www.gusucode.com > 中网景企业网站管理系统 2008源码程序 > common/userinfo_save.asp
<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>
<!--#include file="../opendb.asp" -->
<!--#include file="md5.asp" -->
<% Response.Buffer = True
Response.Expires = -1
Response.ExpiresAbsolute = Now() - 1
Response.Expires = 0
Response.CacheControl = "no-cache"
Call DisableOutSite()
Dim yuyan,usyzm,usmmtd,usbadname,usvalid,usriqi,uscunzai,usregisterok
Dim usmodiok,usplpwd,usbadpwd,ustooless,usamepwd
yuyan=Trim(Request.Form("yuyan"))
if yuyan=0 then
usyzm="验证字错误!"
usmmtd="用户名或密码太短!"
usbadname="不能用这样的用户名,请换一个用户名注册!"
usvalid="用户名中含有非法字符!请重新填写!"
usriqi="日期错误!"
uscunzai="这个用户名已经存在,请另选择一个吧!"
usregisterok="注册成功!"
usmodiok="修改成功!"
usplpwd="请输入原密码!"
usbadpwd="原密码不正确!"
ustooless="请输入密码,不能少于6位!"
usamepwd="确认密码和密码不一样!"
else
usyzm="invalid verify code"
usmmtd="username or password is too short"
usbadname="invalid username"
usvalid="invalid username"
usriqi="invalid birthday"
uscunzai="exist username,please change a new name"
usregisterok="register succeed"
usmodiok="modify succeed"
usplpwd="Please input password"
usbadpwd="invalid password"
ustooless="the password must more then 6 character"
usamepwd="Confirm password must be same password"
end if
Dim RegUserID,RegUserName,RegPassword,pwd_question,pwd_answer,truename,sex,UserFace,idcard,birthday
Dim action,UserIM,address,tel,fax,mobile,email,UserInfo,Sign,Jifen,userip,isPassed
action=Trim(Request.Form("action"))
RegUserID=Request.Form("UserID")
RegUserName=sqlchkchar(trim(request("username")))
RegPassword=trim(request("password"))
pwd_question=sqlchkchar(trim(request("pwd_question")))
pwd_answer=trim(request("pwd_answer"))
truename=sqlchkchar(trim(request("truename")))
sex=Cint(request("sex"))
if sex=1 then
UserFace="gg.gif"
else
UserFace="mm.gif"
end if
idcard=sqlchkchar(trim(request("idcard")))
birthday=sqlchkchar(trim(request("birthday")))
UserIM=sqlchkchar(trim(request("UserIM")))
address=sqlchkchar(trim(request("address")))
tel=sqlchkchar(trim(request("tel")))
fax=sqlchkchar(trim(request("fax")))
mobile=sqlchkchar(trim(request("mobile")))
email=sqlchkchar(trim(request("email")))
UserInfo=sqlchkchar(trim(request("UserInfo")))
'Sign=sqlchkchar(trim(request("Sign")))
Jifen=10
userip=GetRealIP()
if isCheckUser=1 then isPassed=0 else isPassed=1
Select Case action
Case "addnew"
if session("cnkcode")<>Trim(Request.Form("yzma")) then call alertmsg(usyzm)
if Len(RegUserName)<2 or Len(RegPassword)<6 then Call alertmsg(usmmtd)
Dim RegWord,b_word
RegWord = Split(BadUsername, "|") '检查敏感不雅用语
if UBound(RegWord) <> 0 then
for each b_word in RegWord
if instr(1,RegUserName,b_word,1)<>0 then
Call alertmsg(usbadname)
end if
next
end if
if Instr(RegUserName,"'")>0 or Instr(RegUserName,"=")>0 or Instr(RegUserName,"%")>0 or Instr(RegUserName,chr(32))>0 or Instr(RegUserName,"?")>0 or Instr(RegUserName,"&")>0 or Instr(RegUserName,";")>0 or Instr(RegUserName,",")>0 or Instr(RegUserName,"'")>0 or Instr(RegUserName,",")>0 or Instr(RegUserName,chr(34))>0 or Instr(RegUserName,chr(9))>0 or Instr(RegUserName,"")>0 or Instr(RegUserName,"$")>0 or Instr(RegUserName,"<")>0 or Instr(RegUserName,">")>0 then Call alertmsg(usvalid)
if Instr(RegPassword,"'")>0 or Instr(RegPassword,"=")>0 or Instr(RegPassword,"%")>0 or Instr(RegPassword,chr(32))>0 or Instr(RegPassword,"?")>0 or Instr(RegPassword,"&")>0 or Instr(RegPassword,";")>0 or Instr(RegPassword,",")>0 or Instr(RegPassword,"'")>0 or Instr(RegPassword,",")>0 or Instr(RegPassword,chr(34))>0 or Instr(RegPassword,chr(9))>0 or Instr(RegPassword,"")>0 or Instr(RegPassword,"$")>0 or Instr(RegUserName,"<")>0 or Instr(RegUserName,">")>0 then alertmsg(usvalid)
if birthday<>"" then
if isdate(birthday)=False then Call alertmsg(usriqi)
else
birthday="1978-8-8"
end if
Dim chkun
set chkun=conn.execute("select count(*) from cnk_users where username='"&RegUserName&"'")
if chkun(0)>0 then Call alertmsg(uscunzai)
'事务处理和卷回处理
'conn.BeginTrans
sql="insert into cnk_users (UserName,UserPassword,Question,Answer,truename,UserFace,Sex,idcard,birthday,"
sql=sql&"usertitle,isPassed,UserIM,address,tel,fax,mobile,email,UserInfo,Jifen,LastLoginIP)"
sql=sql&" values ('"&RegUserName&"','"&MD5(RegPassword)&"','"&pwd_question&"','"&MD5(pwd_answer)&"','"&truename&"','"&UserFace&"',"&sex&",'"&idcard&"','"&birthday&"',"
sql=sql&"'会员',"&isPassed&",'"&UserIM&"','"&address&"','"&tel&"','"&fax&"','"&mobile&"','"&email&"','"&UserInfo&"',"&Jifen&",'"&userip&"')"
conn.execute(sql)
'if conn.Errors.Count=0 then
' conn.CommitTrans
' else
' conn.RollbackTrans
' end if
'完成事务处理和卷回处理
'===websys===
If isPassed=1 Then'登录
conn.execute("update [cnk_users] set LastLoginTime='"&now()&"' where username='"&RegUserName&"'")
set rs=conn.execute("select userid,weblevel,jibie from [cnk_users] where username='"&RegUserName&"'")
Response.Cookies(cookies_name)("UserID")=rs(0)
Response.Cookies(cookies_name)("UserName")=RegUserName
Response.Cookies(cookies_name)("Userpwd")=MD5(RegPassword)
Response.Cookies(cookies_name)("weblevel")=rs(1)
If isBBS=1 Then'===bbs===
Call jibie(RegUserName) 'cnkbbs
Dim gc,gr
set gc=conn.execute("select GroupRight from cnk_jibie where LevelName='"&rs(2)&"'")
gr=gc(0)
Response.Cookies(cookies_name)("UserGroupRight")=gr
End If'===bbs end===
End If
'Call alertmsg("注册成功!")
dim backurl
backurl=replace(Request.ServerVariables("HTTP_REFERER"),"?action=register","")
Call alertmsg_url(usregisterok,backurl)
'===websysend===
Case "Modi"
sql="update cnk_users set truename='"&truename&"',sex="&sex&",idcard='"&idcard&"',birthday='"&birthday&"',UserIM='"&UserIM&"',address='"&address&"',tel='"&tel&"',fax='"&fax&"',mobile='"&mobile&"',email='"&email&"',UserInfo='"&UserInfo&"',ModiTime='"&now()&"'"
Dim photo
photo=conn.execute("select UserFace from cnk_users where UserID="&UserID)
if photo(0)="gg.gif" or photo(0)="mm.gif" then '如还是原来的默认头像就修改
sql=sql&",UserFace='"&UserFace&"'"
end if
sql=sql&" where UserID="&UserID
conn.execute(sql)
Call alertmsg(usmodiok)
Case "Modipwd"
Dim old_pwd,pwd2
old_pwd=Trim(request("old_pwd"))
pwd2=Trim(request("password2"))
if len(old_pwd)<2 then Call alertmsg(usplpwd)
rs.open "select UserPassword from cnk_users where username='"&username&"'",conn,1,3
if Trim(rs("UserPassword"))<>MD5(old_pwd) then Call alertmsg(usbadpwd)
if len(RegPassword)<6 then Call alertmsg(ustooless)
if RegPassword<>pwd2 then Call alertmsg(usamepwd)
'事务处理和卷回处理
conn.BeginTrans
sql="update cnk_users set UserPassword='"&MD5(RegPassword)&"'"
if pwd_question<>"" then
sql=sql&",Question='"&pwd_question&"'"
end if
if pwd_answer<>"" then
sql=sql&",Answer='"&MD5(pwd_answer)&"'"
end if
sql=sql&" where username='"&username&"'"
'Response.Write(sql)
conn.execute(sql)
if conn.Errors.Count=0 then
conn.CommitTrans
else
conn.RollbackTrans
end if
'完成事务处理和卷回处理
Call alertmsg(usmodiok)
Case "savefeed"
dim title,content
title=clearHTMLCode(trim(request.form("title")))
content=clearHTMLCode(request.form("content"))
conn.execute("insert into cnk_feedback (username,title,content,ip) values ('"&username&"','"&title&"','"&content&"','"&userip&"')")
Response.Redirect Request.ServerVariables("HTTP_REFERER")
End Select
call closedb
'Response.redirect Request.ServerVariables("HTTP_REFERER") '从哪里来回哪里去
'检查升级别
Sub jibie(uname)
Dim rs1,rs2,fenshu
set rs1=server.createobject("adodb.recordset")
rs1.open "select Jifen,userlevel from cnk_users where username='"&uname&"'",conn,1,1
if rs1.recordcount>0 then
if rs1("userlevel")<1 then
fenshu=rs1("Jifen")
if fenshu<0 then
conn.execute("update cnk_users set jibie='无' where username='"&uname&"'") '修改论坛级别
else
set rs2=server.createobject("adodb.recordset")
rs2.open "select LevelName,LevelImage from cnk_jibie where "&fenshu&">=fen1 and "&fenshu&"<=fen2",conn,1,3
if rs2.recordcount=1 then
conn.execute("update cnk_users set jibie='"&rs2("LevelName")&"',JibieImg='"&rs2("LevelImage")&"' where username='"&uname&"'") '修改级别
Response.Cookies(cookies_name)("LevelName")=rs2("LevelName")
end if
rs2.close
set rs2=nothing
end if
else
set rs2=server.createobject("adodb.recordset")
rs2.open "select LevelName,LevelImage from cnk_jibie where userlevel="&rs1("userlevel"),conn,1,3
conn.execute("update cnk_users set jibie='"&rs2("LevelName")&"',JibieImg='"&rs2("LevelImage")&"' where username='"&uname&"'")
end if
end if
rs1.close
End Sub
%>