当前位置:首页 >> 网络编程

如何最大限度地实现安全登录功能?

<%
if not IsEmpty(Session("cust—id")) and Len(Session("cust—id"))>0 then

' 用户登录后指向主页.
 Response.Redirect("navigation/dashbrd.asp")

 ' 在此添入真正的主页URL.

end if

bLogin = False  

' 设置标志.
bError = False
if IsEmpty(Request("uid")) or Len(Request("uid")) = 0 or IsEmpty(Request("pwd")) or Len(Request("pwd")) = 0 then  

' 检查空字符.
  bLogin = True
else

 

----------------------------------------------------------------------------------------------------------------
' 检验数据库保存密码表中是否有该用户.
"select * from customer WHERE cust—id=′ " & request("uid") &"′ and ′cust—pwd=′"& request(″pwd″) &"′"
' 连接数据库,其中request(″uid″)和request(″pwd″) 为本页html中表单中的用户名和密码的text.

  gbFound = False
----------------------------------------------------------------------------------------------------------------

  if not rsCust.BOF and not rsCust.EOF then
    gbFound = True
  end if

  if gbFound then
    Session("cust—id") = rsCust.Fields("cust—id")
    ' 在session变量中记录有用的信息.此项为数据库中用户名.
    Session("cust—pwd") = rsCust.Fields("cust—pwd")

' 此项为数据库中用户密码.
    Session("power") = rsCust.Fields("power")

        ' 此项为数据库中用户权限,可选.

    ' rsCust.ActiveConnection.Execute ("update customer set cust—login = ′ "& Now &"′ where cust_id = "& Session("cust—id") &"")

' 更新最后登录时间,可选.

    Response.Redirect("navigation/dashbrd.asp")

        ' 真正主页URL.
  Else
    ′UID and password not found
    bError = True bLogin = True
  end if

  rsCust.Close
   ' 关闭记录.
   mycn—login.Close
  set mycn—login=Nothing
 end if
%>

 

----------------------------------------------------------------------------------------------------------------

' 登录页面.

<form name="login" action="default.asp" method="post" target="—top">

' 在html中加入FORM,并设为自发送页.action后面要接本页的URL,这样,即使用户登录错误,在本页即可获得提示,而无须再返回前一页登录.

input name="uid" size="10"maxlength="10" style="HEIGHT: 21px; WIDTH: 101px">

<input name="pwd"type="password" size="10" maxlength="10">

[1]