<% option explicit %>
<!--#include file="function/DBOpen.asp"-->
<%
if request("username")<>"" and request("userpassword")<>"" then
dim name
dim pwd
dim sql
dim rs,rs2
dim groupid
name=replace(request.form("username"),"'","''")
pwd=replace(request.form("userpassword"),"'","''")
set rs = server.createobject("adodb.recordset")
sql="select * from users where userid='" & name & "' and pwd='" & pwd & "' and flag=1"
rs.open sql,conn,1,1
if err.number <> 0 then
response.write "数据库操作失败:"&err.description
response.end
else
if not rs.eof and not rs.bof then
session("purview")=rs("purview")
session("name")=rs("userid")
groupid=rs("groupid")
set rs2=server.CreateObject("adodb.recordset")
rs2.open "select * from [right] where groupid="&groupid&"",conn,1,1
if rs2.eof and session("purview")<>"99999" then
response.Write("<script>alert('您的权限不足以登陆本系统');</script>")
response.write("<script>history.back();</script>")
response.end
else
response.redirect "admin/index.asp"
end if
end if
end if
rs.close
set rs=nothing
end if
%>
<html>
set Application("ora8_Conn")=Server.CreateObject("ADODB.Connection")
Application("ora8_Conn").Open Application("ora8_ConnectionString")
End Sub
Sub Application_OnEnd
Application("ora8_Conn").Close()
set Application("ora8_Conn")=Nothing
End Sub
</SCRIPT>
用户登录check.asp
<%
set myResult = Server.CreateObject("Adodb.Recordset")
sSQL="select * from T_USER_INFO where USER_ID='" & trim(request("userid")) & "' and USER_PWD='" & trim(request("userpass")) &"'"
myResult.Open sSQL,Application("ora8_Conn"),3,3
if (myResult.bof and myResult.eof) then
myResult.close
response.redirect "index.asp"
response.end
else
session("user_id") = trim(myResult("USER_ID"))
session("user_name") = trim(myResult("USER_NAME"))
session("DEP_ID") = trim(myResult("DEP_ID"))
response.redirect "mainform.asp"
end if
myResult.close
%>