set rs=server.createobject("adodb.recordset")
sql="select * from admin where username='"&user&"'"
rs.open sql,conn,1,1
if not(rs.bof and rs.eof) then
if password=rs("password") and user=rs("username") then
response.cookies("admin")=true
response.redirect "admin2.asp"
else
Response.Redirect "error/error06.asp"
end if
end if
rs.close
conn.close
set rs=nothing
set conn=nothing
%>
--------------------
然后在需要保护的页面写上:
<%
if request.cookies("admin")="" then
response.redirect "admin.asp"
end if
%>
---------------------------
用户如果知道了路径,怎样也绕不过验证。