<!--#include file="conn.asp"-->
<%
if session("userid")<>"" then response.redirect "main.asp"
if request.form("Submit")=" 提 交 " then
if int(request.form("tj"))<>int(session("SafeCode")) then call emsg("错误信息","验证码不正确!")
username=lenstr(trim(checkstr(request("username"))),1,15,"用户名")
passwords=lenstr(trim(checkstr(request("password"))),1,22,"密码")
sql="select * from admin where username='" & username & "' and password='" & convertpw(passwords) & "'"
set rs=server.CreateObject("adodb.recordset")
rs.open sql,conn,1,3
if rs.eof then call emsg("错误信息","登陆失败,用户名或密码错误!")
Useronline=0
if rs("Online")=1 then Useronline=1
if datediff("s",now(),rs("ActiveTime"))<-350 then Useronline=0
If Useronline=1 then call emsg("错误信息","当前用户已经在线,请稍候再尝试!")
if rs("LockIp")<>"" and bip<>rs("LockIp") then call emsg("错误信息","此管理员的登陆IP已经被限制,您的IP没有被授权!")
session("userid")=rs("id")
session("username")=rs("username")
session("password")=convertpw(passwords)
session("4fmanageqx")=rs("quanxian")
session("LastLoginIP")=rs("LastLoginIP")
session("LastLoginTime")=rs("LastLoginTime")
session("sessionid")=Session.SessionID
rs("sessionid")=Session.SessionID
rs("LastLoginIp")=bip
rs("LastLoginTime")=now()
rs("Online")=1
rs("ActiveTime")=now()
rs.update
rs.close
set rs=nothing
Writelogs("登陆后台管理中心!")
conn.close
set conn=nothing
call emsg("提示信息","您已经安全登陆...5秒后进入管理首页!<br><meta HTTP-EQUIV=REFRESH CONTENT='5;URL=./'>")
end if
%>
