<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>
<%
dim act,username,userpass
act=request.QueryString("act")
%>
管理员登录
<%
if(act="login") then
'check code
if Cstr(request.Form("checkcode")) <> Cstr(Session("GetCode")) then
response.Write("")
Response.End
end if
if not isempty(request.Form("username")) then
username=replace(trim(request.Form("username")),"'","")
else
response.Write("")
response.End()
end if
if not isempty(request.Form("userpass")) then
userpass=replace(trim(request.Form("userpass")),"'","")
userpass = Md5(userpass,32)
else
response.Write("")
response.End()
end if
if(username<>"" and userpass<>"") then
set rs=server.CreateObject("adodb.recordset")
rs.open "select * from t_user where username='"&username&"' and userpass='"&userpass&"'",conn,3,1
if not rs.eof and not rs.bof then
session("username")=username
session("usertype")=rs("usertype")
rs.close
set rs=nothing
response.Redirect("index.asp")
else
response.Write("")
rs.close
set rs=nothing
call connclose()
response.End()
end if
else
response.Write("")
call connclose()
response.End()
end if
else
%>