在防止暴力破解是,记录ip登陆数:
每次出错 session("hfvipok_admin_login")=session("hfvipok_admin_login")+1
if session("hfvipok_admin_login")>=5 then
Set rs=Server.CreateObject("ADODB.RecordSet")
sql="select * from hfvipsetup"
rs.open sql,conn,1,3
userip=Request.serverVariables("REMOTE_ADDR")
if instr(rs("ip"),userip)<0 then rs("ip")=rs("ip")&"@"&userip
rs.update
rs.close
set rs=nothing
//检验登陆字符串,防止柱入等。。接口if checktext(request("username"))<>request("username")
function checktext(txt)
checktext=txt
chrtxt="33|34|35|36|37|38|39|40|41|42|43|44|47|58|59|60|61|62|63|91|92|93|94|96|123|124|125|126|128"
chrtext=split(chrtxt,"|")
for c=0 to ubound(chrtext)
checktext=replace(checktext,chr(chrtext(c)),"")
next
end function
function ii11ii1(ii1liil)
ii11iil=split(ii1liil,".")
ii11ii1=ii11iil(0)&"."&ii11iil(1)&"."&ii11iil(2)&".**"
end function
当没有登陆码的时候,出错返回页面的时候不能刷新,否则用户会失去登陆输入应该:
response.write "<script language='javascript'>"
response.write "alert('填写不完整,请检查后重新提交!');"
response.write "location.href='javascript:history.go(-1)';"
response.write "</script>"
response.end
登陆成功:
set rs=conn.execute("select * from manage where password='"&md5(password)&"' and username='"&username&"'")
if not(rs.bof and rs.eof) then
session("hfvipok_admin_login")=0
Response.cookies("hfvipok")("admin")=username '设置cookies
Response.Redirect (path&"/index.asp") '登入真实后台
页面判断是否登陆。
<%
if request.cookies("hfvipok")("admin")="" then response.write "<meta http-equiv='refresh' content='0;URL=../admin.asp'>"
%>
|