28,390
社区成员
发帖
与我相关
我的任务
分享
<%
Dim Rs,Sql
Admin=Trim(Request.Form("Admin"))
Pass=Md5(Trim(Request.Form("Pass")))
Admin=Replace(Admin,"'","''")
Pass=Replace(Pass,"'","''")
set Rs=Server.CreateObject("ADODB.RecordSet")
Sql="select * from AdminData where Name='" & Admin & "' and Pass='" & Pass & "'"
Rs.Open sql,conn,1,3
if Rs.eof and Rs.bof then
Rs.close
Set Rs=nothing
InsertLog(False)
response.write"<SCRIPT language=JavaScript>alert('用户名或密码不正确!');"
response.write"javascript:history.go(-1)</SCRIPT>"
Response.end
Else
Session("Admin_name") = Rs("Name")
Session("Last_Ip") = Rs("Login_Ip")
Session("Login_Ip") = Request.ServerVariables("REMOTE_HOST")
Session("Last_Time") = Rs("Login_Time")
Session("Login_Time") = Now()
Rs("Last_Ip") =Rs("Login_Ip")
Rs("Login_Ip") = Request.ServerVariables("REMOTE_HOST")
Rs("Last_Time") =Rs("Login_Time")
Rs("Login_Time") = Now()
Rs.Update
Rs.Close
Set Rs = Nothing
InsertLog(True)
Response.Redirect "index.asp"
end if
%>
Set conn = CreateObject("ADODB.Connection")
conn.Open "Provider=SQLNCLI;Server=127.0.0.1;Database=XXX;Uid=sa;Pwd=sa;"
Admin = Trim(Request.Form("Admin"))
Pass = Md5(Trim(Request.Form("Pass")))
sql = "SELECT * FROM AdminData WHERE Name=? AND Pass=?"
Set cmd = CreateObject("ADODB.Command")
Set cmd.ActiveConnection = conn
cmd.CommandText = sql
cmd.CommandType = 1
cmd.Prepared = True
Set prm = cmd.CreateParameter("Name", 200, 1, 50, Admin)
cmd.Parameters.Append prm
Set prm = cmd.CreateParameter("Pass", 200, 1, 50, Pass)
cmd.Parameters.Append prm
Set rs = CreateObject("ADODB.RecordSet")
rs.CursorLocation = 3
rs.Open cmd, , 1, 3
If rs.BOF And rs.EOF Then
rs.close
Set rs = Nothing
conn.Close
Set conn = Nothing
InsertLog(False)
response.write "<SCRIPT language=JavaScript>alert('用户名或密码不正确!');"
response.write "javascript:history.go(-1)</SCRIPT>"
Response.end
Else
Session("Admin_name") = rs("Name")
Session("Last_Ip") = rs("Login_Ip")
Session("Login_Ip") = Request.ServerVariables("REMOTE_HOST")
Session("Last_Time") = rs("Login_Time")
Session("Login_Time") = Now()
rs("Last_Ip") = rs("Login_Ip")
rs("Login_Ip") = Request.ServerVariables("REMOTE_HOST")
rs("Last_Time") = rs("Login_Time")
rs("Login_Time") = Now()
rs.Update
rs.Close
Set rs = Nothing
conn.Close
Set conn = Nothing
InsertLog(True)
Response.Redirect "index.asp"
End If