<% postion = Trim(Request.QueryString("postion")) if postion="" or not IsNumeric(postion) then errmsg="" postion=trim(1) else errmsg="您没有登陆或者停留的时间过长,请重新登陆!" end if Function checkenter() If username<>"" and password<>"" and otherpwd<>"" and Instr(username,"'")<1 and Instr(username," ")<1 and Instr(username,"""")<1 and Instr(username,"&")<1 then checkenter=TRUE Else checkenter=FALSE End If End Function Function checksysUser() sql="SELECT * FROM admin WHERE user='"&username&"'" Set rs=Server.CreateObject("adodb.recordset") rs.Open sql,conn,1,1 if rs.eof then checksysUser=FALSE else passwd=trim(rs("pwd")) if passwd=password then Session("admin")=username checksysUser=TRUE else checksysUser=FALSE end if End if rs.close conn.close End Function %> <%=homepage_title%>--管理中心-用户登陆

 

<% if Request.Form("action")="true" then username=trim(Request.Form("username")) password=trim(Request.Form("password")) position = Trim(Request.form("postion")) otherpwd = Trim(Request.form("otherpwd")) reotherpwd = Trim(Request.form("reotherpwd")) a=checkenter() If a=TRUE then if otherpwd = reotherpwd then b=checksysUser() if b=true then if position <> 2 then Response.Redirect("main.asp") else %> <% end if else errmsg="用户名或者用户密码错误,请重新输入!" end if else errmsg="附加码输入错误,请重新输入!" end if else errmsg="用户名输入有误,请重新输入!" end if end if %>
<%=errmsg%>
     
 
帐  号:
密  码:
附加码: <% dim temprnd Randomize temprnd=cstr(Int((9999 - 1000 + 1) * Rnd() + 1000)) response.Write (temprnd) %>