<% dim Action,GpUserName,rsGetPassword,FoundErr,ErrMsg dim Answer,Password,PwdConfirm Action=trim(request("Action")) GpUserName=trim(request("UserName")) Answer=trim(request("Answer")) Password=trim(request("Password")) PwdConfirm=trim(request("PwdConfirm")) %> 忘记密码 <%if Action="" then%>
忘记密码 >> 第一步:输入用户名
请输入你的用户名:

<% elseif Action="step2" then if GpUserName="" or strLength(GpUserName)>14 or strLength(GpUserName)<4 then founderr=true errmsg=errmsg & "
  • 请输入用户名(不能大于14小于4)
  • " else if Instr(GpUserName,"=")>0 or Instr(GpUserName,"%")>0 or Instr(GpUserName,chr(32))>0 or Instr(GpUserName,"?")>0 or Instr(GpUserName,"&")>0 or Instr(GpUserName,";")>0 or Instr(GpUserName,",")>0 or Instr(GpUserName,"'")>0 or Instr(GpUserName,",")>0 or Instr(GpUserName,chr(34))>0 or Instr(GpUserName,chr(9))>0 or Instr(GpUserName,"")>0 or Instr(GpUserName,"$")>0 then errmsg=errmsg+"
  • 用户名中含有非法字符
  • " founderr=true end if end if if FoundErr=true then call WriteErrMsg() else set rsGetPassword=server.createobject("adodb.recordset") rsGetPassword.open "select " & db_User_Name & "," & db_User_Question & "," & db_User_Answer & "," & db_User_Password & " from " & db_User_Table & " where " & db_User_Name & "='" & GpUserName & "'",Conn_User,1,1 if rsGetPassword.bof and rsGetPassword.eof then FoundErr=True ErrMsg=ErrMsg & "
  • 对不起,你输入的用户名不存在!
  • " call WriteErrMsg() else %>
    忘记密码 >> 第二步:回答问题
    密码提示问题: <%=rsGetPassword(db_User_Question)%>
    你的答案:

       
    <% end if rsGetPassword.close set rsGetPassword=nothing end if elseif Action="step3" then if Answer="" then FoundErr=True ErrMsg=ErrMsg & "
  • 请输入提示问题的答案!
  • " call WriteErrmsg() else set rsGetPassword=server.createobject("adodb.recordset") rsGetPassword.open "select " & db_User_Name & "," & db_User_Question & "," & db_User_Answer & "," & db_User_Password & " from " & db_User_Table & " where " & db_User_Name & "='" & GpUserName & "'",Conn_User,1,1 if rsGetPassword.bof and rsGetPassword.eof then FoundErr=True ErrMsg=ErrMsg & "
  • 对不起,用户名不存在!可能已经被管理员删除了。
  • " call WriteErrMsg() else if rsGetPassword(db_User_Answer)<>md5(Answer) then FoundErr=True ErrMsg=ErrMsg & "
  • 对不起,你的答案不对!
  • " Call WriteErrMsg() else %>
    忘记密码 >> 第三步:设置新密码
    密码提示问题: <%=rsGetPassword(db_User_Question)%>
    你的答案: <%=Answer%>
    新密码:
    确认新密码:

       
    <% end if end if rsGetPassword.close set rsGetPassword=nothing end if elseif Action="step4" then if Password="" or strLength(Password)>12 or strLength(Password)<6 then founderr=true errmsg=errmsg & "
  • 请输入密码(不能大于12小于6)
  • " else if Instr(Password,"=")>0 or Instr(Password,"%")>0 or Instr(Password,chr(32))>0 or Instr(Password,"?")>0 or Instr(Password,"&")>0 or Instr(Password,";")>0 or Instr(Password,",")>0 or Instr(Password,"'")>0 or Instr(Password,",")>0 or Instr(Password,chr(34))>0 or Instr(Password,chr(9))>0 or Instr(Password,"")>0 or Instr(Password,"$")>0 then errmsg=errmsg+"
  • 密码中含有非法字符
  • " founderr=true end if end if if PwdConfirm="" then founderr=true errmsg=errmsg & "
  • 请输入确认密码(不能大于12小于6)
  • " else if Password<>PwdConfirm then founderr=true errmsg=errmsg & "
  • 密码和确认密码不一致
  • " end if end if if FoundErr=True then call WriteErrmsg() else set rsGetPassword=server.createobject("adodb.recordset") rsGetPassword.open "select " & db_User_Name & "," & db_User_Question & "," & db_User_Answer & "," & db_User_Password & " from " & db_User_Table & " where " & db_User_Name & "='" & GpUserName & "'",Conn_User,1,3 if rsGetPassword.bof and rsGetPassword.eof then FoundErr=True ErrMsg=ErrMsg & "
  • 对不起,用户名不存在!可能已经被管理员删除了。
  • " call WriteErrMsg() else if rsGetPassword(db_User_Answer)<>Answer then FoundErr=True ErrMsg=ErrMsg & "
  • 对不起,你的答案不对!
  • " Call WriteErrMsg() else rsGetPassword(db_User_Password)=md5(Password) rsGetPassword.update %>
    忘记密码 >> 第四步:成功设置新密码
    用户名: <%=GpUserName%>
    新密码: <%=Password%>

    请记住您的新密码并使用新密码登录

    【返 回】【关闭窗口】
    <% end if end if rsGetPassword.close set rsGetPassword=nothing end if end if %> <% call CloseConn_User() %>