chk.asp

BS在线文件管理系统的源码和说明

<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>
<!--#include file="function.asp"-->
<!--#include file="driver.asp"-->
<!--#include file="conn.asp"-->
<!--#include file="md5.asp"-->
<%
'-------------------------获取表单数据
 admin = trim(lcase(request("admin")))
 pwd = trim(lcase(request("pwd")))
 order = trim(lcase(request("type")))
 thedir = trim(lcase(request("dir")))
 dir = replace(thedir,"|","\|")
'---------
 if right(dir,1) <> "\" then
	dir = dir&"\"
 end if
'---------
 chk = trim(lcase(request("chk")))
 if request("super1") = "1" then
 	super1 = true
 else
 	super1 = false
 end if
 '------------------------
 if admin = "" or order = "" then
 	title="非法请求！"
	response.write("<script language=javascript>alert("""&title&""");")
	response.write("history.go(-1);</script>")
 end if
	Select Case order
		Case "login"
		title="登录"
  		Case "modify"
		title="修改密码或权限"
  		Case "add"
		title="添加管理员"
		Case "del"
		title="删除管理员"
	End Select
'---------------
if title="" then
title="运行出现错误"
end if
'---------------
if admin = "" or order = "" then
	response.end
end if
'---------------
'----------------------------------------------检验请求目录有效性
If session("admin") and order <> "del" then
    '----------------过滤非法字符
    dir=GetPathWith(dir)
    '----------------检测是否是有效路径
    myPath = Split(dir, "|")
    For each subDir in myPath
	'----------------检测是否是有效路径
	if not CheckCorrectPath(subDir) then
	    response.write("<script language=javascript>")
	    response.write("alert(""请求包含非有效目录或包含非法字符！"");")
	    response.write("history.go(-1);")
	    response.write("</script>")
	    response.write("<body bgcolor=#CCCCCC onLoad='setTimeout(window.close, 0)'>")
	    response.end
	end if
    Next
End If
%>
<html>
<head>
<title><%=title%>--<%=name%>--[By BrightStar]</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<Meta Name="description" Content="BS在线文件管理系统">
<Meta Name="Keywords" Content="BS在线文件管理系统">
<meta http-equiv="pragma" content="no-cache">
<link href="styles.css" rel="stylesheet" type="text/css">
</head>
<body bgcolor="#CCCCCC" onLoad="setTimeout(window.close, 600)">
<table height=80 width="280" border="0" align="center" cellpadding="1" cellspacing="0">
  <tr><td align="center" height=60 valign="middle">
<font color="ff0000"> 
<% if order <> "" then 
set rs=CreateObject("ADODB.Recordset")
	Select Case order
		Case "login"
		if chk <> trim(session("chk")) then
			response.Write("非法数据来源！")
		else
		rs.open "select * from admin where admin='"&admin&"' and pwd='"&md5(pwd)&"'", conn,3,3
		if not rs.eof and not rs.bof then
			session("adminlogin") = rs("admin")
			session("dir") = rs("dir")
			if rs("super")=false then
				session("admin") = false
			else
				session("admin") = true
			end if
				if request("goindex") = 1 then
					session("goindex") = true
				end if
			response.Write("登录成功！")	
		else
			response.Write("登录失败！管理员不存在或密码错误！")
		end if
		end if
  		Case "modify"
		rs.open "select * from admin where admin='"&admin&"'", conn,3,3
		if not rs.eof then
			if (session("adminlogin")<>"" and admin = session("adminlogin")) or session("admin") then
			if pwd<>"" then
				rs("pwd") = md5(pwd)
			end if
			if dir<> "" and session("admin") then
				rs("dir") = dir
				if session("adminlogin") = rs("admin") then
				session("dir") = dir
				end if
			end if
			if session("admin") then
				rs("super")= super1
			end if
			rs.update
				response.Write("修改设置成功！")
		else
				response.Write("非法数据来源！")
		end if
		else
		response.Write("该管理员不存在！修改失败！")
		end if
  		Case "add"
		if session("adminlogin")<>"" and session("admin") then
		rs.open "select * from admin where admin='"&admin&"'", conn,3,3
		if rs.eof then
			rs.addnew
			rs("admin")=admin
			rs("pwd")=md5(pwd)
			rs("dir")=dir
			rs("super")=super1
			rs.update()
			response.Write("管理员已经添加成功！")
		else
			response.Write("此管理员已经存在！")
		end if
		else
			response.Write("非法数据来源或没有权限！")
		end if
		Case "del"
		if session("adminlogin")<>"" and session("admin") then
		rs.open "select * from admin where admin='"&request("admin")&"'", conn,3,3
		if not rs.eof and not rs.bof then
		  if rs("super") = false then
			rs.delete()
			response.Write("删除管理员成功！")
		  else
			response.Write("不允许删除超级管理员！")
		  end if
		else
			response.Write("此管理员不存在！")
		end if
		else
			response.Write("非法数据来源或没有权限！")
		end if
	End Select
	rs.close()
set rs = nothing
set conn = nothing
 else
	response.write("非法或无效请求！")
 end if %>
</font>
  </td></tr>
  <tr>
    <td align=center height=20>
<input type="button" name="Button" value=" 确 定 " onclick="window.close();" class="button"></td>
  </tr>
</table>
<table width="280" border="0" align="center" cellpadding="1" cellspacing="0">
  <tr>
    <td height="5"></td>
  </tr>
</table>
<table width="280" border="0" align="center" cellpadding="1" cellspacing="0">
  <tr>
    <td bgcolor="#ccaacc" height="1"></td>
  </tr>
  <tr>
    <td height="2"></td>
  </tr>
  <tr> 
    <td align="center"><%=mail%></td>
  </tr>
</table>
</body>
</html>