<% dim username,UserPassword,comeurl,passcode username=FormatSQL(replace(trim(request.form("username")),"'","")) 'UserPassword=md5(FormatSQL(replace(trim(request.Form("UserPassword")),"'",""))) UserPassword=FormatSQL(replace(trim(request.Form("UserPassword")),"'","")) if not isnumeric(request.form("passcode")) then response.Write "" conn.Close set conn=nothing response.end end if passcode=Cint(request.form("passcode")) comeurl=request.form("comurl") if comeurl="" then comeurl="index.asp" end if if passcode<>Session("GetCode") then response.Write "" conn.Close set conn=nothing response.end end if if username="" or UserPassword="" then response.Write "" conn.Close set conn=nothing response.end end if set rs=server.CreateObject("adodb.recordset") rs.Open "select * from [user] where UserPassword='"&UserPassword&"' and username='"&username&"' " ,conn,1,3 'rs.Open "select * from [user] where username='"&username&"' " ,conn,1,3 'response.write rs.recordcount&"
" 'response.write rs("UserPassword")&"
" if not(rs.bof and rs.eof) then if UserPassword=rs("UserPassword") and passcode=Session("GetCode") then response.Cookies("timesshop")("username")=trim(request.form("username")) Response.Cookies("timesshop").Expires = Now()+1 Response.Cookies("timesshop")("vip")=rs("vip") rs("LastLogin")=now() rs("UserLogins")=rs("UserLogins")+1 rs.Update rs.Close set rs=nothing conn.Close set conn=nothing response.redirect comeurl else response.write "" rs.Close set rs=nothing conn.Close set conn=nothing response.end end if else 'response.write username&" "&userpassword response.write "" rs.Close set rs=nothing conn.Close set conn=nothing response.end end if %>