<%dim admin,UserPassword,passcode admin=FormatSQL(replace(trim(request.form("admin")),"'","")) UserPassword=md5(FormatSQL(replace(trim(request.Form("UserPassword")),"'",""))) if admin="" or UserPassword="" then response.Write "" conn.Close set conn=nothing response.end end if if not isnumeric(request.form("passcode")) then response.Write "" conn.Close set conn=nothing response.end end if passcode=Cint(request.form("passcode")) set rs=server.CreateObject("adodb.recordset") rs.Open "select * from [admin] where UserPassword='"&UserPassword&"' and admin='"&admin&"' " ,conn,1,1 if rs.bof and rs.eof then response.write "" rs.Close set rs=nothing conn.Close set conn=nothing response.end else if passcode<>Session("GetCode") then response.Write "" rs.Close set rs=nothing conn.Close set conn=nothing response.end end if if UserPassword=rs("UserPassword") and admin=rs("admin") then session("admin")=trim(rs("admin")) session("rank")=int(rs("rank")) session.Timeout=20 response.Cookies("timesshop")("admin")=trim(request.form("admin")) Response.Cookies("timesshop").Expires = Now()+1 rs.Close set rs=nothing conn.Close set conn=nothing response.Redirect "index.asp" else response.write "" rs.Close set rs=nothing conn.Close set conn=nothing end if end if %>