<%response.Expires = 0%>
<!--#include file="system/connection.asp"-->
<!--#include file="../inc/md5.asp"-->
<%
dim admin,password
admin=replace(trim(request("name")),"'","")
password=md5(replace(trim(request("password")),"'",""))

if cstr(session("getcode"))<>cstr(trim(request("verifycode"))) then
response.Write "<script LANGUAGE='javascript'>alert('请输入正确的验证码！');history.go(-1);</script>"
response.end
end if

set rs=server.CreateObject("adodb.recordset")
rs.Open "select * from master where name='"&admin&"' and password='"&password&"' " ,conn,1,1
if not(rs.bof or rs.eof) then
if password=rs("password") then
session("admin")=trim(rs("name"))
session("flag")=int(rs("flag"))
session.Timeout=20

rs.Close
set rs=nothing
response.Redirect "Admin_Index.asp"
else
response.write "<script LANGUAGE='javascript'>alert('对不起，登陆失败！');history.go(-1);</script>"

end if
else
response.write "<script LANGUAGE='javascript'>alert('对不起，登陆失败！');history.go(-1);</script>"

end if
%>

我是菜鸟，看不出什么问题来！

set rs=server.CreateObject("adodb.recordset")
rs.Open "select * from master where name='"&admin&"' and password='"&password&"' " ,conn,1,1
if not(rs.bof or rs.eof) then
 '这里的判断很不理解master看名字像是管理员表，上面的查询和判断已经对密码做了判断，这里再次判断，个人感觉这个判断是多此一举。
 if password=rs("password") then
    session("admin")=trim(rs("name"))
    session("flag")=int(rs("flag"))
    session.Timeout=20
    rs.Close
    set rs=nothing
    response.Redirect "Admin_Index.asp"
 else
     response.write "<script LANGUAGE='javascript'>alert('对不起，登陆失败！');history.go(-1);</script>"
 end if
else
   response.write "<script LANGUAGE='javascript'>alert('对不起，登陆失败！');history.go(-1);</script>"

end if

语法的缩进要注意，不然这个endif……endif看起来头大