www.gusucode.com > 追梦翔飞数字报静态生成版 7.0 体验版码程序 > admin/admin_adminsave.asp
<!--#include file="Admin.asp" --> <!--#include file="cf.asp" --> <!--#include file="../include/conn.asp" --> <!--#include file="../include/safe.asp"--> <!--#include file="../include/md5.asp"--> <% if session("admin")<>request.form("admin") then admin=request.form("admin") password=request.form("password") oldpwd=request.form("oldpwd") set rs=server.createobject("adodb.recordset") if request("act")="edit" and request.querystring("id")<>"" then if admin="" then response.write"<script language=javascript>alert('管理员名称不能为空!');" response.write"javascript:history.go(-1)</script>" response.end end if if oldpwd="" then response.write"<script language=javascript>alert('原密码不能为空!');" response.write"javascript:history.go(-1)</script>" response.end end if if password="" then response.write"<script language=javascript>alert('密码不能为空!');" response.write"javascript:history.go(-1)</script>" response.end end if id=request("id") sql="select * from FangBao_Admin where id="& request.querystring("id") rs.open sql,conn,3,2 if rs("password")<>md5(oldpwd) then response.write"<script language=javascript>alert('原密码有误!');" response.write"javascript:history.go(-1)</script>" response.end else if not rs.eof then rs("admin")=admin if password<>""then rs("password")=md5(password) end if end if rs.update end if rs.close elseif request("acction")="add" then if admin="" or password="" then response.write"<script language=javascript>alert('管理员名称和密码都不能为空!');" response.write"javascript:history.go(-1)</script>" response.end end if Usr=Replace(Replace(admin,"'",""),"or","") '嵌套了两个replace函数,过滤特殊字符 Pwd=Replace(Replace(password,"'",""),"or","") sql="select * from FangBao_Admin where admin='"&Usr&"'" rs.open sql,conn,3,2 if (rs.eof and rs.bof) then rs.addnew rs("admin")=Usr rs("password")=md5(Pwd) rs.update else response.write"<script language=javascript>alert('对不起,用户已存在!');" response.write"javascript:history.go(-1)</script>" response.End() end if rs.close end if set rs=nothing conn.close set conn=nothing response.redirect "admin_admin.asp" response.End() else response.write"<script language=javascript>alert('请输入管理员和密码!');" response.write"javascript:history.go(-1)</script>" response.end end if %>