zisha1.asp

网佳网络办公系统（以下简称OA）是一套基于B/S模式的无纸化办公系统。[显著特点：无须安装客户端] 主要功能模块：管理 公文 车辆 通知 档案 值班 人事 审批 仓库 主界面 软件下载 个

<%
ip=Request.ServerVariables("REMOTE_ADDR")
wenti=Request.form("wenti")
key=Request.form("key")
pass=Request.form("pass")
say=Request.form("say")
say=trim(say)
say=server.HTMLEncode(say)
username=Session("hxf_u_nickname")
if username="" then Response.Redirect "error.asp?id=440"
if request.form("pass")="" then response.redirect "error.asp?id=128"
if Request.form("say")="" then response.redirect "error.asp?id=484"
if InStr(pass,"=")<>0 or InStr(pass,"`")<>0 or InStr(pass,"'")<>0 or InStr(pass," ")<>0 or InStr(pass,"　")<>0 or InStr(pass,"'")<>0 or InStr(pass,chr(34))<>0 or InStr(pass,"\")<>0 or InStr(pass,",")<>0 or InStr(pass,"<")<>0 or InStr(pass,">")<>0 then Response.Redirect "error.asp?id=121"
if InStr(say,"=")<>0 or InStr(say,"`")<>0 or InStr(say,"'")<>0 or InStr(say," ")<>0 or InStr(say,"　")<>0 or InStr(say,"'")<>0 or InStr(say,chr(34))<>0 or InStr(say,"\")<>0 or InStr(say,",")<>0 or InStr(say,"<")<>0 or InStr(say,">")<>0 then Response.Redirect "error.asp?id=121"

ydl=1
if Instr(LCase(Application("hxf_c_useronlinename"))," "&LCase(username)&" ")=0 then ydl=0
if ydl=1 then
 Response.Redirect "error.asp?id=140"
end if
yzc=0
temppass=StrReverse(left(pass&"zxcvbnm,./",10))
templen=len(pass)
mmpassword=""
for j=1 to 10
 mmpassword=mmpassword+chr(asc(mid(temppass,j,1))-templen+int(j*1.1))
next
pass=replace(mmpassword,"'","B")
pass=replace(pass," ","a")
'校验用户
Set conn=Server.CreateObject("ADODB.CONNECTION")
Set rs=Server.CreateObject("ADODB.RecordSet")
connstr=Application("hg_connstr")
conn.open connstr
sql="SELECT * FROM 用户 WHERE 姓名='" & username & "' and 密码='" & pass & "' "
Set Rs=conn.Execute(sql)
If Rs.Bof OR Rs.Eof Then
	Response.Redirect "error.asp?id=164"
	conn.close
else
'sql="SELECT * FROM 用户 WHERE 姓名='" & username & "' and 密码='" & pass & "' "
sql="SELECT * FROM 用户 WHERE 姓名='" & username & "' and 密码='" & pass & "' and ljl_pwd='" & wenti & "' and ljl_key='" & key & "' "
Set Rs=conn.Execute(sql)
If Rs.Bof OR Rs.Eof Then
	Response.Redirect "error.asp?id=165"
	conn.close
else
        sql="update  用户 set 状态='无' WHERE 姓名='"&username&"'"
	conn.execute sql
	sql="update 物品 set 装备=false,数值=0,拥有者='无' where 拥有者='"&username&"'"
	conn.execute sql
        sql="update 卡片拥有 set 数值=0,拥有者='无' where 拥有者='"&username&"'"
	conn.execute sql
	sql="insert into 人命(死者,时间,凶手,死因) values ('" & username & "',now(),'" & ip & "','自杀')"
	conn.execute sql
	conn.close
	mess="["&username & "]“"&say&"”"
Application.Lock
sd=Application("hxf_c_sd")
line=int(Application("hxf_c_line"))
Application("hxf_c_line")=line+1
	for i=1 to 171
	  sd(i)=sd(i+9)
	next
	sd(172)=line
	sd(173)=1
	sd(174)=0
	sd(175)="消息"
	sd(176)="大家"
	sd(177)="660099"
	sd(178)="660099"
	sd(179)="对"
    sd(180)="<marquee><font color=red>【自杀】"& mess &"</font></marquee>"
Application("hxf_c_sd")=sd
Application.UnLock
end if
end if
Session("hxf_u_inthechat")="0"
Session.Abandon
Session("hxf_u_nickname")=""
response.redirect "jj2.asp"
%>