数据库位置:data/data.mdb
数据库表:user
id name pwd wenti daan
conn.asp
<%
db="data/data.mdb" ''数据库存放目录
on error resume next
set conn=server.createobject("adodb.connection")
conn.open "driver={microsoft access driver (*.mdb)};dbq="&server.mappath(db)
if err then
err.clear
set conn = Nothing
response.write "数据库连接出错,请检查conn.asp中的连接字符串。"
response.end
end if
function CloseDB
Conn.Close
set Conn=Nothing
End Function
%>
<%
dim badword
badword="''|and|select|update|chr|delete|%20from|;|insert|mid|master.|set|chr(37)|="
if request.QueryString<>"" then
chk=split(badword,"|")
for each query_name in request.querystring
for i=0 to ubound(chk)
if instr(lcase(request.querystring(query_name)),chk(i))<>0 then
response.write "<script language=javascript>alert(''传参错误!参数 "&query_name&" 的值中包含非法字符串!
'');location=''"&request.ServerVariables ("HTTP_REFERER")&"''</Script>"
response.end
end if
next
next
end if
%>
reg.asp
<!--#i nclude file="conn.asp"-->
<%
if request("action")="reg" then
set rs=server.CreateObject("adodb.recordset")
rs.open "select * from user where name=''"&trim(request("name"))&"''",conn,1,1
if rs.recordcount>0 then
response.write "<Script language=''JavaScript''>window.alert(''您输入的用户名已存在,请返回重新输入!'');history.back(-1);</Script>"
response.End()
end if
sql="select * from user"
set rs=server.createobject("adodb.recordset")
rs.open sql,conn,1,3
rs.addnew
rs("name")=trim(request.Form("name"))
rs("pwd")=trim(request.Form("pwd"))
rs("wenti")=trim(request.Form("wenti"))
rs("daan")=trim(request.Form("daan"))
rs.update
rs.close
set rs=nothing
response.write "<script language=javascript> alert(''注册成功,点击确定立即登录!'');location.replace(''login.asp'');</script>"
response.end
end if
%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>无标题文档</title>
</head>
<body><!--#i nclude file="top.asp"-->
<table width="90%" border="1" align="center" cellpadding="10" cellspacing="0">
<tr>
<td>用户注册
<form name="form1" method="post" action="?action=reg" onsubmit="return chkform(this)">
<table width="347" border="1" cellpadding="5" cellspacing="0">
<tr>
<td width="142">用户名</td>
<td width="179"><input name="name" type="text" id="name"></td>
</tr>
<tr>
<td>密码</td>
<td><input name="pwd" type="password" id="pwd"></td>
</tr>
<tr>
<td>密码提示问题</td>
<td><input name="wenti" type="text" id="wenti"></td>
</tr>
<tr>
<td>密码提示答案</td>
<td><input name="daan" type="text" id="daan"></td>
</tr>
<tr>
<td colspan="2"><input type="submit" name="Submit" value="http://www.popasp.com/注册">
<input type="reset" name="Submit" value="http://www.popasp.com/重置"> </td>
</tr>
</table>
</form>
</td>
</tr>
</table>
</body>
</html>
top.asp
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<table width="90%" border="1" align="center" cellpadding="10" cellspacing="0">
<tr>
<td><a href="http://www.popasp.com/"";index.asp">首页</a>
<%
if Session("name")="" then
%>
<a href="http://www.popasp.com/"";reg.asp">注册</a> <a href="http://www.popasp.com/"";login.asp">登陆</a>
<a href="http://www.popasp.com/"";pwd.asp">忘记密码?</a> <%
else
%>
欢迎您<%=Session("name")%>, <a href="http://www.popasp.com/"";loginout.asp">注销登陆</a>
<%
end if
%>
<a href="http://www.popasp.com/"";jiami.asp">加密页</a></td>
</tr>
</table>
<br>
login.asp
<!--#i nclude file="conn.asp"-->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>无标题文档</title>
</head>
<body><!--#i nclude file="top.asp"-->
<table width="90%" border="1" align="center" cellpadding="10" cellspacing="0">
<tr>
<td>
用户登陆
<%
if Session("name")="" then
%>
<form name="form1" method="post" action="loginok.asp?action=login" onsubmit="return chkform(this)">
<table border="1" cellspacing="0" cellpadding="5">
<tr>
<td width="116">用户名</td>
<td width="116"><input name="name" type="text" id="name"></td>
</tr>
<tr>
<td>密码</td>
<td><input name="pwd" type="password" id="pwd"></td>
</tr>
<tr>
<td colspan="2"><input type="submit" name="Submit" value="http://www.popasp.com/登陆">
<input type="reset" name="Submit" value="http://www.popasp.com/重置"></td>
</tr>
</table>
</form>
<%
else
%>
<table border="1" cellspacing="0" cellpadding="5">
<tr>
<td width="303"><%=Session("name")%>,您已经成功登陆</td>
</tr>
</table>
<%
end if
%>
</td>
</tr>
</table>
</body>
</html>
loginok.asp
<!--#i nclude file="conn.asp"-->
<%
Session.TimeOut=30
if request("action")="login" then
name=trim(request.form("name"))
pwd=trim(request.form("pwd"))
if name="" or pwd="" then
Response.Redirect ("login.asp")
end if
set rs=server.createobject("adodb.recordset")
sql="select * from user where name=''"&name&"''and pwd=''"&pwd&"''"
rs.open sql,conn,1,1
if not rs.eof then
session("name")=name
response.redirect"edit.asp"
else
response.redirect"Error.asp"
response.end
end if
end if
%>
loginout.asp
<%
session("name")=""
response.write "<script language=javascript> alert(''退出登陆成功!'');location.href(''index.asp'');</script>"
response.end
%>
pwd.asp
<!--#i nclude file="conn.asp"-->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>无标题文档</title>
</head>
<body><!--#i nclude file="top.asp"-->
<table width="90%" border="1" align="center" cellpadding="10" cellspacing="0">
<tr>
<td><p>找回密码</p>
<form name="form1" method="post" action="pwd2.asp?action=pwd">
<table width="398" border="1" cellpadding="5" cellspacing="0">
<tr>
<td width="130">请输入用户名</td>
<td width="168"><input name="name" type="text" id="name"></td>
<td width="62"><input type="submit" name="Submit" value="http://www.popasp.com/查询"></td>
</tr>
</table>
</form></td>
</tr>
</table>
</body>
</html>
pwd2.asp
<!--#i nclude file="conn.asp"-->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>无标题文档</title>
</head>
<body><!--#i nclude file="top.asp"-->
<table width="90%" border="1" align="center" cellpadding="10" cellspacing="0">
<tr>
<td>
找回密码
<%
name=trim(request.form("name"))
set rs=server.createobject("adodb.recordset")
sql="select * from user where name=''"&name&"''"
rs.open sql,conn,1,1
if not rs.eof then
%>
<form name="form1" method="post" action="pwd3.asp">
<table width="398" border="1" cellpadding="5" cellspacing="0">
<tr>
<td><%=rs("name")%></td>
<td> </td>
<td><input name="name" type="hidden" id="name" value="http://www.popasp.com/<%=rs("name")%>"></td>
</tr>
<tr>
<td width="130">密码提示问题</td>
<td width="168"><%=rs("wenti")%>
</td>
<td width="62"> </td>
</tr>
<tr>
<td>密码提示答案</td>
<td><input name="daan" type="text" id="daan"></td>
<td><input type="submit" name="Submit" value="http://www.popasp.com/查询"></td>
</tr>
</table>
</form>
<% else
%>
<table width="413" border="1" cellpadding="5" cellspacing="0">
<tr>
< td>你输入的用户名不存在,请<a href="http://www.popasp.com/"";javascript:history.back()">返回</a>重新输入,或者<a href="http://www.popasp.com/"";reg.asp">注册</a></td>
</tr>
</table>
<%end if
%>
</td>
</tr>
</table>
</body>
</html>
pwd3.asp
<!--#i nclude file="conn.asp"-->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>无标题文档</title>
</head>
<body><!--#i nclude file="top.asp"-->
<table width="90%" border="1" align="center" cellpadding="10" cellspacing="0">
<tr>
<td>
找回密码
<%
name=trim(request.form("name"))
daan=trim(request.form("daan"))
set rs=server.createobject("adodb.recordset")
sql="select * from user where name=''"&name&"'' and daan=''"&daan&"''"
rs.open sql,conn,1,1
if not rs.eof then
%>
<table width="398" border="1" cellpadding="5" cellspacing="0">
<tr>
<td width="130"><%=rs("name")%>,您的密码</td>
<td><%=rs("pwd")%>
</td>
</tr>
</table>
<% else
%>
<table width="413" border="1" cellpadding="5" cellspacing="0">
<tr>
<td>你输入的密码提示答案不正确,请<a href="http://www.popasp.com/"";javascript:history.back()">返回</a>重新输入</td>
</tr>
</table>
<%end if
%>
</td>
</tr>
</table>
</body>
</html>
error.asp
<!--#i nclude file="conn.asp"-->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>无标题文档</title>
</head>
<body><!--#i nclude file="top.asp"-->
<table width="90%" border="1" align="center" cellpadding="10" cellspacing="0">
<tr>
<td>登陆失败,请检查用户名和密码是否正确 <a href="http://www.popasp.com/"";login.asp">返回</a></td>
</tr>
</table>
</body>
</html>
edit.asp
<!--#i nclude file="conn.asp"-->
<%
if request("action")="edit" then
name=session("name")
set rs=server.createobject("adodb.recordset")
sql="select * from user where name=''"&name&"''"
rs.open sql,conn,3,2
rs("pwd")=trim(request.Form("pwd"))
rs("daan")=trim(request.Form("daan"))
rs.update
rs.close
set rs=nothing
response.write "<script language=javascript>alert(''编辑成功!'');location.href(''edit.asp'');</script>"
end if
%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>无标题文档</title>
</head>
<body><!--#i nclude file="top.asp"-->
<table width="90%" border="1" align="center" cellpadding="10" cellspacing="0">
<tr>
<td><p>修改资料</p>
<p>
<%
if Session("name")="" then
%>
对不起你还没有登陆,请<a href="http://www.popasp.com/"";login.asp">登陆</a>或者<a href="http://www.popasp.com/"";reg.asp">注册</a>
<%
else
%>
<%
name=session("name")
set rs=server.createobject("adodb.recordset")
sql="select * from user where name=''"&name&"''"
rs.open sql,conn,1,1
%>
</p>
<form action="?action=edit" method="post" name="form" id="form">
<table border="1" cellpadding="5">
<tr>
<td>用户名</td>
<td><%=rs("name")%></td>
</tr>
<tr>
<td>密码</td>
<td><input name="pwd" type="text" id="pwd" value="http://www.popasp.com/<%=rs("pwd")%>"></td>
</tr>
<tr>
<td>密码提示问题</td>
<td><%=rs("wenti")%></td>
</tr>
<tr>
<td>密码提示答案</td>
<td><input name="daan" type="text" id="daan" value="http://www.popasp.com/<%=rs("daan")%>"></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="Submit" value="http://www.popasp.com/修改">
<input type="reset" name="Submit" value="http://www.popasp.com/重置"></td>
</tr>
</table>
</form>
<p> <%
end if
%>
</p></td>
</tr>
</table>
</body>
</html>
11
22
33