www.gusucode.com > 艺术签名文章资讯网源代码 > 艺术签名文章资讯网源代码/624/adminhtry/check.asp
<%
'=====================================================================
' 软件名称:新云网站管理系统
' 当前版本:NewAsp Site Management System Version 3.0
' 文件名称:check.asp
' 更新日期:2006-11-20
' 官方网站:www.newasp.net QQ:94022511
'=====================================================================
' Copyright 2003-2007 newasp.net - All Rights Reserved.
' newasp is a trademark of newasp.net
'=====================================================================
Dim AdminName, AdminPass, AdminID, ErrorStr
Dim SQLAdmin, RsAdmin, AdminRandomCode
CheckAdminIP
ErrorStr = "<li>确认身份失败!您没有使用当前功能的权限。</li><li>如果有什么问题,请联系管理员。</li>"
If InStr(Newasp.ScriptName, "editor") > 0 Or InStr(Newasp.ScriptName, "admin_label") > 0 Or InStr(Newasp.ScriptName, "admin_collect") > 0 Then AdminPage = True
'If Newasp.CheckPost = False And AdminPage = False Then
'ErrMsg = "<br><li><font color=red>您提交的数据不合法,为了系统安全,不允许直接输入地址访问本系统的后台管理页面。</font></li><li>因为你执行了非法操作,<a href=logout.asp target=_top class=showmeun>请您退出本系统!</a></li>"
'Response.Redirect("showerr.asp?action=error&message=" & server.URLEncode(errmsg) & "")
'Response.End
'End If
Call AdminCookiesToSession
AdminName = Newasp.CheckBadstr(Session("AdminName")) '管理员名称
AdminPass = Newasp.CheckBadstr(Session("AdminPass")) '管理员密码
AdminID = Newasp.ChkNumeric(Session("AdminID")) '管理员ID
AdminRandomCode = Trim(Session("AdminRandomCode")) '管理员登陆随机码
If Newasp.ChkNumeric(Session("AdminGrade")) = 111 Then
Call AdminReadonly()
End If
'--打开后台定时功能
If AdminTimer = 2 Then
If timesetting(Hour(Now))="1" Then
Call AdminReadonly()
End If
End If
If AdminName = "" Then
Session.Abandon
Response.Cookies(Admin_Cookies_Name) = ""
ErrMsg = ErrMsg + "<li>您没有进入本页面的权限!本次操作已被记录!<li>可能您还没有登陆或者不具有使用当前功能的权限!请联系管理员.<li>本页面为[<font color=red>管理员</font>]专用,请先<a href=admin_login.asp class=showmeun target=_top>登陆</a>后进入。"
Response.redirect ("showerr.asp?action=error&Message=" & Server.URLEncode(ErrMsg) & "")
Response.End
End If
If IsAdminValidate Then
If AdminValidateCode <> Session("validate") Or Len(Session("validate")) = 0 Then
ErrMsg = ErrMsg + "<li>非法登陆!您的IP我们已经记录在案。<li>"
Session.Abandon
Response.Cookies(Admin_Cookies_Name) = ""
Response.redirect ("showerr.asp?action=error&Message=" & Server.URLEncode(ErrMsg) & "")
Response.End
End If
Else
If Len(Session("validate")) > 0 Then
ErrMsg = ErrMsg + "<li>非法登陆!您的IP我们已经记录在案。<li>"
Session.Abandon
Response.Cookies(Admin_Cookies_Name) = ""
Response.redirect ("showerr.asp?action=error&Message=" & Server.URLEncode(ErrMsg) & "")
Response.End
End If
End If
SQLAdmin ="SELECT isLock,RandomCode,isAloneLogin FROM NC_Admin WHERE username='" & AdminName & "' And password='" & AdminPass & "' And id="& AdminID
Set RsAdmin = Newasp.Execute(SQLAdmin)
If RsAdmin.BOF And RsAdmin.EOF Then
Session.Abandon
Response.Cookies(Admin_Cookies_Name) = ""
RsAdmin.Close:set RsAdmin = Nothing
Response.Redirect "admin_login.asp"
Else
If RsAdmin("isLock") <> 0 Then
ErrMsg = "<li>你的用户名已被锁定,你不能登陆!如要开通此帐号,请联系管理员。</li>"
RsAdmin.Close:set RsAdmin = Nothing
Session.Abandon
Response.Cookies(Admin_Cookies_Name) = ""
Response.Redirect("showerr.asp?action=error&message=" & server.URLEncode(errmsg) & "")
Response.End
End If
If RsAdmin("isAloneLogin") <> 0 And Trim(RsAdmin("RandomCode")) <> AdminRandomCode then
Session.Abandon
Response.Cookies(Admin_Cookies_Name) = ""
ErrMsg = "<li><font color='red'>对不起,为了系统安全,本系统不允许两个人使用同一个管理员帐号进行登录!</font></li><li>因为现在有人已经在其他地方使用此管理员帐号进行登录了,所以你将不能继续进行后台管理操作。</li><li>你可以<a href='admin_login.asp' target='_top' class=showmeun>点此重新登录</a>。</li>"
Response.Redirect("showerr.asp?action=error&message=" & server.URLEncode(errmsg) & "")
RsAdmin.Close:set RsAdmin = Nothing
Response.End
End If
End If
RsAdmin.Close:Set RsAdmin = Nothing
Dim ChannelID,sChannelName,sChannelDir,sModuleName,rsChannel,ChannelModuleID
ChannelID = Newasp.ChkNumeric(Request("ChannelID"))
If ChannelID > 0 Then
ChannelID = CLng(ChannelID)
If ChannelID <> 9999 Then
Set rsChannel = Newasp.Execute("Select ChannelID From NC_Channel where ChannelType < 2 And ChannelID = " & ChannelID)
If Not (rsChannel.BOF And rsChannel.EOF) Then
Newasp.ReadChannel(ChannelID)
sChannelName = Newasp.ChannelName
sChannelDir = Replace(Newasp.ChannelDir, "/", "")
sModuleName = Newasp.ModuleName
ChannelModuleID = CInt(Newasp.modules)
End If
rsChannel.Close:Set rsChannel = Nothing
End If
Else
ChannelID = 0
End If
Public Function DeleteHtmlFile(classid,id,HtmlFileDate)
If CInt(Newasp.IsCreateHtml)=0 Then Exit Function
On Error Resume Next
Dim rsClass,sHtmlFileName,sHtmlFilePath
SQL = "SELECT HtmlFileDir FROM [NC_Classify] WHERE ChannelID = " & ChannelID & " And ClassID=" & CLng(classid)
Set rsClass = Newasp.Execute(SQL)
If Not(rsClass.BOF And rsClass.EOF) Then
sHtmlFileName = Newasp.ReadDestination(Newasp.InfoDestination, Newasp.ChannelDir, HtmlFileDate,rsClass("HtmlFileDir"),classid,id,1,"")
If Newasp.BindDomain = "0" Then
sHtmlFilePath = ""
Else
If Len(Newasp.NamedPath) > 2 Then
sHtmlFilePath = Newasp.NamedPath
Else
sHtmlFilePath = Server.MapPath(Newasp.InstallDir & Newasp.ChannelDir)
End If
End If
Newasp.FileDelete(sHtmlFilePath & sHtmlFileName)
End If
rsClass.Close:Set rsClass = Nothing
End Function
Public Function ChkAdmin(para)
On Error Resume Next
Dim i, TempAdmin, Adminflag,m_intAdminGrade
ChkAdmin = False
AdminFlag = Replace(Session("Adminflag"), "'", "''")
m_intAdminGrade = Newasp.ChkNumeric(Session("AdminGrade"))
If para = "" Then Exit Function
If AdminFlag = "" Or IsEmpty(AdminFlag) Then Exit Function
If CInt(m_intAdminGrade) = 999 Then
ChkAdmin = True
Exit Function
Else
If Adminflag = "" Then
ChkAdmin = False
Exit Function
Else
tempAdmin = Split(Adminflag, ",")
For i = 0 To UBound(tempAdmin)
If Trim(LCase(tempAdmin(i))) = Trim(LCase(para)) Then
ChkAdmin = True
Exit For
End If
Next
End If
End If
End Function
Public Function ChkAdminPurview(flag,username)
On Error Resume Next
Dim i, TempAdmin, Adminflag, BlnAdminflag,m_intAdminGrade
ChkAdminPurview = False
BlnAdminflag = False
If flag = "" Then Exit Function
Adminflag = Replace(Session("Adminflag"), "'", "''")
m_intAdminGrade = Newasp.ChkNumeric(Session("AdminGrade"))
If AdminFlag = "" Or IsEmpty(AdminFlag) Then Exit Function
If CInt(m_intAdminGrade) = 999 Then
ChkAdminPurview = True
Exit Function
Else
If Trim(Adminflag) = "" Then
ChkAdminPurview = False
Exit Function
Else
tempAdmin = Split(Adminflag, ",")
For i = 0 To UBound(tempAdmin)
If LCase(Trim(tempAdmin(i))) = LCase(Trim(flag)) Then
BlnAdminflag = True
Exit For
End If
Next
End If
End If
If BlnAdminflag = True Then
If Trim(username) = Trim(Session("AdminName")) Then
ChkAdminPurview = True
Exit Function
Else
ChkAdminPurview = False
Exit Function
End If
Else
ChkAdminPurview = False
Exit Function
End If
End Function
Public Sub AdminCookiesToSession()
If Session("AdminName") = "" And UseAdminCookies Then
Session("AdminName") = Newasp.CheckStr(Request.Cookies(Admin_Cookies_Name)("AdminName"))
Session("AdminPass") = Newasp.CheckStr(Request.Cookies(Admin_Cookies_Name)("AdminPass"))
Session("AdminGrade") = Newasp.CheckStr(Request.Cookies(Admin_Cookies_Name)("AdminGrade"))
Session("Adminflag") = Newasp.CheckStr(Request.Cookies(Admin_Cookies_Name)("Adminflag"))
Session("AdminStatus") = Newasp.CheckStr(Request.Cookies(Admin_Cookies_Name)("AdminStatus"))
Session("AdminRandomCode") = Newasp.CheckStr(Request.Cookies(Admin_Cookies_Name)("RandomCode"))
Session("AdminID") = Newasp.CheckStr(Request.Cookies(Admin_Cookies_Name)("AdminID"))
If IsAdminValidate Then
Session("validate") = Newasp.CheckStr(Request.Cookies(Admin_Cookies_Name)("validate"))
End If
End If
End Sub
Sub AdminReadonly()
If Request.form <> "" Then
Response.redirect ("showerr.asp?action=error&Message=" & Server.URLEncode("<li>后台管理为只读模式,不能进行此操作。</li><li>如果有什么问题,请联系管理员。</li>") & "")
Response.End
End If
If LCase(Trim(Request("action"))) = "del" Then
Response.redirect ("showerr.asp?action=error&Message=" & Server.URLEncode("<li>后台管理为只读模式,不能进行此操作。</li><li>如果有什么问题,请联系管理员。</li>") & "")
Response.End
End If
End Sub
%>