20CN网络安全小组论坛 - 网站建设 - 大家帮我看看这段代码里面有没有用户名和密码！

论坛: 网站建设标题: 大家帮我看看这段代码里面有没有用户名和密码！

作者: xiaolelv [xiaolelv]

论坛用户

<title><%=webname%>-管理员选项</title>
<%
dim founderr,errmsg
founderr=false
errmsg=""

if session("adminlogin")<>sessionvar then
founderr=true
errmsg=errmsg+" "+"<li>你尚未登录，或者超时了！请<a href='admin.asp'>重新登录</a>！"
call diserror()
response.end
else
if request.form("MM_insert") then

if request.form("action")="modpass" then
dim adminname,oldpwd,adminpwd,confirm
adminname=trim(replace(request.form("adminname"),"'",""))
oldpwd=trim(replace(request.form("oldpwd"),"'",""))
adminpwd=trim(replace(request.form("adminpwd"),"'",""))
confirm=trim(replace(request.form("confirm"),"'",""))
if adminname="" then
founderr=true
errmsg=errmsg+" "+"<li>你必须输入管理员名称！"
end if
if oldpwd="" then
founderr=true
errmsg=errmsg+" "+"<li>你必须输入旧的管理员密码！"
end if
if adminpwd="" then
founderr=true
errmsg=errmsg+" "+"<li>你必须输入新的管理员密码！"
end if
if adminpwd<>confirm then
founderr=true
errmsg=errmsg+" "+"<li>你两次输入的管理员密码不相同！"
end if
if founderr then
call diserror()
response.end
else
openadmin
sql="select * from admin where admin_name='"&adminname&"' and admin_password='"&oldpwd&"'"
set rs=server.createobject("adodb.recordset")
rs.open sql,conn,1,3
if rs.eof then
errmsg=errmsg+" "+"<li>管理员名称或密码错误！"
call diserror()
response.end
else
rs("admin_password")=adminpwd
rs.update
rs.close
set rs=nothing
end if
end if
end if
if request.form("action")="newadmin" then
adminname=trim(replace(request.form("adminname"),"'",""))
adminpwd=trim(replace(request.form("adminpwd"),"'",""))
confirm=trim(replace(request.form("confirm"),"'",""))
if adminname="" then
founderr=true
errmsg=errmsg+" "+"<li>你必须输入管理员名称！"
end if
if adminpwd="" then
founderr=true
errmsg=errmsg+" "+"<li>你必须输入管理员密码！"
end if
if adminpwd<>confirm then
founderr=true
errmsg=errmsg+" "+"<li>你两次输入的管理员密码不相同！"
end if
if founderr then
call diserror()
response.end
else
openadmin
sql="select * from admin"
set rs=server.createobject("adodb.recordset")
rs.open sql,conn,1,3
rs.addnew
rs("admin_name")=adminname
rs("admin_password")=adminpwd
rs.update
rs.close
set rs=nothing
response.redirect "admin_admin.asp?action=admin"
end if
end if
if request.form("action")="editadmin" then
if request.Form("id")="" then
founderr=true
errmsg=errmsg+" "+"<li>你必须指定操作的对象！"
else
if not isInteger(request.form("id")) then
founderr=true
errmsg=errmsg+" "+"<li>非法的文章分类id参数。"
end if
end if
adminname=trim(replace(request.form("adminname"),"'",""))
adminpwd=trim(replace(request.form("adminpwd"),"'",""))
confirm=trim(replace(request.form("confirm"),"'",""))
if adminname="" then
founderr=true
errmsg=errmsg+" "+"<li>你必须输入管理员名称！"
end if
if adminpwd="" then
founderr=true
errmsg=errmsg+" "+"<li>你必须输入管理员密码！"
end if
if adminpwd<>confirm then
founderr=true
errmsg=errmsg+" "+"<li>你两次输入的管理员密码不相同！"
end if
if founderr then
call diserror()
response.end
else
openadmin
sql="select * from admin where admin_id="&request.form("id")
set rs=server.createobject("adodb.recordset")
rs.open sql,conn,1,3
rs("admin_name")=adminname
rs("admin_password")=adminpwd
rs.update
rs.close
set rs=nothing
response.redirect "admin_admin.asp?action=admin"
end if
end if
if request.form("action")="deladmin" then
if request.Form("id")="" then
founderr=true
errmsg=errmsg+" "+"<li>你必须指定操作的对象！"
else
if not isInteger(request.form("id")) then
founderr=true
errmsg=errmsg+" "+"<li>非法的文章分类id参数。"
end if
end if
if founderr then
call diserror()
response.end
else
openadmin
sql="select * from admin where admin_id="&request.form("id")
set rs=server.createobject("adodb.recordset")
rs.open sql,conn,1,3
rs.delete
rs.close
set rs=nothing
response.redirect "admin_admin.asp?action=admin"
end if
end if

end if

call admin_nav()
call adminadmin_body()
call adminendpage()
end if
%>

地主发表时间: 04-07-30 11:49