<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%> <%OPTION EXPLICIT%> <% '///////////////////////////////////////////////////////////////////////////////////////// ' ?????Login.asp ' ?????????????????? '///////////////////////////////////////////////////////////////////////////////////////// Dim objProcessor, objUser Dim strErrMessage Set objProcessor = New TxTransformProcessor objProcessor.LoadXMLFile("Login.xml") objProcessor.LoadXSLFile("Login.xsl") If Request.Form("Action") = "Login" Then If CheckAccountAndPassword(strErrMessage) Then Response.Redirect PATH_ROOT & "Index.asp" Else objProcessor.XMLDoc.selectSingleNode("http://Body/ErrorMessage").Text = strErrMessage End If Else '?????????? Response.Cookies("SMJB_LoginData").Path = PATH_ROOT Response.Cookies("SMJB_LoginData")("UserID") = "" Response.Cookies("SMJB_LoginData")("UserName") = "" Response.Cookies("SMJB_LoginData")("LoginTime") = "" Response.Cookies("SMJB_LoginData")("CheckCode") = "" End If Response.Write objProcessor.Transform '///////////////////////////////////////////////////////////////////////////////////////// ' ???????????????????? '///////////////////////////////////////////////////////////////////////////////////////// Function CheckAccountAndPassword(strErrMessage) Dim objErrorPersist : Set objErrorPersist = New TxErrorPersist Dim blnResult : blnResult = False Dim strAccount, strPassword, intValidationCode Dim objMD5, objUser, objLoginData On Error Resume Next strAccount = Trim(Request.Form("Account")) strPassword = Trim(Request.Form("Password")) '???????????????????????? If LCase(strAccount) <> "guest" Then intValidationCode = CInt(Request.Form("ValidationCode")) Else intValidationCode = Session("ValidationCode") End If If (Err.Number <> 0) Or (intValidationCode <> Session("ValidationCode")) Then strErrMessage = "?????????????????????" Else Set objMD5 = CreateObject("ZhanYangAsp.MD5") strPassword = objMD5.Encode(strPassword) Set objUser = objMastData.Connection.Execute( _ "SELECT [ID], [Name], [Disabled] FROM [SMJB_USER] WHERE [Account]=" & _ FormatSQLString(strAccount) & " AND [Password]=" & FormatSQLString(strPassword)) If objUser.BOF And objUser.EOF Then strErrMessage = "????????????????????" ElseIf objUser("Disabled") = True Then strErrMessage = "????????????ив?" Else Set objLoginData = New TxLoginData objLoginData.UserID = objUser("ID") objLoginData.UserName = objUser("Name") objLoginData.LoginTime = Now() objLoginData.Save blnResult = True End If End If CheckAccountAndPassword = blnResult End Function %>