admin_adminsave.asp 追梦翔飞数字报静态生成版 7.0 体验版码程序 - ASP源码程序

www.gusucode.com > 追梦翔飞数字报静态生成版 7.0 体验版码程序 > admin/admin_adminsave.asp
    <!--#include file="Admin.asp" -->
<!--#include file="cf.asp" -->
<!--#include file="../include/conn.asp" -->
<!--#include file="../include/safe.asp"-->
<!--#include file="../include/md5.asp"-->

<%
if session("admin")<>request.form("admin") then
	admin=request.form("admin")
	password=request.form("password")
	oldpwd=request.form("oldpwd")
set rs=server.createobject("adodb.recordset")
if request("act")="edit" and request.querystring("id")<>"" then
	if admin="" then
		response.write"<script language=javascript>alert('管理员名称不能为空！');"
		response.write"javascript:history.go(-1)</script>"
		response.end
	end if
	if oldpwd="" then
		response.write"<script language=javascript>alert('原密码不能为空！');"
		response.write"javascript:history.go(-1)</script>"
		response.end
	end if
	if password="" then
		response.write"<script language=javascript>alert('密码不能为空！');"
		response.write"javascript:history.go(-1)</script>"
		response.end
	end if
	id=request("id")
	sql="select * from FangBao_Admin where id="& request.querystring("id")
	rs.open sql,conn,3,2
	if rs("password")<>md5(oldpwd) then 
	response.write"<script language=javascript>alert('原密码有误！');"
		response.write"javascript:history.go(-1)</script>"
		response.end
	else
	if not rs.eof then
	rs("admin")=admin
	if password<>""then
	rs("password")=md5(password)
	end if
    end if
rs.update
end if

rs.close

elseif request("acction")="add" then
if admin="" or password="" then
response.write"<script language=javascript>alert('管理员名称和密码都不能为空！');"
response.write"javascript:history.go(-1)</script>"
response.end
end if
Usr=Replace(Replace(admin,"'",""),"or","") '嵌套了两个replace函数，过滤特殊字符
Pwd=Replace(Replace(password,"'",""),"or","")
sql="select * from FangBao_Admin where admin='"&Usr&"'"
rs.open sql,conn,3,2
if (rs.eof and rs.bof) then
	rs.addnew
	rs("admin")=Usr
	rs("password")=md5(Pwd)
rs.update
else
	response.write"<script language=javascript>alert('对不起，用户已存在！');"
    response.write"javascript:history.go(-1)</script>"
    response.End()
end if
rs.close
end if
set rs=nothing
conn.close
set conn=nothing
response.redirect "admin_admin.asp"
response.End()
else
response.write"<script language=javascript>alert('请输入管理员和密码！');"
response.write"javascript:history.go(-1)</script>"
response.end
end if
%>