<%
Action=Trim(request("Action"))
if Action="Login" then
dim sql
dim rs
dim username
dim password
username=replace(trim(request("username")),"'","")
password=replace(trim(Request("password")),"'","")
password=md5(password)
set rs=server.createobject("adodb.recordset")
sql="select * from [User] where LockUser=False and username='" & username & "' and password='" & password &"'"
rs.open sql,conn,1,3
if not(rs.bof and rs.eof) then
if password=rs("password") then
rs("LoginIP")=Request.ServerVariables("REMOTE_ADDR")
rs("LastLoginTime")=now()
rs("logins")=rs("logins")+1
rs.update
Response.Redirect "Ordercheck.asp"
end if
end if
rs.close
conn.close
set rs=nothing
set conn=nothing
end if
Sub PutToShopBag( Prodid, ProductList )
If Len(ProductList) = 0 Then
ProductList = "'" & Prodid & "'"
ElseIf InStr( ProductList, Prodid ) <= 0 Then
ProductList = ProductList & ", '" & Prodid & "'"
End If
End Sub
%>
<%
ProductList = Session("ProductList")
Products = Split(Request("Product_Id"), ",")
For I=0 To UBound(Products)
PutToShopBag Products(I), ProductList
Next
Session("ProductList") = ProductList
If Session("UserName")<>"" Then
Response.Redirect"Order_check.asp"
Else
%>
<%=SiteName%>会员登录