您所在位置:主题:学习程序中的问题,请大家指点一下。
hcn008
[专家分:380] 发布于 2008-03-13 22:48:00
以下的程序是登录页面的程序,想学习一下,有个问题不懂,登录后是怎么区分游客,会员 ,vip ,斑竹 ,超级管理员的? 都用哪些session和cookies来记录的?请大家给我指点下,先谢谢了,最好能给我列举出来,我学习一下。
<!--#include file="up.asp"-->
<%
dim action,comeurl,mark,graden
action=request.querystring("action")
select case action
case""
comeurl=Request.ServerVariables("HTTP_REFERER")
%>
<%=ttop%>
<table align="center" border="1" bgcolor="<%=c2%>" cellpadding="0" cellspacing="0" style="border-collapse: collapse;" width="<%=tbw%>">
<tr>
<td class=td1 width="100%" height="28" bgcolor="<%=c1%>" background="<%=tbg%>"> <img border="0" src="pic/gl.gif" width="19" height="15"><font color=<%=c3%>> 用户登陆</font></td>
</tr>
<form action=login.asp?action=login method="POST"><tr>
<td width="100%">
<table border="1" cellpadding="0" bordercolor="<%=c1%>" cellspacing="0" style="border-collapse: collapse" width="100%">
<tr>
<td width="35%" height="28"><b> 请输入您的用户名:</b></td>
<td width="65%"> <input type=text name=lgname size='20'> <a href=reg.asp>没有注册?</a></td>
</tr>
<tr>
<td height="28"><b> 请输入您的密码:</b></td>
<td> <input type=password name=lgpwd size='20'></td>
</tr>
<%if conn.execute("select postcode from config")(0)=0 then%>
<tr>
<td height="28"><b> 请输入登陆验证码:</b></td>
<td> <input type=text name=adminid size='20'> <%response.write"<img src=code.asp>"%></td>
</tr>
<%end if%>
<tr>
<td height="40"><b> Cookie 选项:</b><br>
请选择你的 Cookie 保存时间</td>
<td> <select name=cook style="font-family: 宋体 (serif); font-size: 9pt">
<option value=0>不保存</option><option value=1>保存一天</option>
<option value=30>保存一月</option><option value=365>保存一年</option></select><input type="hidden" name="comeurl" size="20" value="<%=kbbs(comeurl)%>"></td>
</tr>
<tr>
<td height="40"><b> 登陆方式:</b><br>
请选择你的登陆方式</td>
<td><input type=radio value=1 checked name=lgtype>正常登陆 <input type=radio value=2 name=lgtype>隐身登陆</td>
</tr>
<tr>
<td height="30" colspan="2" align="center" bgcolor="<%=c2%>">
<input type='submit' value=' 登 陆 ' name='B1' class=submit>
<input type='reset' value=' 重 置 ' name='B2' class=submit></td>
</tr>
</table>
</td>
</tr></form>
</table>
<%=tbottom%>
<%case"login"
dim adminid,cook,login
lgname=Replace(Request.Form("lgname"),"'","''")
lgpwd=Replace(Request.Form("lgpwd"),"'","''")
adminid=Replace(Request.Form("adminid"),"'","''")
comeurl=Replace(Request.Form("comeurl"),"'","''")
lgtype=checknum(Request.Form("lgtype"))
cook=checknum(Request.Form("cook"))
%><!--#include file="inc/md5.asp"-->
<%
login=true
function pname(str)
pname=true
if Instr(str,"=")>0 or Instr(str,"%")>0 or Instr(str,chr(32))>0 or Instr(str,"?")>0 or Instr(str,"&")>0 or Instr(str,";")>0 or Instr(str,",")>0 or Instr(str,"'")>0 or Instr(str,".")>0 or Instr(str,chr(34))>0 or Instr(str,chr(9))>0 or Instr(str,"")>0 or Instr(str,"$")>0 or Instr(str,chr(255))>0 or Instr(str,":") or instr(str,"|")>0 or instr(str,"#")>0 or instr(str,"`")>0 or instr(str,"\")>0 or instr(str,"(")>0 or instr(str,"[")>0 or instr(str,"-")>0 or instr(str,"~") then
pname=false
end if
end function
if pname(lgpwd)=false then
login=false
mes=mes&"·你的用户名或者密码错误,或者该用户已经被删除。<br>"
else
lgpwd=md5(lgpwd)
set rs=conn.execute("select top 1 userid,mark,grade,type from [user] where name='"&lgname&"' and password='"&lgpwd&"' and not del")
if rs.eof then
login=false
mes=mes&"·你的用户名或者密码错误,或者该用户已经被删除。<br>"
else
login=true
lguserid=rs("userid")
session(prefix&"usertype2")=rs("type")
mark=rs("mark")
graden=mark\200
grade=rs("grade")
end if
set rs=nothing
end if
if conn.execute("select postcode from config")(0)=0 then
if session("adminid")<>adminid or not isnumeric(adminid) or adminid="" then
login=false
mes="·您输入的验证码错误,请输入正确的四位验证码!<br>"
end if
end if
if login=false then
response.write"<img src=code.asp style=""display:none"" width=0 height=0>"
mes=mes&"·<a href='javascript:history.go(-1)'><img border=0 src=pic/re.gif align=absmiddle>返回重新填写</a>"
else
Response.Cookies(prefix)("lgname")=lgname
session(prefix&"lgname")=lgname
Response.Cookies(prefix)("lgpwd")=lgpwd
Response.Cookies(prefix)("lgtype")=lgtype
Response.Cookies(prefix)("lgcook")=cook
if cook>0 then
Response.Cookies(prefix).Expires=date+cook
end if
session(prefix&"lguserid")=lguserid
lguserid=session(prefix&"lguserid")
conn.execute("update [user] set mark=mark+"&bbsinfo(18)&",lasttime=now()+"×et&"/24 where userid="&lguserid&"")
'usertype 0游客 1会员 2vip 3斑竹 4超级 5管理员
adminbd="0"
usertype=1
if grade=13 then usertype=2
if grade=14 then
usertype=3
set getadminbd=conn.execute("select bd from admin where name='"&lgname&"' and password='"&lgpwd&"'")
do while not getadminbd.eof
adminbd=adminbd&"|"&getadminbd("bd")&"|"
getadminbd.movenext
loop
set getadminbd=nothing
end if
if grade=15 then usertype=4
if grade=16 then usertype=5
if usertype<2 then
if graden>13 then graden=13
conn.execute("update [user] set grade="&graden&" where userid="&lguserid&"")
end if
session(prefix&"usertype")=usertype
session(prefix&"adminbd")=adminbd
dim sql
conn.execute("delete*from online where ip='"&ip&"' or userid="&lguserid&"")
if lgtype=1 then
sql="insert into online values("&lguserid&",'"&lgname&"','"&ip&"',now(),"&usertype&",true,0,'')"
else
sql="insert into online values("&lguserid&",'"&lgname&"','"&ip&"',now(),"&usertype&",false,0,'')"
end if
conn.execute(sql)
if instr(comeurl,"reg.asp")>0 or instr(comeurl,"login.asp")>0 or comeurl="" then
comeurl=""
else
comeurl="·<br>·<a href="&comeurl&">"&server.htmlencode(comeurl)&"</a>"
end if
tl=1
mes="·<span id=sdown></span> 秒钟后将自动返回首页<br>·<a href='index.asp'>进入论坛首页</a>"&comeurl
%><%
end if
call sendinfo(tl,mes)
if login=true then%><script>
function countDown(secs){
sdown.innerText=secs;
if(--secs>0)
setTimeout("countDown("+secs+")",1000);
}
countDown(3);
</script><meta http-equiv=refresh content=2;url=index.asp><%end if
case"exit"
Response.Cookies(prefix)("lgname")=""
Response.Cookies(prefix)("lgpwd")=""
Response.Cookies(prefix)("lgtype")=""
Response.Cookies(prefix)("lgcook")=""
if isnull(lguserid) or lguserid="" then lguserid=0
conn.execute("delete*from [online] where userid="&lguserid&"")
session(prefix&"lgname")=""
session(prefix&"lguserid")=""
session(prefix&"usertype")=""
session(prefix&"adminbd")=""
session(prefix&"usertype2")=""
tl=1
mes="·已经成功的退出论坛<br>·<a href=login.asp>重新登陆论坛</a><br>·<a href=index.asp>进入论坛首页</a><br>"
call sendinfo(tl,mes)
%><%
end select
call down%>
<!--#include file="up.asp"-->
<%
dim action,comeurl,mark,graden
action=request.querystring("action")
select case action
case""
comeurl=Request.ServerVariables("HTTP_REFERER")
%>
<%=ttop%>
<table align="center" border="1" bgcolor="<%=c2%>" cellpadding="0" cellspacing="0" style="border-collapse: collapse;" width="<%=tbw%>">
<tr>
<td class=td1 width="100%" height="28" bgcolor="<%=c1%>" background="<%=tbg%>"> <img border="0" src="pic/gl.gif" width="19" height="15"><font color=<%=c3%>> 用户登陆</font></td>
</tr>
<form action=login.asp?action=login method="POST"><tr>
<td width="100%">
<table border="1" cellpadding="0" bordercolor="<%=c1%>" cellspacing="0" style="border-collapse: collapse" width="100%">
<tr>
<td width="35%" height="28"><b> 请输入您的用户名:</b></td>
<td width="65%"> <input type=text name=lgname size='20'> <a href=reg.asp>没有注册?</a></td>
</tr>
<tr>
<td height="28"><b> 请输入您的密码:</b></td>
<td> <input type=password name=lgpwd size='20'></td>
</tr>
<%if conn.execute("select postcode from config")(0)=0 then%>
<tr>
<td height="28"><b> 请输入登陆验证码:</b></td>
<td> <input type=text name=adminid size='20'> <%response.write"<img src=code.asp>"%></td>
</tr>
<%end if%>
<tr>
<td height="40"><b> Cookie 选项:</b><br>
请选择你的 Cookie 保存时间</td>
<td> <select name=cook style="font-family: 宋体 (serif); font-size: 9pt">
<option value=0>不保存</option><option value=1>保存一天</option>
<option value=30>保存一月</option><option value=365>保存一年</option></select><input type="hidden" name="comeurl" size="20" value="<%=kbbs(comeurl)%>"></td>
</tr>
<tr>
<td height="40"><b> 登陆方式:</b><br>
请选择你的登陆方式</td>
<td><input type=radio value=1 checked name=lgtype>正常登陆 <input type=radio value=2 name=lgtype>隐身登陆</td>
</tr>
<tr>
<td height="30" colspan="2" align="center" bgcolor="<%=c2%>">
<input type='submit' value=' 登 陆 ' name='B1' class=submit>
<input type='reset' value=' 重 置 ' name='B2' class=submit></td>
</tr>
</table>
</td>
</tr></form>
</table>
<%=tbottom%>
<%case"login"
dim adminid,cook,login
lgname=Replace(Request.Form("lgname"),"'","''")
lgpwd=Replace(Request.Form("lgpwd"),"'","''")
adminid=Replace(Request.Form("adminid"),"'","''")
comeurl=Replace(Request.Form("comeurl"),"'","''")
lgtype=checknum(Request.Form("lgtype"))
cook=checknum(Request.Form("cook"))
%><!--#include file="inc/md5.asp"-->
<%
login=true
function pname(str)
pname=true
if Instr(str,"=")>0 or Instr(str,"%")>0 or Instr(str,chr(32))>0 or Instr(str,"?")>0 or Instr(str,"&")>0 or Instr(str,";")>0 or Instr(str,",")>0 or Instr(str,"'")>0 or Instr(str,".")>0 or Instr(str,chr(34))>0 or Instr(str,chr(9))>0 or Instr(str,"")>0 or Instr(str,"$")>0 or Instr(str,chr(255))>0 or Instr(str,":") or instr(str,"|")>0 or instr(str,"#")>0 or instr(str,"`")>0 or instr(str,"\")>0 or instr(str,"(")>0 or instr(str,"[")>0 or instr(str,"-")>0 or instr(str,"~") then
pname=false
end if
end function
if pname(lgpwd)=false then
login=false
mes=mes&"·你的用户名或者密码错误,或者该用户已经被删除。<br>"
else
lgpwd=md5(lgpwd)
set rs=conn.execute("select top 1 userid,mark,grade,type from [user] where name='"&lgname&"' and password='"&lgpwd&"' and not del")
if rs.eof then
login=false
mes=mes&"·你的用户名或者密码错误,或者该用户已经被删除。<br>"
else
login=true
lguserid=rs("userid")
session(prefix&"usertype2")=rs("type")
mark=rs("mark")
graden=mark\200
grade=rs("grade")
end if
set rs=nothing
end if
if conn.execute("select postcode from config")(0)=0 then
if session("adminid")<>adminid or not isnumeric(adminid) or adminid="" then
login=false
mes="·您输入的验证码错误,请输入正确的四位验证码!<br>"
end if
end if
if login=false then
response.write"<img src=code.asp style=""display:none"" width=0 height=0>"
mes=mes&"·<a href='javascript:history.go(-1)'><img border=0 src=pic/re.gif align=absmiddle>返回重新填写</a>"
else
Response.Cookies(prefix)("lgname")=lgname
session(prefix&"lgname")=lgname
Response.Cookies(prefix)("lgpwd")=lgpwd
Response.Cookies(prefix)("lgtype")=lgtype
Response.Cookies(prefix)("lgcook")=cook
if cook>0 then
Response.Cookies(prefix).Expires=date+cook
end if
session(prefix&"lguserid")=lguserid
lguserid=session(prefix&"lguserid")
conn.execute("update [user] set mark=mark+"&bbsinfo(18)&",lasttime=now()+"×et&"/24 where userid="&lguserid&"")
'usertype 0游客 1会员 2vip 3斑竹 4超级 5管理员
adminbd="0"
usertype=1
if grade=13 then usertype=2
if grade=14 then
usertype=3
set getadminbd=conn.execute("select bd from admin where name='"&lgname&"' and password='"&lgpwd&"'")
do while not getadminbd.eof
adminbd=adminbd&"|"&getadminbd("bd")&"|"
getadminbd.movenext
loop
set getadminbd=nothing
end if
if grade=15 then usertype=4
if grade=16 then usertype=5
if usertype<2 then
if graden>13 then graden=13
conn.execute("update [user] set grade="&graden&" where userid="&lguserid&"")
end if
session(prefix&"usertype")=usertype
session(prefix&"adminbd")=adminbd
dim sql
conn.execute("delete*from online where ip='"&ip&"' or userid="&lguserid&"")
if lgtype=1 then
sql="insert into online values("&lguserid&",'"&lgname&"','"&ip&"',now(),"&usertype&",true,0,'')"
else
sql="insert into online values("&lguserid&",'"&lgname&"','"&ip&"',now(),"&usertype&",false,0,'')"
end if
conn.execute(sql)
if instr(comeurl,"reg.asp")>0 or instr(comeurl,"login.asp")>0 or comeurl="" then
comeurl=""
else
comeurl="·<br>·<a href="&comeurl&">"&server.htmlencode(comeurl)&"</a>"
end if
tl=1
mes="·<span id=sdown></span> 秒钟后将自动返回首页<br>·<a href='index.asp'>进入论坛首页</a>"&comeurl
%><%
end if
call sendinfo(tl,mes)
if login=true then%><script>
function countDown(secs){
sdown.innerText=secs;
if(--secs>0)
setTimeout("countDown("+secs+")",1000);
}
countDown(3);
</script><meta http-equiv=refresh content=2;url=index.asp><%end if
case"exit"
Response.Cookies(prefix)("lgname")=""
Response.Cookies(prefix)("lgpwd")=""
Response.Cookies(prefix)("lgtype")=""
Response.Cookies(prefix)("lgcook")=""
if isnull(lguserid) or lguserid="" then lguserid=0
conn.execute("delete*from [online] where userid="&lguserid&"")
session(prefix&"lgname")=""
session(prefix&"lguserid")=""
session(prefix&"usertype")=""
session(prefix&"adminbd")=""
session(prefix&"usertype2")=""
tl=1
mes="·已经成功的退出论坛<br>·<a href=login.asp>重新登陆论坛</a><br>·<a href=index.asp>进入论坛首页</a><br>"
call sendinfo(tl,mes)
%><%
end select
call down%>