www.gusucode.com > 艺术签名文章资讯网源代码 > 艺术签名文章资讯网源代码/624/adminhtry/check.asp
<% '===================================================================== ' 软件名称:新云网站管理系统 ' 当前版本:NewAsp Site Management System Version 3.0 ' 文件名称:check.asp ' 更新日期:2006-11-20 ' 官方网站:www.newasp.net QQ:94022511 '===================================================================== ' Copyright 2003-2007 newasp.net - All Rights Reserved. ' newasp is a trademark of newasp.net '===================================================================== Dim AdminName, AdminPass, AdminID, ErrorStr Dim SQLAdmin, RsAdmin, AdminRandomCode CheckAdminIP ErrorStr = "<li>确认身份失败!您没有使用当前功能的权限。</li><li>如果有什么问题,请联系管理员。</li>" If InStr(Newasp.ScriptName, "editor") > 0 Or InStr(Newasp.ScriptName, "admin_label") > 0 Or InStr(Newasp.ScriptName, "admin_collect") > 0 Then AdminPage = True 'If Newasp.CheckPost = False And AdminPage = False Then 'ErrMsg = "<br><li><font color=red>您提交的数据不合法,为了系统安全,不允许直接输入地址访问本系统的后台管理页面。</font></li><li>因为你执行了非法操作,<a href=logout.asp target=_top class=showmeun>请您退出本系统!</a></li>" 'Response.Redirect("showerr.asp?action=error&message=" & server.URLEncode(errmsg) & "") 'Response.End 'End If Call AdminCookiesToSession AdminName = Newasp.CheckBadstr(Session("AdminName")) '管理员名称 AdminPass = Newasp.CheckBadstr(Session("AdminPass")) '管理员密码 AdminID = Newasp.ChkNumeric(Session("AdminID")) '管理员ID AdminRandomCode = Trim(Session("AdminRandomCode")) '管理员登陆随机码 If Newasp.ChkNumeric(Session("AdminGrade")) = 111 Then Call AdminReadonly() End If '--打开后台定时功能 If AdminTimer = 2 Then If timesetting(Hour(Now))="1" Then Call AdminReadonly() End If End If If AdminName = "" Then Session.Abandon Response.Cookies(Admin_Cookies_Name) = "" ErrMsg = ErrMsg + "<li>您没有进入本页面的权限!本次操作已被记录!<li>可能您还没有登陆或者不具有使用当前功能的权限!请联系管理员.<li>本页面为[<font color=red>管理员</font>]专用,请先<a href=admin_login.asp class=showmeun target=_top>登陆</a>后进入。" Response.redirect ("showerr.asp?action=error&Message=" & Server.URLEncode(ErrMsg) & "") Response.End End If If IsAdminValidate Then If AdminValidateCode <> Session("validate") Or Len(Session("validate")) = 0 Then ErrMsg = ErrMsg + "<li>非法登陆!您的IP我们已经记录在案。<li>" Session.Abandon Response.Cookies(Admin_Cookies_Name) = "" Response.redirect ("showerr.asp?action=error&Message=" & Server.URLEncode(ErrMsg) & "") Response.End End If Else If Len(Session("validate")) > 0 Then ErrMsg = ErrMsg + "<li>非法登陆!您的IP我们已经记录在案。<li>" Session.Abandon Response.Cookies(Admin_Cookies_Name) = "" Response.redirect ("showerr.asp?action=error&Message=" & Server.URLEncode(ErrMsg) & "") Response.End End If End If SQLAdmin ="SELECT isLock,RandomCode,isAloneLogin FROM NC_Admin WHERE username='" & AdminName & "' And password='" & AdminPass & "' And id="& AdminID Set RsAdmin = Newasp.Execute(SQLAdmin) If RsAdmin.BOF And RsAdmin.EOF Then Session.Abandon Response.Cookies(Admin_Cookies_Name) = "" RsAdmin.Close:set RsAdmin = Nothing Response.Redirect "admin_login.asp" Else If RsAdmin("isLock") <> 0 Then ErrMsg = "<li>你的用户名已被锁定,你不能登陆!如要开通此帐号,请联系管理员。</li>" RsAdmin.Close:set RsAdmin = Nothing Session.Abandon Response.Cookies(Admin_Cookies_Name) = "" Response.Redirect("showerr.asp?action=error&message=" & server.URLEncode(errmsg) & "") Response.End End If If RsAdmin("isAloneLogin") <> 0 And Trim(RsAdmin("RandomCode")) <> AdminRandomCode then Session.Abandon Response.Cookies(Admin_Cookies_Name) = "" ErrMsg = "<li><font color='red'>对不起,为了系统安全,本系统不允许两个人使用同一个管理员帐号进行登录!</font></li><li>因为现在有人已经在其他地方使用此管理员帐号进行登录了,所以你将不能继续进行后台管理操作。</li><li>你可以<a href='admin_login.asp' target='_top' class=showmeun>点此重新登录</a>。</li>" Response.Redirect("showerr.asp?action=error&message=" & server.URLEncode(errmsg) & "") RsAdmin.Close:set RsAdmin = Nothing Response.End End If End If RsAdmin.Close:Set RsAdmin = Nothing Dim ChannelID,sChannelName,sChannelDir,sModuleName,rsChannel,ChannelModuleID ChannelID = Newasp.ChkNumeric(Request("ChannelID")) If ChannelID > 0 Then ChannelID = CLng(ChannelID) If ChannelID <> 9999 Then Set rsChannel = Newasp.Execute("Select ChannelID From NC_Channel where ChannelType < 2 And ChannelID = " & ChannelID) If Not (rsChannel.BOF And rsChannel.EOF) Then Newasp.ReadChannel(ChannelID) sChannelName = Newasp.ChannelName sChannelDir = Replace(Newasp.ChannelDir, "/", "") sModuleName = Newasp.ModuleName ChannelModuleID = CInt(Newasp.modules) End If rsChannel.Close:Set rsChannel = Nothing End If Else ChannelID = 0 End If Public Function DeleteHtmlFile(classid,id,HtmlFileDate) If CInt(Newasp.IsCreateHtml)=0 Then Exit Function On Error Resume Next Dim rsClass,sHtmlFileName,sHtmlFilePath SQL = "SELECT HtmlFileDir FROM [NC_Classify] WHERE ChannelID = " & ChannelID & " And ClassID=" & CLng(classid) Set rsClass = Newasp.Execute(SQL) If Not(rsClass.BOF And rsClass.EOF) Then sHtmlFileName = Newasp.ReadDestination(Newasp.InfoDestination, Newasp.ChannelDir, HtmlFileDate,rsClass("HtmlFileDir"),classid,id,1,"") If Newasp.BindDomain = "0" Then sHtmlFilePath = "" Else If Len(Newasp.NamedPath) > 2 Then sHtmlFilePath = Newasp.NamedPath Else sHtmlFilePath = Server.MapPath(Newasp.InstallDir & Newasp.ChannelDir) End If End If Newasp.FileDelete(sHtmlFilePath & sHtmlFileName) End If rsClass.Close:Set rsClass = Nothing End Function Public Function ChkAdmin(para) On Error Resume Next Dim i, TempAdmin, Adminflag,m_intAdminGrade ChkAdmin = False AdminFlag = Replace(Session("Adminflag"), "'", "''") m_intAdminGrade = Newasp.ChkNumeric(Session("AdminGrade")) If para = "" Then Exit Function If AdminFlag = "" Or IsEmpty(AdminFlag) Then Exit Function If CInt(m_intAdminGrade) = 999 Then ChkAdmin = True Exit Function Else If Adminflag = "" Then ChkAdmin = False Exit Function Else tempAdmin = Split(Adminflag, ",") For i = 0 To UBound(tempAdmin) If Trim(LCase(tempAdmin(i))) = Trim(LCase(para)) Then ChkAdmin = True Exit For End If Next End If End If End Function Public Function ChkAdminPurview(flag,username) On Error Resume Next Dim i, TempAdmin, Adminflag, BlnAdminflag,m_intAdminGrade ChkAdminPurview = False BlnAdminflag = False If flag = "" Then Exit Function Adminflag = Replace(Session("Adminflag"), "'", "''") m_intAdminGrade = Newasp.ChkNumeric(Session("AdminGrade")) If AdminFlag = "" Or IsEmpty(AdminFlag) Then Exit Function If CInt(m_intAdminGrade) = 999 Then ChkAdminPurview = True Exit Function Else If Trim(Adminflag) = "" Then ChkAdminPurview = False Exit Function Else tempAdmin = Split(Adminflag, ",") For i = 0 To UBound(tempAdmin) If LCase(Trim(tempAdmin(i))) = LCase(Trim(flag)) Then BlnAdminflag = True Exit For End If Next End If End If If BlnAdminflag = True Then If Trim(username) = Trim(Session("AdminName")) Then ChkAdminPurview = True Exit Function Else ChkAdminPurview = False Exit Function End If Else ChkAdminPurview = False Exit Function End If End Function Public Sub AdminCookiesToSession() If Session("AdminName") = "" And UseAdminCookies Then Session("AdminName") = Newasp.CheckStr(Request.Cookies(Admin_Cookies_Name)("AdminName")) Session("AdminPass") = Newasp.CheckStr(Request.Cookies(Admin_Cookies_Name)("AdminPass")) Session("AdminGrade") = Newasp.CheckStr(Request.Cookies(Admin_Cookies_Name)("AdminGrade")) Session("Adminflag") = Newasp.CheckStr(Request.Cookies(Admin_Cookies_Name)("Adminflag")) Session("AdminStatus") = Newasp.CheckStr(Request.Cookies(Admin_Cookies_Name)("AdminStatus")) Session("AdminRandomCode") = Newasp.CheckStr(Request.Cookies(Admin_Cookies_Name)("RandomCode")) Session("AdminID") = Newasp.CheckStr(Request.Cookies(Admin_Cookies_Name)("AdminID")) If IsAdminValidate Then Session("validate") = Newasp.CheckStr(Request.Cookies(Admin_Cookies_Name)("validate")) End If End If End Sub Sub AdminReadonly() If Request.form <> "" Then Response.redirect ("showerr.asp?action=error&Message=" & Server.URLEncode("<li>后台管理为只读模式,不能进行此操作。</li><li>如果有什么问题,请联系管理员。</li>") & "") Response.End End If If LCase(Trim(Request("action"))) = "del" Then Response.redirect ("showerr.asp?action=error&Message=" & Server.URLEncode("<li>后台管理为只读模式,不能进行此操作。</li><li>如果有什么问题,请联系管理员。</li>") & "") Response.End End If End Sub %>