<!--#include file="CONN.ASP"-->
<!--#include file="md5.asp"-->
<!--#include file="ChkSQL.asp"-->
<!--#include file="ChkErr.asp"-->
<%
Dim strSQL,objRS
Set objRS=Server.CreateObject("ADODB.RecordSet")

'取得用戶文件名、密碼
Dim UserName,UserPassword
UserName=ChkSQL(Request("UserName")) '過濾SQL字符，防止SQL漏洞注入
UserPassword=md5(Request("UserPassword"))

'在數(shù)據(jù)庫中查找用戶
strSQL="SELECT * FROM [UserInfo] WHERE UI_Name_S='"&UserName&"'"
objRS.Open strSQL,objConn,1,3

'判斷用戶是否存在
'若出錯則通過GetErr()函數(shù)提交并顯示錯誤代碼
If objRS.BOF Or objrs.EOF Then
	objRS.Close 
	Set objRS=Nothing
	Response.Write GetErr(3)
	Response.End
Else
	'若用戶存在，則檢測用戶密碼的正誤
	If objRS("UI_Password_S")<>UserPassword Then
		objRS.Close
		Set objRS=Nothing
		Response.Write GetErr(4)
		Response.End
	End IF
	
	'判斷用戶是否被鎖定
	If objRS("UI_IsLocked_B")=True Then
		objRS.Close
		Set objRS=Nothing
		Response.Write GetErr(5)
		Response.End
	End If
	
	'建立用戶私有變量
	Session.Timeout =30
	Session("UserID")=objRS("UI_ID_N")
	objRS.Close
	
	'每當(dāng)有用戶登錄則刷新數(shù)據(jù)庫，判斷是否有影片的預(yù)訂超時或超期未還
	'有超時的預(yù)訂則刪除
	strSQL="SELECT TAC_ReserveTime_D,TAC_StartTime_D FROM [Tenancy] WHERE TAC_StartTime_D IS NULL"
	objRS.Open strSQL,objConn,1,3
	For i=1 To objRS.RecordCount
		If IsNull(objRS("TAC_StartTime_D"))=True And DateDiff("h",objRS("TAC_ReserveTime_D"),Now())>12 Then
			objRS.Delete
		End If
		objRS.MoveNext
	Next
	objRS.Close
	'有超期的則標(biāo)注
	strSQL="SELECT * FROM [Tenancy] WHERE TAC_StartTime_D IS NOT NULL AND TAC_EndTime_D IS NULL"
	objRS.Open strSQL,objConn,1,3
	Dim MsgUser
	For i=1 To objRS.RecordCount
		If DateDiff("d",DateAdd("d",objRS("TAC_Lease_N"),objRS("TAC_StartTime_D")),Now())=>objRS("TAC_Lease_N") Then
			strSQL="UPDATE [Tenancy] SET TAC_TimeOut_B=True,TAC_MsgUser_B=True WHERE TAC_ID_N="&objRS("TAC_ID_N")
			objConn.Execute(strSQL)
		End If
		objRS.MoveNext
	Next
	objRS.Close
	'跳轉(zhuǎn)回主頁
	Response.Redirect "index.asp"
End If
%>