change.asp

电子商务网络购物系统

<% Option Explicit %>
<!--#include file="conn.asp" -->
<%
Dim rsAdminDetails
Dim strMode
Dim strEncyptedPassword
Dim blnUserNameOK
Dim strCheckUserName	
Dim blnUpdated

blnUserNameOK = True
blnUpdated = False
If lngLoggedInUserID <> 1 Then
	Set rsConn = Nothing
	adoCon.Close
	Set adoCon = Nothing
	Response.Redirect("menu.asp")
End If

strMode = Request.Form("mode")
If strMode = "postBack" Then
	strUserName = Trim(Mid(Request.Form("userName"), 1, 15))
	strPassword = LCase(Trim(Mid(Request.Form("password"), 1, 15)))
	If strUserName = "" Then blnUserNameOK = False
	If InStr(1, strUserName, "password", vbTextCompare) Then blnUserNameOK = False
	If InStr(1, strUserName, "author", vbTextCompare) Then blnUserNameOK = False
	If InStr(1, strUserName, "code", vbTextCompare) Then blnUserNameOK = False
	If InStr(1, strUserName, "userName", vbTextCompare) Then blnUserNameOK = False
	If InStr(1, strUserName, "N0act", vbTextCompare) Then blnUserNameOK = False
        strUserName = formatSQLInput(strUserName)
	Set rsConn = Server.CreateObject("ADODB.Recordset")
	strSQL = "SELECT timesuser.UserName FROM timesuser WHERE timesuser.UserName = '" & strUserName & "' AND NOT timesuser.userid = 1;"
	rsConn.Open strSQL, adoCon
	If NOT rsConn.EOF Then blnUserNameOK = False
        strUserName = Replace(strUserName, "''", "'", 1, -1, 1)
	rsConn.Close
	If blnUserNameOK Then
                strSalt = getSalt(Len(strPassword))
                strEncyptedPassword = strPassword & strSalt
                strEncyptedPassword = HashEncode(strEncyptedPassword)
		strSQL = "SELECT timesuser.UserName,  timesuser.Password, timesuser.Salt, timesuser.usercode "
		strSQL = strSQL & "From timesuser "
		strSQL = strSQL & "WHERE timesuser.userid=1;"
		rsConn.LockType = 3
		rsConn.CursorType = 2
		rsConn.Open strSQL, adoCon
		Randomize Timer
                strUserCode = userCode(strUserName)
		With rsConn
			.Fields("UserName") = strUserName
			.Fields("Password") = strEncyptedPassword
			.Fields("Salt") = strSalt
			.Fields("usercode") = strUserCode
			.Update
			.Requery
			Response.Cookies("Forum")("UID") = strUserCode
			strUserName = rsConn("UserName")
			.Close
		End With
		blnUpdated = True
	End If
End If
Set rsConn = Nothing
adoCon.Close
Set adoCon = Nothing
%>

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<title>更改管理员名称和密码</title>

<script  language="JavaScript">
<!-- Hide from older browsers...

function CheckForm () {
        var errorMsg = "";
        var errorMsgLong = "";
        if (document.frmChangePassword.userName.value.length <= 1){
                errorMsg += "\n\t用户名 \t- 用户名至少二位";
        }
        if (document.frmChangePassword.password.value.length <= 3){
                errorMsg += "\n\t密码 \t- 密码至少四位";
        }
        if ((document.frmChangePassword.password.value) != (document.frmChangePassword.password2.value)){
                errorMsg += "\n\t密码错误\t- 两次输入的密码不一致";
                document.frmChangePassword.password.value = "";
                document.frmChangePassword.password2.value = "";
        }
	if ((errorMsg != "") || (errorMsgLong != "")){
		msg = "_________________________________________________________________\n\n";
		msg += "提交失败\n";
		msg += "请修改后重新提交.\n";
		msg += "_________________________________________________________________\n\n";
		msg += "需要修改的部分: -\n";

		errorMsg += alert(msg + errorMsg + "\n" + errorMsgLong);
		return false;
	}

	return true;
}
// -->
</script>
<link href="includes/style.css" rel="stylesheet" type="text/css">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div align="center"> 
  <p class="text"><span class="heading">更改管理员名称和密码</span><br>
    <br />
    <a href="menu.asp" target="_self">返回到管理主菜单</a><br />
    <br />
    务必记住你的新密码，否则你将不能登录管理论坛，密码采用了加密机制</p>
</div>
<%

If blnUserNameOK = False Then
%>
<table width="96%" border="0" cellspacing="0" cellpadding="0" align="center">
 <tr>
    <td align="center" class="lgText">对不起，你输入的用户名已经被注册，请选择另外的用户名</td>
 </tr>
</table><%

End If


If blnUpdated Then
%>
<table width="96%" border="0" cellspacing="0" cellpadding="0" align="center">
 <tr>
    <td align="center" class="lgText">你的用户名和密码已更新</td>
 </tr>
</table><%

End If
%>
<form method="post" Name="frmChangePassword" action="change.asp" onSubmit="return CheckForm();">
 <table width="350" border="0" cellspacing="0" cellpadding="0" align="center" bgcolor="#000000" height="30">
  <tr>
   <td height="2" width="483" align="center"> <table width="100%" border="0" cellspacing="1" cellpadding="2">
     <tr>
      <td bgcolor="#FFFFFF"><table width="100%" border="0" cellspacing="0" cellpadding="2">
        <tr>
                  <td width="40%" align="right" class="text">用 户 名:&nbsp;&nbsp;</td>
         <td width="60%"> <input type="text" Name="userName" size="15" maxlength="15" value="<% = strUserName %>"> </td>
        </tr>
        <tr>
                  <td width="40%" align="right" class="text">密　　码:&nbsp; </td>
         <td width="60%"> <input type="password" Name="password" size="15" maxlength="15"> </td>
        </tr>
        <tr>
                  <td width="40%" align="right" class="text">确认密码:&nbsp; </td>
         <td width="60%"> <input type="password" Name="password2" size="15" maxlength="15"> </td>
        </tr>
        <tr>
         <td align="right" width="40%"> <input type="hidden" Name="mode" value="postBack"> </td>
         <td width="60%"> <input type="submit" Name="Submit" value="更新资料"> <input type="reset" Name="Reset" value="清除"> </td>
        </tr>
       </table></td>
     </tr>
    </table></td>
  </tr>
 </table>
</form>
<br />
</body>
</html>