www.gusucode.com > 中网景企业网站管理系统 2008源码程序 > common/userinfo_save.asp
<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%> <!--#include file="../opendb.asp" --> <!--#include file="md5.asp" --> <% Response.Buffer = True Response.Expires = -1 Response.ExpiresAbsolute = Now() - 1 Response.Expires = 0 Response.CacheControl = "no-cache" Call DisableOutSite() Dim yuyan,usyzm,usmmtd,usbadname,usvalid,usriqi,uscunzai,usregisterok Dim usmodiok,usplpwd,usbadpwd,ustooless,usamepwd yuyan=Trim(Request.Form("yuyan")) if yuyan=0 then usyzm="验证字错误!" usmmtd="用户名或密码太短!" usbadname="不能用这样的用户名,请换一个用户名注册!" usvalid="用户名中含有非法字符!请重新填写!" usriqi="日期错误!" uscunzai="这个用户名已经存在,请另选择一个吧!" usregisterok="注册成功!" usmodiok="修改成功!" usplpwd="请输入原密码!" usbadpwd="原密码不正确!" ustooless="请输入密码,不能少于6位!" usamepwd="确认密码和密码不一样!" else usyzm="invalid verify code" usmmtd="username or password is too short" usbadname="invalid username" usvalid="invalid username" usriqi="invalid birthday" uscunzai="exist username,please change a new name" usregisterok="register succeed" usmodiok="modify succeed" usplpwd="Please input password" usbadpwd="invalid password" ustooless="the password must more then 6 character" usamepwd="Confirm password must be same password" end if Dim RegUserID,RegUserName,RegPassword,pwd_question,pwd_answer,truename,sex,UserFace,idcard,birthday Dim action,UserIM,address,tel,fax,mobile,email,UserInfo,Sign,Jifen,userip,isPassed action=Trim(Request.Form("action")) RegUserID=Request.Form("UserID") RegUserName=sqlchkchar(trim(request("username"))) RegPassword=trim(request("password")) pwd_question=sqlchkchar(trim(request("pwd_question"))) pwd_answer=trim(request("pwd_answer")) truename=sqlchkchar(trim(request("truename"))) sex=Cint(request("sex")) if sex=1 then UserFace="gg.gif" else UserFace="mm.gif" end if idcard=sqlchkchar(trim(request("idcard"))) birthday=sqlchkchar(trim(request("birthday"))) UserIM=sqlchkchar(trim(request("UserIM"))) address=sqlchkchar(trim(request("address"))) tel=sqlchkchar(trim(request("tel"))) fax=sqlchkchar(trim(request("fax"))) mobile=sqlchkchar(trim(request("mobile"))) email=sqlchkchar(trim(request("email"))) UserInfo=sqlchkchar(trim(request("UserInfo"))) 'Sign=sqlchkchar(trim(request("Sign"))) Jifen=10 userip=GetRealIP() if isCheckUser=1 then isPassed=0 else isPassed=1 Select Case action Case "addnew" if session("cnkcode")<>Trim(Request.Form("yzma")) then call alertmsg(usyzm) if Len(RegUserName)<2 or Len(RegPassword)<6 then Call alertmsg(usmmtd) Dim RegWord,b_word RegWord = Split(BadUsername, "|") '检查敏感不雅用语 if UBound(RegWord) <> 0 then for each b_word in RegWord if instr(1,RegUserName,b_word,1)<>0 then Call alertmsg(usbadname) end if next end if if Instr(RegUserName,"'")>0 or Instr(RegUserName,"=")>0 or Instr(RegUserName,"%")>0 or Instr(RegUserName,chr(32))>0 or Instr(RegUserName,"?")>0 or Instr(RegUserName,"&")>0 or Instr(RegUserName,";")>0 or Instr(RegUserName,",")>0 or Instr(RegUserName,"'")>0 or Instr(RegUserName,",")>0 or Instr(RegUserName,chr(34))>0 or Instr(RegUserName,chr(9))>0 or Instr(RegUserName,"")>0 or Instr(RegUserName,"$")>0 or Instr(RegUserName,"<")>0 or Instr(RegUserName,">")>0 then Call alertmsg(usvalid) if Instr(RegPassword,"'")>0 or Instr(RegPassword,"=")>0 or Instr(RegPassword,"%")>0 or Instr(RegPassword,chr(32))>0 or Instr(RegPassword,"?")>0 or Instr(RegPassword,"&")>0 or Instr(RegPassword,";")>0 or Instr(RegPassword,",")>0 or Instr(RegPassword,"'")>0 or Instr(RegPassword,",")>0 or Instr(RegPassword,chr(34))>0 or Instr(RegPassword,chr(9))>0 or Instr(RegPassword,"")>0 or Instr(RegPassword,"$")>0 or Instr(RegUserName,"<")>0 or Instr(RegUserName,">")>0 then alertmsg(usvalid) if birthday<>"" then if isdate(birthday)=False then Call alertmsg(usriqi) else birthday="1978-8-8" end if Dim chkun set chkun=conn.execute("select count(*) from cnk_users where username='"&RegUserName&"'") if chkun(0)>0 then Call alertmsg(uscunzai) '事务处理和卷回处理 'conn.BeginTrans sql="insert into cnk_users (UserName,UserPassword,Question,Answer,truename,UserFace,Sex,idcard,birthday," sql=sql&"usertitle,isPassed,UserIM,address,tel,fax,mobile,email,UserInfo,Jifen,LastLoginIP)" sql=sql&" values ('"&RegUserName&"','"&MD5(RegPassword)&"','"&pwd_question&"','"&MD5(pwd_answer)&"','"&truename&"','"&UserFace&"',"&sex&",'"&idcard&"','"&birthday&"'," sql=sql&"'会员',"&isPassed&",'"&UserIM&"','"&address&"','"&tel&"','"&fax&"','"&mobile&"','"&email&"','"&UserInfo&"',"&Jifen&",'"&userip&"')" conn.execute(sql) 'if conn.Errors.Count=0 then ' conn.CommitTrans ' else ' conn.RollbackTrans ' end if '完成事务处理和卷回处理 '===websys=== If isPassed=1 Then'登录 conn.execute("update [cnk_users] set LastLoginTime='"&now()&"' where username='"&RegUserName&"'") set rs=conn.execute("select userid,weblevel,jibie from [cnk_users] where username='"&RegUserName&"'") Response.Cookies(cookies_name)("UserID")=rs(0) Response.Cookies(cookies_name)("UserName")=RegUserName Response.Cookies(cookies_name)("Userpwd")=MD5(RegPassword) Response.Cookies(cookies_name)("weblevel")=rs(1) If isBBS=1 Then'===bbs=== Call jibie(RegUserName) 'cnkbbs Dim gc,gr set gc=conn.execute("select GroupRight from cnk_jibie where LevelName='"&rs(2)&"'") gr=gc(0) Response.Cookies(cookies_name)("UserGroupRight")=gr End If'===bbs end=== End If 'Call alertmsg("注册成功!") dim backurl backurl=replace(Request.ServerVariables("HTTP_REFERER"),"?action=register","") Call alertmsg_url(usregisterok,backurl) '===websysend=== Case "Modi" sql="update cnk_users set truename='"&truename&"',sex="&sex&",idcard='"&idcard&"',birthday='"&birthday&"',UserIM='"&UserIM&"',address='"&address&"',tel='"&tel&"',fax='"&fax&"',mobile='"&mobile&"',email='"&email&"',UserInfo='"&UserInfo&"',ModiTime='"&now()&"'" Dim photo photo=conn.execute("select UserFace from cnk_users where UserID="&UserID) if photo(0)="gg.gif" or photo(0)="mm.gif" then '如还是原来的默认头像就修改 sql=sql&",UserFace='"&UserFace&"'" end if sql=sql&" where UserID="&UserID conn.execute(sql) Call alertmsg(usmodiok) Case "Modipwd" Dim old_pwd,pwd2 old_pwd=Trim(request("old_pwd")) pwd2=Trim(request("password2")) if len(old_pwd)<2 then Call alertmsg(usplpwd) rs.open "select UserPassword from cnk_users where username='"&username&"'",conn,1,3 if Trim(rs("UserPassword"))<>MD5(old_pwd) then Call alertmsg(usbadpwd) if len(RegPassword)<6 then Call alertmsg(ustooless) if RegPassword<>pwd2 then Call alertmsg(usamepwd) '事务处理和卷回处理 conn.BeginTrans sql="update cnk_users set UserPassword='"&MD5(RegPassword)&"'" if pwd_question<>"" then sql=sql&",Question='"&pwd_question&"'" end if if pwd_answer<>"" then sql=sql&",Answer='"&MD5(pwd_answer)&"'" end if sql=sql&" where username='"&username&"'" 'Response.Write(sql) conn.execute(sql) if conn.Errors.Count=0 then conn.CommitTrans else conn.RollbackTrans end if '完成事务处理和卷回处理 Call alertmsg(usmodiok) Case "savefeed" dim title,content title=clearHTMLCode(trim(request.form("title"))) content=clearHTMLCode(request.form("content")) conn.execute("insert into cnk_feedback (username,title,content,ip) values ('"&username&"','"&title&"','"&content&"','"&userip&"')") Response.Redirect Request.ServerVariables("HTTP_REFERER") End Select call closedb 'Response.redirect Request.ServerVariables("HTTP_REFERER") '从哪里来回哪里去 '检查升级别 Sub jibie(uname) Dim rs1,rs2,fenshu set rs1=server.createobject("adodb.recordset") rs1.open "select Jifen,userlevel from cnk_users where username='"&uname&"'",conn,1,1 if rs1.recordcount>0 then if rs1("userlevel")<1 then fenshu=rs1("Jifen") if fenshu<0 then conn.execute("update cnk_users set jibie='无' where username='"&uname&"'") '修改论坛级别 else set rs2=server.createobject("adodb.recordset") rs2.open "select LevelName,LevelImage from cnk_jibie where "&fenshu&">=fen1 and "&fenshu&"<=fen2",conn,1,3 if rs2.recordcount=1 then conn.execute("update cnk_users set jibie='"&rs2("LevelName")&"',JibieImg='"&rs2("LevelImage")&"' where username='"&uname&"'") '修改级别 Response.Cookies(cookies_name)("LevelName")=rs2("LevelName") end if rs2.close set rs2=nothing end if else set rs2=server.createobject("adodb.recordset") rs2.open "select LevelName,LevelImage from cnk_jibie where userlevel="&rs1("userlevel"),conn,1,3 conn.execute("update cnk_users set jibie='"&rs2("LevelName")&"',JibieImg='"&rs2("LevelImage")&"' where username='"&uname&"'") end if end if rs1.close End Sub %>