request.form("password"),"'",""),16)
	password2=md5(replace(request.form("password"),"'",""),32)
	
	if not anysale.checkPost then
		errNote=errNote+"<li>请不要从外部提交。</li>"
		iserr=true
	end if
	if admin="" or password="" or request("passcode")="" then
		errNote=errNote+"<li>请输入您的用户名或密码及验证码。</li>"
		iserr=true
	end if
	if cstr(session("getcode"))<>lcase(cstr(trim(request("passcode")))) then
		errNote=errNote+"<li>您输入的确认码和系统产生的不一致，请重新输入。</li>"
		iserr=true
	end if
	session("getcode")=""
	
	if iserr then
		conn.execute ("insert into as_log (scriptName,userName,detail,userIP,type) values ('"&anysale.scriptName&"','"&session("admin")&"','输入错误','"&anysale.userTrueIP&"',0)")
		anysale.errWin(errNote)
		exit sub
	end if
	
	set rs=server.createObject("adodb.recordset")
	set rs=conn.execute("select * from as_admin where admin='"&admin&"'")
	if rs.eof and rs.bof then
		anysale.errWin("<li>您输入的用户名和密码不正确或者您不是会员。</li>")
		conn.execute ("insert into as_log (scriptName,userName,detail,userIP,type) values ('"&anysale.scriptName&"','"&session("admin")&"','输入错误','"&anysale.userTrueIP&"',0)")
		iserr=true
		exit sub
	else
		if trim(rs("password"))<>password and trim(rs("password"))<>password2 then
			anysale.errWin("<li>您输入的用户名和密码不正确或者您不是会员。</li>")
			iserr=true
		else
			'改为32位密码
			if trim(rs("password"))=password then
				conn.execute("update as_admin set [password]='"&password2&"' where admin='"&admin&"'")
			end if
			
			if rs("acceptIP")<>"" and chkLoginIP(rs("acceptIP"),anysale.userTrueIP)=false then
				anysale.errWin("<li>你不是合法的管理员。</li>")
				iserr=true
			end if
		end if
		
		if iserr=true then
			conn.execute ("insert into as_log (scriptName,userName,detail,userIP,type) values ('"&anysale.scriptName&"','"&session("admin")&"','登录失败','"&anysale.userTrueIP&"',0)")
			exit sub
		else
			session("admin")=rs("admin")
			session("flag")=rs("flag")
			session("username")=rs("username")
			session("userID")=rs("userID")
			session("groups")=anysale.userGroup
		
			conn.execute("update as_admin set login="&anysaleNow&",adminIP='"&anysale.userTrueIP&"',logins=logins+1 where admin='"&admin&"'")
			conn.execute("insert into as_log (scriptName,userName,userID,detail,userIP,type) values ('"&anysale.scriptName&"','"&session("admin")&"','"&session("userID")&"','登录成功','"&anysale.userTrueIP&"',0)")
		end if
	end if

	rs.close
	set rs=nothing
	
	if cint(request.form("back"))=1 then	
	sucNote="<li>登录成功!</li>|||<button onclick=""winClose();"" class=""button"" onmouseover=""this.className='buttonH'"" onmouseout=""this.className='button'"">返回</button>"
	else
	sucNote="<li>登录成功!</li>|||<button onclick=""location.href='admin.asp';winClose();"" class=""button"" onmouseover=""this.className='buttonH'"" onmouseout=""this.className='button'"">进入后台</button>"
	sucNote=sucNote+"&nbsp;&nbsp;<button onclick=""location.href='index.asp';winClose();"" class=""button"" onmouseover=""this.className='buttonH'"" onmouseout=""this.className='button'"">网站首页</button>"
	end if
	anysale.sucWin(sucNote)
end sub

function chkLoginIP(acceptIP,chkIP)
	dim i,loginIP,tempIP
	chkLoginIP = false
	if instr("|"&acceptIP&"|","|"&chkIP&"|") then chkLoginIP = true : exit function
	loginIP = split(chkIp,".")
	tempIP = loginIP(0)&"."&loginIP(1)&"."&loginIP(2)&".*"
	if instr("|"&acceptIP&"|","|"&tempIP&"|") then chkLoginIP = true : exit function
	tempIP = loginIP(0)&"."&loginIP(1)&".*.*"
	if Instr("|"&acceptIP&"|","|"&tempIP&"|") then chkLoginIP = true : exit function
	tempIP = loginIP(0)&".*.*.*"
	if instr("|"&acceptIP&"|","|"&tempIP&"|") then chkLoginIP = true : exit function
end function

sub logout()
	session("admin")=""
	session("flag")=""
	session("username")=""
	session("userID")=""
	session("groups")=""
	response.redirect "index.asp"
end sub

call closeConn()
%>