?? chk.asp
字號(hào):
<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>
<!--#include file="function.asp"-->
<!--#include file="driver.asp"-->
<!--#include file="conn.asp"-->
<!--#include file="md5.asp"-->
<%
'-------------------------獲取表單數(shù)據(jù)
admin = trim(lcase(request("admin")))
pwd = trim(lcase(request("pwd")))
order = trim(lcase(request("type")))
thedir = trim(lcase(request("dir")))
dir = replace(thedir,"|","\|")
'---------
if right(dir,1) <> "\" then
dir = dir&"\"
end if
'---------
chk = trim(lcase(request("chk")))
if request("super1") = "1" then
super1 = true
else
super1 = false
end if
'------------------------
if admin = "" or order = "" then
title="非法請(qǐng)求!"
response.write("<script language=javascript>alert("""&title&""");")
response.write("history.go(-1);</script>")
end if
Select Case order
Case "login"
title="登錄"
Case "modify"
title="修改密碼或權(quán)限"
Case "add"
title="添加管理員"
Case "del"
title="刪除管理員"
End Select
'---------------
if title="" then
title="運(yùn)行出現(xiàn)錯(cuò)誤"
end if
'---------------
if admin = "" or order = "" then
response.end
end if
'---------------
'----------------------------------------------檢驗(yàn)請(qǐng)求目錄有效性
If session("admin") and order <> "del" then
'----------------過(guò)濾非法字符
dir=GetPathWith(dir)
'----------------檢測(cè)是否是有效路徑
myPath = Split(dir, "|")
For each subDir in myPath
'----------------檢測(cè)是否是有效路徑
if not CheckCorrectPath(subDir) then
response.write("<script language=javascript>")
response.write("alert(""請(qǐng)求包含非有效目錄或包含非法字符!"");")
response.write("history.go(-1);")
response.write("</script>")
response.write("<body bgcolor=#CCCCCC onLoad='setTimeout(window.close, 0)'>")
response.end
end if
Next
End If
%>
<html>
<head>
<title><%=title%>--<%=name%>--[By BrightStar]</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<Meta Name="description" Content="BS在線(xiàn)文件管理系統(tǒng)">
<Meta Name="Keywords" Content="BS在線(xiàn)文件管理系統(tǒng)">
<meta http-equiv="pragma" content="no-cache">
<link href="styles.css" rel="stylesheet" type="text/css">
</head>
<body bgcolor="#CCCCCC" onLoad="setTimeout(window.close, 600)">
<table height=80 width="280" border="0" align="center" cellpadding="1" cellspacing="0">
<tr><td align="center" height=60 valign="middle">
<font color="ff0000">
<% if order <> "" then
set rs=CreateObject("ADODB.Recordset")
Select Case order
Case "login"
if chk <> trim(session("chk")) then
response.Write("非法數(shù)據(jù)來(lái)源!")
else
rs.open "select * from admin where admin='"&admin&"' and pwd='"&md5(pwd)&"'", conn,3,3
if not rs.eof and not rs.bof then
session("adminlogin") = rs("admin")
session("dir") = rs("dir")
if rs("super")=false then
session("admin") = false
else
session("admin") = true
end if
if request("goindex") = 1 then
session("goindex") = true
end if
response.Write("登錄成功!")
else
response.Write("登錄失敗!管理員不存在或密碼錯(cuò)誤!")
end if
end if
Case "modify"
rs.open "select * from admin where admin='"&admin&"'", conn,3,3
if not rs.eof then
if (session("adminlogin")<>"" and admin = session("adminlogin")) or session("admin") then
if pwd<>"" then
rs("pwd") = md5(pwd)
end if
if dir<> "" and session("admin") then
rs("dir") = dir
if session("adminlogin") = rs("admin") then
session("dir") = dir
end if
end if
if session("admin") then
rs("super")= super1
end if
rs.update
response.Write("修改設(shè)置成功!")
else
response.Write("非法數(shù)據(jù)來(lái)源!")
end if
else
response.Write("該管理員不存在!修改失敗!")
end if
Case "add"
if session("adminlogin")<>"" and session("admin") then
rs.open "select * from admin where admin='"&admin&"'", conn,3,3
if rs.eof then
rs.addnew
rs("admin")=admin
rs("pwd")=md5(pwd)
rs("dir")=dir
rs("super")=super1
rs.update()
response.Write("管理員已經(jīng)添加成功!")
else
response.Write("此管理員已經(jīng)存在!")
end if
else
response.Write("非法數(shù)據(jù)來(lái)源或沒(méi)有權(quán)限!")
end if
Case "del"
if session("adminlogin")<>"" and session("admin") then
rs.open "select * from admin where admin='"&request("admin")&"'", conn,3,3
if not rs.eof and not rs.bof then
if rs("super") = false then
rs.delete()
response.Write("刪除管理員成功!")
else
response.Write("不允許刪除超級(jí)管理員!")
end if
else
response.Write("此管理員不存在!")
end if
else
response.Write("非法數(shù)據(jù)來(lái)源或沒(méi)有權(quán)限!")
end if
End Select
rs.close()
set rs = nothing
set conn = nothing
else
response.write("非法或無(wú)效請(qǐng)求!")
end if %>
</font>
</td></tr>
<tr>
<td align=center height=20>
<input type="button" name="Button" value=" 確 定 " onclick="window.close();" class="button"></td>
</tr>
</table>
<table width="280" border="0" align="center" cellpadding="1" cellspacing="0">
<tr>
<td height="5"></td>
</tr>
</table>
<table width="280" border="0" align="center" cellpadding="1" cellspacing="0">
<tr>
<td bgcolor="#ccaacc" height="1"></td>
</tr>
<tr>
<td height="2"></td>
</tr>
<tr>
<td align="center"><%=mail%></td>
</tr>
</table>
</body>
</html>
?? 快捷鍵說(shuō)明
復(fù)制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號(hào)
Ctrl + =
減小字號(hào)
Ctrl + -