古野医疗:用ASP实现用户登陆

login.asp:
<form name="login" method="post" action="after_login.asp">
用户名:<input name="user_name" size="12" maxlength="16">密 码:<input name="password" size="12" type="password" maxlength="16">
<input align="absMiddle" id="image1" name="image1" src="images/login.gif" type="image" WIDTH="37" HEIGHT="20">
</form>

coon.asp:
<%
connstr = "DBQ=" + server.mappathuser.mdb") + ";DRIVER={Microsoft Access Driver (*.mdb)}"
Set conn=Server.createobject("ADODB.CONNECTION")
conn.Open connstr
%>

外加after_login.asp登录验证页面:
<!--#include file="Conn.Asp"-->
<%
Dim UserName,PassWord
UserName=replace(trim(Request.Form("Username")),"'","‘")
PassWord=replace(trim(Request.Form("PassWord")),"'","‘")

If UserName="" or PassWord="" Then
Response.Write ("<script>alert('会员登陆失败!\n\n错误原因:会员帐号和密码未填。');history.back();</script>")
Response.end
End If

if Instr(UserName,">")>0 or Instr(UserName,"<")>0 or Instr(UserName,"=")>0 or Instr(UserName,"%")>0 or Instr(UserName,chr(32))>0 or Instr(UserName,"?")>0 or Instr(UserName,"&")>0 or Instr(UserName,";")>0 or Instr(UserName,",")>0 or Instr(UserName,"'")>0 or Instr(UserName,chr(34))>0 or Instr(UserName,chr(9))>0 or Instr(UserName,"?")>0 or Instr(UserName,"$")>0 then
Response.Write ("<script>alert('会员登陆失败!\n\n错误原因:会员含有非法字符!');history.back();</script>")
Response.end
else
UserName=Trim(UserName)
end if

set rs=server.createobject("adodb.recordset")
sql="select * from [user] where UserName='"&UserName&"'"
rs.open sql,conn,1,3
if rs.eof then
Response.Write ("<script>alert('会员登陆失败!\n\n错误原因:会员帐号错误。');history.back();</script>")
Response.end
else
if rs("PassWord")<>PassWord then
rs.close
set rs=nothing
Response.Write ("<script>alert('会员登陆失败!\n\n错误原因:会员密码错误。');history.back();</script>")
Response.end
else

session("UserName")=UserName'登录成功传递一个session值以便以后调用用户相关
session.timeout=300
end if
end if
rs.close
set rs=nothing
CloseDatabase
%>

用session控制!如果登陆,赋于它值,否则返回继续登陆!
这不算是答案,只能说是一点建议吧!