adminedit.asp

安全性好,适用于制作论坛和进行资源下载的个人和大型网站使用!

<!--#include file="mdb.asp"-->
<!--#include file="inc/config.asp"-->
<!--#include file="inc/md5.asp"-->
<%
'****************************************************
' Hxcms 7.5      Power by Hx66.net
' Web: http://www.Hx66.net,http://www.Hx66.net/home
' Copyright (C) 2006 Hx66.net All Rights Reserved.
'****************************************************
if session("adminlogin")<>sessionvar then
  Response.Write("<script language=javascript>alert('你尚未登录，或者超时了！请重新登录');this.top.location.href='admin.asp';</script>")
  response.end
end if
Function ReplaceBadWord(g_word)
  g_word=Replace(g_word,"'","")
  g_word=Replace(g_word," ","")
  g_word=Replace(g_word,"&","")
  g_word=Replace(g_word,"(","")
  g_word=Replace(g_word,"\","")
  g_word=Replace(g_word,"/","")
  g_word=Replace(g_word,"..","")
  g_word=Replace(g_word,"^","")
  g_word=Replace(g_word,"#","")
  g_word=Replace(g_word,"%","")
  g_word=Replace(g_word,"|","")
  g_word=Replace(g_word,";","")
  g_word=Trim(Replace(g_word,")",""))  
  ReplaceBadWord=g_word
End Function

admin_name=ReplaceBadWord(Request.cookies("hxStudioUserName"))
if admin_name<>"" then
  admin_name=replace(admin_name," ","+++ close")
else
  response.write("<li>您没有进入本页面的权限,本次操作已被记录!<br><li>如果你是本站管理员请先<a href=admin.asp target=_top>登陆</a>后进入.")
  response.end
end if
server_vv=len(Request.ServerVariables("SERVER_NAME"))
server_v1=left(Cstr(Request.ServerVariables("HTTP_REFERER")),server_vv)
server_v2=left(Cstr("http://"&Request.ServerVariables("SERVER_NAME")),server_vv)
if server_v1<>server_v2 and server_v1<>"" and server_v2<>"" then
response.write("<script>alert('错误：禁止从站点外部提交数据!.')</script>")
response.end
end if

admin_password=Md5(ReplaceBadWord(Request.form("admin_password")))
set rs=server.CreateObject("ADODB.RecordSet")
rs.open "select * from admin where admin_name='"&admin_name&"'",conn,1,2
if rs.eof then
hxStudioMsg="错误:"&admin_name&"用户资料读取错误,请重新登陆!"
else
if request("type")="save" then
if admin_password="" then
hxStudioMsg="错误:要修改资料必需填写原密码!"
else
if admin_password<>rs("admin_password") then
hxStudioMsg="错误:原密码错误!"
else
if request.form("admin_password1")<>"" or request.form("admin_password2")<>"" then
if request.form("admin_password1")<>request.form("admin_password2") then
hxStudioMsg="错误:要修改两次输入密码不相同,密码没被修改;<br><font color=""#FF0000"">·</font>"
else
rs("admin_password")=md5(ReplaceBadWord(request.form("admin_password1")))
end if
end if
hxStudioMsg=hxStudioMsg&"成功:修改资料完成!"
rs.Update
end if
end if
end if
end if
rs.close
set rs=nothing  
conn.close  
set conn=nothing
%>
<html>
<head>
<title>Hxcms管理中心 - 管理员修改资料管理</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<link rel="stylesheet" href="inc/admin.css" type="text/css">
</head>
<body topmargin="0" leftmargin="0">
<form action="adminedit.asp" method="post">
<input type="hidden"  name="type" value="save">
<%if request("type")="save" then%>
<table align="center" width="98%" align="center" border="1" cellspacing="0" cellpadding="4" class=Hxcmsbk style="border-collapse: collapse">
  <tr>
    <td width="100%"><font color="#FF0000"><%=hxStudioMsg%></font> 
	<p>时间:<%=Now()%></p></td>
  </tr>
</table>
<%end if%>
<table align="center" width="98%" align="center" border="1" cellspacing="0" cellpadding="4" class=Hxcmsbk style="border-collapse: collapse">
    <tr>
      <td>
      <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%">
        <tr class=Hxcmsss>
          <td width="50%" bgcolor="#99CCFF"><b>修改个人资料</b></td>
          <td width="50%" bgcolor="#99CCFF"><b>花香盈路管理系统 Ver 7.0</b></td>
        </tr>
      </table>
      </td>
    </tr>
    <tr class=Hxcmsds>
      <td>      
      　用户名：<input disabled name="u" value="<%=admin_name%>" size="15"></td>
    </tr>
    <tr class=Hxcmsds>
      <td>      
      　原密码：<input name="admin_password" size="15" type="password">
      <font color="#FF0000">*</font></td>
    </tr>
    <tr class=Hxcmsqs>
      <td>      
      <b><font color="#000080">修改登陆密码</font></b></td>
    </tr>
    <tr class=Hxcmsds>
      <td>      
      　新密码：<input name="admin_password1" size="15" type="password">
      <font color="#808080">不能有空格和含有&、(、\、/、..、^、#、%、|、;等特殊字符,不修改请留空</font></td>
    </tr>
    <tr class=Hxcmsds>
      <td>      
      确认密码：<input name="admin_password2" size="15" type="password"><font color="#808080"> 
      同上</font></td>
    </tr>
      <tr class=Hxcmsqs>
      <td>      
      <input name="b1" type="submit" value="确认修改">&nbsp;    
      <input name="b2" type="reset" value="全部还原">
     </td>     
    </tr>
  </table>
</form>
</body>
</html>