<% dim username,UserPassword,comeurl,passcode username=FormatSQL(replace(trim(request("UN")),"'","")) ' 从浏览器直接取参数，一般用于邮件中链接 UserPassword=FormatSQL(replace(trim(request("UPS")),"'","")) if username="" or UserPassword="" then username=FormatSQL(replace(trim(request.form("username")),"'","")) UserPassword=FormatSQL(replace(trim(request.Form("UserPassword")),"'","")) if not isnumeric(request.form("passcode")) then response.Write "" conn.Close set conn=nothing response.end end if passcode=Cint(request.form("passcode")) comeurl=request.form("comeurl") 'response.write comeurl&"
好" if comeurl="" or comeurl="login.asp" then comeurl="index.asp" 'response.write comeurl&"
好" end if if passcode<>Session("GetCode") then response.Write "" conn.Close set conn=nothing response.end end if if username="" or UserPassword="" then response.Write "" conn.Close set conn=nothing response.end end if set rs=server.CreateObject("adodb.recordset") rs.Open "select * from [user] where disable<>1 and UserPassword='"&UserPassword&"' and username='"&username&"' " ,conn,1,3 if not(rs.bof and rs.eof) then if UserPassword=rs("UserPassword") and passcode=Session("GetCode") then response.Cookies("timesshop")("username")=trim(request.form("username")) Response.Cookies("timesshop").Expires = Now()+1 Response.Cookies("timesshop")("vip")=rs("vip") rs("LastLogin")=now() rs("UserLogins")=rs("UserLogins")+1 rs.Update rs.Close set rs=nothing conn.Close set conn=nothing 'response.write comeurl&"
好" 'response.end response.redirect "/shop/user/index.asp" else response.write "" rs.Close set rs=nothing conn.Close set conn=nothing response.end end if else response.write "" rs.Close set rs=nothing conn.Close set conn=nothing response.end end if else set rs=server.CreateObject("adodb.recordset") rs.Open "select * from [user] where disable<>1 and UserPassword='"&UserPassword&"' and username='"&username&"' " ,conn,1,3 if not(rs.bof and rs.eof) then response.write "have
" response.Cookies("timesshop")("username")=username 'trim(request("username")) Response.Cookies("timesshop").Expires = Now()+1 Response.Cookies("timesshop")("vip")=rs("vip") rs("LastLogin")=now() rs("UserLogins")=rs("UserLogins")+1 rs.Update 'response.redirect "index.asp" response.redirect "/user/index.asp" else response.write "" response.redirect "login.asp" '失败则转向登录页面 end if rs.Close set rs=nothing conn.Close set conn=nothing end if %>