[求助]我怎么在这个登陆代码中加个MD5 - ASP

羽衣独舞

电梯直达

1^#

发表于 2010-1-19 03:30:08 | 只看该作者回帖奖励

|倒序浏览 |阅读模式

大家帮我看看这个代码怎么加上MD5加密功能。现在不是MD5的不太安全，我想加个MD5验证。可是我加上MD5就不正常了。先谢谢了

我感觉是不是在这段里加呢？
源代码： &"' AND Admin_pass='" & Replace(Request.Form("Admin_pass"),"'","''") & "'"

我是这么加的：&"' AND Admin_pass='" & Replace(md5(Request.Form("Admin_pass"),"'","''")) & "'"

下面是整个页面的代码：

<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>

<%
Dim Recordset1
Dim Recordset1_numRows
Set Recordset1 = Server.CreateObject("ADODB.Recordset")
Recordset1.ActiveConnection = MM_conn_STRING
Recordset1.Source = "SELECT * FROM d8b_User"
Recordset1.CursorType = 0
Recordset1.CursorLocation = 2
Recordset1.LockType = 1
Recordset1.Open()
Recordset1_numRows = 0
%>
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Request.QueryString
MM_valUsername=CStr(Request.Form("Admin_name"))
If MM_valUsername <> "" Then
MM_fldUserAuthorization="Admin_class"
MM_redirectLoginSuccess="MoreUserOK.asp" '这个是验证成功后的页面
MM_redirectLoginFailed="MoreUserError.asp" '这个是错误页
MM_flag="ADODB.Recordset"
set MM_rsUser = Server.CreateObject(MM_flag)
MM_rsUser.ActiveConnection = MM_conn_STRING
MM_rsUser.Source = "SELECT Admin_name, Admin_pass"
If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization
MM_rsUser.Source = MM_rsUser.Source & " FROM d8b_User WHERE Admin_name='" & Replace(MM_valUsername,"'","''") &"' AND Admin_pass='" & Replace(Request.Form("Admin_pass"),"'","''") & "'"
MM_rsUser.CursorType = 0
MM_rsUser.CursorLocation = 2
MM_rsUser.LockType = 3
MM_rsUser.Open
If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
' username and password match - this is a valid user
Session("MM_Username") = MM_valUsername
If (MM_fldUserAuthorization <> "") Then
Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
Else
Session("MM_UserAuthorization") = ""
End If
if CStr(Request.QueryString("accessdenied")) <> "" And false Then
MM_redirectLoginSuccess = Request.QueryString("accessdenied")
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginSuccess)
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginFailed)
End If
%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>d8b空间站-代理商管理登陆</title>
<script language="JavaScript" type="text/JavaScript">

</script>
</head>
<body>
<form name="form1" method="POST" action="<%=MM_LoginAction%>">
<p align="center"> 用户:
<input name="Admin_name" type="text" id="Admin_name">
</p>
<p align="center"> 密码：
<input name="Admin_pass" type="password" id="Admin_pass">
</p>
<p align="center">
<input name="Submit" type="submit" onClick="YY_checkform('form1','Admin_name','#q','0','少了用户名','Admin_pass','#q','0','还有密码呀');return document.MM_returnValue" value="提交">
</p>
</form>
</body>
</html>
<%
Recordset1.Close()
Set Recordset1 = Nothing
%>

收藏0

使用道具举报

︶ㄣlоve_

2^#

发表于 2010-1-19 03:30:12 | 只看该作者

怎么变成这样了：
大家帮我看看这个代码怎么加上MD5加密功能。现在不是MD5的不太安全，我想加个MD5验证。可是我加上MD5就不正常了。先谢谢了我感觉是不是在这段里加呢

源代码： &"' AND Admin_pass='" & Replace(Request.Form("Admin_pass"),"'","''") & "'"

我是这么加的：&"' AND Admin_pass='" & Replace(md5(Request.Form("Admin_pass"),"'","''")) & "'"

回复支持反对

使用道具举报

爱虎老油♂

3^#

发表于 2010-1-19 03:30:16 | 只看该作者

大家帮我下

我很急

回复支持反对

使用道具举报

酷aiq兒kuku

4^#

发表于 2010-1-19 03:30:20 | 只看该作者

把登录时传过来的密码用MD5加密,再与数据库中的记录做比较

回复支持反对

使用道具举报

瘋子愛老婆

5^#

发表于 2010-1-19 03:30:24 | 只看该作者

我知道这个意思
但是我加了，就不能正常显示了。
是不是应该在这段加：
&"' AND Admin_pass='" & Replace(Request.Form("Admin_pass"),"'","''") & "'"

回复支持反对

使用道具举报

火之雄狮

6^#

发表于 2010-1-19 03:30:28 | 只看该作者

我急用

回复支持反对

使用道具举报

尐嘴亂儭

7^#

发表于 2010-1-19 03:30:32 | 只看该作者

没人会吗？

回复支持反对

使用道具举报

爲眀天活着

8^#

发表于 2010-1-19 03:30:36 | 只看该作者

这个是代码！！！！
本页的

<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>
<%
Dim Recordset1
Dim Recordset1_numRows
Set Recordset1 = Server.CreateObject("ADODB.Recordset")
Recordset1.ActiveConnection = MM_conn_STRING
Recordset1.Source = "SELECT * FROM d8b_User"
Recordset1.CursorType = 0
Recordset1.CursorLocation = 2
Recordset1.LockType = 1
Recordset1.Open()
Recordset1_numRows = 0
%>
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Request.QueryString
MM_valUsername=CStr(Request.Form("Admin_name"))
If MM_valUsername <> "" Then
MM_fldUserAuthorization="Admin_class"
MM_redirectLoginSuccess="MoreUserOK.asp"
MM_redirectLoginFailed="MoreUserError.asp"
MM_flag="ADODB.Recordset"
set MM_rsUser = Server.CreateObject(MM_flag)
MM_rsUser.ActiveConnection = MM_conn_STRING
MM_rsUser.Source = "SELECT Admin_name, Admin_pass"
If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization
MM_rsUser.Source = MM_rsUser.Source & " FROM d8b_User WHERE Admin_name='" & Replace(MM_valUsername,"'","''") &"' AND Admin_pass='" & Replace(Request.Form("Admin_pass"),"'","''") & "'"
MM_rsUser.CursorType = 0
MM_rsUser.CursorLocation = 2
MM_rsUser.LockType = 3
MM_rsUser.Open
If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
' username and password match - this is a valid user
Session("MM_Username") = MM_valUsername
If (MM_fldUserAuthorization <> "") Then
Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
Else
Session("MM_UserAuthorization") = ""
End If
if CStr(Request.QueryString("accessdenied")) <> "" And false Then
MM_redirectLoginSuccess = Request.QueryString("accessdenied")
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginSuccess)
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginFailed)
End If
%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>d8b空间站-代理商管理登陆</title>
<script language="JavaScript" type="text/JavaScript">
<!--
function MM_findObj(n, d) { //v4.01
var p,i,x; if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) {
d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n];
for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document);
if(!x && d.getElementById) x=d.getElementById(n); return x;
}
function YY_checkform() { //v4.07
var args = YY_checkform.arguments,myDot=true,myV='',myErr='',addErr=false,myReq,rx,myObj1,myMa,myAt;
for (var i=1; i<args.length;i=i+4){
if (args[i+1].charAt(0)=='#'){myReq=true; args[i+1]=args[i+1].substring(1);}else{myReq=false}
var myObj = MM_findObj(args[i].replace(/\[\d+\]/ig,""));myV=myObj.value;
if (myObj.type=='text'||myObj.type=='password'){
if (myReq&&myObj.value.length==0)addErr=true;
if ((myV.length>0)&&(args[i+2]==1)){ //fromto
if (!(myV/1)||myV<args[i+1].split('_')[0]/1||myV > args[i+1].split('_')[1]/1){addErr=true}
}
if ((myV.length>0)&&(args[i+2]==2)){ // email
rx=new RegExp("^[\\w\.=-]+@[\\w\\.-]+\\.[a-z]{2,4}$");if(!rx.test(myV))addErr=true;
}
if ((myV.length>0)&&(args[i+2]==3)){ // date
myMa=args[i+1].split("#");myAt=myV.match(myMa[0]);
if(myAt){
var myD=(myAt[myMa[1]])?myAt[myMa[1]]:1; var myM=myAt[myMa[2]]-1; var myY=myAt[myMa[3]];
var myDate=new Date(myY,myM,myD);
if(myDate.getFullYear()!=myY||myDate.getDate()!=myD||myDate.getMonth()!=myM){addErr=true};
}else{addErr=true}
}
if ((myV.length>0)&&(args[i+2]==4)){myMa=args[i+1].split("#");myAt=myV.match(myMa[0]);if(!myAt)addErr=true}// time
if (myV.length>0&&args[i+2]==5){ // check this 2
var myObj1 = MM_findObj(args[i+1].replace(/\[\d+\]/ig,""));
if(myObj1.length)myObj1=myObj1[args[i+1].replace(/(.*\[)|(\].*)/ig,"")];
if(!myObj1.checked)addErr=true;
}
if (myV.length>0&&args[i+2]==6){myObj1=MM_findObj(args[i+1]);if(myV!=myObj1.value)addErr=true;}// the same
}else
if (!myObj.type&&myObj.length>0&&myObj[0].type=='radio'){
var myTest = args[i].match(/(.*)\[(\d+)\].*/i);
var myObj1=(myObj.length>1)?myObj[myTest[2]]:myObj;
if (args[i+2]==1&&myObj1&&myObj1.checked&&MM_findObj(args[i+1]).value.length/1==0){addErr=true}
if (args[i+2]==2){
var myDot=false;
for(var j=0;j<myObj.length;j++){myDot=myDot||myObj[j].checked}
if(!myDot){myErr+='* ' +args[i+3]+'\n'}
}
}else
if (myObj.type=='checkbox'){
if(args[i+2]==1&&myObj.checked==false){addErr=true}
if(args[i+2]==2&&myObj.checked&&MM_findObj(args[i+1]).value.length/1==0){addErr=true}
}else
if (myObj.type=='select-one'||myObj.type=='select-multiple'){
if(args[i+2]==1&&myObj.selectedIndex/1==0){addErr=true}
}else
if (myObj.type=='textarea'){
if(myV.length<args[i+1]){addErr=true}
}
if (addErr){myErr+='* '+args[i+3]+'\n'; addErr=false}
}
if (myErr!=''){alert('多用户演示:\t\t\t\t\t\n\n'+myErr)}
document.MM_returnValue = (myErr=='');
}
//-->
</script>
</head>
<body>
<form name="form1" method="POST" action="<%=MM_LoginAction%>">
<p align="center"> 用户:
<input name="Admin_name" type="text" id="Admin_name">
</p>
<p align="center"> 密码：
<input name="Admin_pass" type="password" id="Admin_pass">
</p>
<p align="center">
<input name="Submit" type="submit" onClick="YY_checkform('form1','Admin_name','#q','0','少了用户名','Admin_pass','#q','0','还有密码呀');return document.MM_returnValue" value="提交">
</p>
</form>
</body>
</html>
<%
Recordset1.Close()
Set Recordset1 = Nothing
%>

复制代码

回复支持反对

使用道具举报

赌神

9^#

发表于 2010-1-19 03:30:40 | 只看该作者

还要引用MD5.ASP文件

回复支持反对

使用道具举报

绿茶

10^#

发表于 2010-1-19 03:30:45 | 只看该作者

晕S，你的代码发得这么整齐有心的人看到都会吓一跳的

回复支持反对

使用道具举报

		自动登录	找回密码
密码			注册