www.gusucode.com > 落叶冰点万能企业网站内容管理系统 V9.1 > 落叶冰点万能企业网站内容管理系统 V9.1\code\xcomasp\nd_goto_picsp.asp
<% '************************************************************** ' 新动软网站管理系统 ' 官方网站: http://www.aspcpu.com ' 系统作者: 阮丁远(网名:天 下 程 序) ' Copyright 新动软网站管理系统 版权所有 '************************************************************** %> <% '全局考虑,加on error resume next on error resume next dir_set="..\" nodooooooa=0 if have_a1="" then have_a1="1" '*********************************************** '函数名:JoinChar '作 用:向地址中加入 ? 或 & '参 数:strUrl ----网址 '返回值:加了 ? 或 & 的网址 '*********************************************** function JoinChar(strUrl) if strUrl="" then JoinChar="" exit function end if if InStr(strUrl,"?")<len(strUrl) then if InStr(strUrl,"?")>1 then if InStr(strUrl,"&")<len(strUrl) then JoinChar=strUrl & "&" else JoinChar=strUrl end if else JoinChar=strUrl & "?" end if else JoinChar=strUrl end if end function 'Dim Fy_Url,Fy_a,Fy_x,Fy_Cs(),Fy_Cl,Fy_Ts,Fy_Zx '---定义部份 头------ Fy_Cl = 2 '处理方式:1=提示信息,2=转向页面,3=先提示再转向 Fy_Zx = "/Error.Asp" '出错时转向的页面 '---定义部份 尾------ 'ruandingyuan xiugai Fy_Url=Request.ServerVariables("QUERY_STRING") Fy_a=split(Fy_Url,"&") redim Fy_Cs(ubound(Fy_a)) for Fy_x=0 to ubound(Fy_a) Fy_Cs(Fy_x) = left(Fy_a(Fy_x),instr(Fy_a(Fy_x),"=")-1) Next For Fy_x=0 to ubound(Fy_Cs) If Fy_Cs(Fy_x)<>"" Then If Instr(LCase(Request(Fy_Cs(Fy_x))),"'")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"and ")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"and%20")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"select")<>0 or (Instr(LCase(Request(Fy_Cs(Fy_x))),"update")<>0 and Instr(LCase(Request(Fy_Cs(Fy_x))),"set")<>0) or Instr(LCase(Request(Fy_Cs(Fy_x))),"chr")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"delete%20from")<>0 or (Instr(LCase(Request(Fy_Cs(Fy_x))),"delete")<>0 and Instr(LCase(Request(Fy_Cs(Fy_x))),"from")<>0) or Instr(LCase(Request(Fy_Cs(Fy_x))),";")<>0 or (Instr(LCase(Request(Fy_Cs(Fy_x))),"insert")<>0 and Instr(LCase(Request(Fy_Cs(Fy_x))),"into")<>0) or Instr(LCase(Request(Fy_Cs(Fy_x))),"mid")<>0 Or Instr(LCase(Request(Fy_Cs(Fy_x))),"master.")<>0 Then Select Case Fy_Cl Case "1" Response.Write "<Script Language=JavaScript>alert('出现错误!参数 "&Fy_Cs(Fy_x)&" 的值中包含非法字符串!\n\n 请不要在参数中出现:;,and%20,select%20,update%20,insert%20,delete,chr 等非法字符!);window.close();</Script>" Case "2" Response.Write "<Script Language=JavaScript>location.href='"&Fy_Zx&"'</Script>" Case "3" Response.Write "<Script Language=JavaScript>alert('出现错误!参数 "&Fy_Cs(Fy_x)&"的值中包含非法字符串!\n\n 请不要在参数中出现:;,and%20,select%20,update%20,insert%20,delete%20,chr 等非法字符!);location.href='"&Fy_Zx&"';</Script>" End Select nodooooooa=1 Response.End End If End If Next 'post方式的sql注入,则直接禁止站点外部提交post if lcase(Request.Servervariables("REQUEST_METHOD"))="post" then server_v1=Cstr(Request.ServerVariables("HTTP_REFERER")) server_v2=Cstr(Request.ServerVariables("SERVER_NAME")) if mid(server_v1,8,len(server_v2))<>server_v2 then nodooooooa=1 response.write "<br><br><center><table border=1 cellpadding=20 bordercolor=black bgcolor=#EEEEEE width=450>" response.write "<tr><td style='font:9pt Verdana'>" response.write "你提交的路径有误,禁止从站点外部提交数据,请不要乱该参数!" response.write "</td></tr></table></center>" response.end end if end if nd_web_output_folder_b="xndasp" nd_web_output_folder_qiye_b="xcomasp" 'Dim ConnStr if nodooooooa=0 then ConnStr = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath(dir_set&"data\##%20newDdata8-5-2##.mdb") Set newdsoft_conn_obj = Server.CreateObject("ADODB.Connection") newdsoft_conn_obj.open ConnStr If Err Then Err.Clear Set newdsoft_conn_obj = Nothing Response.Write "数据库连接出错,请检查Conn.asp文件中的数据库参数设置。" Response.End End If end if if request("ruandingyuan_do")="getinfox" then response.write "本站使用新"&""&"动"&"软系统制作,"&"系"&"统"&"作"&"者:"&"阮"&""&"丁"&"远,官网:ww"&"w.as"&"pcpu.com" response.end end if J_True = "True" J_False = "False" J_Now = "Now()" '获得现在的时间 end if '放在这,以免标签循环嵌套导致本函数循环定义而导致asp错误 '放在这,以免标签循环嵌套导致本函数循环定义而导致asp错误 if is_haved_g_fontaa="" then is_haved_g_fontaa="1" Function getFontMode(str, vColor, vFont,vSize) Dim FontStr, tColor Dim ColorStr, arrColor If IsNull(str) Then getFontMode = "" Exit Function End If getFontMode = str FontStr=str Select Case CInt(vFont) Case 1 FontStr = "<b>" & str & "</b>" Case 2 FontStr = "<em>" & str & "</em>" Case 3 FontStr = "<u>" & str & "</u>" Case 4 FontStr = "<b><em>" & str & "</em></b>" Case 5 FontStr = "<b><u>" & str & "</u></b>" Case 6 FontStr = "<em><u>" & str & "</u></em>" Case 7 FontStr = "<b><em><u>" & str & "</u></em></b>" Case Else FontStr = str End Select getFontMode = FontStr If vColor = "" Then Exit Function 'ColorStr = "," & InitTitleColor 'arrColor = Split(ColorStr, ",") 'If vColor > UBound(arrColor) Then Exit Function 'tColor = Trim(arrColor(vColor)) if vColor ="0" then 'ssscolor="<font style='font-size:"&vSize&" px;'>" 'ssscolor2="</font>" else 'ssscolor="<font color="&vColor&" style='font-size:"&vSize&" px;'>" 'ssscolor2="</font>" ssscolor="<span style='color:"&vColor&";'>" ssscolor2="</span>" end if getFontMode = ssscolor& FontStr & ssscolor2 End Function end if '放在这,以免标签循环嵌套导致本函数循环定义而导致asp错误 if haved_atype_a="" then haved_atype_a="1" function get_art_type(in1) get_art_type="" if in1="1" then get_art_type="<font color=red>[图文]</font>" if in1="2" then get_art_type="<font color=red>[组图]</font>" if in1="3" then get_art_type="<font color=red>[新闻]</font>" if in1="4" then get_art_type="<font color=red>[推荐]</font>" if in1="5" then get_art_type="<font color=red>[注意]</font>" if in1="6" then get_art_type="<font color=red>[转载]</font>" if in1="7" then get_art_type="<font color=red>[最新]</font>" end function end if '放在这,以免标签循环嵌套导致本函数循环定义而导致asp错误 function findx_price(grade_id,str) rst2="" if str<>"" then other_params=split(str,"|") for i=0 to ubound(other_params) sss11=split(other_params(i),":") sss11a=sss11(0) sss11b=sss11(1) if cstr(sss11a)=cstr(grade_id) then rst2=sss11b exit for end if next end if if isnumeric(rst2)<>true then rst2="" end if findx_price=rst2 end function '放在这,以免标签循环嵌套导致本函数循环定义而导致asp错误 Function n_RemoveHTML_mdx(strHTML) n_RemoveHTML_md="" on error resume next strHTML=cstr(strHTML&"") Set objRegExp = New Regexp objRegExp.IgnoreCase = True objRegExp.Global = True '取闭合的<> objRegExp.Pattern = "<.+?>" '进行匹配 Set Matches = objRegExp.Execute(strHTML) ' 遍历匹配集合,并替换掉匹配的项目 For Each Match in Matches strHtml=Replace(strHTML,Match.Value,"") Next n_RemoveHTML_mdx=strHTML Set objRegExp = Nothing End Function '放在这,以免标签循环嵌套导致本函数循环定义而导致asp错误 function replace_huanhangz(cont) cont=replace(cont,vbcrlf,"$$sx_aspcodex_huanhang$") cont=replace(cont,chr(10),"$$sx_aspcodex_huanhang$") cont= Replace(cont, CHR(13), "$$sx_aspcodex_huanhang$") cont= Replace(cont, CHR(9), "$$sx_aspcodex_huanhang$") cont=replace(cont,"=","$zzdenghaoaspcpu1$") cont=replace(cont,"&","$zzadnnhaoaspcpu1$") cont=replace(cont,"?","$zzwnnehaoaspcpu1$") replace_huanhangz=cont end function '放在这,以免标签循环嵌套导致本函数循环定义而导致asp错误 Function UrlEncoding_x(DataStr) StrReturn = "" For Si = 1 To Len(DataStr) ThisChr = Mid(DataStr, Si, 1) If Abs(Asc(ThisChr)) < &HFF Then StrReturn = StrReturn & ThisChr Else InnerCode = Asc(ThisChr) If InnerCode < 0 Then InnerCode = InnerCode + &H10000 End If Hight8 = (InnerCode And &HFF00) \ &HFF Low8 = InnerCode And &HFF StrReturn = StrReturn & "%" & Hex(Hight8) & "%" & Hex(Low8) End If Next UrlEncoding_x = StrReturn End Function %><% '************************************************************** ' 新 动 软 网 站 管 理系统 ' 系统作者: 阮 丁 远(网名:天 下 程 序) ' Copyright (C) 新 动 软 网站 管 理 系 统 版 权 所有 '************************************************************** %> <% if have_added_funb="" then have_added_funb=1 isnnn=0 function isnnum(num1) If isnumeric(num1) = 0 Or IsNull(num1) or num1 = "" Then isnnn=0 else isnnn=1 end if end function function isddat(n1) If n1 = "" Or IsNull(n1) or IsDate(n1)=false Then isnnn=0 else isnnn=1 end if end function function isyn(n1) isnnn=9999 If n1 = true or n1=1 Then isnnn=1 end if If n1 = false or n1=0 Then isnnn=0 end if end function function get_rs_value(num1) execute("rsaaaaaaa1="&rsxxx1112&"("&num1&")") get_rs_value=rsaaaaaaa1 end function Function nohtml(ByVal str) Set regEx = New RegExp If IsNull(str) Or Trim(str) = "" Then nohtml = "" Exit Function End If regEx.Pattern = "(\<.[^\<]*\>)" str = regEx.Replace(str, "") regEx.Pattern = "(\<\/[^\<]*\>)" str = regEx.Replace(str, "") regEx.Pattern = "\[NextPage(.*?)\]" '解决“当在文章模块的频道中发布的是图片并使用分页标签[NextPage]或内容开始的前几行就使用分页标签时,一旦使用搜索来搜索该文时,搜索页就会显示分页标签”的问题 str = regEx.Replace(str, "") str = Replace(str, "'", "") str = Replace(str, Chr(34), "") str = Replace(str, vbCrLf, "") str = Trim(str) nohtml = str End Function Public Function ReplaceBadChar(strChar) If strChar = "" Or IsNull(strChar) Then ReplaceBadChar = "" Exit Function End If 'Dim strBadChar, arrBadChar, tempChar, i strBadChar = "',%,^,&,?,(,),<,>,[,],{,},/,\,;,:,exists,select,update,insert,=," & Chr(34) & "," & Chr(0) & "" arrBadChar = Split(strBadChar, ",") tempChar = strChar For i = 0 To UBound(arrBadChar) tempChar = Replace(tempChar, arrBadChar(i), "") Next ReplaceBadChar = tempChar End Function Function GetSubStr(ByVal str, ByVal strlen, bShowPoint) If str = "" Then GetSubStr = "" Exit Function End If 'Dim l, t, c, i, strTemp str = Replace(Replace(Replace(Replace(str, " ", " "), """, Chr(34)), ">", ">"), "<", "<") l = Len(str) t = 0 strTemp = str If strlen = "" Then strlen = 0 Else strlen = CLng(strlen) End If For i = 1 To l c = Abs(Asc(Mid(str, i, 1))) If c > 255 Then t = t + 2 Else t = t + 1 End If If t >= strlen Then strTemp = Left(str, i) Exit For End If Next If strTemp <> str And bShowPoint = True Then strTemp = strTemp & "…" End If GetSubStr = Replace(Replace(Replace(Replace(strTemp, " ", " "), Chr(34), """), ">", ">"), "<", "<") End Function ComeUrl = Trim(Request.ServerVariables("HTTP_REFERER")) Action = Trim(Request("Action")) FoundErr = False ErrMsg = "" If Right(InstallDir, 1) <> "/" Then strInstallDir = InstallDir & "/" Else strInstallDir = InstallDir End If Site_Sn = Replace(Replace(LCase(Request.ServerVariables("SERVER_NAME") & InstallDir), "/", ""), ".", "") '************************************************* '函数名:gotTopic '作 用:截字符串,汉字一个算两个字符,英文算一个字符 '参 数:str ----原字符串 ' strlen ----截取长度 '返回值:截取后的字符串 '************************************************* function gotTopic(str,strlen) if isnull(str) or str="" then gotTopic="" exit function end if 'dim l,t,c, i str=replace(replace(replace(replace(str," "," "),""",chr(34)),">",">"),"<","<") l=len(str) t=0 for i=1 to l c=Abs(Asc(Mid(str,i,1))) if c>255 then t=t+2 else t=t+1 end if if t>=strlen then gotTopic=left(str,i) & "…" exit for else gotTopic=str end if next gotTopic=replace(replace(replace(replace(gotTopic," "," "),chr(34),"""),">",">"),"<","<") end function '************************************************** '函数名:strLength '作 用:求字符串长度。汉字算两个字符,英文算一个字符。 '参 数:str ----要求长度的字符串 '返回值:字符串长度 '************************************************** function strLength(str) 'ON ERROR RESUME NEXT 'dim WINNT_CHINESE WINNT_CHINESE = (len("中国")=2) if WINNT_CHINESE then 'dim l,t,c 'dim i l=len(str) t=l for i=1 to l c=asc(mid(str,i,1)) if c<0 then c=c+65536 if c>255 then t=t+1 end if next strLength=t else strLength=len(str) end if if err.number<>0 then err.clear end function end if %> <%'complie-link:label-strat[$$nd_goto_picsp_url($xx_request_asp$softid,$xx_request_asp$channel)] %><!--nd_complie_linkx_start:[$$nd_goto_picsp_url($xx_request_asp$softid,$xx_request_asp$channel)]xx--> <% '************************************************************** ' 新 动 软 网 站 管 理系统 ' 系统作者: 阮 丁 远(网名:天 下 程 序) ' Copyright (C) 新 动 软 网站 管 理 系 统 版 权 所有 '************************************************************** %> <table border="0" cellpadding="0" cellspacing="0" ><% sql="select [ND_pic_or_sp].id,[ND_pic_or_sp].sys_content_type,[ND_pic_or_sp].title,[ND_pic_or_sp].sub_title,[ND_pic_or_sp].classid,[ND_pic_or_sp].SpecialID,[ND_pic_or_sp].xingji,[ND_pic_or_sp].titleColor,[ND_pic_or_sp].titleFont,[ND_pic_or_sp].index_page_pic,[ND_pic_or_sp].content,[ND_pic_or_sp].is_outlink,[ND_pic_or_sp].outlink,[ND_pic_or_sp].Author_nick,[ND_pic_or_sp].is_new,[ND_pic_or_sp].is_tuijian,[ND_pic_or_sp].isTop,[ND_pic_or_sp].Hits,[ND_pic_or_sp].DayHits,[ND_pic_or_sp].MonthHits,[ND_pic_or_sp].HitsTime,[ND_pic_or_sp].WriteTime,[ND_pic_or_sp].username,[ND_pic_or_sp].out_and_inner_img_list,[ND_pic_or_sp].Uploadfile_list,[ND_pic_or_sp].UploadImage_list,[ND_pic_or_sp].is_shenhe,[ND_pic_or_sp].is_can_pinlun,[ND_pic_or_sp].liulang_dengji_group_id,[ND_pic_or_sp].DownAddress from [ND_pic_or_sp] where [ND_pic_or_sp].id="&request("softid")&"" set rs_x=server.CreateObject("adodb.recordset") rs_x.open sql,newdsoft_conn_obj,1,1 if not rs_x.eof then %><tr><td align="center"> <% sssesfs=split(rs_x("DownAddress"),"|") sssesfsdd=split(sssesfs(cint(request("channel"))),",") sssesfsdd1=replace(sssesfsdd(0),"-xxnewdsofthtrd121a232_douhao-",",") sssesfsdd1=replace(sssesfsdd1,"-xxnewdsofthtrd121a232_shuhao-","|") response.redirect sssesfsdd1 response.end %> <table border="0"> <tbody> <tr> <td>d</td> </tr> </tbody> </table></td></tr><%else%> <tr><td align="center"> <strong>没有内容……</strong> </td></tr> <%end if%></table><!--nd_complie_linkx_end:[$$nd_goto_picsp_url($xx_request_asp$softid,$xx_request_asp$channel)]xx--><%'complie-link:label-end[$$nd_goto_picsp_url($xx_request_asp$softid,$xx_request_asp$channel)] %>