28,391
社区成员
发帖
与我相关
我的任务
分享
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<!--#include file="../inc/Fzwlt_AdminConn.asp"-->
<!--#include file="images/login/md5/md5.asp" -->
<!--#include file="images/login/md5/CFS.asp" -->
<%
if trim(request("OK"))="1" then
Response.Cookies("Fzwlt")("strUsername") = Trim(request("username"))
Response.Cookies("Fzwlt")("strPassword") = trim(request("password"))
Response.Cookies("Fzwlt")("OKCookie")=trim(request("OK"))
'Response.cookies("Fzwlt").expires=date+365
Response.Cookies("Fzwlt").Expires=DateAdd("y",30,Now())
%>
<%
Dim DBC,RsLoginObj,RsLogObj
Dim UserName,UserPass,VerifyCode,System,SqlLog,SqlLogin,Url
Url = Request("UrlAddress")
if Url = "" then
Url = "Fzwlt_MainFrame.asp"
end if
'Response.Write(Url)
'Response.End
UserName = Replace(Trim(Request.Form("UserName")),"'","''")
UserPass1 = CfsEnCode(Replace(Trim(Request.Form("Password")),"'","''"))
VerifyCode = Replace(Trim(Request("verifycode")),"'","")
UserPass=md5(UserPass1)
if UserName = "" or UserPass = "" then
Response.Redirect("Fzwlt_Errorp.asp?ErrDescription=用户名和密码不能为空!")
Response.End
end if
if Instr(request.form("UserName"),"=")>0 or Instr(request.form("UserName"),"%")>0 or Instr(request.form("UserName"),chr(32))>0 or Instr(request.form("UserName"),"?")>0 or Instr(request.form("UserName"),"&")>0 or Instr(request.form("UserName"),";")>0 or Instr(request.form("UserName"),",")>0 or Instr(request.form("UserName"),"'")>0 or Instr(request.form("UserName"),",")>0 or Instr(request.form("UserName"),chr(34))>0 or Instr(request.form("UserName"),chr(9))>0 or Instr(request.form("UserName"),"")>0 or Instr(request.form("UserName"),"$")>0 then
response.write"<script>alert('错误提示信息!\n\n用户名或密码不能在非法字符!点击确定返回重新输入!');javascript:history.go(-1);</script>"
response.End()
end if
if VerifyCode <> CStr(Session("GetCode")) then
response.write"<script>alert('错误提示信息!\n\n验证码错误!点击确定返回重新输入!');javascript:history.go(-1);</script>"
Response.End
end if
if request("verifycode")="" then
response.write"<script>alert('错误提示信息!\n\n请输入验证码!点击确定返回重新输入!');javascript:history.go(-1);</script>"
Response.End
elseif Session("GetCode")="9999" then
Session("GetCode")=""
elseif Session("GetCode")="" then
response.write"<script>alert('错误提示信息!\n\n请不要重复提交!点击确定返回重新输入!');javascript:history.go(-1);</script>"
Response.End
elseif cstr(Session("GetCode"))<>cstr(trim(request("verifycode"))) then
response.write"<script>alert('错误提示信息!\n\n你输入的验证码和系统产生的不一致!点击确定返回重新输入!');javascript:history.go(-1);</script>"
Response.End
end if
Session("GetCode")=""
set RsLoginObj = server.CreateObject ("ADODB.RecordSet")
SqlLogin = "select * from Fzwlt_Admin where UserName='"&UserName&"' and password='"&UserPass&"'"
RsLoginObj.Open SqlLogin,Conn,1,1
Session("Fzwlt_flag")=RsLoginObj("Fzwlt_flag")
Session("loginnos")=RsLoginObj("loginnos")
Session("loginip")=RsLoginObj("loginip")
Session("Csny")=RsLoginObj("Csny")
Conn.Execute("Update [Fzwlt_Admin] Set Csny='"&now()&"',loginnos=loginnos+1,loginip='"&Request.ServerVariables("REMOTE_ADDR")&"' Where UserName='"&UserName&"'")
System = Request.ServerVariables("HTTP_USER_AGENT")
if Instr(System,"Windows NT 5.0") then
System = "Win2000"
elseif Instr(System,"Windows NT 5.2") then
System="Win2003"
elseif Instr(System,"Windows NT 5.1") then
System = "WinXP"
elseif Instr(System,"Windows NT") then
System = "WinNT"
elseif Instr(System,"Windows 9") then
System = "Win9x"
elseif Instr(System,"unix") or instr(System,"linux") or instr(System,"SunOS") or instr(System,"BSD") then
System = "类Unix"
elseif Instr(System,"Mac") then
System = "Mac"
else
System = "Other"
end if
if Not RsLoginObj.EOF then
if RsLoginObj("Lock")=1 then
response.write"<script>alert('错误提示信息!\n\n你的帐号已锁定或无权进入!\n\n点击确定返回!');javascript:history.go(-1);</script>"
Response.End
end if
Session("UserName") = UserName
Session("PassWord") = UserPass
Session("AdminID") = RsLoginObj("AdminID")
Response.Cookies("Foosun")("UserName") = UserName
Response.Cookies("Foosun")("Password") = UserPass
Set RsLogObj = Server.Createobject("adodb.recordset")
SqlLog = "select * from Fzwlt_Log"
RsLogObj.open SqlLog,Conn,3,3
RsLogObj.addnew
RsLogObj("LogUser")=UserName
RsLogObj("LogIP")=request.ServerVariables("Remote_Addr")
RsLogObj("OS")=System
RsLogObj("Result") = 1
RsLogObj("Csny") = now()
RsLogObj.update
RsLogObj.close
set RsLogObj = Nothing
Response.Redirect(Url)
Response.End
else
set RsLogObj = Server.Createobject("adodb.recordset")
SqlLog = "select * from Fzwlt_Log"
RsLogObj.open SqlLog,Conn,3,3
RsLogObj.AddNew
RsLogObj("LogUser") = Request.Form("UserName")
RsLogObj("LogIP") = request.ServerVariables("Remote_Addr")
RsLogObj("OS") = System
RsLogObj("Errorpas") = Request.Form("Password")
RsLogObj("Result") = false
RsLogObj("Csny") = now()
RsLogObj.update
RsLogObj.close
set RsLogObj = Nothing
response.write"<script>alert('错误提示信息!\n\n非法登录, 请检查用户名和密码的是否正确!\n\n点击确定返回重新输入!');javascript:history.go(-1);</script>"
Response.End
end if
%>