admin_login.asp

Art2008 CMS是一款具有强大的功能的基于ASP语言的网站管理软件

<!--#include file = admin_conn.asp -->
<!--#include file = md5.asp -->
<!--#include file = titleb.asp -->
<%


userip = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
If userip = "" Then userip = Request.ServerVariables("REMOTE_ADDR")

Function finddir(filepath)
	finddir=""
	for i=1 to len(filepath)
	if left(right(filepath,i),1)="/" or left(right(filepath,i),1)="\" then
	  abc=i
	  exit for
	end if
	next
	if abc <> 1 then
	finddir=left(filepath,len(filepath)-abc+1)
        finddir=replace(finddir,"admin/","")  
	end if
end Function

Dim Arturl:Arturl=finddir(request.servervariables("URL"))
Set rs = Server.CreateObject("ADODB.RecordSet")
rs.Open "select * from [config]",conn,1,3
if rs.recordcount=0 then
   rs.addnew
end if
   rs("path")=Arturl
   rs.update
   rs.close
   set rs=nothing

If setting("IFvalidate")=0 Then

Dim validatecode:validatecode=trim(request("validatecode"))
		If validatecode <> setting("validatecode") Or validatecode = "" Then
			Response.Redirect "login.asp?id=2"
		End if
End If

Dim Artyzm:Artyzm=trim(request("Artyzm"))

if Artyzm="" then 
	Response.Redirect "login.asp?id=3"
end if

if Artyzm<>session("Artyzm") then 
	Response.Redirect "login.asp?id=3"
end if

session("Artyzm")=""

if request("user")="" or request("pass")="" then

  conn.close
  set conn=nothing
  Response.Redirect "login.asp?id=0"
  
  else
  
  user=LCase(chkhtm(request("user")))
  pass=md5(chkhtm(trim(request("pass"))))
  
  sql = "select * from admin where [user]='"&user&"' and [pass]='"&pass&"' and jingyong<>1"
  Set rs = Server.CreateObject("ADODB.RecordSet")
  rs.Open sql,conn,1,3
  
  if rs.recordcount=0 then

  call loglongout()
 
       Response.Redirect "login.asp?id=1"
  end if

rs("IP")=Request.ServerVariables("REMOTE_ADDR")
rs("lastlogin")=Now()
rs("logins")=rs("logins")+1
rs.update
  Response.Cookies(Art2008)("adminuser")=rs("user")
  Response.Cookies(Art2008)("adminpass")=pass
  Response.Cookies(Art2008)("admindj")=rs("dj")
  Response.Cookies(Art2008)("fullname")=rs("fullname")     
  Response.Cookies(Art2008)("sex")=rs("sex")
  response.cookies(Art2008)("purview")=rs("purview")
  response.cookies(Art2008)("OSKEY")=rs("OSKEY")
  Response.Cookies(Art2008)("upload") = "admin"

  call loglongin()
  
  Response.Redirect "admin_index.asp"
  
end if




'/********************************************************************
' loglongin() 记录登陆成功日志
'********************************************************************/
sub loglongin()

  lobalname=request.Cookies(Art2008)("adminuser")
  Set rsLog=server.CreateObject("adodb.recordset")
		SqlLog="select EndLogin,admin_username,addtime,endtime,logip,cs From  Art_blog Where admin_username='"&lobalname&"' and logip='"&userip&"' and EndLogin=1 and datediff('d',[addtime],now())<1"
		rsLog.open SqlLog,conn,1,3
		if not rsLog.eof then 	   
			
			rsLog("endtime")=now()
 			rsLog("Cs")=Cint(rsLog("Cs"))+1
			rsLog("EndLogin")=1
			rsLog.update()
		else
			rsLog.addnew()
			rsLog("logip")=userip
			rsLog("admin_username")=lobalname
			rsLog("addtime")=now()
			rsLog("endtime")=now()
			rsLog("Cs")=1
			rsLog("EndLogin")=1
			rsLog.update()
		end if
		rsLog.close
		Set rsLog=nothing  
		
end sub

'/********************************************************************
' loglongout() 记录登陆失败日志
'********************************************************************/
sub loglongout()
        Set rsLog=server.CreateObject("adodb.recordset")
			SqlLog="select EndLogin,admin_username,addtime,endtime,logip,cs From  Art_blog "
			rsLog.open SqlLog,conn,1,3
			  rsLog.addnew()
				rsLog("logip")=userip
				rsLog("admin_username")=LCase(chkhtm(request("user")))
				rsLog("addtime")=now()
				rsLog("endtime")=now()
				rsLog("Cs")=1
				rsLog("EndLogin")=0
			  rsLog.update()
				rsLog.close
				Set rsLog=nothing   

end sub

%>
<% call CloseConn() %>