Question

asp后台登陆问题

网站后台登陆问题
在登陆后台时，总是提示用户名和密码错误，不知道是什么原因，请高手给看看，下面时代码！！！<%@language=VBScript.Encode codepage=936 %>
<!--#include file="Conn.asp"-->
<!--#include file="../Inc/Config.asp"-->
<!--#include file="inc/md5.asp"-->

<%
dim sql,rs
dim username,password,CheckCode
username=replace(trim(request("username")),"'","")
password=replace(trim(Request("password")),"'","")
CheckCode=replace(trim(Request("CheckCode")),"'","")
if UserName="" then
FoundErr=True
ErrMsg=ErrMsg & "<br><li>用户名不能为空！</li>"
end if
if Password="" then
FoundErr=True
ErrMsg=ErrMsg & "<br><li>密码不能为空！</li>"
end if
if CheckCode="" then
FoundErr=True
ErrMsg=ErrMsg & "<br><li>验证码不能为空！</li>"
end if
if session("CheckCode")="" then
FoundErr=True
ErrMsg=ErrMsg & "<br><li>你登录时间过长，请重新返回登录页面进行登录。</li>"
end if
if CheckCode<>CStr(session("CheckCode")) then
FoundErr=True
ErrMsg=ErrMsg & "<br><li>您输入的确认码和系统产生的不一致，请重新输入。</li>"
end if
if FoundErr<>True then
password=md5(password)
set rs=server.createobject("adodb.recordset")
sql="select * from 0791idc_Admin where password='"&password&"' and username='"&username&"'"
rs.open sql,conn,1,3
if rs.bof and rs.eof then
FoundErr=True
ErrMsg=ErrMsg & "<br><li>用户名或密码错误！！！</li>"
else
if password<>rs("password") then
FoundErr=True
ErrMsg=ErrMsg & "<br><li>用户名或密码错误！！！</li>"
else
RndPassword=GetRndPassword(16)
rs("LastLoginIP")=Request.ServerVariables("REMOTE_ADDR")
rs("LastLoginTime")=now()
rs("LoginTimes")=rs("LoginTimes")+1
rs("RndPassword")=RndPassword
rs.update
session.Timeout=SessionTimeout
session("AdminName")=rs("username")
session("AdminPassword")=rs("Password")
session("RndPassword")=RndPassword
rs.close
set rs=nothing
call CloseConn()
Response.Redirect "default.asp"
end if
end if
rs.close
set rs=nothing
end if
if FoundErr=True then
call WriteErrMsg()
end if
call CloseConn()

Answer 1

<!--#include file="conn/shujuku.asp"-->
<%
Dim Name,Pwd
Name=replace(trim(Request.Form("Name")),"'","‘")
Pwd=replace(trim(Request.Form("Pwd")),"'","‘")

If Name="" or Pwd="" Then
Response.Write ("<script>alert('登陆失败!\n\n错误原因:管理员帐号和密码未填。');history.back();</script>")
Response.end
End If

if Instr(Name,">")>0 or Instr(Name,"<")>0 or Instr(Name,"=")>0 or Instr(Name,"%")>0 or Instr(Name,chr(32))>0 or Instr(Name,"?")>0 or Instr(Name,"&")>0 or Instr(Name,";")>0 or Instr(Name,",")>0 or Instr(Name,"'")>0 or Instr(Name,chr(34))>0 or Instr(Name,chr(9))>0 or Instr(Name," ")>0 or Instr(Name,"$")>0 then
Response.Write ("<script>alert('登陆失败!\n\n错误原因:管理员含有非法字符!');history.back();</script>")
Response.end
else
Name=Trim(Name)
end if

set rs=server.createobject("adodb.recordset")
sql="select * from admin where Name='"&Name&"'"
rs.open sql,conn,1,3
if rs.eof then
Response.Write ("<script>alert('登陆失败!\n\n错误原因:管理员帐号错误。');history.back();</script>")
Response.end
else
if rs("Pwd")<>Pwd then
rs.close
set rs=nothing
Response.Write ("<script>alert('登陆失败!\n\n错误原因:管理员密码错误。');history.back();</script>")
Response.end
else

session("Name")=Name'登录成功传递一个session值以便以后调用用户相关
session.timeout=300
end if
end if
rs.close
set rs=nothing
%>
<script language = "javascript">
alert ("验证成功!\n欢迎管理员:[<%=session("name")%>]\n进入中国高速公路信息网后台管理系统!");
window.location.href ="admin/admin_index.asp"
</script>

Answer 2

if password<>rs("password") then
FoundErr=True
ErrMsg=ErrMsg & "<br><li>用户名或密码错误！！！</li>"
会不会和它有关
else
if password<>rs("password") then
FoundErr=True
ErrMsg=ErrMsg & "<br><li>用户名或密码错误！！！</li>"
把这句话里的else换成elseif试试吧,我总觉得,这个语句有问题