📄 powereasy.common.security.asp
字号:
<%
'**************************************************************
' Software name: PowerEasy SiteWeaver
' Web: http://www.powereasy.net
' Copyright (C) 2005-2008 佛山市动易网络科技有限公司 版权所有
'**************************************************************
'**************************************************
'函数名:PE_CBool
'作 用:将字符转为布尔弄变量
'参 数:strBool---- 字符
'返回值:True/False
'**************************************************
Function PE_CBool(strBool)
If strBool = True Or LCase(Trim(strBool)) = "true" Or LCase(Trim(strBool)) = "yes" Or Trim(strBool) = "1" Then
PE_CBool = True
Else
PE_CBool = False
End If
End Function
'**************************************************
'函数名:PE_CLng
'作 用:将字符转为整型数值
'参 数:str1 ---- 字符
'返回值:如果传入的参数不是数值,返回0,其他情况返回对应的数值
'**************************************************
Function PE_CLng(ByVal str1)
If IsNumeric(str1) Then
PE_CLng = Fix(CDbl(str1))
Else
PE_CLng = 0
End If
End Function
'**************************************************
'函数名:PE_CLng1
'作 用:将字符转为整型数值
'参 数:str1 ---- 字符
'返回值:如果传入的参数不是数值,返回1,其他情况返回对应的数值
'**************************************************
Function PE_CLng1(ByVal str1)
If IsNumeric(str1) Then
PE_CLng1 = CLng(str1)
If PE_CLng1 <= 0 Then PE_CLng1 = 1
Else
PE_CLng1 = 1
End If
End Function
'**************************************************
'函数名:PE_CDbl
'作 用:将字符转为双精度数值
'参 数:str1 ---- 字符
'返回值:如果传入的参数不是数值,返回0,其他情况返回对应的数值
'**************************************************
Function PE_CDbl(ByVal str1)
If IsNumeric(str1) Then
PE_CDbl = CDbl(str1)
Else
PE_CDbl = 0
End If
End Function
'**************************************************
'函数名:PE_CDate
'作 用:将字符转为日期
'参 数:str1 ---- 字符
'返回值:如果参数不是日期型字符,则返回当前时间,否则返回对应的日期型数据
'**************************************************
Function PE_CDate(ByVal str1)
If IsDate(str1) Then
PE_CDate = CDate(str1)
Else
PE_CDate = Now
End If
End Function
'**************************************************
'函数名:EncodeIP
'作 用:将IP地址转为数字
'参 数:Sip ---- IP地址
'返回值:数字
'**************************************************
Function EncodeIP(sip)
Dim strIP
strIP = Split(sip, ".")
If UBound(strIP) < 3 Then
EncodeIP = 0
Exit Function
End If
If IsNumeric(strIP(0)) = False Or IsNumeric(strIP(1)) = False Or IsNumeric(strIP(2)) = False Or IsNumeric(strIP(3)) = False Then
sip = 0
Else
sip = CSng(strIP(0)) * 256 * 256 * 256 + CLng(strIP(1)) * 256 * 256 + CLng(strIP(2)) * 256 + CLng(strIP(3)) - 1
End If
EncodeIP = sip
End Function
'**************************************************
'函数名:
'作 用:
'参 数:
'返回值:
'**************************************************
'白名单的端点可以访问和黑名单的端点将不允许访问。
Function ChecKIPlock(ByVal sLockType, ByVal sLockList, ByVal sUserIP)
Dim IPlock, rsLockIP
Dim arrLockIPW, arrLockIPB, arrLockIPWCut, arrLockIPBCut
IPlock = False
ChecKIPlock = IPlock
Dim i, sKillIP
If sLockType = "" Or IsNull(sLockType) Then Exit Function
If sLockList = "" Or IsNull(sLockList) Then Exit Function
If sUserIP = "" Or IsNull(sUserIP) Then Exit Function
sUserIP = CDbl(EncodeIP(sUserIP))
rsLockIP = Split(sLockList, "|||")
If sLockType = 4 Then
arrLockIPB = Split(Trim(rsLockIP(1)), "$$$")
For i = 0 To UBound(arrLockIPB)
If arrLockIPB(i) <> "" Then
arrLockIPBCut = Split(Trim(arrLockIPB(i)), "----")
IPlock = True
If CDbl(arrLockIPBCut(0)) > sUserIP Or sUserIP > CDbl(arrLockIPBCut(1)) Then IPlock = False
If IPlock Then Exit For
End If
Next
If IPlock = True Then
arrLockIPW = Split(Trim(rsLockIP(0)), "$$$")
For i = 0 To UBound(arrLockIPW)
If arrLockIPW(i) <> "" Then
arrLockIPWCut = Split(Trim(arrLockIPW(i)), "----")
IPlock = True
If CDbl(arrLockIPWCut(0)) <= sUserIP And sUserIP <= CDbl(arrLockIPWCut(1)) Then IPlock = False
If IPlock Then Exit For
End If
Next
End If
Else
If sLockType = 1 Or sLockType = 3 Then
arrLockIPW = Split(Trim(rsLockIP(0)), "$$$")
For i = 0 To UBound(arrLockIPW)
If arrLockIPW(i) <> "" Then
arrLockIPWCut = Split(Trim(arrLockIPW(i)), "----")
IPlock = True
If CDbl(arrLockIPWCut(0)) <= sUserIP And sUserIP <= CDbl(arrLockIPWCut(1)) Then IPlock = False
If IPlock = False Then Exit For
End If
Next
End If
If IPlock = False And (sLockType = 2 Or sLockType = 3) Then
arrLockIPB = Split(Trim(rsLockIP(1)), "$$$")
For i = 0 To UBound(arrLockIPB)
If arrLockIPB(i) <> "" Then
arrLockIPBCut = Split(Trim(arrLockIPB(i)), "----")
IPlock = True
If CDbl(arrLockIPBCut(0)) > sUserIP Or sUserIP > CDbl(arrLockIPBCut(1)) Then IPlock = False
If IPlock Then Exit For
End If
Next
End If
End If
ChecKIPlock = IPlock
End Function
'**************************************************
'函数名:IsValidEmail
'作 用:检查Email地址合法性
'参 数:email ----要检查的Email地址
'返回值:True ----Email地址合法
' False ----Email地址不合法
'**************************************************
Function IsValidEmail(Email)
regEx.Pattern = "^\w+((-\w+)|(\.\w+))*\@[A-Za-z0-9]+((\.|-)[A-Za-z0-9]+)*\.[A-Za-z0-9]+$"
IsValidEmail = regEx.Test(Email)
End Function
'**************************************************
'函数名:IsValidStr
'作 用:检查字符是否在有效范围内
'参 数:str ----要检查的字符
'返回值:True ----字符合法
' False ----字符不合法
'**************************************************
Function IsValidStr(ByVal str)
Dim i, c
For i = 1 To Len(str)
c = LCase(Mid(str, i, 1))
If InStr("abcdefghijklmnopqrstuvwxyz1234567890", c) <= 0 Then
IsValidStr = False
Exit Function
End If
Next
If IsNumeric(Left(str, 1)) Then
IsValidStr = False
Else
IsValidStr = True
End If
End Function
'**************************************************
'函数名:IsValidJsFileName
'作 用:检查是否是有效的JS文件名
'参 数:str ----要检查的字符
'返回值:True ----文件名合法
' False ----文件名不合法
'**************************************************
Function IsValidJsFileName(ByVal str, ByVal ContentType)
Dim i, c
For i = 1 To Len(str)
c = LCase(Mid(str, i, 1))
If InStr("abcdefghijklmnopqrstuvwxyz_1234567890.", c) <= 0 Then
IsValidJsFileName = False
Exit Function
End If
Next
If ContentType = 0 Then
If LCase(Right(str, 3)) <> ".js" Then
IsValidJsFileName = False
Else
IsValidJsFileName = True
End If
Else
If LCase(Right(str, 5)) <> ".html" Then
IsValidJsFileName = False
Else
IsValidJsFileName = True
End If
End If
End Function
'**************************************************
'函数名:ReplaceBadChar
'作 用:过滤非法的SQL字符
'参 数:strChar-----要过滤的字符
'返回值:过滤后的字符
'**************************************************
Function ReplaceBadChar(strChar)
If strChar = "" Or IsNull(strChar) Then
ReplaceBadChar = ""
Exit Function
End If
Dim strBadChar, arrBadChar, tempChar, i
strBadChar = "+,',%,^,&,?,(,),<,>,[,],{,},/,\,;,:," & Chr(34) & "," & Chr(0) & ",--"
arrBadChar = Split(strBadChar, ",")
tempChar = strChar
For i = 0 To UBound(arrBadChar)
tempChar = Replace(tempChar, arrBadChar(i), "")
Next
tempChar = Replace(tempChar, "@@", "@")
ReplaceBadChar = tempChar
End Function
'**************************************************
'函数名:ReplaceUrlBadChar
'作 用:过滤Url中非法的SQL字符
'参 数:strChar-----要过滤的字符
'返回值:过滤后的字符
'**************************************************
Function ReplaceUrlBadChar(strChar)
If strChar = "" Or IsNull(strChar) Then
ReplaceUrlBadChar = ""
Exit Function
End If
Dim strBadChar, arrBadChar, tempChar, i
strBadChar = "+,',(,),<,>,[,],{,},\,;," & Chr(34) & "," & Chr(0) & ",--"
arrBadChar = Split(strBadChar, ",")
tempChar = strChar
For i = 0 To UBound(arrBadChar)
tempChar = Replace(tempChar, arrBadChar(i), "")
Next
tempChar = Replace(tempChar, "@@", "@")
ReplaceUrlBadChar = tempChar
End Function
'=================================================
'函数名:ReplaceBadUrl
'作 用:过滤非法Url地址函数
'=================================================
Function ReplaceBadUrl(ByVal strContent)
regEx.Pattern = "(a|%61|%41)(d|%64|%44)(m|%6D|4D)(i|%69|%49)(n|%6E|%4E)(\_|%5F)(.*?)(.|%2E)(a|%61|%41)(s|%73|%53)(p|%70|%50)"
Set Matches = regEx.Execute(strContent)
For Each Match In Matches
strContent = Replace(strContent, Match.value, "")
Next
regEx.Pattern = "(u|%75|%55)(s|%73|%53)(e|%65|%45)(r|%72|%52)(\_|%5F)(.*?)(.|%2E)(a|%61|%41)(s|%73|%53)(p|%70|%50)"
Set Matches = regEx.Execute(strContent)
For Each Match In Matches
strContent = Replace(strContent, Match.value, "")
Next
ReplaceBadUrl = strContent
End Function
'**************************************************
'函数名:CheckBadChar
'作 用:检查是否包含非法的SQL字符
'参 数:strChar-----要检查的字符
'返回值:True ----字符合法
' False ----字符不合法
'**************************************************
Function CheckBadChar(strChar)
Dim strBadChar, arrBadChar, i
strBadChar = "@@,+,',%,^,&,?,(,),<,>,[,],{,},/,\,;,:," & Chr(34) & ",--"
arrBadChar = Split(strBadChar, ",")
If strChar = "" Then
CheckBadChar = False
Else
For i = 0 To UBound(arrBadChar)
If InStr(strChar, arrBadChar(i)) > 0 Then
CheckBadChar = False
Exit Function
End If
Next
End If
CheckBadChar = True
End Function
Function CheckUserBadChar(strChar)
Dim strBadChar, arrBadChar, i
strBadChar = "',%,^,&,?,(,),<,>,[,],{,},/,\,;,:," & Chr(34) & ",*,|,"",.,#"
arrBadChar = Split(strBadChar, ",")
If strChar = "" Then
CheckUserBadChar = False
Else
For i = 0 To UBound(arrBadChar)
If InStr(strChar, arrBadChar(i)) > 0 Then
CheckUserBadChar = False
Exit Function
End If
Next
End If
CheckUserBadChar = True
End Function
'**************************************************
'函数名:CheckValidStr
'作 用:检查数组中有无相同的字符
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -