编程10000问

关注公众号 jb51net

关闭
首页 > 网络编程 > 编程10000问 >

如何最大限度地实现安全登录功能?

作者:

如何最大限度地实现安全登录功能?

<
if not IsEmpty(Session(
"cust—id")) and Len(Session("cust—id"))>0 then

' 用户登录后指向主页.
 Response.Redirect("navigation/dashbrd.asp")

 ' 在此添入真正的主页URL.

end if

bLogin = False
  

' 设置标志.
bError = False
if IsEmpty(Request(
"uid")) or Len(Request("uid")) = 0 or IsEmpty(Request("pwd")) or Len(Request("pwd")) = 0 then  

' 检查空字符.
  bLogin = True
else

 

----------------------------------------------------------------------------------------------------------------
' 检验数据库保存密码表中是否有该用户.
"select from customer WHERE cust—id=′ " request("uid") "′ and ′cust—pwd=′" request(″pwd″) ""
' 连接数据库,其中request(″uid″)request(″pwd″) 为本页html中表单中的用户名和密码的text.

  gbFound = False
----------------------------------------------------------------------------------------------------------------

  if not rsCust.BOF and not rsCust.EOF then
    gbFound = True
  end if

  if gbFound then
    Session("cust—id") = rsCust.Fields("cust—id")
    ' session变量中记录有用的信息.此项为数据库中用户名.
    Session("cust—pwd") = rsCust.Fields("cust—pwd")

' 此项为数据库中用户密码.
    Session("power") = rsCust.Fields("power")

        ' 此项为数据库中用户权限,可选.

    ' rsCust.ActiveConnection.Execute ("update customer set cust—login = ′ " Now "′ where cust_id = " Session("cust—id") "")

' 更新最后登录时间,可选.

    Response.Redirect("navigation/dashbrd.asp")

        ' 真正主页URL.
  Else
    ′UID and password not found
    bError = True bLogin = True
  end if

  rsCust.Close
   ' 关闭记录.
   mycn—login.Close
  set mycn—login=Nothing
 end if
>

 

----------------------------------------------------------------------------------------------------------------

' 登录页面.

<form name="login" action="default.asp" method="post" target="—top">

' html中加入FORM,并设为自发送页.action后面要接本页的URL,这样,即使用户登录错误,在本页即可获得提示,而无须再返回前一页登录.

input name="uid" size="10"maxlength="10" style="HEIGHT: 21px; WIDTH: 101px">

<input name="pwd"type="password" size="10" maxlength="10">

[1]

阅读全文