chk.asp

BS在线文件管理系统,采用asp编程,实现了对文件的简单管理,并且有比较方便的各种功能的实现.-BS online document management system, using asp prog

<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>
<!--#include file="inc/function.asp"-->
<!--#include file="inc/driver.asp"-->
<!--#include file="inc/conn.asp"-->
<!--#include file="inc/md5.asp"-->
<%
'-------------------------获取表单数据
 admin = trim(lcase(request("admin")))
 pwd = trim(lcase(request("pwd")))
 order = trim(lcase(request("type")))
 thedir = trim(lcase(request("dir")))
 dir = replace(thedir,"|","\|")
 exten = trim(lcase(request("exten")))
'---------
 if right(dir,1) <> "\" then
	dir = dir&"\"
 end if
'---------
 chk = request("chk")
 if request("super1") = "1" then
 	super1 = true
 else
 	super1 = false
 end if
 '------------------------
 if admin = "" or order = "" then
	response.write("<meta http-equiv='Content-Type' content='text/html; charset=gb2312'>")
	response.write("<script language=javascript>alert(""非法请求！"");")
	response.write("self.close();</script>")
	response.end
 end if
	Select Case order
		Case "login"
		title="登录"
  		Case "modify"
		title="修改密码或权限"
  		Case "add"
		title="添加管理员"
		Case "del"
		title="删除管理员"
	End Select
'---------------
if title="" then
title="非法或无效请求！"
end if
'----------------------------------------------检验请求目录有效性
If session("admin") and order <> "del" then
    '----------------过滤非法字符
    dir=GetPathWith(dir)
    '----------------检测是否是有效路径
    myPath = Split(dir, "|")
    For each subDir in myPath
	'----------------检测是否是有效路径
	if not CheckCorrectPath(subDir) then
	    response.write("<meta http-equiv='Content-Type' content='text/html;charset=gb2312'>")
	    response.write("<script language=javascript>")
	    response.write("alert(""请求包含非有效目录或包含非法字符！"");")
	    response.write("self.close();")
	    response.write("</script>")
	    response.end
	end if
    Next
End If
%>
<html>
<head>
<title><%=title%>--<%=name%>--[By BrightStar]</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<Meta Name="description" Content="BS在线文件管理系统">
<Meta Name="Keywords" Content="BS在线文件管理系统">
<meta http-equiv="pragma" content="no-cache">
<link href="styles.css" rel="stylesheet" type="text/css">
</head>
<body bgcolor="#CCCCCC" leftmargin="0" topmargin="0">
<table height="110" width="280" border="0" align="center" cellpadding="1" cellspacing="0">
  <tr><td align="center" height="90" valign="middle">
<font color="ff0000"> 
<% if order <> "" then 
set rs=CreateObject("ADODB.Recordset")
	Select Case order
		Case "login"
		theChk = session("chk")
		if md5(chk) <> theChk then
			response.Write("非法数据来源[验证码不正确]！")
		else
		rs.open "select * from admin where admin='"&admin&"'", conn,3,3
		if not rs.eof and not rs.bof then
		    If pwd = md5(rs("pwd")&theChk) Then
			session("adminlogin") = rs("admin")
			session("dir") = rs("dir")
			session("exten") = rs("exten")
			if rs("super")=false then
				session("admin") = false
			else
				session("admin") = true
			end if
				if request("goindex") = 1 then
					session("goindex") = true
				end if
			response.Write("登录成功！")
			session("chk")=""
		    Else
			response.Write("密码错误！")
		    End If
		else
			session("theName")=admin
			response.Write("登录失败！管理员不存在！")
		end if
		rs.close()
		set rs = nothing
		set conn = nothing
		end if
  		Case "modify"
		rs.open "select * from admin where admin='"&admin&"'", conn,3,3
		if not rs.eof then
		    if admin <> session("adminlogin") and rs("super") then
			response.write("你没有修改其它超级管理员资料的权限！")
		    else
			if admin = session("adminlogin") or session("admin") then
			rs("byWhoModify") = session("adminlogin")
			if pwd<>"" then
				rs("pwd") = pwd
			end if
			if dir <> "" and session("admin") then
				rs("dir") = dir
				rs("exten") = exten
				if session("adminlogin") = rs("admin") then
				    session("dir") = dir
				end if
			end if
			if session("admin") and admin <> session("adminlogin") then
				rs("super")= super1
			end if
			rs.update
				response.Write("修改设置成功！")
			else
				response.Write("非法数据来源！")
			end if
		    end if
		else
			response.Write("该管理员不存在！修改失败！")
		end if
		rs.close()
		set rs = nothing
		set conn = nothing
  		Case "add"
		if session("adminlogin")<>"" and session("admin") then
		rs.open "select * from admin where admin='"&admin&"'", conn,3,3
		if rs.eof then
			rs.addnew
			rs("admin")=admin
			rs("pwd")=pwd
			rs("dir")=dir
			rs("byWhoModify")=session("adminlogin")
			rs("byWhoAdd")=session("adminlogin")
			rs("exten")=exten
			rs("super")=super1
			rs.update()
			response.Write("管理员已经添加成功！")
		else
			response.Write("此管理员已经存在！")
		end if
		rs.close()
		set rs = nothing
		set conn = nothing
		else
			response.Write("非法数据来源或没有权限！")
		end if
		Case "del"
		if session("adminlogin")<>"" and session("admin") then
		rs.open "select * from admin where admin='"&admin&"' and pwd='"&pwd&"'", conn,3,3
		if not rs.eof and not rs.bof then
		    If admin = session("adminlogin") Then
			response.Write("不能删除当前管理员！")
		    Else
			rs.delete()
			response.Write("删除管理员成功！")
		    End If
		else
		    response.Write("此管理员不存在或密码不正确！")
		end if
		rs.close()
		set rs = nothing
		set conn = nothing
		else
			response.Write("非法数据来源或没有权限！")
		end if
		Case else
			response.write("非法或无效请求！")
	End Select
 else
	response.write("非法或无效请求！")
 end if %>
</font>
  </td></tr>
  <tr>
    <td align=center height=20>
<input type="button" name="Button" value=" 确 定 " onclick="window.close();" class="button"></td>
  </tr>
</table>
<table width="280" border="0" align="center" cellpadding="1" cellspacing="0">
  <tr>
    <td height="10"></td>
  </tr>
</table>
<table width="280" border="0" align="center" cellpadding="1" cellspacing="0">
  <tr>
    <td bgcolor="#ccaacc" height="1"></td>
  </tr>
  <tr>
    <td height="5"></td>
  </tr>
  <tr> 
    <td align="center"><%=copyright%></td>
  </tr>
</table>
</body>
<Script language="javascript">
<!--//
	window.opener.location.reload();
//-->
</Script>
</html>