www.gusucode.com > 味多美网址导航源码程序 V20100902 > 味多美网址导航源码程序 V20100902\code\conn.asp
<% Dim Fy_Post,Fy_Get,Fy_cook,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr,aa On Error Resume Next Fy_In = "'|and|exec|insert|select|update|delete|count|chr|truncate|char|declare|script|*|char|set|mid|master|(|)|;|做爱|少女|性高潮" aa="" '-----如入侵记录保存文件,留空则不保存 Fy_Inf = split(Fy_In,"|") '1--------POST部份------------------ If Request.Form<>"" Then For Each Fy_Post In Request.Form For Fy_Xh=0 To Ubound(Fy_Inf) If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then flyaway1="<li>操作IP:<a href='http://tools.hxstat.com/ip/?ip="&Request.ServerVariables("REMOTE_ADDR")&"' target='_blank'>"&Request.ServerVariables("REMOTE_ADDR")&"</a><BR>操作时间:"&Now&"<BR>操作页面:"&Request.ServerVariables("URL")&"<BR>提交方式:POST<BR>提交参数:"&Fy_post&"<BR>提交数据:"&replace(Request.Form(Fy_post),"'","*")&"</li>" set fs=server.CreateObject("Scripting.FileSystemObject") set file=fs.OpenTextFile(server.MapPath(aa),8,True) file.writeline flyaway1 file.close set file=nothing set fs=nothing Response.Write "对不起,你提交的内容[<FONT COLOR=#ff0000>"&replace(Request.Form(Fy_post),"'","*")&"</FONT>]含有非法字符!你的IP:"&Request.ServerVariables("REMOTE_ADDR")&"已被记录。" Response.End End If Next Next End If '2--------GET部份------------------- If Request.QueryString<>"" Then For Each Fy_Get In Request.QueryString For Fy_Xh=0 To Ubound(Fy_Inf) If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then flyaway2="<li>操作IP:<a href='http://tools.hxstat.com/ip/?ip="&Request.ServerVariables("REMOTE_ADDR")&"' target='_blank'>"&Request.ServerVariables("REMOTE_ADDR")&"</a><BR>操作时间:"&Now&"<BR>操作页面:"&Request.ServerVariables("URL")&"<BR>提交方式:GET<BR>提交参数:"&Fy_get&"<BR>提交数据:"&replace(Request.QueryString(Fy_get),"'","*")&"</li>" set fs=server.CreateObject("Scripting.FileSystemObject") set file=fs.OpenTextFile(server.MapPath(aa),8,True) file.writeline flyaway2 file.close set file=nothing set fs=nothing Response.Write "非法URL请求!你的IP:"&Request.ServerVariables("REMOTE_ADDR")&"已被记录。" Response.End End If Next Next End If 'Rem 过滤HTML代码 function HTMLEncode(fString) if not isnull(fString) then fString = replace(fString, ">", ">") fString = replace(fString, "<", "<") fString = Replace(fString, CHR(32), " ") fString = Replace(fString, CHR(9), " ") fString = Replace(fString, CHR(34), """) fString = Replace(fString, CHR(39), "'") fString = Replace(fString, CHR(13), "") fString = Replace(fString, CHR(10) & CHR(10), " ") fString = Replace(fString, CHR(10), " ") fString=ChkBadWords(fString) HTMLEncode = fString end if end function Db="data/@#weiduomei.asa" '网址站数据库连接地址 sessionvar="www.weiduomei.net" '设置变量,变量不可以为NO,否则后台无法登陆 %>