txl_userfun.asp

同学录的设计

<%
Rem 	检查和过滤表单非法字符
function checkfrmusername(username)
	dim Form_UserName,badword,GBL_CHK_Flag,Loop_N,TempURL
	GBL_CHK_Flag=1
	Form_UserName=Trim(username)
	'Response.Write(form_username)
	if Form_UserName="" or isnull(Form_UserName) or isempty(Form_UserName) then 
		GBL_CHK_TempStr="用户名不能为空或者有非法的字符"
		checkfrmusername=false
		exit function
	end if
	Dim TempChar
	TempURL = Len(Form_UserName)
	For Loop_N = 1 to TempURL
	TempChar = ASC(Mid(Form_UserName,Loop_N,1))
		If TempChar < 0 Then TempChar = TempChar + 65535
		If TempChar < 45 or (TempChar>45 and TempChar<48) or (TempChar>57 and TempChar<65) or (TempChar>90 and TempChar < 95) or TempChar = 96 or (TempChar > 122 and TempChar < 33088) Then
			GBL_CHK_TempStr = "用户名含有非法字符(请使用数字,字母,下划线)!<br>"
			GBL_CHK_Flag = 0
			Exit Function
		End If
		
		If TempChar > 65184 Then
			GBL_CHK_TempStr = "非法的用户名,含有非法字符,请确认!<br>"
			GBL_CHK_Flag = 0
			Exit Function
			End If
	next
	
	If inStr(Form_UserName,"'")>0 or inStr(Form_UserName,"’")>0  or inStr(Form_UserName,"“")>0 or inStr(Form_UserName,"”")>0then
		GBL_CHK_TempStr = GBL_CHK_TempStr & "用户名不能包含'或“或”或 "& chr(34) & "符号!<br>"
		GBL_CHK_Flag = 0
		Exit Function
	End If

	If inStr(Form_UserName,"`")>0 or inStr(Form_UserName,"~")>0 or inStr(Form_UserName,"&")>0 then
		GBL_CHK_TempStr = GBL_CHK_TempStr & "用户名不能包含`或&符号!<br>"
		GBL_CHK_Flag = 0
		Exit Function
	End If
	If inStr(Form_UserName,"!")>0 or inStr(Form_UserName,"@")>0 or inStr(Form_UserName,"^")>0 then
		GBL_CHK_TempStr = GBL_CHK_TempStr & "用户名不能包含!@^符号!<br>"
		GBL_CHK_Flag = 0
		Exit Function
	End If
	
	If inStr(Form_UserName,"#")>0 or inStr(Form_UserName,"$")>0 or inStr(Form_UserName,"%")>0 then
		GBL_CHK_TempStr = GBL_CHK_TempStr & "用户名不能包含#$%符号!<br>"
		GBL_CHK_Flag = 0
		Exit Function
	End If
	
	If inStr(Form_UserName,"*")>0 or inStr(Form_UserName,"(")>0 or inStr(Form_UserName,")")>0 then
		GBL_CHK_TempStr = GBL_CHK_TempStr & "用户名不能包含*()符号!<br>"
		GBL_CHK_Flag = 0
		Exit Function
	End If
	
	If inStr(Form_UserName,"+")>0 or inStr(Form_UserName,"=")>0 or inStr(Form_UserName,"|")>0 then
		GBL_CHK_TempStr = GBL_CHK_TempStr & "用户名不能包含+=|符号!<br>"
		GBL_CHK_Flag = 0
		Exit Function
	End If
	
	If inStr(Form_UserName," ")>0 or inStr(Form_UserName,chr(10))>0 or inStr(Form_UserName,chr(13))>0 then
		GBL_CHK_TempStr = GBL_CHK_TempStr & "用户名不能包含空格,换行等符号!<br>"
		GBL_CHK_Flag = 0
		Exit Function
	End If
	
	If inStr(Form_UserName,chr(127))>0 or inStr(Form_UserName,chr(9))>0 then
		GBL_CHK_TempStr = GBL_CHK_TempStr & "用户名不能包含制表符等符号!<br>"
		GBL_CHK_Flag = 0
		Exit Function
	End If
	
	If inStr(Form_UserName,"[")>0 or inStr(Form_UserName,"]")>0 or inStr(Form_UserName,"\")>0 then
		GBL_CHK_TempStr = GBL_CHK_TempStr & "用户名不能包含[]\等符号!<br>"
		GBL_CHK_Flag = 0
		Exit Function
	End If
	
	If inStr(Form_UserName,"{")>0 or inStr(Form_UserName,"}")>0 or inStr(Form_UserName,";")>0 then
		GBL_CHK_TempStr = GBL_CHK_TempStr & "用户名不能包含{};等符号!<br>"
		GBL_CHK_Flag = 0
		Exit Function
	End If
	
	If inStr(Form_UserName,":")>0 or inStr(Form_UserName,",")>0 or inStr(Form_UserName,".")>0 then
		GBL_CHK_TempStr = GBL_CHK_TempStr & "用户名不能包含:,.等符号!<br>"
		GBL_CHK_Flag = 0
		Exit Function
	End If
	
	If inStr(Form_UserName,"<")>0 or inStr(Form_UserName,">")>0 or inStr(Form_UserName,"/")>0 or inStr(Form_UserName,"?")>0 then
		GBL_CHK_TempStr = GBL_CHK_TempStr & "用户名不能包含<>?/等符号!<br>"
		GBL_CHK_Flag = 0
		Exit Function
	End If

	if GBL_CHK_Flag=0 then
		 checkfrmusername=false
	else
		checkfrmusername=true
	end if
end function

function printmsg(msg)		'测试用户名出错处理
	Response.write "<html><head><title>"&const_txlname&"-测试用户名</title>"
	Response.write "<OBJECT id=closes type=""application/x-oleobject"" classid=""clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11""><param name=""Command"" value=""Close""></object>"
	Response.write "</head><body>"
	Response.write "<br><font style=font-size:12px><li>"&msg&"</li></font>"
	Response.write "<div align=center><a href=javascript:; onclick=closes.Click(); style='text-decoration:none;color:gray;font-size:13px'>[关闭窗口]</a></div>"
	Response.write "</body></html>"
end function

Rem 同学录登录处理函数
function txllogin(username,password)
	dim rs
	username=Trim(Replace(username,"'","''"))
	if  username="" or password="" then
		txlloginerrstr="用户名和密码不能为空！"
		txllogin=false
		exit function
	else
		set rs=conn.execute ("select * from ec where studentid='"&username&"'")
		if  rs.eof	then'未注册
			txlloginerrstr="<li>该用户名尚未注册,你是否要<a href='"&const_txl_HomeUrl&"user/register.asp'>注册</a>该用户名?</li>"
			txllogin=false
		else
			if	Trim(rs("password"))<>password	then	'密码错误
				txlloginerrstr="<li>密码错误,请重新<a href='"&const_txl_HomeUrl&"user/login.asp'>登录</a>!</li>"
				txllogin=false
			else	'密码正确
				If const_friend_loginset=0 Then	'登录限制
					If Rs("usertype")=1 or Rs("usertype")=2	Then
						txlloginerrstr="<li>当前同学录状态已经设置为<font color=red>不允许班级好友和准班级成员登录</font>!</li>"&Vbcrlf
						txlloginerrstr=txlloginerrstr&"<li>如果还有疑问请与管理员联系!</li>"
						txllogin=false
						Exit Function
					End If
				End If
				Session("username")=username
				Session("lastedtime")=rs("lastedtime")
				Session("usertype")=rs("usertype")
				conn.execute ("update ec set logintimes=logintimes+1,lastedtime='"&now()&"' where studentid='"&username&"'")
				conn.execute  ("update online set sname='"&username&"' where ip='"&Trim(Session("user_ip"))&"'")
				txlloginerrstr="<li>登录成功,欢迎您的到来!</li>"&Vbcrlf
				txlloginerrstr=txlloginerrstr&"<li>此页面将在5秒之后返回<a href='../index.asp'>首页</a></li>"
				txllogin=true
			end if
		end if
		rs.close
		set rs=nothing
	end if
end function

function checkusername(username)
	dim rs
	set	rs=conn.execute ("select studentid from ec where studentid='"&username&"'")
	if not rs.eof then
		checkusername=false	'已经被注册
	else
		checkusername=true	'没有被注册
	end if
end function
%>