<% dim Action,UserName,rsGetPassword,FoundErr,ErrMsg dim Answer,Password,PwdConfirm Action=trim(request.form("Action")) UserName=trim(request.form("UserName")) Answer=trim(request.form("Answer")) Password=trim(request.form("Password")) PwdConfirm=trim(request.form("PwdConfirm")) %> 忘记密码 <%if Action="" then%>
忘记密码 >> 第一步:输入用户名
请输入你的用户名:

<% elseif Action="step2" then if UserName="" or strLength(UserName)>14 or strLength(UserName)<4 then founderr=true errmsg=errmsg & "
  • 请输入用户名(不能大于14小于4)
  • " else if Instr(UserName,"=")>0 or Instr(UserName,"%")>0 or Instr(UserName,chr(32))>0 or Instr(UserName,"?")>0 or Instr(UserName,"&")>0 or Instr(UserName,";")>0 or Instr(UserName,",")>0 or Instr(UserName,"'")>0 or Instr(UserName,",")>0 or Instr(UserName,chr(34))>0 or Instr(UserName,chr(9))>0 or Instr(UserName,"")>0 or Instr(UserName,"$")>0 then errmsg=errmsg+"
  • 用户名中含有非法字符
  • " founderr=true end if end if if FoundErr=true then call WriteErrMsg() else set rsGetPassword=server.createobject("adodb.recordset") rsGetPassword.open "select UserName,Question,Answer,Password from [User] where UserName='" & UserName & "'",conn,1,1 if rsGetPassword.bof and rsGetPassword.eof then FoundErr=True ErrMsg=ErrMsg & "
  • 对不起,你输入的用户名不存在!
  • " call WriteErrMsg() else %>
    忘记密码 >> 第二步:回答问题
    密码提示问题: <%=rsGetPassword("Question")%>
    你的答案:

    ">    
    <% end if rsGetPassword.close set rsGetPassword=nothing end if elseif Action="step3" then if Answer="" then FoundErr=True ErrMsg=ErrMsg & "
  • 请输入提示问题的答案!
  • " call WriteErrmsg() else set rsGetPassword=server.createobject("adodb.recordset") rsGetPassword.open "select UserName,Question,Answer,Password from [User] where UserName='" & UserName & "'",conn,1,1 if rsGetPassword.bof and rsGetPassword.eof then FoundErr=True ErrMsg=ErrMsg & "
  • 对不起,用户名不存在!可能已经被管理员删除了。
  • " call WriteErrMsg() else if rsGetPassword("Answer")<>md5(Answer) then FoundErr=True ErrMsg=ErrMsg & "
  • 对不起,你的答案不对!
  • " Call WriteErrMsg() else %>
    忘记密码 >> 第三步:设置新密码
    密码提示问题: <%=rsGetPassword("Question")%>
    你的答案: <%=Answer%> ">
    新密码:
    确认新密码:

    ">    
    <% end if end if rsGetPassword.close set rsGetPassword=nothing end if elseif Action="step4" then if Password="" or strLength(Password)>12 or strLength(Password)<6 then founderr=true errmsg=errmsg & "
  • 请输入密码(不能大于12小于6)
  • " else if Instr(Password,"=")>0 or Instr(Password,"%")>0 or Instr(Password,chr(32))>0 or Instr(Password,"?")>0 or Instr(Password,"&")>0 or Instr(Password,";")>0 or Instr(Password,",")>0 or Instr(Password,"'")>0 or Instr(Password,",")>0 or Instr(Password,chr(34))>0 or Instr(Password,chr(9))>0 or Instr(Password,"")>0 or Instr(Password,"$")>0 then errmsg=errmsg+"
  • 密码中含有非法字符
  • " founderr=true end if end if if PwdConfirm="" then founderr=true errmsg=errmsg & "
  • 请输入确认密码(不能大于12小于6)
  • " else if Password<>PwdConfirm then founderr=true errmsg=errmsg & "
  • 密码和确认密码不一致
  • " end if end if if FoundErr=True then call WriteErrmsg() else set rsGetPassword=server.createobject("adodb.recordset") rsGetPassword.open "select UserName,Question,Answer,Password from [User] where UserName='" & UserName & "'",conn,1,3 if rsGetPassword.bof and rsGetPassword.eof then FoundErr=True ErrMsg=ErrMsg & "
  • 对不起,用户名不存在!可能已经被管理员删除了。
  • " call WriteErrMsg() else if rsGetPassword("Answer")<>Answer then FoundErr=True ErrMsg=ErrMsg & "
  • 对不起,你的答案不对!
  • " Call WriteErrMsg() else rsGetPassword("Password")=md5(Password) rsGetPassword.update %>
    忘记密码 >> 第四步:成功设置新密码
    用户名: <%=UserName%>
    新密码: <%=Password%>

    请记住您的新密码并使用新密码登录

    【返 回】【关闭窗口】
    <% end if end if rsGetPassword.close set rsGetPassword=nothing end if end if %> <% call CloseConn() %>