www.gusucode.com > 中网景企业网站源码时尚版 2009.73码程序 > access.asp
<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%> <%Option Explicit Response.Buffer = true%> <!--#include file="common/fzr.asp" --> <!--#include file="cnkdata/dbname.asp" --> <!--#include file="common/config.asp"--> <% dim conn dim connstr dim db db = "cnkdata/"&dbname connstr = "Provider = Microsoft.Jet.OLEDB.4.0;Data Source = " & Server.MapPath(db) 'On Error Resume Next Set conn = Server.CreateObject("ADODB.Connection") conn.open connstr If err then err.clear Set conn = nothing response.write "数据库连接出错,请检查连接字串。" response.End End If sub closedb() conn.close set conn=nothing end sub %> <!--#include file="common/function.asp"--> <!--#include file="common/char.asp"--> <!--#include file="common/Display.asp" --> <!--#include file="common/md5.asp" --> <% Response.Buffer = True Response.Expires = -1 Response.ExpiresAbsolute = Now() - 1 Response.Expires = 0 Response.CacheControl = "no-cache" 'Call DisableOutSite() Dim accesstype,yuyan,userip,title,content accesstype=Trim(Request("accesstype")) Select Case accesstype '----------Login--------- Case "Login" Dim plippwd,iun,ipwd,stopus yuyan=cint(Request.Form("yuyan")) if yuyan=0 then plippwd="请输入用户名或密码!" iun="用户名错误!" ipwd="密码错误" stopus="对不起,您的用户名已被暂停或未通过审核!" else plippwd="Please input username or password" iun="invalid username" ipwd="invalid password" stopus="sorry, you have not be passed or stoped service" end if Dim LoginUserName,Loginpassword,usercookies,GetUserID LoginUserName=left(trim(Request.Form("UserName")),20) Loginpassword=left(trim(Request.Form("password")),20) usercookies=Request.Form("usercookies") LoginUserName=sqlchkchar(LoginUserName) Loginpassword=sqlchkchar(Loginpassword) Loginpassword=MD5(Loginpassword) If LoginUserName="" or Loginpassword="" Then alertmsg(plippwd) End If if usercookies="" then usercookies="0" rs.open "select UserID,UserName,UserPassword,IsLocked,isPassed,weblevel from cnk_users where UserName='"&LoginUserName&"'",conn,1,3 If rs.recordcount=0 Then Call alertmsg(iun) rs.close Else If rs("UserPassword")<>Loginpassword Then Call alertmsg(ipwd) rs.close Else If rs("IsLocked")=1 or rs("isPassed")=0 Then Call alertmsg(stopus) rs.close response.End Else'登录成功 Select Case usercookies Case "0" Response.Cookies(cookies_name)("UserID")=rs("UserID") Response.Cookies(cookies_name)("UserName")=LoginUserName Response.Cookies(cookies_name)("UserPwd")=Loginpassword Response.Cookies(cookies_name)("weblevel")=rs("weblevel") Case "1" Response.Cookies(cookies_name).Expires=Date+1 Response.Cookies(cookies_name)("UserID")=rs("UserID") Response.Cookies(cookies_name)("UserName")=LoginUserName Response.Cookies(cookies_name)("UserPwd")=Loginpassword Response.Cookies(cookies_name)("weblevel")=rs("weblevel") Case "2" Response.Cookies(cookies_name).Expires=Date+30 Response.Cookies(cookies_name)("UserID")=rs("UserID") Response.Cookies(cookies_name)("UserName")=LoginUserName Response.Cookies(cookies_name)("UserPwd")=Loginpassword Response.Cookies(cookies_name)("weblevel")=rs("weblevel") Case "3" Response.Cookies(cookies_name).Expires=Date+365 Response.Cookies(cookies_name)("UserID")=rs("UserID") Response.Cookies(cookies_name)("UserName")=LoginUserName Response.Cookies(cookies_name)("UserPwd")=Loginpassword Response.Cookies(cookies_name)("weblevel")=rs("weblevel") End Select userip=GetRealIP() conn.execute("update cnk_users set Jifen=Jifen+2,LastLoginIP='"&userip&"',LastLoginTime='"&now()&"',LoginTimes=LoginTimes+1 where UserID="&rs("UserID")) '登录加分 If isBBS=1 Then Call userjibie(LoginUserName) Dim rsjb,gc,gr set rsjb=conn.execute("select UserLevel,Jibie from cnk_users where UserName='"&LoginUserName&"'") set gc=conn.execute("select GroupRight from Cnk_Jibie where LevelName='"&rsjb(1)&"'") gr=gc(0) Response.Cookies(cookies_name)("UserGroupRight")=gr If rsjb(0)>0 Then session.timeout=60 session("GroupRight")=gr End If End If Response.Redirect(Request.ServerVariables("HTTP_REFERER")) rs.close End If End If End If '----------Userinfo--------- Case "SaveUserInfo" Dim usyzm,usmmtd,usbadname,usvalid,usriqi,uscunzai,usregisterok Dim usmodiok,usplpwd,usbadpwd,ustooless,usamepwd yuyan=Trim(Request.Form("yuyan")) if yuyan="0" then usyzm="验证字错误!" usmmtd="用户名或密码太短!" usbadname="不能用这样的用户名,请换一个用户名注册!" usvalid="用户名中含有非法字符!请重新填写!" usriqi="日期错误!" uscunzai="这个用户名已经存在,请另选择一个吧!" usregisterok="注册成功!" usmodiok="修改成功!" usplpwd="请输入原密码!" usbadpwd="原密码不正确!" ustooless="请输入密码,不能少于6位!" usamepwd="确认密码和密码不一样!" else usyzm="invalid verify code" usmmtd="username or password is too short" usbadname="invalid username" usvalid="invalid username" usriqi="invalid birthday" uscunzai="exist username,please change a new name" usregisterok="register succeed" usmodiok="modify succeed" usplpwd="Please input password" usbadpwd="invalid password" ustooless="the password must more then 6 character" usamepwd="Confirm password must be same password" end if Dim RegUserID,RegUserName,RegPassword,pwd_question,pwd_answer,truename,sex,UserFace,idcard,birthday Dim action,UserIM,address,tel,fax,mobile,email,UserInfo,Sign,Jifen,isPassed action=Trim(Request.Form("action")) RegUserID=Request.Form("UserID") RegUserName=sqlchkchar(trim(request("username"))) RegPassword=trim(request("password")) pwd_question=sqlchkchar(trim(request("pwd_question"))) pwd_answer=trim(request("pwd_answer")) truename=sqlchkchar(trim(request("truename"))) sex=Cint(request("sex")) if sex=1 then UserFace="gg.gif" else UserFace="mm.gif" end if idcard=sqlchkchar(trim(request("idcard"))) birthday=sqlchkchar(trim(request("birthday"))) UserIM=sqlchkchar(trim(request("UserIM"))) address=sqlchkchar(trim(request("address"))) tel=sqlchkchar(trim(request("tel"))) fax=sqlchkchar(trim(request("fax"))) mobile=sqlchkchar(trim(request("mobile"))) email=sqlchkchar(trim(request("email"))) UserInfo=sqlchkchar(trim(request("UserInfo"))) 'Sign=sqlchkchar(trim(request("Sign"))) Jifen=10 userip=GetRealIP() if isCheckUser=1 then isPassed=0 else isPassed=1 Select Case action Case "addnew" if session("cnkcode")<>Trim(Request.Form("yzma")) then call alertmsg(usyzm) if Len(RegUserName)<2 or Len(RegPassword)<6 then Call alertmsg(usmmtd) Dim RegWord,b_word RegWord = Split(BadUsername, "|") '检查敏感不雅用语 if UBound(RegWord) <> 0 then for each b_word in RegWord if instr(1,RegUserName,b_word,1)<>0 then Call alertmsg(usbadname) end if next end if if Instr(RegUserName,"'")>0 or Instr(RegUserName,"=")>0 or Instr(RegUserName,"%")>0 or Instr(RegUserName,chr(32))>0 or Instr(RegUserName,"?")>0 or Instr(RegUserName,"&")>0 or Instr(RegUserName,";")>0 or Instr(RegUserName,",")>0 or Instr(RegUserName,"'")>0 or Instr(RegUserName,",")>0 or Instr(RegUserName,chr(34))>0 or Instr(RegUserName,chr(9))>0 or Instr(RegUserName,"")>0 or Instr(RegUserName,"$")>0 or Instr(RegUserName,"<")>0 or Instr(RegUserName,">")>0 then Call alertmsg(usvalid) if Instr(RegPassword,"'")>0 or Instr(RegPassword,"=")>0 or Instr(RegPassword,"%")>0 or Instr(RegPassword,chr(32))>0 or Instr(RegPassword,"?")>0 or Instr(RegPassword,"&")>0 or Instr(RegPassword,";")>0 or Instr(RegPassword,",")>0 or Instr(RegPassword,"'")>0 or Instr(RegPassword,",")>0 or Instr(RegPassword,chr(34))>0 or Instr(RegPassword,chr(9))>0 or Instr(RegPassword,"")>0 or Instr(RegPassword,"$")>0 or Instr(RegUserName,"<")>0 or Instr(RegUserName,">")>0 then alertmsg(usvalid) if birthday<>"" then if isdate(birthday)=False then Call alertmsg(usriqi) else birthday="1978-8-8" end if Dim chkun set chkun=conn.execute("select count(*) from cnk_users where username='"&RegUserName&"'") if chkun(0)>0 then Call alertmsg(uscunzai) '事务处理和卷回处理 'conn.BeginTrans sql="insert into cnk_users (UserName,UserPassword,Question,Answer,truename,UserFace,Sex,idcard,birthday," sql=sql&"usertitle,isPassed,UserIM,address,tel,fax,mobile,email,UserInfo,Jifen,LastLoginIP)" sql=sql&" values ('"&RegUserName&"','"&MD5(RegPassword)&"','"&pwd_question&"','"&MD5(pwd_answer)&"','"&truename&"','"&UserFace&"',"&sex&",'"&idcard&"','"&birthday&"'," sql=sql&"'会员',"&isPassed&",'"&UserIM&"','"&address&"','"&tel&"','"&fax&"','"&mobile&"','"&email&"','"&UserInfo&"',"&Jifen&",'"&userip&"')" conn.execute(sql) 'if conn.Errors.Count=0 then ' conn.CommitTrans ' else ' conn.RollbackTrans ' end if '完成事务处理和卷回处理 'websy If isPassed=1 Then'登录 conn.execute("update [cnk_users] set LastLoginTime='"&now()&"' where username='"&RegUserName&"'") set rs=conn.execute("select userid,weblevel,jibie from [cnk_users] where username='"&RegUserName&"'") Response.Cookies(cookies_name)("UserID")=rs(0) Response.Cookies(cookies_name)("UserName")=RegUserName Response.Cookies(cookies_name)("Userpwd")=MD5(RegPassword) Response.Cookies(cookies_name)("weblevel")=rs(1) If isBBS=1 Then'bbs Call jibie(RegUserName) 'cnkbbs Dim gc1,gr1 set gc1=conn.execute("select GroupRight from cnk_jibie where LevelName='"&rs(2)&"'") gr1=gc1(0) Response.Cookies(cookies_name)("UserGroupRight")=gr1 End If'bbs end End If 'Call alertmsg("注册成功!") dim backurl backurl=replace(Request.ServerVariables("HTTP_REFERER"),"?action=register","") Call alertmsg_url(usregisterok,backurl) 'websysend Case "Modi" sql="update cnk_users set truename='"&truename&"',sex="&sex&",idcard='"&idcard&"',birthday='"&birthday&"',UserIM='"&UserIM&"',address='"&address&"',tel='"&tel&"',fax='"&fax&"',mobile='"&mobile&"',email='"&email&"',UserInfo='"&UserInfo&"',ModiTime='"&now()&"'" Dim photo photo=conn.execute("select UserFace from cnk_users where UserID="&UserID) if photo(0)="gg.gif" or photo(0)="mm.gif" then '如还是原来的默认头像就修改 sql=sql&",UserFace='"&UserFace&"'" end if sql=sql&" where UserID="&UserID conn.execute(sql) Call alertmsg(usmodiok) Case "Modipwd" Dim old_pwd,pwd2 old_pwd=Trim(request("old_pwd")) pwd2=Trim(request("password2")) if len(old_pwd)<2 then Call alertmsg(usplpwd) rs.open "select UserPassword from cnk_users where username='"&username&"'",conn,1,3 if Trim(rs("UserPassword"))<>MD5(old_pwd) then Call alertmsg(usbadpwd) if len(RegPassword)<6 then Call alertmsg(ustooless) if RegPassword<>pwd2 then Call alertmsg(usamepwd) '事务处理和卷回处理 conn.BeginTrans sql="update cnk_users set UserPassword='"&MD5(RegPassword)&"'" if pwd_question<>"" then sql=sql&",Question='"&pwd_question&"'" end if if pwd_answer<>"" then sql=sql&",Answer='"&MD5(pwd_answer)&"'" end if sql=sql&" where username='"&username&"'" 'Response.Write(sql) conn.execute(sql) if conn.Errors.Count=0 then conn.CommitTrans else conn.RollbackTrans end if '完成事务处理和卷回处理 Call alertmsg(usmodiok) Case "savefeed" title=clearHTMLCode(trim(request.form("title"))) content=clearHTMLCode(request.form("content")) conn.execute("insert into cnk_feedback (username,title,content,ip) values ('"&username&"','"&title&"','"&content&"','"&userip&"')") Response.Redirect Request.ServerVariables("HTTP_REFERER") End Select 'Response.redirect Request.ServerVariables("HTTP_REFERER") '从哪里来回哪里去 '检查升级别 Sub jibie(uname) Dim rs1,rs2,fenshu set rs1=server.createobject("adodb.recordset") rs1.open "select Jifen,userlevel from cnk_users where username='"&uname&"'",conn,1,1 if rs1.recordcount>0 then if rs1("userlevel")<1 then fenshu=rs1("Jifen") if fenshu<0 then conn.execute("update cnk_users set jibie='无' where username='"&uname&"'") '修改论坛级别 else set rs2=server.createobject("adodb.recordset") rs2.open "select LevelName,LevelImage from cnk_jibie where "&fenshu&">=fen1 and "&fenshu&"<=fen2",conn,1,3 if rs2.recordcount=1 then conn.execute("update cnk_users set jibie='"&rs2("LevelName")&"',JibieImg='"&rs2("LevelImage")&"' where username='"&uname&"'") '修改级别 Response.Cookies(cookies_name)("LevelName")=rs2("LevelName") end if rs2.close set rs2=nothing end if else set rs2=server.createobject("adodb.recordset") rs2.open "select LevelName,LevelImage from cnk_jibie where userlevel="&rs1("userlevel"),conn,1,3 conn.execute("update cnk_users set jibie='"&rs2("LevelName")&"',JibieImg='"&rs2("LevelImage")&"' where username='"&uname&"'") end if end if rs1.close End Sub '----------SaveComment--------- Case "SaveComment" if session("cnkcode")<>Trim(Request.Form("yzma")) then call alertmsg("验证字错误!") dim PID,Person,face,ispass PID=Trim(Request.Form("PID")) Person=UserName if Person="" then Person="网友" face=Trim(Request.Form("face")) Content=Trim(Request.Form("Content")) if isShenCmt=1 then ispass=0 else ispass=1 conn.execute("insert into cnk_comment (ChannelID,PID,Person,face,Content,ispass,ip) values ("&ChannelID&","&PID&",'"&Person&"','"&face&"','"&Content&"',"&ispass&",'"&GetRealIP()&"')") Call alertmsg_url(" OK!",Request.ServerVariables("HTTP_REFERER")) '----------Favorite--------- Case "Favorite" if username="" then call alertmsgc("请先登录!\n Please Login") dim t,u,favid,a,chksame t=sqlchkchar(Request.QueryString("t")) u=sqlchkchar(Request.QueryString("u")) favid=sqlchkchar(Request.QueryString("id")) a=sqlchkchar(Request.QueryString("action")) u=u&"&ChannelID="&ChannelID&"&id="&favid if a="add" then set chksame=conn.execute("select count(*) from Cnk_webFavorite where Title='"&t&"' and Url='"&u&"'") if chksame(0)>0 then call alertmsgc("您已经收藏了!\n It is existent") conn.execute("insert into Cnk_webFavorite (userid,username,title,url) values ("&userid&",'"&username&"','"&t&"','"&u&"')") call alertmsgc("收藏成功!\n It is OK") end if End Select Call closedb %>