<!--#include file="sb/const.asp" -->
<!--#include file="conn.asp"-->
<!-- #include file="md5.asp" -->
<%
dim action,wzhi,worul
' worul="/sb/ttasp_checkset_add.asp"
wzhi=request("myurl")
action=Request.QueryString("action")
fileName = Request.ServerVariables("script_name")
username=trim(request("user"))
userpw=trim(request("userpw"))
'*********************************************************
' 目的: 管理员登陆界面
'*********************************************************
sub login()
%>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<title><%=CompanyName%><%=request("age")%><%=wzhi%></title>
………
<form name="login" id="login" method="post" action="<%=fileName%>?action=chk">
……
'*********************************************************
' 目的: 用户检测界面
'*********************************************************
sub chk(UserName, Password)
dim strUser
strUser = UserName
strPassword = md5(Password)
'SQL安全检查
strUser = SQLInject(strUser)
strPassword = SQLInject(strPassword)
set rs13=server.CreateObject("Adodb.recordSet")
sql13="select * from admin where admin_id='"&strUser&"' and admin_pw='"&strPassword&"'"
rs13.open sql13,connstr,1,3
if rs13.bof or rs13.eof then
response.write ("<script>alert('用户名或密码错误');location.href='"+fileName+"';</script>")
else
rs13("lastlogin_time")=Trim(now())
rs13("lastlogin_ip")=Trim(Request.ServerVariables("REMOTE_ADDR"))
session("web_admin")=rs13("admin_id")
session("cname")=rs13("admin_name")
session("rank")=rs13("rank")
rs13.Update
rs13.close
set rs13=nothing
' Response.Redirect("default.asp")
' Response.Redirect(wzhi)
Response.Write("<script>alert('网址是"&request("myurl")&""&request.querystring("age")&""&aa&"对的')</script>")
end if
end sub
'*********************************************************
' 目的: 退出登陆界面
'*********************************************************
sub out()
session("web_admin")=""
session("cname")=""
session("rank")=""
response.write ("<script>window.open('login.asp','_parent');</script>")
end sub
%>
页面代码的上面request(“myurl”)可以取到值,并在title中测试时可以显示出来;在下面的sub chk中,request(“myurl”)取到的是空的,弹窗中没有显示。