www.gusucode.com > 全球营销软件站整站源码4月最新数据 4.0源码程序 > 801wyxqf\adminadmin\users\admin_password.asp
<!--#include file="../../conn.asp"--> <!--#include file="../inc/setup.asp"--> <!--#include file="../inc/const.asp"--> <!--#include file="../inc/check.asp"--> <!--#include file="../../inc/md5.asp"--> <% Admin_header '===================================================================== ' 软件名称:801w软件代理系统 ' 当前版本:801wAsp 801w cn 801w com ' 文件名称:admin_main.asp ' 更新日期:2010-2-16 ' 官方网站:801w代理系统(www.801w.cn www.801w.com) QQ:274667447 '===================================================================== ' Copyright 2003-2010 801w.cn - All Rights Reserved. ' 801wasp is a trademark of 801w.cn '===================================================================== %> <table class="table1" cellspacing="1" cellpadding="3" align="center" border="0"> <tr> <td class="tableline linetitle" width="100" align="left">修改管理员密码</td> <td class="tableline" width="*" align="right"><a href="../sys/admin_setting.asp">基本设置</a> - <a href="admin_master.asp">管理员管理</a> - <a href="admin_master.asp?action=add">添加管理员</a> - <a href="admin_password.asp">修改密码</a> - <a href="admin_list.asp">用户列表</a> - <a href="../sys/admin_channel.asp">频道管理</a> - <a href="../sys/admin_maillist.asp?action=mail">发送邮件</a> - <a href="../sys/admin_lockip.asp">IP限制</a> </td> </tr> </table> <% Dim Action Action = LCase(Request("action")) If Not ChkAdmin("ChangePassword") Then Call Transfer_error() End If Select Case Trim(Action) Case "save" Call savepass() Case Else Call showmain() End Select If FoundErr = True Then ReturnError(ErrMsg) End If Admin_footer SaveLogInfo(AdminName) NewAsp.PageEnd Sub showmain() %> <script language="JavaScript"> <!-- function checkPassForm(){ if (document.myform.password.value.length == 0){ alert("请输入您的原始密码!"); document.myform.password.focus(); return false; } if (document.myform.password1.value.length == 0){ alert("请输入您的新密码!"); document.myform.password1.focus(); return false; } if (document.myform.password2.value.length == 0){ alert("请输入您的确认密码"); document.myform.password2.focus(); return false; } return true; } //--> </script> <form name="myform" method="post" action="?action=save" onSubmit="return checkPassForm()"> <input type="hidden" name="id" value="<%=NewAsp.ChkNumeric(Session(AdminSessionName & "_Adminid"))%>"> <table border="0" align="center" cellpadding="3" cellspacing="1" class="tableborder"> <tr> <th colspan="2">管理员名称及密码修改</th> </tr> <tr> <td class="tablerow1" width="25%" align="right"><b>管理员名称:</b></td> <td class="tablerow1" width="75%"><input type="text" name="username" size="30" value="<%=Server.HTMLEncode(Session(AdminSessionName & "_AdminName")&"")%>"></td> </tr> <tr> <td class="tablerow2" align="right"><b>原始的密码:</b></td> <td class="tablerow2"><input type="password" name="password" size="30"></td> </tr> <tr> <td class="tablerow1" align="right"><b>新管理密码:</b></td> <td class="tablerow1"><input type="password" name="password1" size="30"></td> </tr> <tr> <td class="tablerow2" align="right"><b>确认新密码:</b></td> <td class="tablerow2"><input type="password" name="password2" size="30"></td> </tr> <tr> <td class="tablerow1" align="right"><b> </b></td> <td class="tablerow1"><input type="reset" name="reset_button" value="清 除" class="button"> <input type="submit" name="submit_button" value="提 交" class="button"></td> </tr> </table> </form> <% End Sub Sub savepass() Dim Rs,SQL Dim password password = md5(Request.Form("password"),16) If InStr(Request("username"), "=") > 0 Or InStr(Request("username"), "%") > 0 Or InStr(Request("username"), Chr(32)) > 0 Or InStr(Request("username"), "?") > 0 Or InStr(Request("username"), "&") > 0 Or InStr(Request("username"), ";") > 0 Or InStr(Request("username"), ",") > 0 Or InStr(Request("username"), "'") > 0 Or InStr(Request("username"), ",") > 0 Or InStr(Request("username"), Chr(34)) > 0 Or InStr(Request("username"), Chr(9)) > 0 Or InStr(Request("username"), "") > 0 Or InStr(Request("username"), "$") > 0 Then ErrMsg = ErrMsg + "<li>用户名中含有非法字符。</li>" founderr = True End If If InStr(Request("password1"), "=") > 0 Or InStr(Request("password1"), "+") > 0 Or InStr(Request("password1"), "&") > 0 Or InStr(Request("password1"), "'") > 0 Or InStr(Request("password1"), " ") > 0 Or InStr(Request("password1"), "%") > 0 Then ErrMsg = ErrMsg + "<li>密码中含有非法字符 </li>" founderr = True End If If Request.Form("password") = "" Then ErrMsg = ErrMsg + "<li>您还没有输入原始密码。<li>" founderr = True End If If Request.Form("password1") = "" And Request.Form("password2") = "" Then ErrMsg = ErrMsg + "<li>您的密码不能为空。</li>" founderr = True End If If Request.Form("password1") <> Request.Form("password2") Then ErrMsg = ErrMsg + "<li>您输入的密码和确认密码不一致。</li>" founderr = True End If Set Rs=NewAsp.Execute("SELECT * FROM NC_Admin WHERE username='" & Replace(Session(AdminSessionName & "_AdminName"), "'", "''") & "' And id=" & NewAsp.ChkNumeric(Session(AdminSessionName & "_Adminid"))) If Rs.bof And Rs.EOF Then ErrMsg = ErrMsg + "<li>Sorry!没有找到此用户。</li>" founderr = True Exit Sub Else If password <> Rs("password") Then ErrMsg = ErrMsg + "<li>您输入的原始密码错误。</li>" founderr = True Exit Sub End If End If Set Rs = Nothing If founderr = True Then Exit Sub If founderr = False Then Set Rs=NewAsp.CreateAXObject("ADODB.Recordset") SQL = "SELECT * FROM NC_Admin WHERE id=" & NewAsp.ChkNumeric(Request("id")) Rs.Open SQL, conn, 1, 3 Rs("password") = md5(Request.Form("password1"),16) If Trim(Request.Form("username")) <> "" Then Rs("username") = Trim(Request.Form("username")) End If Rs.update Session(AdminSessionName & "_AdminPass") = Rs("password") Session(AdminSessionName & "_AdminName") = Rs("username") Rs.Close Set Rs = Nothing Succeed("<li>恭喜您!管理员密码修改成功。</li>") End If End Sub %>