ye_admin_sql.asp

类似于baidu的百度知道

<!--#include file=Neeao_SqlIn.Asp-->
<!--#include file=../Config.asp-->
<!--#include file=Ye_Up.asp-->
<link href=ht.css rel=stylesheet type=text/css>

<br>
<%
Server.ScriptTimeout	=500						
UserPass				= sqladminpass
URL						= Request.ServerVariables("URL")
Action					= Request("Action")

dim conn,connstr 
'On Error Resume Next
Set conn = Server.CreateObject("ADODB.Connection")
connstr="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath("../"&sqldbPath&sqldbname)
conn.Open connstr
If Err Then
	err.Clear
	Set conn = Nothing
	Response.Write "数据库连接出错，请检查连接字串。"
	Response.End
End If

If Session("AdminPassWord")<>UserPass Then
  If Request.Form("LPass")<>"" Then
    If Request.Form("LPass")=UserPass Then
      Session("AdminPassWord")=UserPass
      Call Main()
    Else
	 response.write"验证失败！"
    End If
  Else
	Call Login()
  End If
  Response.End
Else
	If Action="del" Then
		Call Delip()
	ElseIf Action="lock" Then
		Call lockIP()
	ElseIf Action="unlock" Then
		Call UnLockip()
	ElseIf Action="Logout" Then
		Call Logout()
	Else
		Call Main()
	End If
End If

Sub Login()
	%>
	<table border="1" width="500" height="140" bgcolor="#DDDDDD" cellpadding="3" bordercolorlight="#000000" bordercolordark="#F2F2F9" cellspacing="0" align=center>
<tr>
<td width="100%" height="30%" bgcolor="#808080"><p align="center">
<font color="#FFFFFF" face="Verdana" style="font-size: 9pt"><B>问吧SQL防注入系统管理登陆</B></font></td>
</tr>
<tr>
<td width="100%" height="70%"><form method="POST" action="<%=URL%>">
<center><p><font face="Verdana">
  <span style="font-size: 9pt">Password: <input type="password" name="LPass"
size="20" style="background-color:#DDDDDD; border-left: none; border-right: none; border-top: none; border-bottom: solid 1px"> 
<input type="submit" value="Login" name="B1" style="border: thin outset"></span></font></p>
      </center>
    </form>
    </td>
  </tr>
  <tr>
	<TD align="center"></TD>
  </tr>
</table>
    <table width="500" border="0" align="center" cellpadding="0" cellspacing="0">
      <tr>
        <td><font color="#990000" size="2"></td>
      </tr>
    </table>     
<%
End Sub

Sub Delip()
dim id 
id = clng(request("id"))
conn.execute("delete from SqlIn where id="&id)
Call Main()
End sub

Sub Lockip()
id = clng(request("id"))
conn.execute("update SqlIn set Kill_ip=true where id="&id)
Call Main()
End sub

Sub UnLockip()
id = clng(request("id"))
conn.execute("update SqlIn set Kill_ip=False where id="&id)
Call Main()
End sub

Sub Logout()
	Session("AdminPassWord")="NUll"
	Response.Redirect URL
End Sub

Sub Main()
%>
  <style type="text/css">
<!--

table {
	font: 14px Tahoma, Verdana, "宋体";
}
a:link, a:visited {
	text-decoration: none;
	color: #036;
	font-family: Tahoma, Verdana, "宋体";
}
a:hover {
	text-decoration: none;
	color: #F90;
	font-family: Tahoma, Verdana, "宋体";
}
-->
</style>

    <table width="90%" border="1" align="center" cellpadding="0" cellspacing="0">
<tr align=center bgcolor=#efefef>
<%
sql="select * from SqlIn order by id desc"
set rs=server.createobject("adodb.recordset")
rs.open sql,conn,1,1
if rs.eof and rs.bof then
	response.write "暂无内容"
else
'分页的实现 
listnum=10
Rs.pagesize=listnum
page=Request("page")
if (page-Rs.pagecount) > 0 then
page=rs.pagecount
elseif page = "" or page < 1 then
page = 1
end if
rs.absolutepage=page
'编号的实现
j=rs.recordcount
j=j-(page-1)*listnum
i=0
nn=request("page")
if nn="" then
n=0
else
nn=nn-1
n=listnum*nn
end if%>
 <td width="5%" height=20>编号</td>
 <td width="10%"><font color=red>操作ＩＰ</font></td>
 <td width="10%">是否锁定</td>
 <td width="20%">操作页面</td>
 <td width="10%">操作时间</td>
 <td width="10%">提交方式</td>
 <td width="10%">提交参数</td>
 <td width="10%">提交数据</td>
 <td width="10%">操作</td>
</tr>
<%do while not rs.eof and i<listnum
n=n+1%>
<tr align=center height=22>
 <td><%=n%></td>
 <td><%=rs("SqlIn_IP")%>
</td>
<td><%	if rs("Kill_ip")=true then 
			response.write "<font color='red'>已锁定</font>"
		else
			response.write "<font color='green'>已解锁</font>"
		end if
	%></td>
 <td><%=rs("SqlIn_WEB")%></td>
 <td><%=rs("SqlIn_TIME")%></td>
 <td><%=rs("SqlIn_FS")%></td>
 <td><%=rs("SqlIn_CS")%></td>
 <td><%=rs("SqlIn_SJ")%></td>
 <td><a href=<%=URL%>?action=del&id=<%=rs("id")%>>删除</a>&nbsp;
 <%	if rs("Kill_ip")=false then 
			response.write "<a href="&URL&"?action=unlock&id="&rs("id")&">解锁IP</a>"
		else
			response.write "<a href="&URL&"?action=lock&id="&rs("id")&">锁定IP</a>"
		end if
	%>
 
 </td>
</tr>
<%rs.movenext 
i=i+1 
j=j-1
loop%>
<tr>
<%filename=URL%>
<td colspan=9 align=right><%=Rs.recordcount%> 条记录&nbsp;&nbsp;<%=listnum%> 条记录/页&nbsp;&nbsp;共 <%=rs.pagecount%> 页 
      <% if page=1 then %>
      <%else%>
      <a href=<%=filename%>><strong>|<<</strong></a>
      <a href=<%=filename%>?page=<%=page-1%>><strong><<</strong></a>
      <a href=<%=filename%>?page=<%=page-1%>><b>[<%=page-1%>]</b></a>
      <%end if%><% if rs.pagecount=1 then%><%else%><b>[<%=page%>]</b><%end if%>
	  <% if rs.pagecount-page <> 0 then %>
      <a href=<%=filename%>?page=<%=page+1%>><b>[<%=page+1%>]</b></a>
      <a href=<%=filename%>?page=<%=page+1%>><strong>>></strong></a>
      <a href=<%=filename%>?page=<%=rs.pagecount%>><strong>>>|</strong></a>
	  <%end if%></td>
<%end if%></tr> 
</table>
<TABLE width="90%" border="0" align="center" cellpadding="0" cellspacing="0">
<TR>
	<TD width="10%"></TD>
	<TD align="center"></TD>
	<TD width="10%"><a href=<%=filename%>?action=Logout>退出</a></TD>
</TR>
</TABLE>
<%
end sub
%>
<br><!--#include file=Ye_End.asp-->