check.asp

ASP数据库系统开发案例精选(光盘）中的客户关系管理系统 用户名/密码：admin/admin

<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>
<!--#include file=DataBase/conn.asp-->
<%
'校对验证码是否正确
if trim(request("num"))<>trim(request("num1")) then
	response.Write("<script language=javascript>alert('验证码不正确');location='login.asp'</script>")
	response.End()
end if
'判断用户名是否为空
if trim(request("admin_name"))="" then
	response.Write("<script language=javascript>alert('用户名不能为空');location='login.asp'</script>")
	response.End()
end if
'判断密码是否为空
if trim(request("admin_pwd"))="" then
	response.Write("<script language=javascript>alert('密码不能为空');location='login.asp'</script>")
	response.End()
end if
if request("action")="login" then
	admin_name=request("admin_name")
	admin_pwd=request("admin_pwd")
	username=trim(replace(request("admin_name"),"'",""))
	userpwd=trim(replace(request("admin_name"),"'",""))
	'判断用户名中是否含有非法字符
	for i=1 to len(username)
	user=mid(username,i,1)
	if user="'" or user="%" or user="<" or user=">" or user="&" or user="|" then
	response.write "<script language=JavaScript>" & "alert('您的用户名含有非法字符,请重新输入！');" & "history.back()" & "</script>"
	response.end
	end if
	next
	'判断密码中是否含有非法字符
	for i=1 to len(userpwd)
	pass=mid(userpwd,i,1)
	if pass="'" or pass="%" or pass="<" or pass=">" or upass="&" or pass="|" then
	response.write "<script language=JavaScript>" & "alert('您的密码含有非法字符,请重新输入！');" & "history.back()" & "</script>"
	response.end
	end if
	next
		   
	set rs=server.CreateObject("adodb.recordset")
	sql="select * from tb_User where username='"&admin_name&"' and userpwd='"&admin_pwd&"'"
	rs.open sql,conn,1,1
	if not rs.eof then 
	session("admin_name")=username
	response.Redirect("index.asp")
	else
	response.Write("<script language=javascript>alert('您输入的用户名或者密码有误，请重新输入！');location='javascript:history.go(-1)'</script>")
	end if
end if
%>