论坛: 网站建设 标题: 做个简单的ASP留言板 复制本贴地址    
作者: ranchuan [ranchuan]    版主   登录
<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>message board</title>
<style type="text/css">
<!--
.style1 {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 24px;
}
.style2 {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 9px;
}
.style3 {font-size: 12px}
.style4 {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 16px;
}
-->
</style>
<%
dim sohwmsg
dim message_id
function validate( input)  '字符检查函数
    bad_strings= array("'","select","union","insert","__")
for each i in bad_strings
if (instr(input,i))<>0 then
validate=true
exit function
end if
next
validate=false
    end function
function validate2(input , datetype) '定义字符集
    good_name_chars="abcdefghijklmnopqrstovwxyzABCDEFGHIJKLMNOPQRSTOVWXYZ0123456789'_"
good_pass_chars="abcdefghijklmnopqrstovwxyzABCDEFGHIJKLMNOPQRSTOVWXYZ0123456789"
good_email_chars="abcdefghijklmnopqrstovwxyzABCDEFGHIJKLMNOPQRSTOVWXYZ0123456789@_"
good_tel_chars="1234567890"
validate2=false
select case true

case datetype="name" or datetype="metiel"
for i = 1 to len(input)
c=mid(input,i,1)
if(instr(good_name_chars,c)=0) then
validate2=true
end if
next


case datetype="pass" or datetype="address"
for i = 1 to len(input)
c=mid(input,i,1)
if(instr(good_pass_chars,c)=0) then
validate2=true
end if
next


case datetype="Email"
dim mailx
dim c
dim lenx
mailx=0
lenx=len(input)
for i = 1 to lenx
c=mid(input,i,1)
if i>1 and i<lenx and c="@" then
mailx=mailx+1
end if


if(instr(good_email_chars,c)=0) and mailx=1 then
validate2=true
end if
next

case datetype="tel" or datetype= "QQ"
for i = 1 to len(input)
c=mid(input,i,1)
if(instr(good_tel_chars,c)=0) then
validate2=true
end if
next
end select
    end function

function escape(input) '替换掉危险字符
  input=replace(input,"'","''")
  escape=input
  end function
  set board = server.createobject("ADODB.connection")
      provider ="provider=microsoft.jet.OLEDB.4.0;"
      path=server.MapPath("RC.mdb")
  DBpath ="Data source ="& path
      board.open provider & DBpath
  set board_rs=server.CreateObject("ADODB.recordset")
  MYSQL="select * from board "
  board_rs.open MYSQL,board
 

%>
</head>

<body>
<center>

  <span class="style1">message  board</span>
  <table width="200" border="1" bordercolor="#CCCCCC">
<form name="message" method="post" action="board.asp">
      <tr><td bgcolor="#CCCCCC">
    <input name="message_title" type="text" size="47" maxlength="20">   
    </td>
      </tr>
<tr><td bgcolor="#CCCCCC">
<% dim sohw_id
  dim sohw_message
  sohw_id=request.QueryString("id")
  if sohw_id<>"" then
  board_rs.move sohw_id-1
  sohw_message=board_rs(4)
  else
  sohw_message=""
  end if
 
  %>
    <textarea name="message_word" cols="45" rows="12" wrap="VIRTUAL" id="message_word"><%=sohw_message %>
</textarea>
  <br>
    </td>
</tr>
    <tr><td bgcolor="#CCCCCC">
      <input name="enter" type="submit" id="enter" value="enter">
      <input type="reset" name="Submit2" value="reset">
      <br>
    </td></tr>
<tr>
  <td bgcolor="#CCCCCC">
    <span class="style3 style2"> user:
        <input name="user_word" type="text" id="user_word" size="10">
          <span class="style3 style2">pass: 
        <input name="pass_word" type="password" id="pass_word" size="10">   
        <input name="login" type="submit" id="login" value="login">
</td>
</tr>
    </form>
  </table>
  <span class="style2"><%=session("sohwmsg")%></span>
  <p><span class="style4">read message</span>  </p>
  <table width="653" border="1" bordercolor="#CCCCCC">
    <tr>

<%for i= 0 to board_rs.fields.count-2 %>
  <th width="185" align="center" scope="col"><span class="style3 style2">
  <% response.write board_rs(i).name%></span></th>
          <%next %>
   
</tr>

    <% message_id=1
 
  if    board_rs.eof  then
 
  else
  board_rs.movefirst
  do while not board_rs.eof %>
  <tr>
   
      <% dim msg_c
 
  for i= 0 to board_rs.fields.count-2 %>
      <td height="22"  bgcolor="#CCCCCC">&nbsp;<span class="style3 style2">
      <% if board_rs(i).name="message_title" then
  msg_c=board_rs(i)
  %>
  <a href="board.asp?id=<%=message_id%>"><% =msg_c%></a>
  <%
  else
  %>
 
  <% =board_rs(i)%>
  <%
  end if
  %>
        </span> </td>
              <%next
  msg_c="" %>
</tr>
<% board_rs.movenext
message_id=message_id+1
loop
end if%>
  </table>
  <p>&nbsp;</p>
<%
dim command_type
command_type=request.Form("enter")
select case  command_type

case "enter"


if session("username")=""then

session("sohwmsg")="please login"
else
dim message_word
dim user_name
dim message_title
dim board_time

message_word=request.Form("message_word")
message_title=request.Form("message_title")

user_name=session("username")
session("sohwmsg")=user_name&"<br>login succeed"
board_time=now()


    if    message_word=""  or  message_title=""  or  validate(message_word)  or validate(message_title)  then
     
 
        session("sohwmsg")="input mssage error"
response.Redirect("board.asp")
  else
 
      set board_command=server.createobject("ADODB.command")
  board_command.activeconnection=board
  MYSQL="INSERT INTO board values('2','df','fff','"&board_time&"','fccccc')"
  'MYSQL="INSERT INTO board values('"&message_id&"','"&user_name&"','"&message_title&"','"&board_time&"','"&message_word&"')"
  board_command.commandtext=MYSQL
  board_command.execute
  response.Redirect("board.asp")
  showmsg=""
 
   
  end if
  end if
case  else
      dim username
      dim password
      dim errormsg
  dim userlevel
  dim userdegree
'response.Write(command_type)
username=request.form("user_word")
password=request.form("pass_word")

username=escape(username)
password=escape(password)
  select case true '检查输入字符
  case  ( validate(username) or validate(password))
      session("sohwmsg")="user or pass error"
  response.Redirect("board.asp")
  case  (validate2(username,"name") or validate2(password,"pass"))
      session("sohwmsg")="user or pass errror"
    response.Redirect("board.asp")
  case  else '搜索用户
  set user = server.createobject("ADODB.connection")
      provider ="provider=microsoft.jet.OLEDB.4.0;"
      path=server.MapPath("RC.mdb")
  DBpath ="Data source ="& path
      user.open provider & DBpath
      set userdate =server.createobject("ADODB.recordset")
      MYSQL="select * from userdate where name='"&username&"' and pass='"&password&"' "
      userdate.open  MYSQL,user
 



      if  (userdate.eof) then
        if username<>"" or password<>""  then
            session("sohwmsg")="user or pass error"
response.Write(username)
response.Redirect("board.asp")
          end if

        else
      userlevel=userdate("level")
  userdegree=userdate("degree")+1
      session("username")=username
      session("password")=password
      session("userlevel")= userlevel
  session("userdegree")=userdegree
  set user_command=server.createobject("ADODB.command")
  user_command.activeconnection=user
  MYSQL="update userdate set degree='"&userdegree&"'where name='"&username&"'"
  user_command.commandtext=MYSQL
  user_command.execute
 
 
      response.Redirect("board.asp")


        end if
      end select
  end select

%>

</center>

</body>
</html>

地主 发表时间: 05-08-13 07:43

论坛: 网站建设

20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon

粤ICP备05087286号