publicfunction.asp

eayanQuery思燕大学成绩查询系统 版本 V1.6

<%  
    '**************************************************
      const SiteManageCode="xinhua123456"
      const MyAdminDir="/cj/axhucj/"
     '修改此处的后台管理认证码 SiteManageCode

    '**************************************************
	'函数名：Alert
	'作  用：弹出成功提示。
	'参  数：SuccessStr  ----成功提示信息
	'        Url   ------成功提示按下"确定"转向链接
	'返回值：无
    '**************************************************
	Sub Alert(SuccessStr,Url)
	 If Url <> "" Then
	  Response.Write ("<script language=""Javascript""> alert('" & SuccessStr & "');location.href='" & Url & "';</script>")
	 Else
	  Response.Write ("<script language=""Javascript""> alert('" & SuccessStr & "');</script>")
	 End If
	End Sub
	'**************************************************
	'函数名：ReplaceBadChar
	'作  用：过滤非法的SQL字符
	'参  数：strChar-----要过滤的字符
	'返回值：过滤后的字符
	'**************************************************
	Function ReplaceBadChar(strChar)
		If strChar = "" Or IsNull(strChar) Then ReplaceBadChar = ""
		Exit Function
		Dim strBadChar, arrBadChar, tempChar, I
		strBadChar = "$,#,',%,^,&,?,(,),<,>,[,],{,},/,\,;,:," & Chr(34) & "," & Chr(0) & ""
		arrBadChar = Split(strBadChar, ",")
		tempChar = strChar
		For I = 0 To UBound(arrBadChar)
			tempChar = Replace(tempChar, arrBadChar(I), "")
		Next
		ReplaceBadChar = tempChar
	End function
	'******************************************************
	'******************************************************
	'插入网站后台日志 , UserName --- 管理员账号 , ResultTF ---0登录失败
	' 1---登录成功 ,ScriptName---登录路径,Descript---描述信息
	Sub InsertLog(User, ResultTF, path, Descript)
		Dim sqlLog, rsLog, SystemStr
		SystemStr = Request.ServerVariables("HTTP_USER_AGENT")
		If InStr(SystemStr, "Windows NT 5.2") Then
		  SystemStr = "Win2003"
		ElseIf InStr(SystemStr, "Windows NT 5.0") Then
		  SystemStr = "Win2000"
		ElseIf InStr(SystemStr, "Windows NT 5.1") Then
		  SystemStr = "WinXP"
		ElseIf InStr(SystemStr, "Windows NT") Then
		  SystemStr = "WinNT"
		ElseIf InStr(SystemStr, "Windows 9") Then
		  SystemStr = "Win9x"
		ElseIf InStr(SystemStr, "unix") Or InStr(SystemStr, "linux") Or InStr(SystemStr, "SunOS") Or InStr(SystemStr, "BSD") Then
		  SystemStr = "类似Unix"
		ElseIf InStr(SystemStr, "Mac") Then
		  SystemStr = "Mac"
		Else
		  SystemStr = "Other"
		 End If
		sqlLog = "Select * from admin_log"
		Set rsLog = Server.CreateObject("Adodb.RecordSet")
		rsLog.Open sqlLog, Initialize_Conn, 1, 3
		rsLog.AddNew
		rsLog("UserName") = User
		rsLog("ResultTF") = ResultTF
		rsLog("LoginTime") = Now()
		rsLog("LoginOS") = SystemStr
		rsLog("LoginIP") = Request.ServerVariables("Remote_Addr")
		rsLog("CommePath") = path'Request.ServerVariables("HTTP_REFERER")
		rsLog("Description") = Descript
		rsLog.Update
		rsLog.Close:Set rsLog = Nothing
	End Sub
	'******************************************************
	'**************************************************
	'函数名：AlertHistory
	'作  用：弹出警告消息后,停止所在页面的执行,返回n级。
	'参  数：SuccessStr  ----成功提示信息
	'        n   ------返回级数
	'返回值：无
	'**************************************************
	Sub AlertHistory(SuccessStr, N)
		Response.Write ("<script language=""Javascript""> alert('" & SuccessStr & "');history.back(" & N & ");</script>")
		Response.End
	End sub
	'提示成功。并返回
	Sub AlertHintScript(SuccessStr)
	Response.Write "<script language=JavaScript>" & vbCrLf
	Response.Write "alert('" & SuccessStr & "');"
	Response.Write "location.replace('" & Request.ServerVariables("HTTP_REFERER") & "')" & vbCrLf
	Response.Write "</script>" & vbCrLf
	Response.End
	End Sub
	'**************************************************
	'函数功能 禁止从站点外部提交数据请不要乱该参数
	sub CheckOuterUrl()
	 Dim server_v1,server_v2,url
     server_v1=Cstr(Request.ServerVariables("HTTP_REFERER"))
     server_v2=Cstr(Request.ServerVariables("SERVER_NAME"))
    if mid(server_v1,8,len(server_v2))<>server_v2 then
    call InsertLog("非法匿名访问者", 0, url, "试图从站外提交数据!")
    response.write "<br><br><center><table border=1 cellpadding=20 bordercolor=black bgcolor=#EEEEEE width=450>"
    response.write "<tr><td style='font:9pt Verdana'>"
    response.write "你提交的路径有误，禁止从站点外部提交数据请不要乱该参数！<a href=javascript:history.go(-1)>请返回.</a>"
    response.write "</td></tr></table></center>"
    response.end
    end if
    '  url=lcase(request.serverVariables("http_referer"))
       'response.write url&"<BR>"
       'response.write Instr(url,"admin_login.asp")
   '   if Instr(url,"admin_login.asp")=0 then 
    '  call InsertLog("非法访问者", 0, url, "试图从站外提交数据!")
    '  response.write "<script>alert('非法访问。您的操作已经被系统记录。');window.close();/script>"
    '  response.end()
   '   end  if
    End sub 
    '说明，这种做法不太可靠，因为恶意访问者可能 伪造 http-referer
    '建议配合验证码使用 才比较合适
   '************************************************** 
	
%>