28,391
社区成员
发帖
与我相关
我的任务
分享小问题,帮帮菜鸟!总显示用户名和密码错误
数据库名为:book.mdb 数据表:admin 字段:user1 pass1
数据库没有采用md5加密!
<!--#include file="conn.asp"-->
<!--#include file="cfsencode.asp"-->
<%user1=left(trim(request.Form("user1")),20)
pass1=cfsencode(trim(request.Form("pass1")))
Code=trim(request.Form("CheckCode"))
subm=trim(request.QueryString("subm"))
if subm <>"ok" then
%>
<Script Language=JavaScript>
// 表单提交客户端检测
function doSubmit(){
if (document.myform.user1.value==""){
alert("用户名不能为空!");
return false;
}
if (document.myform.pass1.value==""){
alert("密码不能为空!");
return false;
}
if (document.myform.CheckCode.value==""){
alert("验证码不能为空!");
return false;
}
//document.myform.submit();
}
</Script>
<table width="200" height="130" border="0" align="center" cellpadding="1" cellspacing="1" bgcolor="#CCCCCC" class="p91">
<form name="myform" method="post" action="index.asp?subm=ok">
<tr>
<td width="70" align="center">用户名 </td>
<td> <input name="user1" type="text" class="input" size="15" maxlength="20"> </td>
</tr>
<tr>
<td align="center">密 码 </td>
<td> <input name="pass1" type="password" class="input" size=15 maxlength=20> </td>
</tr>
<tr>
<td align="center">验证码 </td>
<td> <input name="CheckCode" type="text" class="input" size="7" maxlength="4">
<img src="GetCode.asp"> </td>
</tr>
<tr>
<td colspan="2" align="center"> <input name="Submit1" type="submit" width="110" height="88" border=0 onClick="return doSubmit()" value="登陆"> <a href="reg.asp?cao=jia" target="_blank">注册 </a> </td>
</tr>
</form>
</table>
<%elseif subm="ok" then
if code <>Session("ValidCode") then
response.write(" <script language=javascript>alert('您输入的验证码不正确!\n验证码区分大小写!');")
response.write("history.back(-1); </script>")
response.End()
end if
sql="select * from admin where user1='"&request.Form("user1")&"' and pass1='"&request.Form("pass1")&"' and ischecked=1"
set rs=server.CreateObject("adodb.recordset")
rs.open sql,conn,1,1
if rs.recordcount <>1 or rs(user1) <>user1 or rs(pass1) <>pass1 then
response.write(" <script language=javascript>alert('您输入的用户名或密码不正确!');")
response.write("history.back(-1); </script>")
response.End()
else
session("user1")=rs("user1")
session("pass1")=rs("pass1")
response.Redirect("list.asp")
end if
end if%>
数据库没有采用md5加密!
<!--#include file="conn.asp"-->
<!--#include file="cfsencode.asp"-->
<%user1=left(trim(request.Form("user1")),20)
pass1=cfsencode(trim(request.Form("pass1")))
Code=trim(request.Form("CheckCode"))
subm=trim(request.QueryString("subm"))
if subm <>"ok" then
%>
<Script Language=JavaScript>
// 表单提交客户端检测
function doSubmit(){
if (document.myform.user1.value==""){
alert("用户名不能为空!");
return false;
}
if (document.myform.pass1.value==""){
alert("密码不能为空!");
return false;
}
if (document.myform.CheckCode.value==""){
alert("验证码不能为空!");
return false;
}
//document.myform.submit();
}
</Script>
<table width="200" height="130" border="0" align="center" cellpadding="1" cellspacing="1" bgcolor="#CCCCCC" class="p91">
<form name="myform" method="post" action="index.asp?subm=ok">
<tr>
<td width="70" align="center">用户名 </td>
<td> <input name="user1" type="text" class="input" size="15" maxlength="20"> </td>
</tr>
<tr>
<td align="center">密 码 </td>
<td> <input name="pass1" type="password" class="input" size=15 maxlength=20> </td>
</tr>
<tr>
<td align="center">验证码 </td>
<td> <input name="CheckCode" type="text" class="input" size="7" maxlength="4">
<img src="GetCode.asp"> </td>
</tr>
<tr>
<td colspan="2" align="center"> <input name="Submit1" type="submit" width="110" height="88" border=0 onClick="return doSubmit()" value="登陆"> <a href="reg.asp?cao=jia" target="_blank">注册 </a> </td>
</tr>
</form>
</table>
<%elseif subm="ok" then
if code <>Session("ValidCode") then
response.write(" <script language=javascript>alert('您输入的验证码不正确!\n验证码区分大小写!');")
response.write("history.back(-1); </script>")
response.End()
end if
sql="select * from admin where user1='"&request.Form("user1")&"' and pass1='"&request.Form("pass1")&"' and ischecked=1"
set rs=server.CreateObject("adodb.recordset")
rs.open sql,conn,1,1
if rs.recordcount <>1 or rs(user1) <>user1 or rs(pass1) <>pass1 then
response.write(" <script language=javascript>alert('您输入的用户名或密码不正确!');")
response.write("history.back(-1); </script>")
response.End()
else
session("user1")=rs("user1")
session("pass1")=rs("pass1")
response.Redirect("list.asp")
end if
end if%>
...全文
请发表友善的回复…
发表回复
街头小贩 2009-04-24
- 打赏
- 举报
语法上看就是楼上兄弟指出的错误
xiaojielanbaihe 2009-04-24
- 打赏
- 举报
rs("user1") 而非 rs(user1)
xuyunbe1 2009-04-24
- 打赏
- 举报
8楼的帅哥终于把问题解决了!
即使不用你修改的代码,把你注释修改的地方修改了就可以登陆了!!!
即使不用你修改的代码,把你注释修改的地方修改了就可以登陆了!!!
xiaojielanbaihe 2009-04-24
- 打赏
- 举报
不判断bof是会被注入的
Msxindl_Com 2009-04-24
- 打赏
- 举报
将你的代码全部改了一下
<%@language="vbscript" codepage="936"%>
<!--#include file="conn.asp"-->
<%
if request.querystring("subm")="ok" then
dim user1,pass1,code
user1=trim(request.form("user1"))
'pass1=cfsencode(trim(request.form("pass1"))) '没采用MD5加密?那这句是??
pass1=trim(request.form("pass1"))
code=trim(request.form("CheckCode"))
if code<>Session("ValidCode") then
response.write("<script language=javascript>alert('您输入的验证码不正确!\n验证码区分大小写!');history.go(-1);</script>")
response.end
else
set rs=server.CreateObject("adodb.recordset")
'sql="select * from [admin] where user1='"&user1&"' and pass1='"&pass1&"'and ischecked=1" '既然admin表中只有两个字段,那最后一个条件是???
sql="select * from [admin] where user1='"&user1&"' and pass1='"&pass1&"'"
rs.open sql,conn,1,1
if rs.eof then
response.write("<script language=javascript>alert('您输入的用户名或密码不正确!');history.go(-1);</script>")
response.end
else
session("user1")=rs("user1")
session("pass1")=rs("pass1")
response.Redirect("list.asp")
end if
rs.close
set rs=nothing
end if
end if
%>
<html>
<head>
<title>用户登录</title>
<Script Language="JavaScript">
//表单提交客户端检测
function doSubmit(){
if (document.myform.user1.value==""){
alert("用户名不能为空!");
return false;
}
if (document.myform.pass1.value==""){
alert("密码不能为空!");
return false;
}
if (document.myform.CheckCode.value==""){
alert("验证码不能为空!");
return false;
}
return true;
}
</Script>
</head>
<body>
<table width="200" height="130" border="0" align="center" cellpadding="1" cellspacing="1" bgcolor="#CCCCCC" class="p91">
<form name="myform" method="post" action="?subm=ok" onsubmit="return doSubmit()">
<tr>
<td width="70" align="center">用户名 </td>
<td> <input name="user1" type="text" class="input" size="15" maxlength="20"> </td>
</tr>
<tr>
<td align="center">密 码 </td>
<td> <input name="pass1" type="password" class="input" size=15 maxlength=20> </td>
</tr>
<tr>
<td align="center">验证码 </td>
<td> <input name="CheckCode" type="text" class="input" size="7" maxlength="4"> <img src="GetCode.asp"> </td>
</tr>
<tr>
<td colspan="2" align="center"> <input name="Submit1" type="submit" width="110" height="88" border=0 value="登陆"> <a href="reg.asp?cao=jia" target="_blank">注册 </a> </td>
</tr>
</form>
</table>
</body>
</html>
xiaopingping123 2009-04-24
- 打赏
- 举报
把这句改成这样试试:sql="select * from admin where user1='"&request.Form("user1")&"' and pass1='"&request.Form("pass1")&"' and ischecked=1"
改成
sql = "select * from admin where user1='"&request("user1")&"' and pass1='"&request("pass1")&"'"
and ischecked=1"
改成
sql = "select * from admin where user1='"&request("user1")&"' and pass1='"&request("pass1")&"'"
and ischecked=1"
yanniu008 2009-04-24
- 打赏
- 举报
sql="select * from admin where user1='"&request.Form("user1")&"' and pass1='"&request.Form("pass1")&"' and ischecked=1"
set rs=server.CreateObject("adodb.recordset")
rs.open sql,conn,1,1
if not rs.eof then
response.write(" <script language=javascript>alert('您输入的用户名或密码不正确!');")
response.write("history.back(-1); </script>")
response.End()
end if
这样就可以了
set rs=server.CreateObject("adodb.recordset")
rs.open sql,conn,1,1
if not rs.eof then
response.write(" <script language=javascript>alert('您输入的用户名或密码不正确!');")
response.write("history.back(-1); </script>")
response.End()
end if
这样就可以了
xiaojielanbaihe 2009-04-24
- 打赏
- 举报
if rs.recordcount <>1 or rs("user1") <>user1 or rs("pass1") <>pass1 then
改成
if not (rs.bof and rs.eof) then
if rs("user1") <>user1 or rs("pass1") <>pass1 then
...
end if
else
......
end if
改成
if not (rs.bof and rs.eof) then
if rs("user1") <>user1 or rs("pass1") <>pass1 then
...
end if
else
......
end if
xuyunbe1 2009-04-24
- 打赏
- 举报
照1、2楼的说法修改后,还是不行。
我想主要问题还是出现在这几句:
sql="select * from admin where user1='"&request.Form("user1")&"' and pass1='"&request.Form("pass1")&"' and ischecked=1"
set rs=server.CreateObject("adodb.recordset")
rs.open sql,conn,1,1
if rs.recordcount<>1 or rs("user1")<>user1 or rs("pass1")<>pass1 then
response.write("<script language=javascript>alert('您输入的用户名或密码不正确!');")
response.write("history.back(-1);</script>")
response.End()
我想主要问题还是出现在这几句:
sql="select * from admin where user1='"&request.Form("user1")&"' and pass1='"&request.Form("pass1")&"' and ischecked=1"
set rs=server.CreateObject("adodb.recordset")
rs.open sql,conn,1,1
if rs.recordcount<>1 or rs("user1")<>user1 or rs("pass1")<>pass1 then
response.write("<script language=javascript>alert('您输入的用户名或密码不正确!');")
response.write("history.back(-1);</script>")
response.End()
