<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%> <% Response.Charset="gb2312" Session.CodePage=936 Response.ExpiresAbsolute = Now() - 1 Response.Expires = 0 Response.AddHeader "Pragma", "No-Cache" %> <% Dim Rs,Conn,SqlConnectionString,Righttrue,SqlCount,UserTrue,MaxP,Territory SqlCount=0'初始化数据库查询次数 '###############设置开始 凯林斯顿提醒您 请一定要注意按提示修改，否则会出错#################### Const WebAdd="http://www.520soso.com/dj" '网站域名，如：http://www.520soso.com 后面不要加上 "/" Const WebDir="/dj/" '网站目录，如果直接放在根目录则为"/",放别的目录如"/geren1.0/",注意最后要加"/" Const admindir="/dj/Kalinston_1989_/" '后台目录，请在修改了后台目录名后修改此处,后面加"/" Const DbPath="/dj/data/NetsysDataKalinston.asp" '数据库文件名与路径,为了数据库安全，建议更名！ '###############设置结束#################### '以下内容无需修改 Const WebName="企业相册管理系统 8.0" '软件名称 Const WebName1="企业相册" '简称 Const keyword1="企业相册,视频展示,相册程序,凯林斯顿" '关键词 Const const1="企业相册管理系统8.0 凯林斯顿·版权所有" '描述 Const CopyRight="www.520soso.com" '网站版本 '以下为 Const WebDesign="凯林斯顿" '520soso.com Const ListNum=6 '分页时每页显示记录数 UserTrue=false Righttrue=true Territory="http://"&Request.ServerVariables("HTTP_HOST") SqlConnectionString="DBQ="+server.mappath(WebDir & DbPath)+";DRIVER={Microsoft Access Driver (*.mdb)};" On Error resume next Set conn= Server.CreateObject("ADODB.Connection") conn.open SqlConnectionString If Err Then err.Clear Set Conn = Nothing Response.Write "数据库连接出错，您设置的数据库：
相对路径为:" & WebAdd &WebDir & DbPath & ",
绝对路径为:"& server.mappath(WebDir & DbPath) &"。
请检查数据库路径是否正确!请仔细配置 Include/Config.asp 文件中的 Const WebDir ,Const DbPath 参数设置。" Response.End End If Set Joleo=New MainClass '函数记取前缀 ''''--------防注入定义部份------------------ Dim Fy_Post,Fy_Get,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr ''''自定义需要过滤的字串,用 "防" 分隔 Fy_In = "''''防;防and防exec防insert防select防delete防update防count防%防chr防mid防master防truncate防char防declare防<防>防=" Fy_Inf = split(Fy_In,"防") If Request.QueryString<>"" Then For Each Fy_Get In Request.QueryString For Fy_Xh=0 To Ubound(Fy_Inf) If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then Response.Write "" Response.Write "非法操作！本站已经给大侠您做了如下记录↓
" Response.Write "操作IP："&Request.ServerVariables("REMOTE_ADDR")&"
" Response.Write "操作时间："&Now&"
" Response.Write "操作页面："&Request.ServerVariables("URL")&"
" Response.Write "提交方式：GET
" Response.Write "提交参数："&Fy_Get&"
" Response.Write "提交数据："&Request.QueryString(Fy_Get) Response.End End If Next Next End If Function DelStr(Str) If IsNull(Str) Or IsEmpty(Str) Then Str= "" End If DelStr=Replace(Str,"'","") DelStr=Replace(DelStr,"&","") DelStr=Replace(DelStr,"%20","") DelStr=Replace(DelStr,"<","") DelStr=Replace(DelStr,">","") DelStr=Replace(DelStr,"%","") End Function Function leftString(str, length) Dim x, y, i, s s = str x = Len(str) y = 0 If x >= 1 Then For i = 1 To x If Asc(Mid(str, i, 1)) < 0 Or Asc(Mid(str, i, 1)) > 255 Then y = y + 2 Else y = y + 1 End If If y >= length Then s = Left(str, i) s=s&"..." Exit For End If Next End If leftString = s End Function '=======用途去掉编辑过的文章内容=========' Function cutStr(str,strlen) '=======去掉所有HTML标记=========' Dim re Set re=new RegExp re.IgnoreCase =True re.Global=True re.Pattern="<(.[^>]*)>" str=re.Replace(str," ") set re=Nothing Dim l,t,c,i l=Len(str) t=0 For i=1 to l c=Abs(Asc(Mid(str,i,1))) If c>255 Then t=t+2 Else t=t+1 End If If t>=strlen Then cutStr=left(str,i)&"..." Exit For Else cutStr=str End If Next cutStr=Replace(cutStr,chr(10),"") cutStr=Replace(cutStr,chr(13),"") cutStr=Replace(cutStr,chr(32),"") End Function Sub aspsql() SQL_injdata = "'|;|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare" SQL_inj = split(SQL_Injdata,"|") If Request.Form<>"" Then For Each Sql_Post In Request.Form For SQL_Data=0 To Ubound(SQL_inj) if instr(Request.Form(Sql_Post),Sql_Inj(Sql_DATA))>0 Then response.write "" response.end end if next next end if If Request.QueryString<>"" Then For Each SQL_Get In Request.QueryString For SQL_Data=0 To Ubound(SQL_inj) if instr(Request.QueryString(SQL_Get),Sql_Inj(Sql_DATA))>0 Then response.write "" response.end end if next Next end If end sub sub buyok_check_path() server_v1=lcase(Cstr(Request.ServerVariables("HTTP_REFERER"))) server_v2=lcase(Cstr(Request.ServerVariables("SERVER_NAME"))) if mid(server_v1,8,len(server_v2))<>server_v2 then response.write "" response.end end if End Sub %> <% Function ChkLogin(MemberID) set rs=server.createobject("adodb.recordset") sql="select * from Netsys_Member where MemberID="&MemberID&"" rs.open sql,conn,1,1 if rs.eof then Response.Cookies("Netsys")("MemberID")="" Response.Cookies("Netsys")("MemberName")="" Response.Cookies("Netsys")("MemberPass")="" Response.Redirect "Login.asp" Response.End() else NowMemberPass = rs("MemberPass") end if rs.close set rs=nothing if trim(MemberPass)<>trim(NowMemberPass) then Response.Cookies("Netsys")("MemberID")="" Response.Cookies("Netsys")("MemberName")="" Response.Cookies("Netsys")("MemberPass")="" response.redirect "Login.asp" response.end end if End Function 'Function PointsLogin() ' 'End Function %> <% set os=server.CreateObject("adodb.recordset") os.open "select * from web_conn",conn,1,1 %>