%
dim Action,UserName,rsGetPassword,FoundErr,ErrMsg
dim Answer,Password,PwdConfirm
Action=trim(request("Action"))
UserName=trim(request("UserName"))
Answer=trim(request("Answer"))
Password=trim(request("Password"))
PwdConfirm=trim(request("PwdConfirm"))
%>
忘记密码
<%if Action="" then%>
<%
elseif Action="step2" then
if UserName="" or strLength(UserName)>14 or strLength(UserName)<4 then
founderr=true
errmsg=errmsg & "
请输入用户名(不能大于14小于4)"
else
if Instr(UserName,"=")>0 or Instr(UserName,"%")>0 or Instr(UserName,chr(32))>0 or Instr(UserName,"?")>0 or Instr(UserName,"&")>0 or Instr(UserName,";")>0 or Instr(UserName,",")>0 or Instr(UserName,"'")>0 or Instr(UserName,",")>0 or Instr(UserName,chr(34))>0 or Instr(UserName,chr(9))>0 or Instr(UserName,"")>0 or Instr(UserName,"$")>0 then
errmsg=errmsg+"
用户名中含有非法字符"
founderr=true
end if
end if
if FoundErr=true then
call WriteErrMsg()
else
set rsGetPassword=server.createobject("adodb.recordset")
rsGetPassword.open "select UserName,Question,Answer,Password from [User] where UserName='" & UserName & "'",conn,1,1
if rsGetPassword.bof and rsGetPassword.eof then
FoundErr=True
ErrMsg=ErrMsg & "
对不起,你输入的用户名不存在!"
call WriteErrMsg()
else
%>
<%
end if
rsGetPassword.close
set rsGetPassword=nothing
end if
elseif Action="step3" then
if Answer="" then
FoundErr=True
ErrMsg=ErrMsg & "
请输入提示问题的答案!"
call WriteErrmsg()
else
set rsGetPassword=server.createobject("adodb.recordset")
rsGetPassword.open "select UserName,Question,Answer,Password from [User] where UserName='" & UserName & "'",conn,1,1
if rsGetPassword.bof and rsGetPassword.eof then
FoundErr=True
ErrMsg=ErrMsg & "
对不起,用户名不存在!可能已经被管理员删除了。"
call WriteErrMsg()
else
if rsGetPassword("Answer")<>md5(Answer) then
FoundErr=True
ErrMsg=ErrMsg & "
对不起,你的答案不对!"
Call WriteErrMsg()
else
%>
<%
end if
end if
rsGetPassword.close
set rsGetPassword=nothing
end if
elseif Action="step4" then
if Password="" or strLength(Password)>12 or strLength(Password)<6 then
founderr=true
errmsg=errmsg & "
请输入密码(不能大于12小于6)"
else
if Instr(Password,"=")>0 or Instr(Password,"%")>0 or Instr(Password,chr(32))>0 or Instr(Password,"?")>0 or Instr(Password,"&")>0 or Instr(Password,";")>0 or Instr(Password,",")>0 or Instr(Password,"'")>0 or Instr(Password,",")>0 or Instr(Password,chr(34))>0 or Instr(Password,chr(9))>0 or Instr(Password,"")>0 or Instr(Password,"$")>0 then
errmsg=errmsg+"
密码中含有非法字符"
founderr=true
end if
end if
if PwdConfirm="" then
founderr=true
errmsg=errmsg & "
请输入确认密码(不能大于12小于6)"
else
if Password<>PwdConfirm then
founderr=true
errmsg=errmsg & "
密码和确认密码不一致"
end if
end if
if FoundErr=True then
call WriteErrmsg()
else
set rsGetPassword=server.createobject("adodb.recordset")
rsGetPassword.open "select UserName,Question,Answer,Password from [User] where UserName='" & UserName & "'",conn,1,3
if rsGetPassword.bof and rsGetPassword.eof then
FoundErr=True
ErrMsg=ErrMsg & "
对不起,用户名不存在!可能已经被管理员删除了。"
call WriteErrMsg()
else
if rsGetPassword("Answer")<>Answer then
FoundErr=True
ErrMsg=ErrMsg & "
对不起,你的答案不对!"
Call WriteErrMsg()
else
rsGetPassword("Password")=md5(Password)
rsGetPassword.update
%>
忘记密码 >> 第四步:成功设置新密码 |
用户名: |
<%=UserName%> |
新密码: |
<%=Password%> |
请记住您的新密码并使用新密码登录!
【返 回】【关闭窗口】 |
<%
end if
end if
rsGetPassword.close
set rsGetPassword=nothing
end if
end if
%>
<%
call CloseConn()
%>