<% cdc_name=trim(request.form("cdc_name")) cdc_password=trim(request.form("cdc_pwd")) if cdc_name="" or cdc_password="" then NiceError "用户名和密码不能为空!返回" elseif (instr(1,cdc_name,"'",1)>0 or instr(1,cdc_password,"'",1)>0 or instr(1,cdc_name,"=",1)>0 or instr(1,cdc_password,"=",1)>0 or instr(1,cdc_name,"<",1)>0 or instr(1,cdc_password,"<",1)>0 or instr(1,cdc_name,">",1)>0 or instr(1,cdc_password,">",1)>0) then NiceError "用户名和密码填写错误!返回" else sql ="select * from viplist where vip_name='"& cdc_name &"'" openrs rs,sql,2,2 If rs.EOF Or rs.BOF Then NiceError "用户名或密码错误，请重新登录！返回" elseif rs("vip_pwd")<>cdc_password then NiceError "用户名或密码错误，请重新登录！返回" else session("cdcuser")=1 session("chkuser")= cdc_name session("chkkeshi")=rs("科室") session("chktruename")=rs("truename") if rs("新通知")=1 then rs("新通知")=0 rs.update newtz=1 end if end if rs.close set rs=nothing set conn=nothing if newtz=1 then response.redirect "vip_index.asp?newtz=1" else response.redirect "vip_index.asp" end if end if %>