我感觉是不是在这段里加呢?
源代码: &"' AND Admin_pass='" & Replace(Request.Form("Admin_pass"),"'","''") & "'"
我是这么加的:&"' AND Admin_pass='" & Replace(md5(Request.Form("Admin_pass"),"'","''")) & "'"
下面是整个页面的代码:
<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>
<!--#include file="Connections/conn.asp" -->
<%
Dim Recordset1
Dim Recordset1_numRows
Set Recordset1 = Server.CreateObject("ADODB.Recordset")
Recordset1.ActiveConnection = MM_conn_STRING
Recordset1.Source = "SELECT * FROM d8b_User"
Recordset1.CursorType = 0
Recordset1.CursorLocation = 2
Recordset1.LockType = 1
Recordset1.Open()
Recordset1_numRows = 0
%>
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Request.QueryString
MM_valUsername=CStr(Request.Form("Admin_name"))
If MM_valUsername <> "" Then
MM_fldUserAuthorization="Admin_class"
MM_redirectLoginSuccess="MoreUserOK.asp" '这个是验证成功后的页面
MM_redirectLoginFailed="MoreUserError.asp" '这个是错误页
MM_flag="ADODB.Recordset"
set MM_rsUser = Server.CreateObject(MM_flag)
MM_rsUser.ActiveConnection = MM_conn_STRING
MM_rsUser.Source = "SELECT Admin_name, Admin_pass"
If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization
MM_rsUser.Source = MM_rsUser.Source & " FROM d8b_User WHERE Admin_name='" & Replace(MM_valUsername,"'","''") &"' AND Admin_pass='" & Replace(Request.Form("Admin_pass"),"'","''") & "'"
MM_rsUser.CursorType = 0
MM_rsUser.CursorLocation = 2
MM_rsUser.LockType = 3
MM_rsUser.Open
If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
' username and password match - this is a valid user
Session("MM_Username") = MM_valUsername
If (MM_fldUserAuthorization <> "") Then
Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
Else
Session("MM_UserAuthorization") = ""
End If
if CStr(Request.QueryString("accessdenied")) <> "" And false Then
MM_redirectLoginSuccess = Request.QueryString("accessdenied")
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginSuccess)
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginFailed)
End If
%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>d8b空间站-代理商管理登陆</title>
<script language="JavaScript" type="text/JavaScript">
<!--
function MM_findObj(n, d) { //v4.01
var p,i,x; if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) {
d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n];
for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document);
if(!x && d.getElementById) x=d.getElementById(n); return x;
}
function YY_checkform() { //v4.07
//copyright (c)1998,2001 Yaromat.com
var args = YY_checkform.arguments,myDot=true,myV='',myErr='',addErr=false,myReq,rx,myObj1,myMa,myAt;
for (var i=1; i<args.length;i=i+4){
if (args[i+1].charAt(0)=='#'){myReq=true; args[i+1]=args[i+1].substring(1);}else{myReq=false}
var myObj = MM_findObj(args[i].replace(/\[\d+\]/ig,""));myV=myObj.value;
if (myObj.type=='text'||myObj.type=='password'){
if (myReq&&myObj.value.length==0)addErr=true;
if ((myV.length>0)&&(args[i+2]==1)){ //fromto
if (!(myV/1)||myV<args[i+1].split('_')[0]/1||myV > args[i+1].split('_')[1]/1){addErr=true}
}
if ((myV.length>0)&&(args[i+2]==2)){ // email
rx=new RegExp("^[\\w\.=-]+@[\\w\\.-]+\\.[a-z]{2,4}$");if(!rx.test(myV))addErr=true;
}
if ((myV.length>0)&&(args[i+2]==3)){ // date
myMa=args[i+1].split("#");myAt=myV.match(myMa[0]);
if(myAt){
var myD=(myAt[myMa[1]])?myAt[myMa[1]]:1; var myM=myAt[myMa[2]]-1; var myY=myAt[myMa[3]];
var myDate=new Date(myY,myM,myD);
if(myDate.getFullYear()!=myY||myDate.getDate()!=myD||myDate.getMonth()!=myM){addErr=true};
}else{addErr=true}
}
if ((myV.length>0)&&(args[i+2]==4)){myMa=args[i+1].split("#");myAt=myV.match(myMa[0]);if(!myAt)addErr=true}// time
if (myV.length>0&&args[i+2]==5){ // check this 2
var myObj1 = MM_findObj(args[i+1].replace(/\[\d+\]/ig,""));
if(myObj1.length)myObj1=myObj1[args[i+1].replace(/(.*\[)|(\].*)/ig,"")];
if(!myObj1.checked)addErr=true;
}
if (myV.length>0&&args[i+2]==6){myObj1=MM_findObj(args[i+1]);if(myV!=myObj1.value)addErr=true;}// the same
}else
if (!myObj.type&&myObj.length>0&&myObj[0].type=='radio'){
var myTest = args[i].match(/(.*)\[(\d+)\].*/i);
var myObj1=(myObj.length>1)?myObj[myTest[2]]:myObj;
if (args[i+2]==1&&myObj1&&myObj1.checked&&MM_findObj(args[i+1]).value.length/1==0){addErr=true}
if (args[i+2]==2){
var myDot=false;
for(var j=0;j<myObj.length;j++){myDot=myDot||myObj[j].checked}
if(!myDot){myErr+='* ' +args[i+3]+'\n'}
}
}else
if (myObj.type=='checkbox'){
if(args[i+2]==1&&myObj.checked==false){addErr=true}
if(args[i+2]==2&&myObj.checked&&MM_findObj(args[i+1]).value.length/1==0){addErr=true}
}else
if (myObj.type=='select-one'||myObj.type=='select-multiple'){
if(args[i+2]==1&&myObj.selectedIndex/1==0){addErr=true}
}else
if (myObj.type=='textarea'){
if(myV.length<args[i+1]){addErr=true}
}
if (addErr){myErr+='* '+args[i+3]+'\n'; addErr=false}
}
if (myErr!=''){alert('多用户演示:\t\t\t\t\t\n\n'+myErr)}
document.MM_returnValue = (myErr=='');
}
//-->
</script>
</head>
<body>
<form name="form1" method="POST" action="<%=MM_LoginAction%>">
<p align="center"> 用户:
<input name="Admin_name" type="text" id="Admin_name">
</p>
<p align="center"> 密码:
<input name="Admin_pass" type="password" id="Admin_pass">
</p>
<p align="center">
<input name="Submit" type="submit" onClick="YY_checkform('form1','Admin_name','#q','0','少了用户名','Admin_pass','#q','0','还有密码呀');return document.MM_returnValue" value="提交">
</p>
</form>
</body>
</html>
<%
Recordset1.Close()
Set Recordset1 = Nothing
%>作者: ︶ㄣlоve_ 时间: 2010-1-19 03:30
怎么变成这样了:
大家帮我看看这个代码怎么加上MD5加密功能。现在不是MD5的不太安全,我想加个MD5验证。可是我加上MD5就不正常了。先谢谢了我感觉是不是在这段里加呢
源代码: &"' AND Admin_pass='" & Replace(Request.Form("Admin_pass"),"'","''") & "'"