📄 admin_chk.asp

📁 Art2008 CMS是一款具有强大的功能的基于ASP语言的网站管理软件
💻 ASP
字号:
<%
mdb="../../"
%>
<!--#include file = ../../admin_conn.asp -->
<%
function chkh(stra)
  stra=replace(stra,"<","&lt;")
  stra=replace(stra,">","&gt;")
  stra=replace(stra,"'","")
  stra=replace(stra,"(","（")
  stra=replace(stra,")","）")
  stra=replace(stra,";","；")
  stra=replace(stra,",","，")
  stra=replace(stra,"%","％")
  stra=replace(stra,"+","＋")
  chkh=stra
end function

dim UserName,PassWord,upload
dim rs,adminuser,adminpass,admindj,sql

adminuser=chkh(Request.Cookies(Art2008)("adminuser"))
adminpass=chkh(Request.Cookies(Art2008)("adminpass"))
admindj=chkh(Request.Cookies(Art2008)("admindj"))

UserName = chkh(Request.Cookies(Art2008)("UserName"))
PassWord= chkh(Request.Cookies(Art2008)("PassWord"))
upload= chkh(Request.Cookies(Art2008)("upload"))
	
if admindj="3" then
Call AdminReadonly()
end if	
	Select Case upload
			Case "admin"
				Call AdminCheck()
			Case "user"
				Call UserCheck()
			Case ""
			 response.write "<script>alert('对不起你非法操作！窗口即将关闭！');window.close();</Script>"
             Response.end
	End Select

sub AdminCheck() 

if adminuser="" or adminpass="" then
  Response.Redirect "../../admin/login.asp?id=8"
end if

sql = "select * from admin where [user]='"&adminuser&"' and [pass]='"&adminpass&"'"
Set rs = Server.CreateObject("ADODB.RecordSet")
rs.Open sql,conn,1,1
if rs.recordcount=0 then
  Response.Cookies(Art2008)("adminuser")=""
  Response.Cookies(Art2008)("adminpass")=""
  Response.Cookies(Art2008)("admindj")=""
  Response.Cookies(Art2008)("OSKEY")=""
  Response.cookies(Art2008)("purview")=""
  Response.Redirect "../../admin/login.asp?id=8" 

else
	Response.Cookies(Art2008)("admindj")=rs("dj")
	response.cookies(Art2008)("purview")=rs("purview")
    response.cookies(Art2008)("OSKEY")=rs("OSKEY")

end if
rs.close
set rs=nothing

end sub


sub UserCheck()
if UserName ="" or PassWord="" then
  Response.Redirect "../../user/login.asp"
end if
  sql = "select * from Art_User where UserName='" & UserName & "' And PassWord='" & PassWord & "'"
Set rs = Server.CreateObject("ADODB.RecordSet")
rs.Open sql,conn,1,1
if rs.recordcount=0 then
  Response.Cookies(Art2008)("UserName")=""
  Response.Cookies(Art2008)("PassWord")=""
  Response.Cookies(Art2008)("GroupID")=""
  Response.Redirect "../../user/login.asp" 
end if
rs.close
set rs=nothing
end sub


Sub AdminReadonly()
	Dim sPathInfo:sPathInfo = LCase(Request.ServerVariables("PATH_INFO"))
	If Request.Form <> "" Then
		Response.Write ("<script language=""Javascript""> alert('后台管理为只读模式，不能进行此操作。n/如果有什么问题，请联系管理员');history.back(-1);</script>")
		Response.End
		
	End If
	If LCase(Trim(Request("action"))) = "del" Or LCase(Trim(Request("action"))) = "delall" Or   LCase(Trim(Request("delid"))) <>""  Then
		Response.Write ("<script language=""Javascript""> alert('后台管理为只读模式，不能进行此操作。n/如果有什么问题，请联系管理员');history.back(-1);</script>")
		Response.End
	End If
End Sub

%>
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -