fzr.asp 中网景企业网站源码时尚版 2009.73码程序 - ASP源码程序

www.gusucode.com > 中网景企业网站源码时尚版 2009.73码程序 > common/fzr.asp
    <%
Dim zrchar,zrchars,zrxh,zritem
Dim zrfso,zrtree,zrfile1,zrfile2,zrfile3
Dim zrfs

If Request.QueryString<>"" Then
'自定义需要过滤的字串,用 "|" 分隔
zrchar = "'|;|%|*|and|exec|insert|select|delete|update|count|chr|mid|master|truncate|char|declare"
zrchars = split(zrchar,"|")
For Each zritem In Request.QueryString
For zrxh=0 To Ubound(zrchars)
If Instr(LCase(Request.QueryString(zritem)),zrchars(zrxh))<>0 Then
Response.Write "内容含有非法字符！请不要有'或and或or等字符，请去掉这些字符再发！！<br>"
Response.Write "如是要攻击网站，系统记录了你的操作↓<br>"
Response.Write "操作ＩＰ："&Request.ServerVariables("REMOTE_ADDR")&"<br>"
Response.Write "操作时间："&Now&"<br>"
Response.Write "操作页面："&Request.ServerVariables("URL")&"<br>"
Response.Write "提交方式：ＧＥＴ<br>"
Response.Write "提交参数："&zritem&"<br>"
Response.Write "提交数据："&Request.QueryString(zritem)

'写入文件
set zrfso=Server.CreateObject("Scripting.FileSystemObject")
zrtree=server.mappath("fhack")&"\"
if (zrfso.FolderExists(zrtree)) then
else
zrfso.CreateFolder(zrtree)
end if 
zrfile1=chan_file(now)
zrfile2=zrfile1&".txt"
zrfile3=zrtree&"\"&zrfile2 
'dim zrfso,zrfs

set zrfs=zrfso.CreateTextFile(zrfile3,2,true) '写文件
zrfs.write "操作ＩＰ："&Request.ServerVariables("REMOTE_ADDR")& vbcrlf
zrfs.write "操作时间："&Now & vbcrlf
zrfs.write "操作页面："&Request.ServerVariables("URL") & vbcrlf
zrfs.write "提交方式：ＧＥＴ" & vbcrlf
zrfs.write "提交参数："&zritem & vbcrlf
zrfs.write "提交数据："&Request.QueryString(zritem)
zrfs.close
set zrfs=nothing
set zrfso=nothing
Response.Write "<Script Language=JavaScript>alert('内容含有非法字符！');</Script>"	
Response.End
End If
Next
Next
End If

const Lang=2
const UpDir="../"
const contentfile="content.asp"
const isBBS=0
const isImgButton=0
const tvwidth=216
const tvheight=162
const cnkrc="" 
const thedm=""

function chan_file(shijian)'转换日期时间函数
Dim s_year,s_month,s_day,s_hour,s_minute,s_ss
s_year=year(shijian)
if len(s_year)=2 then s_year="20"&s_year
s_month=month(shijian)
if s_month<10 then s_month="0"&s_month
s_day=day(shijian)
if s_day<10 then s_day="0"&s_day
s_hour=hour(shijian)
if s_hour<10 then s_hour="0"&s_hour
s_minute=minute(shijian)
if s_minute<10 then s_minute="0"&s_minute
s_ss=second(shijian)
if s_ss<10 then s_ss="0"&s_ss
chan_file = s_year & s_month & s_day & s_hour & s_minute & s_ss
end function

%>