<%
dim action,comeurl,mark,graden
action=request.querystring("action")
select case action
case""
comeurl=Request.ServerVariables("HTTP_REFERER")
%>
用户登陆
<%case"login"
dim adminid,cook,login
lgname=Replace(Request.Form("lgname"),"'","''")
lgpwd=Replace(Request.Form("lgpwd"),"'","''")
adminid=Replace(Request.Form("adminid"),"'","''")
comeurl=Replace(Request.Form("comeurl"),"'","''")
lgtype=checknum(Request.Form("lgtype"))
cook=checknum(Request.Form("cook"))
%>
<%
login=true
if session("adminid")<>adminid or not isnumeric(adminid) or adminid="" then
login=false
mes="·您输入的验证码错误,请输入正确的四位验证码! "
else
function pname(str)
pname=true
if Instr(str,"=")>0 or Instr(str,"%")>0 or Instr(str,chr(32))>0 or Instr(str,"?")>0 or Instr(str,"&")>0 or Instr(str,";")>0 or Instr(str,",")>0 or Instr(str,"'")>0 or Instr(str,".")>0 or Instr(str,chr(34))>0 or Instr(str,chr(9))>0 or Instr(str,"")>0 or Instr(str,"$")>0 or Instr(str,chr(255))>0 or Instr(str,":") or instr(str,"|")>0 or instr(str,"#")>0 or instr(str,"`")>0 or instr(str,"\")>0 or instr(str,"(")>0 or instr(str,"[")>0 or instr(str,"-")>0 or instr(str,"~") then
pname=false
end if
end function
if pname(lgname)=false then
login=false
mes=mes&"·你的用户名或者密码错误,或者该用户已经被删除。 "
else
lgpwd=md5(lgpwd)
set rs=conn.execute("select top 1 userid,mark,grade,type,lasttime from [user] where name='"&lgname&"' and password='"&lgpwd&"' and not del")
if rs.eof then
login=false
mes=mes&"·你的用户名或者密码错误,或者该用户已经被删除。 "
elseif DateDiff("n",rs("lasttime"),now()+(timeset/24))<10 then
login=false
mes=mes&"·登陆间隔时间过短,论坛限制2次登陆间隔至少10分钟。"
else
login=true
lguserid=rs("userid")
session(prefix&"usertype2")=rs("type")
mark=rs("mark")+1
graden=mark\200
grade=rs("grade")
session(prefix&"usergrade")=grade
end if
set rs=nothing
end if
end if
if login=false then
tl=" 登 陆 失 败"
response.write""
mes=mes&"·返回重新填写"
else
Response.Cookies(prefix)("lgname")=lgname
session(prefix&"lgname")=lgname
Response.Cookies(prefix)("lgpwd")=lgpwd
Response.Cookies(prefix)("lgtype")=lgtype
Response.Cookies(prefix)("lgcook")=cook
if cook>0 then
Response.Cookies(prefix).Expires=date+cook
end if
session(prefix&"lguserid")=lguserid
lguserid=session(prefix&"lguserid")
conn.execute("update [user] set mark=mark+1,lasttime=now()+"×et&"/24 where userid="&lguserid&"")
'usertype 0游客 1会员 2vip 3斑竹 4超级 5管理员
adminbd="0"
usertype=1
if grade=13 then usertype=2
if grade=14 then
usertype=3
set getadminbd=conn.execute("select bd from admin where name='"&lgname&"' and password='"&lgpwd&"'")
do while not getadminbd.eof
adminbd=adminbd&"|"&getadminbd("bd")&"|"
getadminbd.movenext
loop
set getadminbd=nothing
end if
if grade=15 then usertype=4
if grade=16 then usertype=5
if usertype<2 then
if graden>13 then graden=13
conn.execute("update [user] set grade="&graden&" where userid="&lguserid&"")
end if
session(prefix&"usertype")=usertype
session(prefix&"adminbd")=adminbd
dim sql
conn.execute("delete*from online where ip='"&ip&"' or userid="&lguserid&"")
if lgtype=1 then
sql="insert into online values("&lguserid&",'"&lgname&"','"&ip&"',now(),"&usertype&",true,0,'')"
else
sql="insert into online values("&lguserid&",'"&lgname&"','"&ip&"',now(),"&usertype&",false,0,'')"
end if
conn.execute(sql)
if instr(comeurl,"reg.asp")>0 or instr(comeurl,"login.asp")>0 or comeurl="" then
comeurl=""
else
comeurl="· ·"&server.htmlencode(comeurl)&""
if instr(Lcase(comeurl),"left.asp")>0 then comeurl=""
end if
tl=" 登 陆 成 功"
mes="·3 秒钟后将自动返回首页 ·进入论坛首页"&comeurl
end if
call sendinfo(tl,mes)
if login=true then%>
<%end if
case"exit"
Response.Cookies(prefix)("lgname")=""
Response.Cookies(prefix)("lgpwd")=""
Response.Cookies(prefix)("lgtype")=""
Response.Cookies(prefix)("lgcook")=""
if isnull(lguserid) or lguserid="" then lguserid=0
conn.execute("delete*from [online] where userid="&lguserid&"")
session(prefix&"lgname")=""
session(prefix&"lguserid")=""
session(prefix&"usertype")=""
session(prefix&"adminbd")=""
session(prefix&"usertype2")=""
tl=" 退 出 成 功"
mes="·已经成功的退出论坛 ·重新登陆论坛 ·进入论坛首页 "
call sendinfo(tl,mes)
%><%
end select
call down%>