If Username <> "" Then
redirectLoginSuccess="main.asp"
redirectLoginFailed="sorry.asp"
set RSLogin = Server.CreateObject("ADODB.Recordset")
SQLLogin= "SELECT QUseName FROM dbo.Q_User WHERE QUseName='" & Replace(Username,"'","''") & "'"
RSLogin.Open SQLLogin,conn,0,1
If Not RSLogin.EOF Or Not RSLogin.BOF Then
RSLogin.Close
SQLLogin= "SELECT QUserId, QUseName, QIDCard, QPassword, QGroup FROM dbo.Q_User WHERE QUseName='" & Replace(Username,"'","''") & "'"& "AND QPassword='" & Replace(Password,"'","''") & "'"
RSLogin.Open SQLLogin,conn,0,1
If Not RSLogin.EOF Or Not RSLogin.BOF Then
' username and password match - this is a valid user
Session("UserName")=RSLogin("QUseName")
Session("IDCard")=RSLogin("QIDCard")
Session("UserGroup")=RSLogin("QGroup")
Session("Password")=RSLogin("QPassword")
Session("UserID")=RSLogin("QUserId")
RSLogin.Close
set RSLogin = Nothing
Response.Redirect(redirectLoginSuccess)
else
RSLogin.Close
set RSLogin = Nothing
Session("TheMessage") ="密码错误,请核对后再登录!"
Response.Redirect(redirectLoginFailed)
End If
else
Session("TheMessage") ="以上用户不存在,请核对后再登录!"
Response.Redirect(redirectLoginFailed)
end if
call CloseDatabase()
End If
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>登录系统</title>