2023-11-21 16:24来源:m.sf1369.com作者:宇宇
<%
Dim Unam,pwd
Unam=Trim(Request.Form(Unam))
pwd=Trim(Request.Form(pwd))
If Unam= or pwd=差姿扮 Then
Response.Write (<script>alert('登陆失败!\n\n错误原因虚灶:帐号和密码未填。');history.back();</script>)
Response.end
随便看了下,好像上面代码里有点册高小问题。
<script language=javascript>
<!--
//验证输入
function CheckForm()
{
if(document.Login.uid.value==)
{
alert(请输入用户名!);
document.Login.uid.focus();
return false;
}
if(document.Login.pwd.value == 携禅)
{
alert(请输入密码!);
document.Login.pwd.focus();
return false;
}
if (document.Login.verifycode.value==){
alert (请输入您的验证码!);
document.Login.verifycode.focus();
return(false);
}
}
-->
</script>
//表单
FORM name=Login action=admin_check.asp method=post onSubmit=return CheckForm();>
<table width=682 height=170 border=0 align=center cellpadding=0 cellspacing=0 background=images/backlogin.jpgclass=t_table>
<tr>
<th width=134 height=100 scope=col> </th>
<th width=53 scope=col> </th>
<th width=84 scope=col> </th>
<th width=100 scope=col> </th>
<th width=111 scope=col> </th>
<th width=44 scope=col> </th>
</tr>
<tr>
<td height=35> </td>
<td><span class=STYLE3>管理员:</span></td>
<td colspan=2><input name=uid class=inputname type=text id=uid style=border: 1px solid #999999;FONT-SIZE: 9pt; height:21;width:165 size=16></td>
<td rowspan=3> </td>
<td> </td>
</tr>
<tr>
<td height=35> </td>
<裤明td><span class=STYLE3辩纯尘>密 码:</span></td>
<td colspan=2><input name=pwd class=inputpassword type=password id=pwd style=border: 1px solid #999999;FONT-SIZE: 9pt; height:21;width:165 size=16></td>
<td> </td>
</tr>
<tr>
<td height=35> </td>
<td>验证码:</td>
<td><input name=verifycode type=text value=<%If GetCode=9999 Then Response.Write 9999%> maxlength=4 size=10 style=border: 1px solid #999999; FONT-SIZE: 9pt;></td>
<td><img src=GetCode.asp></td>
<td> </td>
</tr>
<tr>
<td> </td>
<td colspan=4 valign=middle>
<input name=button type=image src=images/login.gif width=74 height=39 border=0> <a href=../index.asp><img src=images/quxiao.gif width=75 height=39 border=0></a></td>
<td> </td>
</tr>
<tr>
<td> </td>
<td colspan=4> </td>
<td> </td>
</tr>
</table>
</FORM>
以上的放在同一个asp文件中
//admin_check.asp
<%response.Expires = 0%>
<!--#include file=conn.asp-->
<!--#include file=md5.asp-->
<%
'防SQL注入
function errsql(strget)
strcheck=strget
dim nothis(16)
nothis(0) = net user
nothis(1) = xp_cmdshell
nothis(2) = /add
nothis(3) = exec%20master.dbo.xp_cmdshell
nothis(4) = net localgroup administrators
nothis(5) = select
nothis(6) = count
nothis(7) = asc
nothis(8) = char
nothis(9) = mid
nothis(10) = '
nothis(11) =
nothis(12) = insert
nothis(13) = delete
nothis(14) = drop
nothis(15) = truncate
nothis(16) = from
for i=1 to ubound(nothis)
if instr(strget,nothis(i)) then
response.write <script language=javascript>alert('输入信息含有非法字符,请重新输入!');history.go(-1);</script>
response.End
end if
next
errsql = strcheck
end function
%>
<%
dim admin,password,webpassword
admin=errsql(trim(request(uid)))
webpassword=errsql(trim(request(pwd)))
password=md5(webpassword)
if cstr(session(getcode))<>cstr(trim(request(verifycode))) then
response.Write <script LANGUAGE='javascript'>alert('请输入正确的验证码!');history.go(-1);</script>
response.end
end if
set rs=server.CreateObject(adodb.recordset)
rs.Open select * from master where name='&admin&' and password='&password&' ,conn,1,1
if not(rs.bof or rs.eof) then
if password=rs(password) then
session(admin)=trim(rs(name))
session.Timeout=20
rs.Close
set rs=nothing
response.Redirect index.asp
else
response.write <script LANGUAGE='javascript'>alert('对不起,登陆失败!');history.go(-1);</script>
end if
else
response.write <script LANGUAGE='javascript'>alert('用户名或密码错误!');history.go(-1);</script>
end if
%>
上面的conn.asp是连接Access数据库的,数据库和数据库的表,自己建立没问题吧
用DW设计一下就OK了
