<%
user_name=trim(request.form("user_name"))
user_password=trim(request.form("user_pwd"))
if user_name="" or user_password="" then
NiceError "管理用户名和密码不能为空!返回"
elseif (instr(1,user_name,"'",1)>0 or instr(1,user_password,"'",1)>0 or instr(1,user_name,"=",1)>0 or instr(1,user_password,"=",1)>0 or instr(1,user_name,"<",1)>0 or instr(1,user_password,"<",1)>0 or instr(1,user_name,">",1)>0 or instr(1,user_password,">",1)>0) then
NiceError "操作出错,请重新登录!返回"
else
sql ="select * from viplist where vip_name='"& user_name &"'"
openrs rs,sql,2,2
If rs.EOF Or rs.BOF Then
NiceError "用户名或密码错误,请重新登录!返回"
elseif rs("vip_pwd")<>user_password then
NiceError "用户名或密码错误,请重新登录!返回"
else
session("irbuser")=1
session("chkuser")= user_name
end if
rs.close
set rs=nothing
set conn=nothing
response.redirect "vipindex.asp"
end if
%>
|
