<%
response.expires =0
session("author")="Lattice"
If Request.ServerVariables("REQUEST_METHOD")="POST" Then %>
<%
user_name=trim(request.form("user_name"))
user_password=trim(request.form("user_password"))
if user_name="" or user_password="" then
NiceError "管理用户名和密码不能为空!返回"
elseif (instr(1,user_name,"'",1)>0 or instr(1,user_password,"'",1)>0 or instr(1,user_name,"=",1)>0 or instr(1,user_password,"=",1)>0 or instr(1,user_name,"<",1)>0 or instr(1,user_password,"<",1)>0 or instr(1,user_name,">",1)>0 or instr(1,user_password,">",1)>0) then
NiceError "操作出错,请重新登录!返回"
else
sql ="select * from N_admin where admin_name='"& user_name &"'"
openrs rs,sql,2,2
If rs.EOF Or rs.BOF Then
NiceError "操作出错,请重新登录!返回"
elseif rs("admin_password")<>user_password then
NiceError "操作出错,请重新登录!返回"
else
session("adminadminister_news")=rs("admin_field")
session("chkuser")="!123_4567!"
end if
rs.close
set rs=nothing
set conn=nothing
response.redirect "newsadmin/default.asp"
end if
else
%>
新闻系统