myfunction.asp

MisCMS源码

<%'以下为公用函数
Function goback(str,alertstr) '为空时后退
 if str="" then 
  response.write "<script>" 
  response.write "alert('"&alertstr&"');" 
  response.write "history.go(-1)" 
  response.write "</script>" 
  response.end 
 else
  goback=str
 end if
End Function

Function alertback(alertstr,backnum) 
  response.write "<script>" 
  response.write "alert('"&alertstr&"');" 
  response.write "history.go(-"&backnum&")" 
  response.write "</script>" 
  response.end 
End Function

Function AlertUrl(alertstr,url) 
  response.write "<script>" 
  response.write "alert('"&alertstr&"');" 
  response.write "location.href='"&url&"';" 
  response.write "</script>" 
  response.end 
End Function

Function GotoUrl(url) 
  response.write "<script>" 
  response.write "location.href='"&url&"';" 
  response.write "</script>" 
  response.end 
End Function

Function Alertclose(alertstr) 
  response.write "<script>" 
  response.write "alert('"&alertstr&"');" 
  response.write "window.close();" 
  response.write "</script>" 
  response.end 
End Function

Function chkstr(inputstr) '过滤单引号
if instr(inputstr,"'")<>0 then 
 chkstr=replace(inputstr,"'","")
else
 chkstr=inputstr
end if
End Function


Public Function HTMLEncode(fString)
  If Not IsNull(fString) Then
   fString = replace(fString, ">", "&gt;")
   fString = replace(fString, "<", "&lt;")
   fString = Replace(fString, CHR(32), " ")  '&nbsp;
   fString = Replace(fString, CHR(9), " ")   '&nbsp;
   fString = Replace(fString, CHR(34), "&quot;")
   fString = Replace(fString, CHR(39), "&#39;") '单引号过滤
   fString = Replace(fString, CHR(13), "")
   fString = Replace(fString, CHR(10) & CHR(10), "</P><P> ")
   fString = Replace(fString, CHR(10), "<BR> ")
   HTMLEncode = fString
  End If
 End Function

'检测注入
function sql()
Dim Fy_Url,Fy_a,Fy_x,Fy_Cs(),Fy_Cl,Fy_Ts,Fy_Zx
Fy_Cl = 2        '处理方式：1=提示信息,2=转向页面,3=先提示再转向
Fy_Zx = "../Error.Asp"    '出错时转向的页面

On Error Resume Next
Fy_Url=Request.ServerVariables("QUERY_STRING")
Fy_a=split(Fy_Url,"&")
redim Fy_Cs(ubound(Fy_a))
On Error Resume Next
for Fy_x=0 to ubound(Fy_a)
Fy_Cs(Fy_x) = left(Fy_a(Fy_x),instr(Fy_a(Fy_x),"=")-1)
Next
For Fy_x=0 to ubound(Fy_Cs)
If Fy_Cs(Fy_x)<>"" Then
If Instr(LCase(Request(Fy_Cs(Fy_x))),"'")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"and")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"select")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"update")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"chr")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"delete%20from")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),";")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"insert")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"mid")<>0 Or Instr(LCase(Request(Fy_Cs(Fy_x))),"master.")<>0 Then
Select Case Fy_Cl
  Case "1"
Response.Write "<Script Language=JavaScript>alert('出现错误！参数 "&Fy_Cs(Fy_x)&" 的值中包含非法字符串！;window.close();</Script>"
  Case "2"
Response.Write "<Script Language=JavaScript>location.href='"&Fy_Zx&"'</Script>"
  Case "3"
Response.Write "<Script Language=JavaScript>alert('出现错误！参数 "&Fy_Cs(Fy_x)&"的值中包含非法字符串！;location.href='"&Fy_Zx&"';</Script>"
End Select
Response.End
End If
End If
Next
end function

'判断提交是否来自外部
Function ChkPOst
  Dim Server_Add1,Server_Add2
  Server_Add1=Cstr(Request.ServerVariables("HTTP_REFERER"))
  Server_Add2=Cstr(Request.ServerVariables("SERVER_NAME"))
  If Mid(Server_Add1,8,Len(Server_Add2)) <> Server_Add2 Then
      ChkPost = False
  Else
      ChkPost = True       		
  End If
End Function

'管理员用户
dim admname,admpwd
admname="admin"
admpwd="admin"

'后台权限
function master
if session("level")<>"adm" then
response.Redirect "login.asp"
end if
end function

'分页
'pagelist(总数,每页条数,总页数,当前页数,文件名,参数（多个用“,”分开）,参数值（多个用“,”分开）)
function pagelist(sum,rec,maxpage,mypage,scriptname,cs,csz)
if cs<>"" then
cs1=split(cs,",")
csd=ubound(cs1)
csz1=split(csz,",")
cszd=ubound(csz1)
tem=""
for a = 0 to csd
tem=tem&"" & cs1(a) & "=" & csz1(a) & "&"
next
else
tem=""
end if
outstr="<table width='100%' border='0' align='center' cellpadding='0' cellspacing='0'>"
outstr=outstr&"<tr><form method='post' action='" & scriptname & "?"
outstr=outstr&tem&"'><td align='center'>"
outstr=outstr&"共[<font color='#ff0000'>" & sum & "</font>]条信息&nbsp;每页[<font color='#ff0000'>" & rec & "</font>]条&nbsp;共[<font color='#ff0000'>" & maxpage & "</font>]页&nbsp;「"
if cint(mypage)<>1 then
outstr=outstr&"<a href='" & scriptname & "?"
outstr=outstr&tem&"page=1"
outstr=outstr&"'>首页</a>"
else
outstr=outstr&"首页"
end if
outstr=outstr&"」&nbsp;「"
if cint(mypage)>1 then
outstr=outstr&"<a href='" & scriptname & "?"
outstr=outstr&tem&"page=" & cint(mypage)-1 & ""
outstr=outstr&"'>上页</a>"
else
outstr=outstr&"上页"
end if
outstr=outstr&"」&nbsp;「"
if cint(mypage)<maxpage then
outstr=outstr&"<a href='" & scriptname & "?"
outstr=outstr&tem&"page=" & cint(mypage)+1 & ""
outstr=outstr&"'>下页</a>"
else
outstr=outstr&"下页"
end if
outstr=outstr&"」&nbsp;「"
if cint(mypage)<>maxpage then
outstr=outstr&"<a href='" & scriptname & "?"
outstr=outstr&tem&"page=" & maxpage & ""
outstr=outstr&"'>尾页</a>"
else
outstr=outstr&"尾页"
end if
outstr=outstr&"」&nbsp;"
outstr=outstr&"<select name='page' onChange='javascript:submit()'>"
for x = 1 to maxpage
outstr=outstr&"<option value=" & x & " "
if cint(x)=cint(mypage) then
outstr=outstr&"selected "
end if
outstr=outstr&">第" & x & "页</option>"
next
outstr=outstr&"</select>"
outstr=outstr&"</td></form></tr></table>"
outstr=outstr
response.Write outstr
end function

' 格式化时间(显示)
' 参数：n_Flag
'	1:"yyyy-mm-dd hh:mm:ss"
'	2:"yyyy-mm-dd"
'	3:"hh:mm:ss"
'	4:"yyyy年mm月dd日"
'	5:"yyyymmdd"
Function Format_Time(s_Time, n_Flag)
	Dim y, m, d, h, mi, s
	Format_Time = ""
	If IsDate(s_Time) = False Then Exit Function
	y = cstr(year(s_Time))
	m = cstr(month(s_Time))
	If len(m) = 1 Then m = "0" & m
	d = cstr(day(s_Time))
	If len(d) = 1 Then d = "0" & d
	h = cstr(hour(s_Time))
	If len(h) = 1 Then h = "0" & h
	mi = cstr(minute(s_Time))
	If len(mi) = 1 Then mi = "0" & mi
	s = cstr(second(s_Time))
	If len(s) = 1 Then s = "0" & s
	Select Case n_Flag
	Case 1
		' yyyy-mm-dd hh:mm:ss
		Format_Time = y & "-" & m & "-" & d & " " & h & ":" & mi & ":" & s
	Case 2
		' yyyy-mm-dd
		Format_Time = y & "-" & m & "-" & d
	Case 3
		' hh:mm:ss
		Format_Time = h & ":" & mi & ":" & s
	Case 4
		' yyyy年mm月dd日
		Format_Time = y & "年" & m & "月" & d & "日"
	Case 5
		' yyyymmdd
		Format_Time = y & m & d
	End Select
End Function

' 得到安全字符串,在查询中使用
Function Get_SafeStr(str)
	Get_SafeStr = Replace(Replace(Replace(Trim(str), "'", ""), Chr(34), ""), ";", "")
End Function


call sql
%>