check.asp

基本功能: 1.网友留言 2.留言可以选择悄悄话 3.管理员后台管理留言 4.可有多个管理员 5.20个留言形象 6.可设置每页显示最大留言数

<!--#include file="conn1.asp"-->

<%
strTemp=trim(request("name"))
If Instr(strTemp,"select%20") or Instr(strTemp,"insert%20") or Instr(strTemp,"delete%20from") or Instr(strTemp,"count(") or Instr(strTemp,"drop%20table") or Instr(strTemp,"update%20") or Instr(strTemp,"truncate%20") or Instr(strTemp,"asc(") or Instr(strTemp,"mid(") or Instr(strTemp,"char(") or Instr(strTemp,"xp_cmdshell") or Instr(strTemp,"exec%20master") or Instr(strTemp,"net%20localgroup%20administrators")  or Instr(strTemp,":") or Instr(strTemp,"net%20user") or Instr(strTemp,"'") or Instr(strTemp,"%20or%20") then
%>		

<script language=vbs>
<!--
  msgbox"呵呵 不能这样哦:-)"
  window.location.href="index.asp" 
-->
</script>

<%response.end
end If
admin=replace(strTemp,"'","''")

strTemp=trim(request("password"))
If Instr(strTemp,"select%20") or Instr(strTemp,"insert%20") or Instr(strTemp,"delete%20from") or Instr(strTemp,"count(") or Instr(strTemp,"drop%20table") or Instr(strTemp,"update%20") or Instr(strTemp,"truncate%20") or Instr(strTemp,"asc(") or Instr(strTemp,"mid(") or Instr(strTemp,"char(") or Instr(strTemp,"xp_cmdshell") or Instr(strTemp,"exec%20master") or Instr(strTemp,"net%20localgroup%20administrators")  or Instr(strTemp,":") or Instr(strTemp,"net%20user") or Instr(strTemp,"'") or Instr(strTemp,"%20or%20") then
%>		<script language=vbs>
<!--
  msgbox"呵呵 不能这样哦:-)"
  window.location.href="index.asp" 
-->
</script>

<%response.end
end If
password=replace(strTemp,"'","''")
%>
<%
set data=server.createobject("adodb.recordset")
exec="select * from admin where(admin='"&request.form("name")&"' and admin_pas='"&request.form("password")&"')"
data.open exec,conn
if not data.eof then
data.Close
conn.Close
session("checked")="yes"
session("check")="right"
response.Redirect "admin.asp"
else
session("checked")="no"
session("check")="wrong"
response.Redirect "admin_enter.asp"
end if
%>