www.gusucode.com > 艺术签名文章资讯网源代码 > 艺术签名文章资讯网源代码/624/adminhtry/admin_password.asp
<!--#include file="setup.asp"-->
<!--#include file="check.asp"-->
<!--#include file="../inc/md5.asp"-->
<%
'=====================================================================
' 软件名称:新云网站管理系统
' 当前版本:NewAsp Site Management System Version 3.0
' 文件名称:admin_password.asp
' 更新日期:2006-12-20
' 官方网站:新云网络(www.newasp.net www.newasp.cn) QQ:94022511
'=====================================================================
' Copyright 2003-2007 newasp.net - All Rights Reserved.
' newasp is a trademark of newasp.net
'=====================================================================
Dim ID
Response.Write "<script language=""JavaScript"">" & vbCrLf
Response.Write "<!--" & vbCrLf
Response.Write "function CheckForm()" & vbCrLf
Response.Write "{" & vbCrLf
Response.Write "if (document.myform.password.value.length == 0)" & vbCrLf
Response.Write " {" & vbCrLf
Response.Write "alert(""请输入您的原始密码!"");" & vbCrLf
Response.Write "document.myform.password.focus();" & vbCrLf
Response.Write "return false;" & vbCrLf
Response.Write "}" & vbCrLf
Response.Write "if (document.myform.password1.value.length == 0)" & vbCrLf
Response.Write " {" & vbCrLf
Response.Write "alert(""请输入您的新密码!"");" & vbCrLf
Response.Write "document.myform.password1.focus();" & vbCrLf
Response.Write "return false;" & vbCrLf
Response.Write "}" & vbCrLf
Response.Write "if (document.myform.password2.value.length == 0)" & vbCrLf
Response.Write " {" & vbCrLf
Response.Write "alert(""请输入您的确认密码"");" & vbCrLf
Response.Write "document.myform.password2.focus();" & vbCrLf
Response.Write "return false;" & vbCrLf
Response.Write "}" & vbCrLf
Response.Write "return true;" & vbCrLf
Response.Write "}" & vbCrLf
Response.Write "//-->"
Response.Write "</script>" & vbCrLf
Admin_header
Dim Action
Action = LCase(Request("action"))
If Not ChkAdmin("ChangePassword") Then
Server.Transfer("showerr.asp")
Response.End
End If
Set Rs = Server.CreateObject("adodb.recordset")
Select Case Action
Case "save"
Call svaeadmin
Case Else
Call PassMain
End Select
If FoundErr = True Then
ReturnError(ErrMsg)
End If
Admin_footer
SaveLogInfo(AdminName)
CloseConn
Private Sub PassMain()
Response.Write "<table border=""0"" align=""center"" cellpadding=""2"" cellspacing=""1"" class=""tableBorder"">" & vbCrLf
Response.Write " <tr>" & vbCrLf
Response.Write " <th colspan=""2"">管理员名称及密码修改</th></tr>" & vbCrLf
Response.Write "<form method=Post name=""myform"" action=""admin_password.asp?action=save"" onSubmit=""return CheckForm();"">" & vbCrLf
Response.Write " <tr> " & vbCrLf
Response.Write " <td width=""25%"" align=""right"" nowrap class=""tablerow2"">管理员名称:</td>" & vbCrLf
Response.Write " <td class=""tablerow1"" width=""75%""> <INPUT type=text size=25 name=username value="""
Response.Write Session("AdminName")
Response.Write """> * <font COLOR=#FF0000>不修改可以留空</font></td>" & vbCrLf
Response.Write " </tr>" & vbCrLf
Response.Write " <tr> " & vbCrLf
Response.Write " <td align=""right"" nowrap class=""tablerow2"">原始密码:</td>" & vbCrLf
Response.Write " <td class=""tablerow1""> <INPUT type=password size=25 name=password></td>" & vbCrLf
Response.Write " </tr>" & vbCrLf
Response.Write " <tr> " & vbCrLf
Response.Write " <td align=""right"" nowrap class=""tablerow2"">新密码:</td>" & vbCrLf
Response.Write " <td class=""tablerow1""> <INPUT type=password size=25 name=password1></td>" & vbCrLf
Response.Write " </tr>" & vbCrLf
Response.Write " <tr> " & vbCrLf
Response.Write " <td align=""right"" nowrap class=""tablerow2"">确认新密码:</td>" & vbCrLf
Response.Write " <td class=""tablerow1""> <INPUT type=password size=25 name=password2></td>" & vbCrLf
Response.Write " </tr>" & vbCrLf
Response.Write " <tr> " & vbCrLf
Response.Write " <td align=""center"" colspan=""2"" class=""tablerow1"">" & vbCrLf
Response.Write "<INPUT type=hidden name=id value="""
Response.Write Session("Adminid")
Response.Write """>" & vbCrLf
Response.Write "<input type=""submit"" name=""Submit"" class=button value=""确认修改""> " & vbCrLf
Response.Write "</td>" & vbCrLf
Response.Write " </tr></form>" & vbCrLf
Response.Write "</table><BR>" & vbCrLf
End Sub
Private Sub svaeadmin()
Dim password
Set Rs = Server.CreateObject("ADODB.RecordSet")
password = md5(Request.Form("password"))
If Newasp.checkpost = False Then
ErrMsg = ErrMsg + "<li>您提交的数据不合法,请不要从外部提交注册。</li>"
founderr = True
End If
If InStr(Request("username"), "=") > 0 Or InStr(Request("username"), "%") > 0 Or InStr(Request("username"), Chr(32)) > 0 Or InStr(Request("username"), "?") > 0 Or InStr(Request("username"), "&") > 0 Or InStr(Request("username"), ";") > 0 Or InStr(Request("username"), ",") > 0 Or InStr(Request("username"), "'") > 0 Or InStr(Request("username"), ",") > 0 Or InStr(Request("username"), Chr(34)) > 0 Or InStr(Request("username"), Chr(9)) > 0 Or InStr(Request("username"), "") > 0 Or InStr(Request("username"), "$") > 0 Then
ErrMsg = ErrMsg + "<br>" + "<li>用户名中含有非法字符。</li>"
founderr = True
End If
If InStr(Request("password1"), "=") > 0 Or InStr(Request("password1"), "+") > 0 Or InStr(Request("password1"), "&") > 0 Or InStr(Request("password1"), "'") > 0 Or InStr(Request("password1"), " ") > 0 Or InStr(Request("password1"), "%") > 0 Then
ErrMsg = ErrMsg + "<li>密码中含有非法字符 </li>"
founderr = True
End If
If Request.Form("password") = "" Then
ErrMsg = ErrMsg + "<li>您还没有输入原始密码。<li>"
founderr = True
End If
If Request.Form("password1") = "" And Request.Form("password2") = "" Then
ErrMsg = ErrMsg + "<li>您的密码不能为空。</li>"
founderr = True
End If
If Request.Form("password1") <> Request.Form("password2") Then
ErrMsg = ErrMsg + "<li>您输入的密码和确认密码不一致。</li>"
founderr = True
End If
Rs.Open "Select * from NC_Admin where username = '" & Session("AdminName") & "' and id = " & Session("Adminid") & "", conn, 1, 1
If Rs.bof And Rs.EOF Then
Response.Write "Sorry!没有找到此用户信息信息。"
Else
If password <> Rs("password") Then
ErrMsg = ErrMsg + "<li>您输入的原始密码错误。</i>"
founderr = True
Exit Sub
End If
End If
Rs.Close
If founderr = True Then Exit Sub
If founderr = False Then
SQL = "select * from NC_Admin where id = " & Request("id")
Rs.Open SQL, conn, 1, 3
Rs("password") = md5(Request.Form("password1"))
If Request.Form("username") <> "" Then
Rs("username") = Request.Form("username")
End If
Rs.update
Session("AdminPass") = Rs("password")
Session("AdminName") = Rs("username")
Rs.Close
Set Rs = Nothing
Succeed("<li>管理员修改成功!</li>")
End If
End Sub
%>