答案:http://mr-w.cn/
一直被这个问题所困扰!!现在终于完美解决啦!!献给那些需要前台记住登录信息的朋友!(此方法经过我的使用验证不存在星铃丹管理员所说的后台会持续登陆的安全隐患...后台还是和原版一样的,效果只针对前台!!)
感谢Wady和IFairy...
请大家不要只看不回,只回不来我的博客坐坐...回帖是美德!做人要厚道!!
下面是修改方法...
1.首先修改common/checkUser.asp(主要是这个!!)
将以下原码
[Copy to clipboard]CODE:
'进行MD5密码验证,转换旧帐户密码验证方式
dim strSalt
strSalt=randomStr(6)
memLogin("mem_salt")=strSalt
memLogin("mem_LastIP")=getIP()
memLogin("mem_lastVisit")=now()
memLogin("mem_hashKey")=HashKey
memLogin("mem_Password")=SHA1(Password&strSalt)
Response.Cookies(CookieName)("memName")=memLogin("mem_Name")
Response.Cookies(CookieName)("memHashKey")=HashKey
if Request.Form("KeepLogin")="1" then Response.Cookies(CookieName).Expires=Date+365
memLogin.Update
ReInfo(0)="登录成功"
ReInfo(1)="<b>"&memLogin("mem_Name")&"</b>,欢迎你的再次光临。<br/><a href=> ReInfo(2)="MessageIcon"
ReInfo(3)=true
End IF
else
if memLogin("mem_Password")<>SHA1(Password&memLogin("mem_salt")) then
ReInfo(0)="错误信息"
ReInfo(1)="<b>用户名与密码错误</b><br/><a href=> ReInfo(2)="ErrorIcon"
logout(false)
else
memLogin("mem_LastIP")=getIP()
memLogin("mem_lastVisit")=now()
memLogin("mem_hashKey")=HashKey
Response.Cookies(CookieName)("memName")=memLogin("mem_Name")
Response.Cookies(CookieName)("memHashKey")=HashKey
if Request.Form("KeepLogin")="1" then Response.Cookies(CookieName).Expires=Date+365
memLogin.Update
ReInfo(0)="登录成功"
ReInfo(1)="<b>"&memLogin("mem_Name")&"</b>,欢迎你的再次光临。<br/><a href=> ReInfo(2)="MessageIcon"
ReInfo(3)=true
end if
end if
memLogin.Close
Set memLogin=Nothing
login=ReInfo
end function
修改成
[Copy to clipboard]CODE:
'进行MD5密码验证,转换旧帐户密码验证方式
dim strSalt
strSalt=randomStr(6)
memLogin("mem_salt")=strSalt
memLogin("mem_LastIP")=getIP()
memLogin("mem_lastVisit")=now()
memLogin("mem_hashKey")=HashKey
memLogin("mem_Password")=SHA1(Password&strSalt)
Response.Cookies(CookieName)("memName")=memLogin("mem_Name")
Response.Cookies(CookieName)("memHashKey")=HashKey
if Cint(Request.Form("KeepLogin"))<>0 then Response.Cookies(CookieName).Expires=Date+Cint(Request.Form("KeepLogin"))
memLogin.Update
ReInfo(0)="登陆成功"
ReInfo(1)="<b>"&memLogin("mem_Name")&"</b>,欢迎你的再次光临。<br/><a href=> ReInfo(2)="MessageIcon"
ReInfo(3)=true
End IF
else
if memLogin("mem_Password")<>SHA1(Password&memLogin("mem_salt")) then
ReInfo(0)="错误信息"
ReInfo(1)="<b>用户名与密码错误</b><br/><a href=> ReInfo(2)="ErrorIcon"
logout(false)
else
memLogin("mem_LastIP")=getIP()
memLogin("mem_lastVisit")=now()
memLogin("mem_hashKey")=HashKey
Response.Cookies(CookieName)("memName")=memLogin("mem_Name")
Response.Cookies(CookieName)("memHashKey")=HashKey
if Cint(Request.Form("KeepLogin"))<>0 then Response.Cookies(CookieName).Expires=Date+Cint(Request.Form("KeepLogin"))
memLogin.Update
ReInfo(0)="登陆成功"
ReInfo(1)="<b>"&memLogin("mem_Name")&"</b>,欢迎你的再次光临。<br/><a href=> ReInfo(2)="MessageIcon"
ReInfo(3)=true
end if
end if
memLogin.Close
Set memLogin=Nothing
login=ReInfo
end function
然后搜索
[Copy to clipboard]CODE:
memLogin("mem_LastIP")=getIP()
有三处!将其删除...
再搜索
[Copy to clipboard]CODE:
if CheckCookie("mem_LastIP")<>Guest_IP or isNull(CheckCookie("mem_LastIP")) then
logout(true)
else
memName=CheckStr(Request.Cookies(CookieName)("memName"))
memStatus=CheckCookie("mem_Status")
end if
替换为
[Copy to clipboard]CODE:
memName=CheckStr(Request.Cookies(CookieName)("memName"))
memStatus=CheckCookie("mem_Status")
2.修改login.asp:
将以下代码替换<form name="checkUser" action="login.asp" method="post">至</form>断
[Copy to clipboard]CODE:
<form name="checkUser" action="login.asp" method="post">
<div id="MsgContent">
<div id="MsgHead">用户登录</div>
<div id="MsgBody">
<input name="action" type="hidden" value="login"/>
<label>用户名:<input name="username" type="text" size="18" class="userpass" maxlength="24"/></label><br/>
<label>密 码:<input name="password" type="password" size="18" class="userpass"/></label><br/>
<%if blog_useCode then%><label>验证码:<input name="validate" type="text" size="4" class="userpass" maxlength="4"/> <%=getcode()%></label><br/><%end if%>
<label>记住登陆: <select name="KeepLogin" id="KeepLogin" class="userpass">
<option value="1" selected="selected">一天</option>
<option value="30" >一個月</option>
<option value="365">一年</option>
<option value="0">不用記住</option>
</select>
</label>
<br/>
<input type="submit" value="登 录" class="userbutton"/> <input type="button" value="用户注册" class="userbutton" onclick="location='register.asp'"/>
</div>
</div>
</form>
附首页显示登陆框的方法
在library.asp里查找 退出系统</a>" 将以下代码替换原来的
[Copy to clipboard]CODE:
else
userPanel=userPanel&"<form name=""checkUser"" action=""login.asp"" method=""post"" style=""margin:1px;""><input name=""action"" type=""hidden"" value=""login""/><label>用户:<input name=""username"" type=""text"" size=""12"" class=""userpass"" maxlength=""24""/></label><br/><label>密码:<input name=""password"" type=""password"" size=""12"" class=""userpass""/></label><br/><label>验证:<input name=""validate"" type=""text"" size=""4"" class=""userpass"" maxlength=""4""/> "&getcode()&"</label><br/><label>记住登陆: <select name=""KeepLogin"" id=""KeepLogin"" class=""userpass""><option value=""1"" selected=""selected"">一天</option><
上一个:ASP,PHP与.NET伪造HTTP-REFERER方法及防止伪造REFERER方法探讨
下一个:插件下载┊垃圾引用防御补丁(每小时自动换KEY,支持静态页面)