<!--#include file="conn.asp"-->
<HTML>
<HEAD>
<META NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
</HEAD>
<BODY background=./image/ricebk.jpg bgColor=#FFFDFB>
<font size=2>
<% Session.Timeout = 30
dim strUser
dim strPassword
dim ls_userid
dim ls_pwd
dim li_length
dim ls_tmp
'response.write request.form
'response.end
strUser=request("userID")
strPassword=Trim(request("password"))
if InStr(strUser ,"'") > 0 then %>
<Script Language="VBScript">
window.alert "非法字符:'"
window.history.back
</Script>
<% elseif InStr(strUser, """") then %>
<Script Language="VBScript">
window.alert "非法字符:"""
window.history.back
</Script>
<% end if
if UCase(request("userID")) = "ADMIN" then
strSQL="select us_user_name,us_password,us_status,us_user_id from t_user where us_user_id = '" & strUser & "'"
Set dbRecordset=dbconn.Execute(strSQL)
If isnull(dbRecordset.fields("us_password")) and trim(strPassword) <> "" then
Response.write "<script language=JavaScript>window.alert("%>"密码错误,请重新登录");</Script>
<% Response.write "<script language=JavaScript>document.location='login.asp';</Script>"
Response.End
end if
if dbRecordset.fields("us_password") <> strPassword Then
Response.write "<script language=JavaScript>window.alert("%>"密码错误,请重新登录");</Script>
<% Response.write "<script language=JavaScript>document.location='login.asp';</Script>"
Response.End
End If
Session("ID") = dbRecordset.Fields("us_user_id")
Session("User") = dbRecordset.Fields("us_user_id")
session("UserName") = dbRecordset.Fields("us_user_Name")
Session("oldPass") = request("password")
dbRecordset.close
else
strSQL="select emp_category,us_user_name,emp_empl_id,us_user_name,us_password,us_status from t_user,t_employee where us_user_id = emp_empl_id and emp_user_id = '" & strUser & "' and emp_status<>'X'"
'response.write strSQL
'response.end
Set dbRecordset=dbconn.Execute(strSQL)
If dbRecordset.eof Then
Response.write "<script language=JavaScript>window.alert("%>"对不起,用户[<%=strUser%>]不存在");</Script>
<% Response.write "<script language=JavaScript>document.location='login.asp';</Script>"
Response.End
End If
If trim(dbRecordset.fields("us_status")) = "X" then
Response.write "<script language=JavaScript>window.alert("%>"对不起,用户[<%=strUser%>]已被取消");</Script>
<% Response.write "<script language=JavaScript>document.location='login.asp';</Script>"
Response.End
End if
'判断登录
If dbRecordset.fields("us_password") <> strPassword Then
Response.write "<script language=JavaScript>window.alert("%>"密码错误,请重新登录");</Script>
<% Response.write "<script language=JavaScript>document.location='login.asp';</Script>"
Response.End
End If
Session("ID") = dbRecordset.Fields("emp_empl_id")
Session("User") = dbRecordset.Fields("emp_empl_id")
session("UserName") = dbRecordset.Fields("us_user_Name")
Session("oldPass") = request("password")
dbRecordset.close
end if
set dbRecordset = nothing
dbconn.close
set dbconn = nothing
%>
</font>
<Script Language=vbscript>
window.parent.document.title = "登录名:<%=session("UserName")%>"
</Script>
<form name=frmResult action="menumain.asp" method=post>
</form>
<Script Language=vbscript>
document.frmResult.submit
</Script>
</BODY>
</HTML>