conn.asp

网站整站

<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>
<%
Session.CodePage=936
Response.Charset="gb2312"
Response.buffer=true
Const Version="V2.0"
Const Edition="免费版"
Const yecaocookies="YCMS"           '设置系统验证，要改成自己的密钥！
Const conndata="data/#YCMS#.mdb"       '设置数据库路径
Const backdata="data/#备份#.mdb"       '设置数据库备份路径
On Error Resume Next
mydata="Provider=Microsoft.Jet.OLEDB.4.0;Data Source="&Server.MapPath(conndata)
Set conn=Server.CreateObject("ADODB.Connection")
conn.Open mydata
If Err Then
err.Clear
set conn=nothing
YC("数据库连接出错，请检查连接字串!")
response.End
End If
Function closedata()
conn.close
set conn=nothing
end Function
function yecaosql()
sql_in=split("'|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare","|")
if request.querystring<>"" then
for each sql_get in request.querystring
for sql_data=0 to ubound(sql_in)
if instr(LCase(request.querystring(sql_get)),sql_in(sql_data))>0 then
response.redirect("error.asp?action=back&text="&server.urlencode("对不起！请不要在参数中包含非法字符尝试注入！"))
Response.End
end if
next
next
end if
end function
function YC_sql(sql)
if sql="" or isnull(sql) then
    YC_sql=""
   exit function
end if
YC_sql=conn.execute(sql)
end function
sub webopen()
if web="yes" then
response.Redirect"error.asp?action=stop&text="&webwords&"" 
response.End
end if
request_ip=request.servervariables("remote_addr")
re_ip=split(replace_ip,"|")
	for i=0 to ubound(re_ip)
	if right(re_ip(i),1)="*" then
	if left(re_ip(i),6)=left(request_ip,6) then
	YCGO("error.asp?action=stop&text="&server.urlencode("对不起，您所在的IP网段已经全部封锁！"))
	response.End
	end if
	elseif re_ip(i)=request_ip then
	YCGO("error.asp?action=stop&text="&server.urlencode("对不起，您的IP已封锁!"))
	response.End
	end if
	next
end sub
Function Encode(content)
dim tmp
tmp=content
tmp=replace(tmp,"<","&lt;")
tmp=replace(tmp,">","&gt")
tmp=replace(tmp,"'","")
tmp=replace(tmp,"char(34)","")
Encode=tmp
End Function
sub br()
YC("<table border='0'><tr><td height='5'></td></tr></table>")
end sub
sub mytable(tab)
set rs=server.CreateObject("adodb.recordset")
rs.open tab,conn,1,1
YC(rs.recordcount)
rs.close
set rs=nothing
end sub
function classdata(mode,tab,str)
if mode=1 then
sql="Select bigclass from ["&tab&"]  where bigclass="&str
elseif mode=2 then
sql="Select class from ["&tab&"]  where class="&str
else
sql="Select bigclass from ["&tab&"]  where bigclass="&str
end if
set rs=server.CreateObject("adodb.recordset")
rs.open sql,conn,1,1
YC(rs.recordcount)
rs.close
set rs=nothing
end function
function checkgetcode()
if logincode="yes" then
if CStr(Trim(Session("code")))<>CStr(Trim(Request.form("code"))) then
Session("code")=""
response.redirect("error.asp?action=back&text="&server.urlencode("对不起！请正确填写验证码！"))
Response.End
end if 
end if
end function
function replacetime(o,oo)
select case oo
case 1 
replacetime=""&year(o)&"年"&month(o)&"月"&day(o)&"日"
case 2 
replacetime=""&year(o)&"年"&month(o)&"月"&day(o)&"日"&hour(o)&"时"
case 3 
replacetime=""&year(o)&"年"&month(o)&"月"&day(o)&"日"&hour(o)&"时"&minute(o)&"分"
case 4 
replacetime=""&year(o)&"年"&month(o)&"月"&day(o)&"日"&hour(o)&"时"&minute(o)&"分"&second(o)&"秒"
case 5 
replacetime=""&hour(o)&"时"&minute(o)&"分"&second(o)&"秒"
case 6 
replacetime=""&year(o)&"/"&month(o)&"/"&day(o)&""
case 7 
replacetime=""&year(o)&"."&month(o)&"."&day(o)&""
case 8 
replacetime=""&year(o)&"-"&month(o)&"-"&day(o)&""
case else 
replacetime=""&year(o)&"/"&month(o)&"/"&day(o)&""
end select
end function
function YC_cut(str,strlen)
if str="" then
YC_cut=""
exit function
end if
dim l,t,c, i
l=len(str)
t=0
for i=1 to l
c=Abs(Asc(Mid(str,i,1)))
if c>255 then
t=t+2
else
t=t+1
end if
if t>=strlen then
YC_cut=left(str,i) & "…"
exit for
else
YC_cut=str
end if
next
YC_cut=YC_cut
end function
function YCMS(i)
Response.Write""&i&""&vbcrlf
end function
function YC(i)
Response.Write""&i&""
end function
function YCGO(i)
Response.redirect""&i&""
end function
function YC_post(postname,poststr,postclass,bigpostlenth,smallpostlenth)
dim post_sql
if bigpostlenth<>0 then
		if strLength(poststr)>bigpostlenth then
response.redirect("error.asp?action=back&text="&server.urlencode("["&postname&"] 的参数位数不能大于"&bigpostlenth&"位！"))
Response.End
		end if
end if
if smallpostlenth<>0 then
		if strLength(poststr)<smallpostlenth then
response.redirect("error.asp?action=back&text="&server.urlencode("["&postname&"] 的参数位数不能小于"&smallpostlenth&"位！"))
Response.End
		end if
end if
if postclass=0 then
	poststr=trim(replace(poststr,"'",""))
	if lcase(poststr)="<p>&nbsp;</p>" or lcase(poststr)="<p></p>" or lcase(poststr)="<br>" then
	poststr=""
	end if
	post_sql=split("'|<|>|%|$|;|chr(32)|chr(34)|chr(9)","|")
				for i=0 to ubound(post_sql) 
				if instr(poststr,post_sql(i))<>0 then 
response.redirect("error.asp?action=back&text="&server.urlencode("["&postname&"] 中含有非法字符！"))
Response.End
				end if 
				next
elseif postclass<>0 then
        if poststr="" then
response.redirect("error.asp?action=back&text="&server.urlencode("["&postname&"] 不能为空！"))
Response.End
		elseif not isnumeric(poststr) then
response.redirect("error.asp?action=back&text="&server.urlencode("["&postname&"] 不是数字型！"))
Response.End
		end if
else
response.redirect("error.asp?action=back&text="&server.urlencode("调用过程出错！请检查参数！"))
Response.End
end if
 YC_post=poststr
end function
sub hacker()
myurl=lcase(trim(request.ServerVariables("HTTP_REFERER")))
if myurl="" then
response.write "<script>alert('对不起！禁止进入后台页面！');</script>"
response.write "<script>location.href='index.asp';</script>"
Response.End
else
outurl=trim("http://"&Request.ServerVariables("SERVER_NAME"))
if mid(myurl,len(outurl)+1,1)=":" then
outurl=outurl & ":"&Request.ServerVariables("SERVER_PORT")
end if
outurl=lcase(outurl&request.ServerVariables("SCRIPT_NAME"))
if lcase(left(myurl,instrrev(myurl,"/")))<>lcase(left(outurl,instrrev(outurl,"/"))) then
response.write "<script>alert('对不起！系统禁止搞外连接！')</script>"
response.write "<script>location.href='index.asp';</script>"
Response.End
end if
end if
end sub
Function RBD(o)
o=Replace(o,"'","")
o=Replace(o," ","")
o=Replace(o,"&","")
o=Replace(o,"(","")
o=Replace(o,"\","")
o=Replace(o,"/","")
o=Replace(o,".","")
o=Replace(o,"^","")
o=Replace(o,"$","")
o=Replace(o,"?","")
o=Replace(o,"[","")
o=Replace(o,"]","")
o=Replace(o,"#","")
o=Replace(o,"*","")
o=Replace(o,"%","")
o=Replace(o,"|","")
o=Replace(o,"-","")
o=Replace(o,"+","")
o=Replace(o,"<","")
o=Replace(o,">","")
o=Replace(o,";","")
o=Replace(o,":","")
o=Replace(o,"CHAR(32)","")
o=Replace(o,"CHAR(34)","")
o=Trim(Replace(o,")",""))  
RBD=o
End Function
sub addcolor()%>
<select name="color" class="yecao">
<option value="#000000" selected>黑色</option>
<option value="#FF0000">红色</option>
<option value="#0000FF">蓝色</option>
<option value="#FF8000">橙色</option>
<option value="#00C600">绿色</option>
<option value="#8080C0">紫色</option>
<option value="#FF0080">洋红</option>
</select>
<%end sub
sub editcolor()%>
<select name="color" class="yecao">
<option value="#000000" <%if rs("color")="#000000" then YC("selected")%>>黑色</option>
<option value="#FF0000" <%if rs("color")="#FF0000" then YC("selected")%>>红色</option>
<option value="#0000FF" <%if rs("color")="#0000FF" then YC("selected")%>>蓝色</option>
<option value="#FF8000" <%if rs("color")="#FF8000" then YC("selected")%>>橙色</option>
<option value="#00C600" <%if rs("color")="#00C600" then YC("selected")%>>绿色</option>
<option value="#8080C0" <%if rs("color")="#8080C0" then YC("selected")%>>紫色</option>
<option value="#FF0080" <%if rs("color")="#FF0080" then YC("selected")%>>洋红</option>
</select>
<%end sub
function addexper(num,who)
if who=0 then
sql="update [YC_user] set user_exper=user_exper+"&num&",user_all=user_all+1 where user_name='"&username&"'"
else
sql="update [YC_user] set user_exper=user_exper+"&num&",user_all=user_all+1 where user_name='"&superuser&"'"
end if
conn.execute(sql)
end function

dim userid,username,useradmin,userpass,userlogin,superlogin,supername,superuser,superadmin,supertype
userid=DecodeCookie(Request.Cookies(yecaocookies)("userid"))
username=DecodeCookie(Request.Cookies(yecaocookies)("username"))
userpass=DecodeCookie(Request.Cookies(yecaocookies)("userpass"))
useradmin=DecodeCookie(Request.Cookies(yecaocookies)("useradmin"))
superlogin=trim(session("superlogin"))
supername=trim(session("supername"))
superuser=trim(session("superuser"))
superadmin=trim(session("superadmin"))
supertype=cint(session("supertype"))
%>