2。后天的登陆密码是MD5加密后才储存进数据库的,单我还设置了个同时把明文密码存到同一数据库同一表下的另一列里以防备用.
MD5密文密码是储存在数据库里的sd_admin表下的sdcms_pw列里
明文密码是储存在同一数据库同一sd_admin表下的Penname列里
3.应该怎样修改登陆页面去掉这个MD5加密功能,不再加密后再跟数据库里的MD5密文对比,直接用输入的明文密码password字段跟数据库里的明文密码对比然后登陆呢?
1。请高手们帮我详细解答出来并完全解决这个问题后,给兄弟加高分
12。下面列出我的后台登陆页面index.asp的代码:
<!--#include file="Admin_check.asp"-->
<%
Const loginnum=20 '登录失败后,禁止的登录的次数(不建议改为很大数字)
Select Case action
Case "check":check
Case "out":out
Case Else:main
End Select
Closedb
Sub main()
IF Load_Cookies("sdcms_name")<>"" And Load_Cookies("sdcms_pwd")<>"" Then
Return("Admin_index.asp"):Died
End IF
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<TITLE>后台管理系统登录</TITLE>
<META http-equiv=Content-Type content="text/html; charset=gb2312">
<STYLE>
TD {
FONT-SIZE: 11px; COLOR: #000000; FONT-FAMILY: Verdana, Arial, Helvetica, sans-serIf; TEXT-DECORATION: none
}
.input_1 {
BORDER-RIGHT: #999999 1px solid; PADDING-RIGHT: 2px; BORDER-TOP: #999999 1px solid; PADDING-LEFT: 2px; LIST-STYLE-POSITION: inside; FONT-SIZE: 12px; PADDING-BOTTOM: 2px; MARGIN-LEFT: 10px; BORDER-LEFT: #999999 1px solid; COLOR: #333333; PADDING-TOP: 2px; BORDER-BOTTOM: #999999 1px solid; FONT-FAMILY: Arial, Helvetica, sans-serIf; LIST-STYLE-TYPE: none; HEIGHT: 18px; BACKGROUND-COLOR: #dadedf
}
</STYLE>
<META content="MSHTML 6.00.6000.16705" name=GENERATOR>
</HEAD>
<BODY>
<TABLE cellSpacing=0 cellPadding=0 width=651 align=center border=0>
<TBODY>
<TR>
<TD height=50></TD>
</TR>
<TR>
<TD height=351><TABLE cellSpacing=0 cellPadding=0 width="100%" border=0>
<TBODY>
<TR>
<TD width=15 background=images/ileft.gif height=43></TD>
<TD width=620 background=images/i_topbg2.gif><IMG
height=43 src="images/i_top1.gif" width=43></TD>
<TD width=16><IMG height=43 src="images/iright.gif"
width=16></TD>
</TR>
<TR>
<TD background=images/ileftbg.gif></TD>
<TD vAlign=center background=images/bg.gif height=279><br><TABLE height=109 cellSpacing=0 cellPadding=0 width=369 align=center
border=0>
<TBODY>
<TR>
<TD width=155><IMG height=140
src="images/logo.gif" width=155 useMap=#Map
border=0></TD>
<TD vAlign=top align=left width=214><TABLE cellSpacing=0 cellPadding=0 width=167 border=0>
<TBODY>
<TR>
<TD vAlign=bottom width=167 height=30><IMG
height=19 src="images/adminsyteam.gif" border=0></A></TD>
</TR>
<TR>
<TD height=123><TABLE height=109 cellSpacing=0 cellPadding=0
align=center border=0>
<form action="index.asp?action=check" name="login" method="post">
<TR>
<TD vAlign=bottom align=left width=44 height=28><DIV align=right><IMG height=14
src="images/id.gif" width=43></DIV></TD>
<TD vAlign=bottom align=left width=134
height=28><INPUT class=input_1 id=username size=15 name=username style="width:120px">
</TD>
</TR>
<TR>
<TD align=left height=20><DIV align=right><IMG height=14
src="images/pass.gif"
width=43></DIV></TD>
<TD height=20><INPUT class=input_1 id=password
type=password size=15 name=password style="width:120px"></TD>
</TR>
<TR>
<TD vAlign=center colSpan=2 height=25><DIV align=center>
<INPUT type=image
src="images/b_login.gif" name=denglu>
<IMG style="CURSOR: hand"
onclick="javacript:location.href='UserReg.asp';" height=21
src="images/b_clean.gif" width=73> </DIV></TD>
</TR>
</FORM>
</TABLE></TD>
</TR>
</TBODY>
</TABLE></TD>
</TR>
</TBODY>
</TABLE></TD>
<TD background=images/irightbg.gif></TD>
</TR>
<TR>
<TD><IMG height=29 src="images/i_bottom_left.gif"
width=15></TD>
<TD background=images/i_bottom_bg.gif></TD>
<TD width=16><IMG height=29
src="images/i_bottom_right.gif"
width=16></TD>
</TR>
</TBODY>
</TABLE></TD>
</TR>
<TR>
<TD height=1></TD>
</TR>
<TR>
<TD> </TD>
</TR>
</TBODY>
</TABLE>
</BODY>
</HTML>
<%
End Sub
Sub Check
Check_post
Add_Cookies "sdcms_ip",Getip
username=HTMLEncode(trim(request("username")))
password=HTMLEncode(trim(request("password")))
code=trim(request.form("yzm"))
getcode=Session("SDCMSCode")
IF username="" or password="" Then
response.write "<SCRIPT language=JavaScript>window.location ='admin_showerr.asp?type=login&err=虽然没有验证码,但是你的用户名或密码不能不填写';</SCRIPT>"
Else
Set Rs=conn.execute("select id,sdcms_name,sdcms_pwd,logintimes,starttime,endtime,isvalid,lastip,lastarea,lasttime,alllever from sd_admin where sdcms_name='"&username&"' and sdcms_pwd='"&md5(password)&"'")
IF Rs.Eof Then
AddLog username,GetIp,"登录失败",1
response.write "<SCRIPT language=JavaScript>window.location ='admin_showerr.asp?type=login&err=您输入的用户名或密码错误,今日还有 "&loginnum-errnum&" 次机会';</SCRIPT>"
Else
starttime=Rs("starttime")
endtime=Rs("endtime")
isvalid=Rs("isvalid")
if isnull(starttime) or isnull(endtime) then
response.write "<SCRIPT language=JavaScript>window.location ='admin_showerr.asp?type=login&err=您还没有正式开通服务日期';</SCRIPT>"
ElseIf isvalid=0 then
response.write "<SCRIPT language=JavaScript>window.location ='admin_showerr.asp?type=login&err=账户异常:您的账户已被锁定,请和管理员联系';</SCRIPT>"
ElseIf datediff("s",now(),starttime)>0 then
response.write "<SCRIPT language=JavaScript>window.location ='admin_showerr.asp?type=login&err=账户未开通:您的账户于"&starttime&"才能正式使用';</SCRIPT>"
ElseIf datediff("s",now(),endtime)<0 then
response.write "<SCRIPT language=JavaScript>window.location ='admin_showerr.asp?type=login&err=您的账户已经于"&endtime&"到期,请及时续费';</SCRIPT>"
Else
Add_Cookies "sdcms_id",rs(0):Add_Cookies "sdcms_name",username:Add_Cookies "sdcms_pwd",md5(rs(2)&(rs(3)+1))
'Add_Cookies "alllever",rs("alllever")
dd_ip=getIP()
wwwww=dd_ip
'refAddress=Disp_IPAddressData(dd_ip,0)
preip=rs("lastip")
prearea=rs("lastarea")
pretime=rs("lasttime")
if isnull(pretime) or pretime="" then
pretime=now()
end if
'response.write "update sd_admin set logintimes=logintimes+1,preip='"&preip&"',prearea='"&prearea&"',pretime='"&pretime&"',lastip='"&dd_ip&"',lastarea='"&refaddress&"',lasttime='"&now()&"' where id="&rs(0)&""
'response.end
Conn.Execute("update sd_admin set logintimes=logintimes+1,preip='"&preip&"',prearea='"&prearea&"',pretime='"&pretime&"',lastip='"&wwwww&"',lastarea='"&refaddress&"',lasttime='"&now()&"' where id="&rs(0)&"")
AddLog username,GetIp,"登录成功",1
Conn.Execute("Delete from sd_log where DateDiff('d',adddate,now())>30")
if datediff("d",now(),endtime)<=3 then
if datediff("d",now(),endtime)>0 then
errormess="您的账户将于"&endtime&"到期,距离到期时间还有"&datediff("d",now(),endtime)&"天,请及时续费"
response.write("<script>alert('"&errormess&"');location.href='admin_index.asp'</script>")
response.end
else
errormess="您的账户将于今日到期,到期时间为"&endtime&",距离到期时间还有"&tmraumen_Timer(endtime)&",请及时续费"
response.write("<script>alert('"&errormess&"');location.href='admin_index.asp'</script>")
response.end
end if
end if
response.write("<script>location.href='Admin_index.asp'</script>")
response.end
'Return("Admin_index.asp"):Died
End If
End IF
End IF
End Sub
Sub Out
AddLog sdcms_adminname,sdcms_adminip,"退出登录",1
Add_Cookies "sdcms_id",Empty:Add_Cookies "sdcms_name",Empty:Add_Cookies "sdcms_pwd",Empty:Add_Cookies "sdcms_ip",Empty
Session(sdcms_cookies&"sdcms_admin")=""
Session(sdcms_cookies&"sdcms_alllever")=""
Session(sdcms_cookies&"sdcms_shenfen")=""
Return("?")
End Sub
Function errnum
Sql="select count(id) from sd_log where ip='"&GetIp&"' and content like '登录失败' and "
IF Is_Sql Then
Sql=Sql&" adddate>=date()"
Else
Sql=Sql&" adddate>=getdate()"
End IF
Errnum=Conn.Execute(Sql)(0)
End Function
rs.Close
set rs=Nothing
%>
2 个解决方案
#1
Set Rs=conn.execute("select id,sdcms_name,sdcms_pwd,logintimes,starttime,endtime,isvalid,lastip,lastarea,lasttime,alllever from sd_admin where sdcms_name='"&username&"' and
Penname='"&password&"'")
#2
不行,单单改这个没等达到效果,帐号密码错误.
#1
Set Rs=conn.execute("select id,sdcms_name,sdcms_pwd,logintimes,starttime,endtime,isvalid,lastip,lastarea,lasttime,alllever from sd_admin where sdcms_name='"&username&"' and
Penname='"&password&"'")
#2
不行,单单改这个没等达到效果,帐号密码错误.