w2.asp

1.地址缩短

<!--#include file="boardconn.asp"-->
<!--#include file="inc/sql.asp"-->
<!--#include file="inc/inc.asp"-->
<!--#include file="inc/ip.asp"-->
<!--#include file="inc/const.asp"-->
<!--#include file="inc/postubb.asp"-->
<%
server_v1=Cstr(Request.ServerVariables("HTTP_REFERER"))
server_v2=Cstr(Request.ServerVariables("SERVER_NAME"))
if mid(server_v1,8,len(server_v2))<>server_v2 then
response.write "<br><br><center><table border=1 cellpadding=20 bordercolor=black bgcolor=#EEEEEE width=450>"
response.write "<tr><td style=font:9pt Verdana>"
response.write "<center><font face=Georgia,Tahoma size=2><u>友情提示：服务器禁止非法操作...</u></font></center>"
response.write "</td></tr></table></center>"
response.end
end if
%>
<%
fqys=request.servervariables("query_string") 
dim nothis(18) 
nothis(0)="net user" 
nothis(1)="xp_cmdshell" 
nothis(2)="/add" 
nothis(3)="exec%20master.dbo.xp_cmdshell" 
nothis(4)="net localgroup administrators" 
nothis(5)="select" 
nothis(6)="count" 
nothis(7)="asc" 
nothis(8)="char" 
nothis(9)="mid" 
nothis(10)="'" 
nothis(11)=":" 
nothis(12)="""" 
nothis(13)="insert" 
nothis(14)="delete" 
nothis(15)="drop" 
nothis(16)="truncate" 
nothis(17)="from" 
nothis(18)="%" 
errc=false 
for i= 0 to ubound(nothis) 
if instr(FQYs,nothis(i))<>0 then 
errc=true 
end if 
next 
if errc then 
response.write "<br><br><center><table border=1 cellpadding=20 bordercolor=black bgcolor=#EEEEEE width=450>"
response.write "<tr><td style=font:9pt Verdana>"
response.write "<center><font face=Georgia,Tahoma size=2><u>友情提示：服务器禁止非法操作...</u></font></center>"
response.write "</td></tr></table></center>"
response.end 
end if 
%>
<%
	UserName=replace(trim(Request.Form("UserName")),"'","‘")

	if not IsNumeric(request("verifycode")) then
		rs.close
		set rs=nothing
		Response.Write ("<script>alert('友情提示!\n\n登陆验证码必须是数字!');history.back();</script>")
		Response.end
	end if

	if (int(session("SafeCode"))<>int(request("verifycode"))) then
		rs.close
		set rs=nothing
		Response.Write ("<script>alert('友情提示!\n\n登陆验证码错误!');history.back();</script>")
		Response.end
	end if

	If UserName="" Then
		Response.Write ("<script>alert('友情提示!\n\n请完整输入贴吧名称!');history.back();</script>")
		Response.end
	End If

	if Instr(UserName,">")>0 or Instr(UserName,"<")>0 or Instr(UserName,"=")>0 or Instr(UserName,"%")>0 or Instr(UserName,chr(32))>0 or Instr(UserName,"?")>0 or Instr(UserName,"&")>0 or Instr(UserName,";")>0 or Instr(UserName,",")>0 or Instr(UserName,"'")>0 or Instr(UserName,chr(34))>0 or Instr(UserName,chr(9))>0 or Instr(UserName,"