hacksql.asp

生成html的ASP企业站点,可以进行二次开发的

<HTML xmlns="http://www.w3.org/1999/xhtml">
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=gb2312" />
<TITLE>防注入记录</TITLE>
<link rel="stylesheet" href="Images/Admin.css">
<script language="javascript" src="../Script/Admin.js"></script>
</HEAD>
<!--#include file="../Include/Const.asp" -->
<!--#include file="../Include/ConnSiteData.asp" -->
<!--#include file="CheckAdmin.asp"-->
<BODY>
<%
Dim quanxian
quanxian=trim(Request.ServerVariables(name))

if Instr(session("AdminPurview"),"|39,")=0 then 
    response.write ("<br><br><div align=""center""><font style=""color:red; font-size:9pt; "")>您没有管理该模块的权限！</font></div>")
  response.end
end if
'========判断是否具有管理权限
%>
<%dim  Action
Action = Request("Action")

If Action="del" Then
		Call Delip()
ElseIf Action="lock" Then
		Call lockIP()
ElseIf Action="unlock" Then
		Call UnLockip()
ElseIf Action="Logout" Then
		Call Logout()
Else
		Call Main()
End If

Sub Delip()
conn.execute("delete from LiangJingCMS_NoHackSql where SqlIn_ID="&request("SqlIn_ID"))
Call Main()
End sub

Sub Lockip()
conn.execute("update LiangJingCMS_NoHackSql set Kill_ip=true where SqlIn_ID="&request("SqlIn_ID"))
Call Main()
End sub

Sub UnLockip()
conn.execute("update LiangJingCMS_NoHackSql set Kill_ip=False where SqlIn_ID="&request("SqlIn_ID"))
Call Main()
End sub

Sub Main()
%>
<BODY>
<br>
<table class="tableborder" width="95%" border="0" align="center" cellpadding="3" cellspacing="1">
  <form action="DelContent.asp?Result=NoHackSql" method="post" name="formDel" >
    <tr>
      <td width="36" nowrap class="title">ID</th>
      <td width="100" height="24" nowrap class="title">操作IP</td>
	  <td width="120" nowrap class="title">是否锁定</td>
      <td width="120" nowrap class="title">操作页面</td>
      <td width="120" nowrap class="title">操作时间</td>
      <td width="60" nowrap class="title">提交方式</td>
      <td width="80" nowrap class="title">提交参数</td>
      <td nowrap class="title">提交数据</td>
	  <td width="100" nowrap class="title">操作</td>
      <td width="70" nowrap class="title">
      选择
      </td>
    </tr>
	<% HackSqlInList() %>
  </form>
</table>
</body>
</html> 
<% End Sub %>
<%
'-----------------------------------------------------------
function HackSqlInList()
  dim idCount'记录总数
  dim pages'每页条数
      pages=20
  dim pagec'总页数
  dim page'页码
      page=clng(request("Page"))
  dim pagenc '每页显示的分页页码数量=pagenc*2+1
      pagenc=2
  dim pagenmax '每页显示的分页的最大页码
  dim pagenmin '每页显示的分页的最小页码
  dim datafrom'数据表名
      datafrom="LiangJingCMS_NoHackSql"
  dim datawhere'数据条件
      datawhere=""
  dim sqlid'本页需要用到的id
  dim Myself,PATH_INFO,QUERY_STRING'本页地址和参数
      PATH_INFO = request.servervariables("PATH_INFO")
	  QUERY_STRING = request.ServerVariables("QUERY_STRING")'
      if QUERY_STRING = "" or Instr(PATH_INFO & "?" & QUERY_STRING,"Page=")=0 then
	    Myself = PATH_INFO & "?"
	  else
	    Myself = Left(PATH_INFO & "?" & QUERY_STRING,Instr(PATH_INFO & "?" & QUERY_STRING,"Page=")-1)
	  end if
  dim taxis'排序的语句
      taxis="order by SqlIn_ID desc"
  dim i'用于循环的整数
  dim rs,sql'sql语句
  '获取记录总数
  sql="select count(SqlIn_ID) as idCount from ["& datafrom &"]" & datawhere
  set rs=server.createobject("adodb.recordset")
  rs.open sql,conn,0,1
  idCount=rs("idCount")
  '获取记录总数

  if(idcount>0) then'如果记录总数=0,则不处理
    if(idcount mod pages=0)then'如果记录总数除以每页条数有余数,则=记录总数/每页条数+1
	  pagec=int(idcount/pages)'获取总页数
   	else
      pagec=int(idcount/pages)+1'获取总页数
    end if
	'获取本页需要用到的id============================================
    '读取所有记录的id数值,因为只有id所以速度很快
    sql="select SqlIn_ID from ["& datafrom &"] " & datawhere & taxis
    set rs=server.createobject("adodb.recordset")
    rs.open sql,conn,1,1
    rs.pagesize = pages '每页显示记录数
    if page < 1 then page = 1
    if page > pagec then page = pagec
    if pagec > 0 then rs.absolutepage = page  
    for i=1 to rs.pagesize
	  if rs.eof then exit for  
	  if(i=1)then
	    sqlid=rs("SqlIn_ID")
	  else
	    sqlid=sqlid &","&rs("SqlIn_ID")
	  end if
	  rs.movenext
    next
  '获取本页需要用到的id结束============================================
  end if
'-----------------------------------------------------------
'-----------------------------------------------------------
  if(idcount>0 and sqlid<>"") then'如果记录总数=0,则不处理
    '用in刷选本页所语言的数据,仅读取本页所需的数据,所以速度快
    sql="select * from ["& datafrom &"] where SqlIn_ID in("& sqlid &") "&taxis
    set rs=server.createobject("adodb.recordset")
    rs.open sql,conn,0,1
    while(not rs.eof)'填充数据到表格
	  Response.Write "<tr bgcolor='#eafefe' onMouseOver = ""this.style.backgroundColor = '#FFFFFF'"" onMouseOut = ""this.style.backgroundColor = ''"" style='cursor:hand'>" & vbCrLf
      Response.Write "<td nowrap>"&rs("SqlIn_ID")&"</td>" & vbCrLf
      Response.Write "<td nowrap>"&rs("SqlIn_IP")&"</td>" & vbCrLf
	  Response.Write "<td nowrap>"
	  if rs("Kill_ip")=true then 
			response.write "<font color='red'>已锁定</font>"
		else
			response.write "<font color='green'>已解锁</font>"
		end if
	  Response.Write "</td>"
      Response.Write "<td nowrap>"&rs("SqlIn_WEB")&"</td>" & vbCrLf
      Response.Write "<td nowrap>"&rs("SqlIn_TIME")&"</td>" & vbCrLf
      Response.Write "<td nowrap>"&rs("SqlIn_FS")&"</td>" & vbCrLf
	  if len(rs("SqlIn_CS"))>13 then
        Response.Write "<td nowrap title='说明：&#13;"&rs("SqlIn_CS")&"'>"&left(rs("SqlIn_CS"),10)&"...</td>" & vbCrLf
      else
        Response.Write "<td nowrap title='说明：&#13;"&rs("SqlIn_CS")&"'>"&rs("SqlIn_CS")&"</td>" & vbCrLf
      end if
	  if len(rs("SqlIn_SJ"))>24 then
        Response.Write "<td nowrap title='说明：&#13;"&rs("SqlIn_SJ")&"'>"&left(rs("SqlIn_SJ"),21)&"...</td>" & vbCrLf
      else
        Response.Write "<td nowrap title='说明：&#13;"&rs("SqlIn_SJ")&"'>"&rs("SqlIn_SJ")&"</td>" & vbCrLf
      end if 
	  Response.Write "<td nowrap><a href=?action=del&SqlIn_ID="&rs("SqlIn_ID")&">删除</a>&nbsp;"
      if rs("Kill_ip")=True then 
	   response.write "<a href='?action=unlock&SqlIn_ID="&rs("SqlIn_ID")&"'>解锁IP</a>"
	  else
	   response.write "<a href='?action=lock&SqlIn_ID="&rs("SqlIn_ID")&"'>锁定IP</a>"
	  end if
	  response.write "</td>"
 	  Response.Write "<td nowrap><input name='selectID' type='checkbox' value='"&rs("SqlIn_ID")&"' style='HEIGHT: 13px;WIDTH: 13px;'></td>" & vbCrLf
      Response.Write "</tr>" & vbCrLf
	  rs.movenext
    wend
    Response.Write "<tr>" & vbCrLf
    Response.Write "<td colspan='10' nowrap  align=""right"" bgcolor='#eafefe'><input type=""submit"" name=""batch"" value=""批量锁定"" onClick=""return test();""> <input type=""submit"" name=""batch"" value=""批量解锁"" onClick=""return test();""> <input onClick=""CheckAll(this.form)"" name=""buttonAllSelect"" type=""button"" id=""submitAllSearch"" value=""全选""> <input onClick=""CheckOthers(this.form)"" name=""buttonOtherSelect"" type=""button"" id=""submitOtherSelect"" value=""反选""> <input name='batch' type='submit' value='删除所选' onClick='ConfirmDel(""是否确定删除？删除后不能恢复！"");'></td>" & vbCrLf
    Response.Write "</tr>" & vbCrLf
  else
    response.write "<tr><td height='50' align='center' colspan='10' nowrap  bgcolor='#eafefe'>暂无注入操作记录</td></tr>"
  end if
'-----------------------------------------------------------
'-----------------------------------------------------------
  Response.Write "<tr>" & vbCrLf
  Response.Write "<td colspan='10' nowrap  bgcolor='#bbe5e5'>" & vbCrLf
  Response.Write "<table width='100%' border='0' align='center' cellpadding='0' cellspacing='0'>" & vbCrLf
  Response.Write "<tr>" & vbCrLf
  Response.Write "<td>共计：<font color='#ff6600'>"&idcount&"</font>条记录&nbsp;页次：<font color='#ff6600'>"&page&"</font></strong>/"&pagec&"&nbsp;每页：<font color='#ff6600'>"&pages&"</font>条</td>" & vbCrLf
  Response.Write "<td align='right'>" & vbCrLf
  '设置分页页码开始===============================
  pagenmin=page-pagenc '计算页码开始值
  pagenmax=page+pagenc '计算页码结束值
  if(pagenmin<1) then pagenmin=1 '如果页码开始值小于1则=1
  if(page>1) then response.write ("<a href='"& myself &"Page=1'><font style='FONT-SIZE: 14px; FONT-FAMILY: Webdings'>9</font></a>&nbsp;") '如果页码大于1则显示(第一页)
  if(pagenmin>1) then response.write ("<a href='"& myself &"Page="& page-(pagenc*2+1) &"'><font style='FONT-SIZE: 14px; FONT-FAMILY: Webdings'>7</font></a>&nbsp;") '如果页码开始值大于1则显示(更前)
  if(pagenmax>pagec) then pagenmax=pagec '如果页码结束值大于总页数,则=总页数
  for i = pagenmin to pagenmax'循环输出页码
	if(i=page) then
	  response.write ("&nbsp;<font color='#ff6600'>"& i &"</font>&nbsp;")
	else
	  response.write ("[<a href="& myself &"Page="& i &">"& i &"</a>]")
	end if
  next
  if(pagenmax<pagec) then response.write ("&nbsp;<a href='"& myself &"Page="& page+(pagenc*2+1) &"'><font style='FONT-SIZE: 14px; FONT-FAMILY: Webdings'>8</font></a>&nbsp;") '如果页码结束值小于总页数则显示(更后)
  if(page<pagec) then response.write ("<a href='"& myself &"Page="& pagec &"'><font style='FONT-SIZE: 14px; FONT-FAMILY: Webdings'>:</font></a>&nbsp;") '如果页码小于总页数则显示(最后页)	
  '设置分页页码结束===============================
  Response.Write "跳到：第&nbsp;<input name='SkipPage' onKeyDown='if(event.keyCode==13)event.returnValue=false' onchange=""if(/\D/.test(this.value)){alert('只能在跳转目标页框内输入整数！');this.value='"&Page&"';}"" style='HEIGHT: 18px;WIDTH: 40px;'  type='text' class='textfield' value='"&Page&"'>&nbsp;页" & vbCrLf
  Response.Write "<input style='HEIGHT: 18px;WIDTH: 20px;' name='submitSkip' type='button' class='button' onClick='GoPage("""&Myself&""")' value='GO'>" & vbCrLf
  Response.Write "</td>" & vbCrLf
  Response.Write "</tr>" & vbCrLf
  Response.Write "</table>" & vbCrLf
  rs.close
  set rs=nothing
  Response.Write "</td>" & vbCrLf  
  Response.Write "</tr>" & vbCrLf
'-----------------------------------------------------------
'-----------------------------------------------------------
end function 
%>