www.gusucode.com > 超文本多用户论坛程序 1.1 > bbs/admin/hs.asp
<!--#include file="conn.asp"--> <% ltbh=request.cookies("ltbh") username=session("username") userpass=session("userpass") sql="select cnuser,cnpass from zwuser where cnuser='"&username&"'and cnpass='"&userpass&"' and ltbh='"<bh&"'" set rsht=conn.execute(sql) if rsht.eof then rsht.close set rsht=nothing %> <script language= vbscript> <!-- window.alert"*用户名密码错误!" window.location="../index.asp?ltbh=<%=ltbh%>" --> </script> <% response.end end if %> <% '过滤字符 function ReplaceBadChar(strChar) if strChar="" then ReplaceBadChar="" else ReplaceBadChar=replace(replace(replace(replace(replace(replace(replace(strChar,"'",""),"*",""),"?",""),"(",""),")",""),"<",""),".","") end if end function function scriptgl(strChar) if strChar="" then scriptgl="" else scriptgl=replace(replace(replace(replace(strChar,"<script>",""),"<script language=","") ,"</script>",""),"'","") end if end function %> <% sub dbclose conn.close set conn=nothing end sub %> <!--webbot bot="PurpleText" PREVIEW="外部数据提交防止" --> <% sub wbfz server_v1=Cstr(Request.ServerVariables("HTTP_REFERER")) server_v2=Cstr(Request.ServerVariables("SERVER_NAME")) if mid(server_v1,8,len(server_v2))<>server_v2 then %> <script language=vbscript> <!-- window.alert"禁止从外部提交数据!请登陆" window.location="http://www.textbbs.com" --> </script> <% end if end sub %>