Database location: Data/data.mdb
database table: User
ID name pwd Wenti daan
Conn.asp
<%
db= "Data/data.mdb" Database storage directory
On Error Resume Next
Set Conn=server.createobject ("Adodb.connection")
Conn.Open "Driver={microsoft Access Driver (*.mdb)};d bq=" &server.mappath (db)
If Err Then
Err.Clear
Set conn = Nothing
Response.Write "Database connection error, check the connection string in conn.asp. "
Response.End
End If
function Closedb
Conn.close
Set conn=nothing
End Function
%>
<%
Dim BadWord
Badword= "' |and|select|update|chr|delete|%20from|;| insert|mid|master.| SET|CHR (37) |= "
If request. Querystring<> "" Then
Chk=split (BadWord, "|")
For each query_name in Request.QueryString
For i=0 to UBound (CHK)
If InStr (LCase (Request.QueryString (Query_name)), chk (i)) <>0 then
Response.Write "<script Language=javascript>alert" (' Pass parameter Error! The value of the parameter ' &query_name& ' contains an illegal string! \ n '); location= ' "&request. ServerVariables ("Http_referer") & "' </Script>"
Response.End
End If
Next
Next
End If
%>
Reg.asp
<!--#i nclude file= "conn.asp"-->
<%
If Request ("action") = "Reg" Then
Set Rs=server. CreateObject ("Adodb.recordset")
Rs.Open "SELECT * from user where name= '" &trim (Request ("name") & "", conn,1,1
If Rs.recordcount>0 Then
Response.Write "<script language= ' JavaScript ' >window.alert (' You have entered a username already exists, please return to re-enter!") '); History.back ( -1);</script> "
Response. End ()
End If
Sql= "SELECT * from User"
Set Rs=server.createobject ("Adodb.recordset")
Rs.Open sql,conn,1,3
Rs.addnew
RS ("name") =trim (request. Form ("name")
RS ("pwd") =trim (request. Form ("pwd"))
RS ("Wenti") =trim (request. Form ("Wenti"))
RS ("Daan") =trim (request. Form ("Daan"))
Rs.update
Rs.close
Set rs=nothing
Response.Write "<script language=javascript> alert (' registered successfully, click OK to login now! '); Location.replace (' Login.asp ');</script> "
Response.End
End If
%>
<meta http-equiv= "Content-type" content= "text/html; charset=gb2312 ">
<title> Untitled Document </title>
<body><!--#i nclude file= "top.asp"-->
<table width= "90%" border= "1" align= "center" cellpadding= "Ten" cellspacing= "0" >
<tr>
<td> User Registration
<form name= "Form1" method= "Post" action= "Action=reg" onsubmit= "return Chkform (This)" >
<table width= "347" border= "1" cellpadding= "5" cellspacing= "0" >
<tr>
<TD width= > Username </td>
<TD width= "179" ><input name= "name" type= "text" id= "name" ></td>
</tr>
<tr>
<td> Password </td>
<td><input name= "pwd" type= "password" id= "pwd" ></td>
</tr>
<tr>
<td> Password hint questions </td>
<td><input name= "Wenti" type= "text" id= "Wenti" ></td>
</tr>
<tr>
<td> password hint answer </td>
<td><input name= "Daan" type= "text" id= "Daan" ></td>
</tr>
<tr>
<TD colspan= "2" ><input type= "Submit" name= "submit" value= "Registration" >
<input type= "reset" name= "Submit" value= "reset" > </td>
</tr>
</table>
</form>
</td>
</tr>
</table>
</body>
Top.asp
<meta http-equiv= "Content-type" content= "text/html; charset=gb2312 ">
<table width= "90%" border= "1" align= "center" cellpadding= "Ten" cellspacing= "0" >
<tr>
<td><a href= "/" "index.asp" > Home </a>
<%
If session ("name") = "" Then
%>
<a href= "/" "reg.asp" > Registration </a> <a href= "/" "Login.asp" > Login </a>
<a href= "/" ";p wd.asp" > Forgot password? </a> <%
Else
%>
Welcome to <%=session ("name")%>, <a href= "/" loginout.asp "> Logout login </a>
<%
End If
%>
<a href= "/"; jiami.asp "> Encrypted page </a></td>
</tr>
</table>
<br>
Login.asp
<!--#i nclude file= "conn.asp"-->
<meta http-equiv= "Content-type" content= "text/html; charset=gb2312 ">
<title> Untitled Document </title>
<body><!--#i nclude file= "top.asp"-->
<table width= "90%" border= "1" align= "center" cellpadding= "Ten" cellspacing= "0" >
<tr>
<td>
User Login
<%
If session ("name") = "" Then
%>
<form name= "Form1" method= "Post" action= "Loginok.asp?action=login" onsubmit= "return Chkform (This)" >
<table border= "1" cellspacing= "0" cellpadding= "5" >
<tr>
<TD width= "116" > Username </td>
<TD width= "116" ><input name= "name" type= "text" id= "name" ></td>
</tr>
<tr>
<td> Password </td>
<td><input name= "pwd" type= "password" id= "pwd" ></td>
</tr>
<tr>
<TD colspan= "2" ><input type= "Submit" name= "Submit" value= "Landing" >
<input type= "reset" name= "Submit" value= "reset" ></td>
</tr>
</table>
</form>
<%
Else
%>
<table border= "1" cellspacing= "0" cellpadding= "5" >
<tr>
<TD width= "303" ><%=session ("name")%> you have successfully logged in </td>
</tr>
</table>
<%
End If
%>
</td>
</tr>
</table>
</body>
Loginok.asp
<!--#i nclude file= "conn.asp"-->
<%
Session.timeout=30
If Request ("action") = "Login" Then
Name=trim (Request.Form ("name"))
Pwd=trim (Request.Form ("pwd"))
If Name= "" or pwd= "" Then
Response.Redirect ("Login.asp")
End If
Set Rs=server.createobject ("Adodb.recordset")
Sql= "SELECT * from user where name= '" &name& "' and pwd= '" &pwd& "'"
Rs.Open sql,conn,1,1
If not rs.eof then
Session ("name") =name
Response.Redirect "Edit.asp"
Else
Response.Redirect "Error.asp"
Response.End
End If
End If
%>
Loginout.asp
<%
Session ("name") = ""
Response.Write "<script language=javascript> alert (' Exit login successful! '); Location.href (' index.asp ');</script> "
Response.End
%>
Pwd.asp
<!--#i nclude file= "conn.asp"-->
<meta http-equiv= "Content-type" content= "text/html; charset=gb2312 ">
<title> Untitled Document </title>
<body><!--#i nclude file= "top.asp"-->
<table width= "90%" border= "1" align= "center" cellpadding= "Ten" cellspacing= "0" >
<tr>
<td><p> Find Password </p>
<form name= "Form1" method= "Post" action= "Pwd2.asp?action=pwd" >
<table width= "398" border= "1" cellpadding= "5" cellspacing= "0" >
<tr>
<TD width= "130" > Please enter user name </td>
<TD width= "><input" name= "name" type= "text" id= "name" ></td>
<TD width= "><input type=" "Submit" name= "submit" value= "Query" ></td>
</tr>
</table>
</form></td>
</tr>
</table>
</body>
Pwd2.asp
<!--#i nclude file= "conn.asp"-->
<meta http-equiv= "Content-type" content= "text/html; charset=gb2312 ">
<title> Untitled Document </title>
<body><!--#i nclude file= "top.asp"-->
<table width= "90%" border= "1" align= "center" cellpadding= "Ten" cellspacing= "0" >
<tr>
<td>
Retrieve password
<%
Name=trim (Request.Form ("name"))
Set Rs=server.createobject ("Adodb.recordset")
Sql= "SELECT * from user where name= '" &name& ""
Rs.Open sql,conn,1,1
If not rs.eof then
%>
<form name= "Form1" method= "Post" action= "pwd3.asp" >
<table width= "398" border= "1" cellpadding= "5" cellspacing= "0" >
<tr>
<td><%=rs ("name")%></td>
<td> </td>
<td><input name= "name" type= "hidden" id= "name" value= "<%=rs (" name ")%>" ></td>
</tr>
<tr>
<TD width= "130" > Password hint questions </td>
<TD width= "><%=rs" ("Wenti")%>
</td>
<TD width= "> </td>"
</tr>
<tr>
<td> password hint answer </td>
<td><input name= "Daan" type= "text" id= "Daan" ></td>
<td><input type= "Submit" name= "Submit" value= "Enquiry" ></td>
</tr>
</table>
</form>
<% Else
%>
<table width= "413" border= "1" cellpadding= "5" cellspacing= "0" >
<tr>
< td> the username you entered does not exist, please <a href= "/" "Javascript:history.back ()" > Return </a> Re-enter, or <a href= "/"; reg.asp " > Registration </a></td>
</tr>
</table>
<%end if
%>
</td>
</tr>
</table>
</body>
Pwd3.asp
<!--#i nclude file= "conn.asp"-->
<meta http-equiv= "Content-type" content= "text/html; charset=gb2312 ">
<title> Untitled Document </title>
<body><!--#i nclude file= "top.asp"-->
<table width= "90%" border= "1" align= "center" cellpadding= "Ten" cellspacing= "0" >
<tr>
<td>
Retrieve password
<%
Name=trim (Request.Form ("name"))
Daan=trim (Request.Form ("Daan"))
Set Rs=server.createobject ("Adodb.recordset")
Sql= "SELECT * from user where name= '" &name& "' and daan= '" &daan& "'"
Rs.Open sql,conn,1,1
If not rs.eof then
%>
<table width= "398" border= "1" cellpadding= "5" cellspacing= "0" >
<tr>
<TD width= "130" ><%=rs ("name")%>, your password </td>
<td><%=rs ("pwd")%>
</td>
</tr>
</table>
<% Else
%>
<table width= "413" border= "1" cellpadding= "5" cellspacing= "0" >
<tr>
<td> you enter the password prompt answer is incorrect, please <a href= "/" "; Javascript:history.back ()" > Return </a> Re-enter </td>
</tr>
</table>
<%end if
%>
</td>
</tr>
</table>
</body>
Error.asp
<!--#i nclude file= "conn.asp"-->
<meta http-equiv= "Content-type" content= "text/html; charset=gb2312 ">
<title> Untitled Document </title>
<body><!--#i nclude file= "top.asp"-->
<table width= "90%" border= "1" align= "center" cellpadding= "Ten" cellspacing= "0" >
<tr>
<td> Login failed, please check that username and password are correct <a href= "/"; Login.asp "> Return </a></td>
</tr>
</table>
</body>
Edit.asp
<!--#i nclude file= "conn.asp"-->
<%
If Request ("action") = "edit" Then
Name=session ("name")
Set Rs=server.createobject ("Adodb.recordset")
Sql= "SELECT * from user where name= '" &name& ""
Rs.Open sql,conn,3,2
RS ("pwd") =trim (request. Form ("pwd"))
RS ("Daan") =trim (request. Form ("Daan"))
Rs.update
Rs.close
Set rs=nothing
Response.Write "<script Language=javascript>alert (' Edit success! '); Location.href (' edit.asp ');</script> "
End If
%>
<meta http-equiv= "Content-type" content= "text/html; charset=gb2312 ">
<title> Untitled Document </title>
<body><!--#i nclude file= "top.asp"-->
<table width= "90%" border= "1" align= "center" cellpadding= "Ten" cellspacing= "0" >
<tr>
<td><p> Modification Information </p>
<p>
<%
If session ("name") = "" Then
%>
Sorry you have not landed, please <a href= "/" "Login.asp" > Login </a> or <a href= "/" "reg.asp" > Registration </a>
<%
Else
%>
<%
Name=session ("name")
Set Rs=server.createobject ("Adodb.recordset")
Sql= "SELECT * from user where name= '" &name& ""
Rs.Open sql,conn,1,1
%>
</p>
<form action= "? Action=edit" method= "post" name= "form" id= "form" >
<table border= "1" cellpadding= "5" >
<tr>
<td> User name </td>
<td><%=rs ("name")%></td>
</tr>
<tr>
<td> Password </td>
<td><input name= "pwd" type= "text" id= "pwd" value= "<%=rs (" pwd ")%>" ></td>
</tr>
<tr>
<td> Password hint questions </td>
<td><%=rs ("Wenti")%></td>
</tr>
<tr>
<td> password hint answer </td>
<td><input name= "Daan" type= "text" id= "Daan" value= "<%=rs (" Daan ")%>" ></td>
</tr>
<tr>
<td> </td>
<td><input type= "Submit" name= "Submit" value= "Modified" >
<input type= "reset" name= "Submit" value= "reset" ></td>
</tr>
</table>
</form>
<p> <%
End If
%>
</p></td>
</tr>
</table>
</body>