chklogin.asp

统管理：初始设置

<!--#include file="boardconn.asp"-->
<!--#include file="style/sql.asp" -->
<!--#include file="function.asp"-->
<!--#include file="ction.asp"-->
<!--#include file="style/MD5.asp" -->
<%
server_v1=Cstr(Request.ServerVariables("HTTP_REFERER"))
server_v2=Cstr(Request.ServerVariables("SERVER_NAME"))
if mid(server_v1,8,len(server_v2))<>server_v2 then
response.write "<br><br><center><table border=1 cellpadding=20 bordercolor=black bgcolor=#EEEEEE width=450>"
response.write "<tr><td style=font:9pt Verdana>"
response.write "<center><font face=Georgia,Tahoma size=2><u>友好提示：服务器禁止非法操作...</u></font></center>"
response.write "</td></tr></table></center>"
response.end
end if
%>
<%
fqys=request.servervariables("query_string") 
dim nothis(18) 
nothis(0)="net user" 
nothis(1)="xp_cmdshell" 
nothis(2)="/add" 
nothis(3)="exec%20master.dbo.xp_cmdshell" 
nothis(4)="net localgroup administrators" 
nothis(5)="select" 
nothis(6)="count" 
nothis(7)="asc" 
nothis(8)="char" 
nothis(9)="mid" 
nothis(10)="'" 
nothis(11)=":" 
nothis(12)="""" 
nothis(13)="insert" 
nothis(14)="delete" 
nothis(15)="drop" 
nothis(16)="truncate" 
nothis(17)="from" 
nothis(18)="%" 
errc=false 
for i= 0 to ubound(nothis) 
if instr(FQYs,nothis(i))<>0 then 
errc=true 
end if 
next 
if errc then 
response.write "<br><br><center><table border=1 cellpadding=20 bordercolor=black bgcolor=#EEEEEE width=450>"
response.write "<tr><td style=font:9pt Verdana>"
response.write "<center><font face=Georgia,Tahoma size=2><u>友好提示：服务器禁止非法操作...</u></font></center>"
response.write "</td></tr></table></center>"
response.end 
end if 
%>
<%
	if not IsNumeric(request("verifycode")) then
		rs.close
		set rs=nothing
		Response.Write ("<script>alert('友好提示！\n\n登陆验证码必须是数字...');history.back();</script>")
		Response.end
	end if

	if (int(session("SafeCode"))<>int(request("verifycode"))) then
		rs.close
		set rs=nothing
		Response.Write ("<script>alert('友好提示！\n\n登陆验证码错误...');history.back();</script>")
		Response.end
	end if
%>
<%
Dim username,password
username=replace(trim(Request.form("username")),"'","‘")
password=replace(trim(Request.form("password")),"'","‘")

If username="" or password="" Then
	Response.Write ("<script>alert('友好提示！\n\n管理员帐号和密码未填...');history.back();</script>")
	Response.end
End If

if Instr(username,">")>0 or Instr(username,"<")>0 or Instr(username,"=")>0 or Instr(username,"%")>0 or Instr(username,chr(32))>0 or Instr(username,"?")>0 or Instr(username,"&")>0 or Instr(username,";")>0 or Instr(username,",")>0 or Instr(username,"'")>0 or Instr(username,chr(34))>0 or Instr(username,chr(9))>0 or Instr(username,"