如何最大限度地实现安全登录功能?
作者:
<%
if not IsEmpty(Session("cust—id")) and Len(Session("cust—id"))>0 then
' 用户登录后指向主页.
Response.Redirect("navigation/dashbrd.asp")
' 在此添入真正的主页URL.
end if
bLogin = False
' 设置标志.
bError = False
if IsEmpty(Request("uid")) or Len(Request("uid")) = 0 or IsEmpty(Request("pwd")) or Len(Request("pwd")) = 0 then
' 检查空字符.
bLogin = True
else
----------------------------------------------------------------------------------------------------------------
' 检验数据库保存密码表中是否有该用户.
"select * from customer WHERE cust—id=′ " & request("uid") &"′ and ′cust—pwd=′"& request(″pwd″) &"′"
' 连接数据库,其中request(″uid″)和request(″pwd″) 为本页html中表单中的用户名和密码的text.
gbFound = False
----------------------------------------------------------------------------------------------------------------
if not rsCust.BOF and not rsCust.EOF then
gbFound = True
end if
if gbFound then
Session("cust—id") = rsCust.Fields("cust—id")
' 在session变量中记录有用的信息.此项为数据库中用户名.
Session("cust—pwd") = rsCust.Fields("cust—pwd")
' 此项为数据库中用户密码.
Session("power") = rsCust.Fields("power")
' 此项为数据库中用户权限,可选.
' rsCust.ActiveConnection.Execute ("update customer set cust—login = ′ "& Now &"′ where cust_id = "& Session("cust—id") &"")
' 更新最后登录时间,可选.
Response.Redirect("navigation/dashbrd.asp")
' 真正主页URL.
Else
′UID and password not found
bError = True bLogin = True
end if
rsCust.Close
' 关闭记录.
mycn—login.Close
set mycn—login=Nothing
end if
%>
----------------------------------------------------------------------------------------------------------------
' 登录页面.
<form name="login" action="default.asp" method="post" target="—top">
' 在html中加入FORM,并设为自发送页.action后面要接本页的URL,这样,即使用户登录错误,在本页即可获得提示,而无须再返回前一页登录.
input name="uid" size="10"maxlength="10" style="HEIGHT: 21px; WIDTH: 101px">
<input name="pwd"type="password" size="10" maxlength="10">
[1]