<%

validpwd = true

If request.form("submit") <> "" Then

' setup variables

userid = Request.Form("userid")

passwd = Request.Form("passwd")

Set conn = Server.CreateObject("ADODB.Connection")

conn.open xDb_Conn_Str

Set rs = conn.Execute( "Select * from [admin] where [user_id] = '" & UCASE(userid) & "'")

If not rs.eof then

If ucase(rs("user_pwd")) = ucase(passwd) Then

validpwd = true

Else

validpwd = false

End If

Else

validpwd = false

end if

lev=rs("lev")

user=rs("user_id")

rs.Close

Set rs=Nothing

conn.Close

Set conn=Nothing

If validpwd Then

Session("exemple_status") = "photo"

session("lev")=lev

session("u_id")=user

word="欢迎！"

url="photo.asp"

Response.Write("<script>")

Response.Write("alert('"&word&"');")

Response.Write("self.location='"&url&"';")

Response.Write("</script>")

Response.end

else

word="错啦！"

url="index.asp"

Response.Write("<script>")

Response.Write("alert('"&word&"');")

Response.Write("self.location='"&url&"';")

Response.Write("</script>")

Response.end

End If

End If

%>

<script language="JavaScript">

<!-- start Javascript

var errfound = false;

function error(elem, text) {

if (errfound) return;

window.alert(text);

elem.select();

elem.focus();

errfound = true;

}

function loginCheck(f) {

errfound = false;

if (f.userid.value == "")

error(f.userid,"请填用户名");

if (f.passwd.value == "")

error(f.passwd,"请填密码");

return ! errfound;

}

// end Java script -->

</script>

<form action="photo.asp" method="post" onSubmit="return loginCheck(this);">...</form>