save.asp

强大的网站

<!--#include file=conn.asp-->
<!--#include file="chkuser.asp" -->
<!--#include file=../include/config.asp-->
<!--#include file="../include/md5.asp"-->
<!--#include file="char.inc"-->
<%
IF request.cookies("KEY")="" THEN
response.redirect "index_face.asp"
response.end
else
usernamecookie=CheckStr(request.cookies("UserName"))
passwdcookie=replace(trim(Request.cookies("passwd")),"'","''")
KEYcookie=replace(trim(request.cookies("KEY")),"'","''")
if usernamecookie="" or passwdcookie="" then
response.redirect "login.asp"
response.end
else
'判断用户的合法性
  set rs=server.createobject("adodb.recordset")
  sql="select * from admin where username='"&usernamecookie&"'"
  rs.open sql,conn,1,1
  if rs.eof and rs.bof then
             response.redirect "login.asp"
            response.end
         end if
  IF passwdcookie<>rs("passwd") THEN
          response.redirect "login.asp"
           response.end
      END IF
   '下面判断用户级别实际在有用户级别是都应该判断
   if KEYcookie<>rs("OSKEY") then
      response.redirect "index_face.asp"
      response.end
    end if
           rs.close
           set rs=nothing
END IF
END IF

dim sql
dim rs
dim fullname
dim passwd,passwd1
dim question
dim answer,answer1
dim username
dim email
dim sex
dim birthyear,birthmonth,birthday
dim content
dim tel
dim depid
dim depname
dim deptype
dim photo
username=CheckStr(trim(request("username")))
fullname=htmlencode(request.form("fullname"))
passwd=htmlencode(request.form("passwd"))
passwd1=md5(trim(request.form("passwd")))
question=htmlencode(request.form("question"))
answer=htmlencode(request.form("answer"))
answer1=md5(trim(request.form("answer")))
sex=htmlencode(request.form("sex"))
birthyear=request.form("birthyear")
birthmonth=request.form("birthmonth")
birthday=request.form("birthday")
email=htmlencode(request.form("email"))
depid=request.form("depid")
content=htmlencode(request.form("content"))
tel=htmlencode(request.form("tel"))
photo=request.form("photo")
if Instr(request("username"),"=")>0 or Instr(request("username"),"%")>0 or Instr(request("username"),chr(32))>0 or Instr(request("username"),"?")>0 or Instr(request("username"),"&")>0 or Instr(request("username"),";")>0 or Instr(request("username"),",")>0 or Instr(request("username"),"'")>0 or Instr(request("username"),",")>0 or Instr(request("username"),chr(34))>0 or Instr(request("username"),chr(9))>0 or Instr(request("username"),"