<% module = Request("module") Select Case module Case "showForm" showForm("") Case "login" adminLogin() Case Else showForm("") End Select Function showForm(strMessage) beginAdminHtml() %> <%alertMessage(strMessage)%>

<% Response.End End Function Function adminLogin() Dim strUsername, strPassword Dim strDate, strMD5 strUsername = Request("username") strPassword = Request("password") If strUsername = "" And strPassword = "" Then showForm("请输入帐号和密码！") End If connect_db() sql = "select * from admins where admin_username = '" & replaceSQLString(strUsername) & "' and admin_password = '" & MD5(strPassword) & "'" Set rs = Server.CreateObject("ADODB.Recordset") rs.Open sql, conn, 3 If rs.BOF And rs.EOF Then showForm("登录失败，请输入正确的帐号和密码！") End If If rs("flag") <> 0 Then showForm("对不起，您的管理帐户已被冻结，请和系统管理员联系！") End If strDate = Now() strMD5 = MD5(strDate & strUsername) sql = "insert into admin_login_log (admin_username, login_time, checksum, remote_addr, flag) values ('" & replaceSQLString(rs("admin_username")) & "', '" & strDate & "', '" & strMD5 & "', '" & replaceSQLString(remote_addr) & "', 0)" Set rs = SErver.CreateObject("ADODB.Recordset") rs.Open sql, conn, 2, 1 Set rs = Nothing Set conn = Nothing Session("strUsername") = strUsername Session("strChecksum") = strMD5 Response.Redirect "workstation.asp" End Function %>