www.gusucode.com > 全球营销软件站整站源码4月最新数据 4.0源码程序 > 801wyxqf\adminadmin\users\admin_password.asp
<!--#include file="../../conn.asp"-->
<!--#include file="../inc/setup.asp"-->
<!--#include file="../inc/const.asp"-->
<!--#include file="../inc/check.asp"-->
<!--#include file="../../inc/md5.asp"-->
<%
Admin_header
'=====================================================================
' 软件名称:801w软件代理系统
' 当前版本:801wAsp 801w cn 801w com
' 文件名称:admin_main.asp
' 更新日期:2010-2-16
' 官方网站:801w代理系统(www.801w.cn www.801w.com) QQ:274667447
'=====================================================================
' Copyright 2003-2010 801w.cn - All Rights Reserved.
' 801wasp is a trademark of 801w.cn
'=====================================================================
%>
<table class="table1" cellspacing="1" cellpadding="3" align="center" border="0">
<tr>
<td class="tableline linetitle" width="100" align="left">修改管理员密码</td>
<td class="tableline" width="*" align="right"><a href="../sys/admin_setting.asp">基本设置</a>
- <a href="admin_master.asp">管理员管理</a>
- <a href="admin_master.asp?action=add">添加管理员</a>
- <a href="admin_password.asp">修改密码</a>
- <a href="admin_list.asp">用户列表</a>
- <a href="../sys/admin_channel.asp">频道管理</a>
- <a href="../sys/admin_maillist.asp?action=mail">发送邮件</a>
- <a href="../sys/admin_lockip.asp">IP限制</a>
</td>
</tr>
</table>
<%
Dim Action
Action = LCase(Request("action"))
If Not ChkAdmin("ChangePassword") Then
Call Transfer_error()
End If
Select Case Trim(Action)
Case "save"
Call savepass()
Case Else
Call showmain()
End Select
If FoundErr = True Then
ReturnError(ErrMsg)
End If
Admin_footer
SaveLogInfo(AdminName)
NewAsp.PageEnd
Sub showmain()
%>
<script language="JavaScript">
<!--
function checkPassForm(){
if (document.myform.password.value.length == 0){
alert("请输入您的原始密码!");
document.myform.password.focus();
return false;
}
if (document.myform.password1.value.length == 0){
alert("请输入您的新密码!");
document.myform.password1.focus();
return false;
}
if (document.myform.password2.value.length == 0){
alert("请输入您的确认密码");
document.myform.password2.focus();
return false;
}
return true;
}
//-->
</script>
<form name="myform" method="post" action="?action=save" onSubmit="return checkPassForm()">
<input type="hidden" name="id" value="<%=NewAsp.ChkNumeric(Session(AdminSessionName & "_Adminid"))%>">
<table border="0" align="center" cellpadding="3" cellspacing="1" class="tableborder">
<tr>
<th colspan="2">管理员名称及密码修改</th>
</tr>
<tr>
<td class="tablerow1" width="25%" align="right"><b>管理员名称:</b></td>
<td class="tablerow1" width="75%"><input type="text" name="username" size="30" value="<%=Server.HTMLEncode(Session(AdminSessionName & "_AdminName")&"")%>"></td>
</tr>
<tr>
<td class="tablerow2" align="right"><b>原始的密码:</b></td>
<td class="tablerow2"><input type="password" name="password" size="30"></td>
</tr>
<tr>
<td class="tablerow1" align="right"><b>新管理密码:</b></td>
<td class="tablerow1"><input type="password" name="password1" size="30"></td>
</tr>
<tr>
<td class="tablerow2" align="right"><b>确认新密码:</b></td>
<td class="tablerow2"><input type="password" name="password2" size="30"></td>
</tr>
<tr>
<td class="tablerow1" align="right"><b> </b></td>
<td class="tablerow1"><input type="reset" name="reset_button" value="清 除" class="button">
<input type="submit" name="submit_button" value="提 交" class="button"></td>
</tr>
</table>
</form>
<%
End Sub
Sub savepass()
Dim Rs,SQL
Dim password
password = md5(Request.Form("password"),16)
If InStr(Request("username"), "=") > 0 Or InStr(Request("username"), "%") > 0 Or InStr(Request("username"), Chr(32)) > 0 Or InStr(Request("username"), "?") > 0 Or InStr(Request("username"), "&") > 0 Or InStr(Request("username"), ";") > 0 Or InStr(Request("username"), ",") > 0 Or InStr(Request("username"), "'") > 0 Or InStr(Request("username"), ",") > 0 Or InStr(Request("username"), Chr(34)) > 0 Or InStr(Request("username"), Chr(9)) > 0 Or InStr(Request("username"), "") > 0 Or InStr(Request("username"), "$") > 0 Then
ErrMsg = ErrMsg + "<li>用户名中含有非法字符。</li>"
founderr = True
End If
If InStr(Request("password1"), "=") > 0 Or InStr(Request("password1"), "+") > 0 Or InStr(Request("password1"), "&") > 0 Or InStr(Request("password1"), "'") > 0 Or InStr(Request("password1"), " ") > 0 Or InStr(Request("password1"), "%") > 0 Then
ErrMsg = ErrMsg + "<li>密码中含有非法字符 </li>"
founderr = True
End If
If Request.Form("password") = "" Then
ErrMsg = ErrMsg + "<li>您还没有输入原始密码。<li>"
founderr = True
End If
If Request.Form("password1") = "" And Request.Form("password2") = "" Then
ErrMsg = ErrMsg + "<li>您的密码不能为空。</li>"
founderr = True
End If
If Request.Form("password1") <> Request.Form("password2") Then
ErrMsg = ErrMsg + "<li>您输入的密码和确认密码不一致。</li>"
founderr = True
End If
Set Rs=NewAsp.Execute("SELECT * FROM NC_Admin WHERE username='" & Replace(Session(AdminSessionName & "_AdminName"), "'", "''") & "' And id=" & NewAsp.ChkNumeric(Session(AdminSessionName & "_Adminid")))
If Rs.bof And Rs.EOF Then
ErrMsg = ErrMsg + "<li>Sorry!没有找到此用户。</li>"
founderr = True
Exit Sub
Else
If password <> Rs("password") Then
ErrMsg = ErrMsg + "<li>您输入的原始密码错误。</li>"
founderr = True
Exit Sub
End If
End If
Set Rs = Nothing
If founderr = True Then Exit Sub
If founderr = False Then
Set Rs=NewAsp.CreateAXObject("ADODB.Recordset")
SQL = "SELECT * FROM NC_Admin WHERE id=" & NewAsp.ChkNumeric(Request("id"))
Rs.Open SQL, conn, 1, 3
Rs("password") = md5(Request.Form("password1"),16)
If Trim(Request.Form("username")) <> "" Then
Rs("username") = Trim(Request.Form("username"))
End If
Rs.update
Session(AdminSessionName & "_AdminPass") = Rs("password")
Session(AdminSessionName & "_AdminName") = Rs("username")
Rs.Close
Set Rs = Nothing
Succeed("<li>恭喜您!管理员密码修改成功。</li>")
End If
End Sub
%>