www.gusucode.com > 中网景企业网站源码时尚版 2009.73码程序 > access.asp
<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>
<%Option Explicit
Response.Buffer = true%>
<!--#include file="common/fzr.asp" -->
<!--#include file="cnkdata/dbname.asp" -->
<!--#include file="common/config.asp"-->
<%
dim conn
dim connstr
dim db
db = "cnkdata/"&dbname
connstr = "Provider = Microsoft.Jet.OLEDB.4.0;Data Source = " & Server.MapPath(db)
'On Error Resume Next
Set conn = Server.CreateObject("ADODB.Connection")
conn.open connstr
If err then
err.clear
Set conn = nothing
response.write "数据库连接出错,请检查连接字串。"
response.End
End If
sub closedb()
conn.close
set conn=nothing
end sub
%>
<!--#include file="common/function.asp"-->
<!--#include file="common/char.asp"-->
<!--#include file="common/Display.asp" -->
<!--#include file="common/md5.asp" -->
<% Response.Buffer = True
Response.Expires = -1
Response.ExpiresAbsolute = Now() - 1
Response.Expires = 0
Response.CacheControl = "no-cache"
'Call DisableOutSite()
Dim accesstype,yuyan,userip,title,content
accesstype=Trim(Request("accesstype"))
Select Case accesstype
'----------Login---------
Case "Login"
Dim plippwd,iun,ipwd,stopus
yuyan=cint(Request.Form("yuyan"))
if yuyan=0 then
plippwd="请输入用户名或密码!"
iun="用户名错误!"
ipwd="密码错误"
stopus="对不起,您的用户名已被暂停或未通过审核!"
else
plippwd="Please input username or password"
iun="invalid username"
ipwd="invalid password"
stopus="sorry, you have not be passed or stoped service"
end if
Dim LoginUserName,Loginpassword,usercookies,GetUserID
LoginUserName=left(trim(Request.Form("UserName")),20)
Loginpassword=left(trim(Request.Form("password")),20)
usercookies=Request.Form("usercookies")
LoginUserName=sqlchkchar(LoginUserName)
Loginpassword=sqlchkchar(Loginpassword)
Loginpassword=MD5(Loginpassword)
If LoginUserName="" or Loginpassword="" Then
alertmsg(plippwd)
End If
if usercookies="" then usercookies="0"
rs.open "select UserID,UserName,UserPassword,IsLocked,isPassed,weblevel from cnk_users where UserName='"&LoginUserName&"'",conn,1,3
If rs.recordcount=0 Then
Call alertmsg(iun)
rs.close
Else
If rs("UserPassword")<>Loginpassword Then
Call alertmsg(ipwd)
rs.close
Else
If rs("IsLocked")=1 or rs("isPassed")=0 Then
Call alertmsg(stopus)
rs.close
response.End
Else'登录成功
Select Case usercookies
Case "0"
Response.Cookies(cookies_name)("UserID")=rs("UserID")
Response.Cookies(cookies_name)("UserName")=LoginUserName
Response.Cookies(cookies_name)("UserPwd")=Loginpassword
Response.Cookies(cookies_name)("weblevel")=rs("weblevel")
Case "1"
Response.Cookies(cookies_name).Expires=Date+1
Response.Cookies(cookies_name)("UserID")=rs("UserID")
Response.Cookies(cookies_name)("UserName")=LoginUserName
Response.Cookies(cookies_name)("UserPwd")=Loginpassword
Response.Cookies(cookies_name)("weblevel")=rs("weblevel")
Case "2"
Response.Cookies(cookies_name).Expires=Date+30
Response.Cookies(cookies_name)("UserID")=rs("UserID")
Response.Cookies(cookies_name)("UserName")=LoginUserName
Response.Cookies(cookies_name)("UserPwd")=Loginpassword
Response.Cookies(cookies_name)("weblevel")=rs("weblevel")
Case "3"
Response.Cookies(cookies_name).Expires=Date+365
Response.Cookies(cookies_name)("UserID")=rs("UserID")
Response.Cookies(cookies_name)("UserName")=LoginUserName
Response.Cookies(cookies_name)("UserPwd")=Loginpassword
Response.Cookies(cookies_name)("weblevel")=rs("weblevel")
End Select
userip=GetRealIP()
conn.execute("update cnk_users set Jifen=Jifen+2,LastLoginIP='"&userip&"',LastLoginTime='"&now()&"',LoginTimes=LoginTimes+1 where UserID="&rs("UserID")) '登录加分
If isBBS=1 Then
Call userjibie(LoginUserName)
Dim rsjb,gc,gr
set rsjb=conn.execute("select UserLevel,Jibie from cnk_users where UserName='"&LoginUserName&"'")
set gc=conn.execute("select GroupRight from Cnk_Jibie where LevelName='"&rsjb(1)&"'")
gr=gc(0)
Response.Cookies(cookies_name)("UserGroupRight")=gr
If rsjb(0)>0 Then
session.timeout=60
session("GroupRight")=gr
End If
End If
Response.Redirect(Request.ServerVariables("HTTP_REFERER"))
rs.close
End If
End If
End If
'----------Userinfo---------
Case "SaveUserInfo"
Dim usyzm,usmmtd,usbadname,usvalid,usriqi,uscunzai,usregisterok
Dim usmodiok,usplpwd,usbadpwd,ustooless,usamepwd
yuyan=Trim(Request.Form("yuyan"))
if yuyan="0" then
usyzm="验证字错误!"
usmmtd="用户名或密码太短!"
usbadname="不能用这样的用户名,请换一个用户名注册!"
usvalid="用户名中含有非法字符!请重新填写!"
usriqi="日期错误!"
uscunzai="这个用户名已经存在,请另选择一个吧!"
usregisterok="注册成功!"
usmodiok="修改成功!"
usplpwd="请输入原密码!"
usbadpwd="原密码不正确!"
ustooless="请输入密码,不能少于6位!"
usamepwd="确认密码和密码不一样!"
else
usyzm="invalid verify code"
usmmtd="username or password is too short"
usbadname="invalid username"
usvalid="invalid username"
usriqi="invalid birthday"
uscunzai="exist username,please change a new name"
usregisterok="register succeed"
usmodiok="modify succeed"
usplpwd="Please input password"
usbadpwd="invalid password"
ustooless="the password must more then 6 character"
usamepwd="Confirm password must be same password"
end if
Dim RegUserID,RegUserName,RegPassword,pwd_question,pwd_answer,truename,sex,UserFace,idcard,birthday
Dim action,UserIM,address,tel,fax,mobile,email,UserInfo,Sign,Jifen,isPassed
action=Trim(Request.Form("action"))
RegUserID=Request.Form("UserID")
RegUserName=sqlchkchar(trim(request("username")))
RegPassword=trim(request("password"))
pwd_question=sqlchkchar(trim(request("pwd_question")))
pwd_answer=trim(request("pwd_answer"))
truename=sqlchkchar(trim(request("truename")))
sex=Cint(request("sex"))
if sex=1 then
UserFace="gg.gif"
else
UserFace="mm.gif"
end if
idcard=sqlchkchar(trim(request("idcard")))
birthday=sqlchkchar(trim(request("birthday")))
UserIM=sqlchkchar(trim(request("UserIM")))
address=sqlchkchar(trim(request("address")))
tel=sqlchkchar(trim(request("tel")))
fax=sqlchkchar(trim(request("fax")))
mobile=sqlchkchar(trim(request("mobile")))
email=sqlchkchar(trim(request("email")))
UserInfo=sqlchkchar(trim(request("UserInfo")))
'Sign=sqlchkchar(trim(request("Sign")))
Jifen=10
userip=GetRealIP()
if isCheckUser=1 then isPassed=0 else isPassed=1
Select Case action
Case "addnew"
if session("cnkcode")<>Trim(Request.Form("yzma")) then call alertmsg(usyzm)
if Len(RegUserName)<2 or Len(RegPassword)<6 then Call alertmsg(usmmtd)
Dim RegWord,b_word
RegWord = Split(BadUsername, "|") '检查敏感不雅用语
if UBound(RegWord) <> 0 then
for each b_word in RegWord
if instr(1,RegUserName,b_word,1)<>0 then
Call alertmsg(usbadname)
end if
next
end if
if Instr(RegUserName,"'")>0 or Instr(RegUserName,"=")>0 or Instr(RegUserName,"%")>0 or Instr(RegUserName,chr(32))>0 or Instr(RegUserName,"?")>0 or Instr(RegUserName,"&")>0 or Instr(RegUserName,";")>0 or Instr(RegUserName,",")>0 or Instr(RegUserName,"'")>0 or Instr(RegUserName,",")>0 or Instr(RegUserName,chr(34))>0 or Instr(RegUserName,chr(9))>0 or Instr(RegUserName,"")>0 or Instr(RegUserName,"$")>0 or Instr(RegUserName,"<")>0 or Instr(RegUserName,">")>0 then Call alertmsg(usvalid)
if Instr(RegPassword,"'")>0 or Instr(RegPassword,"=")>0 or Instr(RegPassword,"%")>0 or Instr(RegPassword,chr(32))>0 or Instr(RegPassword,"?")>0 or Instr(RegPassword,"&")>0 or Instr(RegPassword,";")>0 or Instr(RegPassword,",")>0 or Instr(RegPassword,"'")>0 or Instr(RegPassword,",")>0 or Instr(RegPassword,chr(34))>0 or Instr(RegPassword,chr(9))>0 or Instr(RegPassword,"")>0 or Instr(RegPassword,"$")>0 or Instr(RegUserName,"<")>0 or Instr(RegUserName,">")>0 then alertmsg(usvalid)
if birthday<>"" then
if isdate(birthday)=False then Call alertmsg(usriqi)
else
birthday="1978-8-8"
end if
Dim chkun
set chkun=conn.execute("select count(*) from cnk_users where username='"&RegUserName&"'")
if chkun(0)>0 then Call alertmsg(uscunzai)
'事务处理和卷回处理
'conn.BeginTrans
sql="insert into cnk_users (UserName,UserPassword,Question,Answer,truename,UserFace,Sex,idcard,birthday,"
sql=sql&"usertitle,isPassed,UserIM,address,tel,fax,mobile,email,UserInfo,Jifen,LastLoginIP)"
sql=sql&" values ('"&RegUserName&"','"&MD5(RegPassword)&"','"&pwd_question&"','"&MD5(pwd_answer)&"','"&truename&"','"&UserFace&"',"&sex&",'"&idcard&"','"&birthday&"',"
sql=sql&"'会员',"&isPassed&",'"&UserIM&"','"&address&"','"&tel&"','"&fax&"','"&mobile&"','"&email&"','"&UserInfo&"',"&Jifen&",'"&userip&"')"
conn.execute(sql)
'if conn.Errors.Count=0 then
' conn.CommitTrans
' else
' conn.RollbackTrans
' end if
'完成事务处理和卷回处理
'websy
If isPassed=1 Then'登录
conn.execute("update [cnk_users] set LastLoginTime='"&now()&"' where username='"&RegUserName&"'")
set rs=conn.execute("select userid,weblevel,jibie from [cnk_users] where username='"&RegUserName&"'")
Response.Cookies(cookies_name)("UserID")=rs(0)
Response.Cookies(cookies_name)("UserName")=RegUserName
Response.Cookies(cookies_name)("Userpwd")=MD5(RegPassword)
Response.Cookies(cookies_name)("weblevel")=rs(1)
If isBBS=1 Then'bbs
Call jibie(RegUserName) 'cnkbbs
Dim gc1,gr1
set gc1=conn.execute("select GroupRight from cnk_jibie where LevelName='"&rs(2)&"'")
gr1=gc1(0)
Response.Cookies(cookies_name)("UserGroupRight")=gr1
End If'bbs end
End If
'Call alertmsg("注册成功!")
dim backurl
backurl=replace(Request.ServerVariables("HTTP_REFERER"),"?action=register","")
Call alertmsg_url(usregisterok,backurl)
'websysend
Case "Modi"
sql="update cnk_users set truename='"&truename&"',sex="&sex&",idcard='"&idcard&"',birthday='"&birthday&"',UserIM='"&UserIM&"',address='"&address&"',tel='"&tel&"',fax='"&fax&"',mobile='"&mobile&"',email='"&email&"',UserInfo='"&UserInfo&"',ModiTime='"&now()&"'"
Dim photo
photo=conn.execute("select UserFace from cnk_users where UserID="&UserID)
if photo(0)="gg.gif" or photo(0)="mm.gif" then '如还是原来的默认头像就修改
sql=sql&",UserFace='"&UserFace&"'"
end if
sql=sql&" where UserID="&UserID
conn.execute(sql)
Call alertmsg(usmodiok)
Case "Modipwd"
Dim old_pwd,pwd2
old_pwd=Trim(request("old_pwd"))
pwd2=Trim(request("password2"))
if len(old_pwd)<2 then Call alertmsg(usplpwd)
rs.open "select UserPassword from cnk_users where username='"&username&"'",conn,1,3
if Trim(rs("UserPassword"))<>MD5(old_pwd) then Call alertmsg(usbadpwd)
if len(RegPassword)<6 then Call alertmsg(ustooless)
if RegPassword<>pwd2 then Call alertmsg(usamepwd)
'事务处理和卷回处理
conn.BeginTrans
sql="update cnk_users set UserPassword='"&MD5(RegPassword)&"'"
if pwd_question<>"" then
sql=sql&",Question='"&pwd_question&"'"
end if
if pwd_answer<>"" then
sql=sql&",Answer='"&MD5(pwd_answer)&"'"
end if
sql=sql&" where username='"&username&"'"
'Response.Write(sql)
conn.execute(sql)
if conn.Errors.Count=0 then
conn.CommitTrans
else
conn.RollbackTrans
end if
'完成事务处理和卷回处理
Call alertmsg(usmodiok)
Case "savefeed"
title=clearHTMLCode(trim(request.form("title")))
content=clearHTMLCode(request.form("content"))
conn.execute("insert into cnk_feedback (username,title,content,ip) values ('"&username&"','"&title&"','"&content&"','"&userip&"')")
Response.Redirect Request.ServerVariables("HTTP_REFERER")
End Select
'Response.redirect Request.ServerVariables("HTTP_REFERER") '从哪里来回哪里去
'检查升级别
Sub jibie(uname)
Dim rs1,rs2,fenshu
set rs1=server.createobject("adodb.recordset")
rs1.open "select Jifen,userlevel from cnk_users where username='"&uname&"'",conn,1,1
if rs1.recordcount>0 then
if rs1("userlevel")<1 then
fenshu=rs1("Jifen")
if fenshu<0 then
conn.execute("update cnk_users set jibie='无' where username='"&uname&"'") '修改论坛级别
else
set rs2=server.createobject("adodb.recordset")
rs2.open "select LevelName,LevelImage from cnk_jibie where "&fenshu&">=fen1 and "&fenshu&"<=fen2",conn,1,3
if rs2.recordcount=1 then
conn.execute("update cnk_users set jibie='"&rs2("LevelName")&"',JibieImg='"&rs2("LevelImage")&"' where username='"&uname&"'") '修改级别
Response.Cookies(cookies_name)("LevelName")=rs2("LevelName")
end if
rs2.close
set rs2=nothing
end if
else
set rs2=server.createobject("adodb.recordset")
rs2.open "select LevelName,LevelImage from cnk_jibie where userlevel="&rs1("userlevel"),conn,1,3
conn.execute("update cnk_users set jibie='"&rs2("LevelName")&"',JibieImg='"&rs2("LevelImage")&"' where username='"&uname&"'")
end if
end if
rs1.close
End Sub
'----------SaveComment---------
Case "SaveComment"
if session("cnkcode")<>Trim(Request.Form("yzma")) then call alertmsg("验证字错误!")
dim PID,Person,face,ispass
PID=Trim(Request.Form("PID"))
Person=UserName
if Person="" then Person="网友"
face=Trim(Request.Form("face"))
Content=Trim(Request.Form("Content"))
if isShenCmt=1 then ispass=0 else ispass=1
conn.execute("insert into cnk_comment (ChannelID,PID,Person,face,Content,ispass,ip) values ("&ChannelID&","&PID&",'"&Person&"','"&face&"','"&Content&"',"&ispass&",'"&GetRealIP()&"')")
Call alertmsg_url(" OK!",Request.ServerVariables("HTTP_REFERER"))
'----------Favorite---------
Case "Favorite"
if username="" then call alertmsgc("请先登录!\n Please Login")
dim t,u,favid,a,chksame
t=sqlchkchar(Request.QueryString("t"))
u=sqlchkchar(Request.QueryString("u"))
favid=sqlchkchar(Request.QueryString("id"))
a=sqlchkchar(Request.QueryString("action"))
u=u&"&ChannelID="&ChannelID&"&id="&favid
if a="add" then
set chksame=conn.execute("select count(*) from Cnk_webFavorite where Title='"&t&"' and Url='"&u&"'")
if chksame(0)>0 then call alertmsgc("您已经收藏了!\n It is existent")
conn.execute("insert into Cnk_webFavorite (userid,username,title,url) values ("&userid&",'"&username&"','"&t&"','"&u&"')")
call alertmsgc("收藏成功!\n It is OK")
end if
End Select
Call closedb
%>