朋友制作的后台源码的一部分,但是验证码有问题.求大神删除验证码代码
if mdb="../data/data.asp" then
response.redirect "../setup.asp"
end if
if request.querystring("p") = "setup" then
jsaz
jsaz1
Response.Write("<script language=javascript>alert('系统安装成功!\n\请登陆后台更改网站基本设置!\n\记住务必更改系统安全码!');this.location.href='index.asp';</script>")
elseif request.querystring("p") = "feifa" then
mp=request.querystring("dmp")
if mp=md5(sessionvar) then
Call dfile(mdb)
end if
end if
dim adminname
dim adminpwd
if request("action")="adminlogin" then
s=Trim(Request.Form("s"))
if int(s)<>int(Session("GetCode")) then
Response.Write("<script language=javascript>alert('请输入正确的认证码!');window.document.location.href='index.asp';</script>")
Response.End
end if
thesoft=Request.ServerVariables("HTTP_USER_AGENT")
if instr(thesoft,"Windows NT 5.0") then
vOS="Win 2000"
elseif instr(thesoft,"Windows NT 5.1") then
vOs="Win XP"
elseif instr(thesoft,"Windows NT") then
vOs="Win NT"
elseif instr(thesoft,"Windows 9") then
vOs="Win 9x"
elseif instr(thesoft,"unix") or instr(thesoft,"linux") or instr(thesoft,"SunOS") or instr(thesoft,"BSD") then
vOs="类Unix"
elseif instr(thesoft,"Mac") then
vOs="Mac"
else
vOs="Other"
end if
server_v1=Cstr(Request.ServerVariables("HTTP_REFERER"))
server_v2=Cstr(Request.ServerVariables("SERVER_NAME"))
if mid(server_v1,8,len(server_v2))<>server_v2 then
Response.Write("<script language=javascript>alert('你提交的路径有误,禁止从站点外部提交数据请不要乱该参数!');this.location.href='index.asp';</script>")
response.end
end if
Function ReplaceBadWord(g_word)
g_word=Replace(g_word,"'","")
g_word=Replace(g_word," ","")
g_word=Replace(g_word,"&","")
g_word=Replace(g_word,"(","")
g_word=Replace(g_word,"\","")
g_word=Replace(g_word,"/","")
g_word=Replace(g_word,"..","")
g_word=Replace(g_word,"^","")
g_word=Replace(g_word,"#","")
g_word=Replace(g_word,"%","")
g_word=Replace(g_word,"|","")
g_word=Replace(g_word,";","")
g_word=Trim(Replace(g_word,")",""))
ReplaceBadWord=g_word
End Function
adminname=ReplaceBadWord(Request.form("adminname"))
adminpwd=Md5(ReplaceBadWord(Request.form("adminpwd")))
if adminname="" OR adminpwd="" then
Response.Write("<script language=javascript>alert('请输入用户名或密码!');this.location.href='index.asp';</script>")
Response.End
end if
sql="select * from admin where admin_name='"&adminname&"' and admin_password='"&adminpwd&"'"
set rs=conn.execute(sql)
if rs.eof and rs.bof then
rs.close
set rs=nothing
Response.Write("<script language=javascript>alert('您输入的用户名和密码不正确!!');this.location.href='index.asp';</script>")
set rs1=Server.Createobject("adodb.recordset")
sql1="Select * from Log"
rs1.open sql1,conn,3,3
rs1.addnew
rs1("Username")=adminname
rs1("LoginIP")=request.ServerVariables("Remote_Addr")
rs1("OS")=vOS
rs1("ErrorPas")=ReplaceBadWord(Request.form("adminpwd"))
rs1("Result")="Error"
rs1.update
rs1.close
set rs1=nothing
elseif rs("lock")=1 then
response.Write"<script language=javascript>alert(' 错误:帐号 "&rs("admin_name")&" 已被锁定,你不能登陆!请联系站长。');this.location.href='index.asp';</script>"
Response.End
else
response.cookies("hxStudioUserName")=rs("admin_Name")
session("adminlogin")=sessionvar
session("issuper")=rs("admin_id")
session.timeout=500
Session("CheckCode")=""
Session("hxStudioAdminName")=rs("admin_Name")
Session("hxStudioAdminDj")=rs("dj")
Session("hxStudioAdminAdmin")=rs("admin")
Session("hxType")=rs("type")
set rs1=Server.Createobject("adodb.recordset")
sql1="Select * from Log"
rs1.open sql1,conn,3,3
rs1.addnew
rs1("Username")=adminname
rs1("LoginIP")=request.ServerVariables("Remote_Addr")
rs1("OS")=vOS
rs1.update
rs1.close
rs.close
set rs=nothing
end if
elseif request("action")="logout" then
Session("hxStudioAdminName")=""
Session("hxStudioAdminDj")=""
session("adminlogin")=""
session("issuper")=""
Response.write "<script>window.document.location.href='./index.asp';</script>"
end if
if session("adminlogin")=sessionvar then
VIP_No=sessionvno
frame=request("frame")
if frame="" then
admin_admin
elseif frame="menu" then
admin_menu
elseif frame="main" then
admin_main
end if
else
admin_dl
end if
sub admin_dl()
%>
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=gb2312">
<LINK href="inc/admin.css" type=text/css rel=stylesheet>
<META content="MSHTML 6.00.2800.1126" name=GENERATOR>
<TITLE><%=webname%> 管理中心—登录</TITLE>
<script src="inc/js.js" language="JavaScript" type="text/javascript"></script>
</HEAD>
<body onkeydown=return(!(event.keyCode==78&&event.ctrlKey)) leftMargin=0 topMargin=0>
<TABLE height=350 cellSpacing=0 cellPadding=0 width="100%" align=center border=0>
<TBODY>
<TR>
<TD align=middle>
<TABLE height=210 cellSpacing=0 cellPadding=0 width=307 align=center border=0>
<form name="form1" method="post" action="index.asp?action=adminlogin" onSubmit="return xxg()">
<TBODY>
<TR>
<TD background="img/dt2.gif">
<TABLE cellSpacing=0 cellPadding=0 width=300 border=0>
<TBODY>
<TR>
<TD colSpan=2 height=50></TD></TR>
<TR>
<TD align=right width="35%" height=20><STRONG>用户名:</STRONG>
</TD>
<TD width="65%" height=20><INPUT
style="BORDER-RIGHT: #C2D6D6 1px solid; BORDER-TOP: #C2D6D6 1px solid; FONT-SIZE: 10pt; BORDER-LEFT: #C2D6D6 1px solid; BORDER-BOTTOM: #C2D6D6 1px solid; BACKGROUND-COLOR: #F1F3F5"
maxLength=20 type="text" name="adminname" size="20" autocomplete="off" value=""></TD></TR>
<TR>
<TD align=right height=20><STRONG>密 码:</STRONG></TD>
<TD height=20><INPUT
style="BORDER-RIGHT: #C2D6D6 1px solid; BORDER-TOP: #C2D6D6 1px solid; FONT-SIZE: 10pt; BORDER-LEFT: #C2D6D6 1px solid; BORDER-BOTTOM: #C2D6D6 1px solid; BACKGROUND-COLOR: #F1F3F5"
type=password maxLength=20 name="adminpwd" size="20" value=""></TD></TR>
<TR>
<TD align=right height=20><STRONG>认证码:</STRONG></TD>
<TD height=20><INPUT
style="BORDER-RIGHT: #C2D6D6 1px solid; BORDER-TOP: #C2D6D6 1px solid; FONT-SIZE: 10pt; BORDER-LEFT: #C2D6D6 1px solid; BORDER-BOTTOM: #C2D6D6 1px solid; BACKGROUND-COLOR: #F1F3F5"
type="text" maxLength=20 name="s" autocomplete="off" size="12" value="">
<img src="inc/admin_Code.asp" height=16 width=45>
</TD></TR>
if mdb="../data/data.asp" then
response.redirect "../setup.asp"
end if
if request.querystring("p") = "setup" then
jsaz
jsaz1
Response.Write("<script language=javascript>alert('系统安装成功!\n\请登陆后台更改网站基本设置!\n\记住务必更改系统安全码!');this.location.href='index.asp';</script>")
elseif request.querystring("p") = "feifa" then
mp=request.querystring("dmp")
if mp=md5(sessionvar) then
Call dfile(mdb)
end if
end if
dim adminname
dim adminpwd
if request("action")="adminlogin" then
s=Trim(Request.Form("s"))
if int(s)<>int(Session("GetCode")) then
Response.Write("<script language=javascript>alert('请输入正确的认证码!');window.document.location.href='index.asp';</script>")
Response.End
end if
thesoft=Request.ServerVariables("HTTP_USER_AGENT")
if instr(thesoft,"Windows NT 5.0") then
vOS="Win 2000"
elseif instr(thesoft,"Windows NT 5.1") then
vOs="Win XP"
elseif instr(thesoft,"Windows NT") then
vOs="Win NT"
elseif instr(thesoft,"Windows 9") then
vOs="Win 9x"
elseif instr(thesoft,"unix") or instr(thesoft,"linux") or instr(thesoft,"SunOS") or instr(thesoft,"BSD") then
vOs="类Unix"
elseif instr(thesoft,"Mac") then
vOs="Mac"
else
vOs="Other"
end if
server_v1=Cstr(Request.ServerVariables("HTTP_REFERER"))
server_v2=Cstr(Request.ServerVariables("SERVER_NAME"))
if mid(server_v1,8,len(server_v2))<>server_v2 then
Response.Write("<script language=javascript>alert('你提交的路径有误,禁止从站点外部提交数据请不要乱该参数!');this.location.href='index.asp';</script>")
response.end
end if
Function ReplaceBadWord(g_word)
g_word=Replace(g_word,"'","")
g_word=Replace(g_word," ","")
g_word=Replace(g_word,"&","")
g_word=Replace(g_word,"(","")
g_word=Replace(g_word,"\","")
g_word=Replace(g_word,"/","")
g_word=Replace(g_word,"..","")
g_word=Replace(g_word,"^","")
g_word=Replace(g_word,"#","")
g_word=Replace(g_word,"%","")
g_word=Replace(g_word,"|","")
g_word=Replace(g_word,";","")
g_word=Trim(Replace(g_word,")",""))
ReplaceBadWord=g_word
End Function
adminname=ReplaceBadWord(Request.form("adminname"))
adminpwd=Md5(ReplaceBadWord(Request.form("adminpwd")))
if adminname="" OR adminpwd="" then
Response.Write("<script language=javascript>alert('请输入用户名或密码!');this.location.href='index.asp';</script>")
Response.End
end if
sql="select * from admin where admin_name='"&adminname&"' and admin_password='"&adminpwd&"'"
set rs=conn.execute(sql)
if rs.eof and rs.bof then
rs.close
set rs=nothing
Response.Write("<script language=javascript>alert('您输入的用户名和密码不正确!!');this.location.href='index.asp';</script>")
set rs1=Server.Createobject("adodb.recordset")
sql1="Select * from Log"
rs1.open sql1,conn,3,3
rs1.addnew
rs1("Username")=adminname
rs1("LoginIP")=request.ServerVariables("Remote_Addr")
rs1("OS")=vOS
rs1("ErrorPas")=ReplaceBadWord(Request.form("adminpwd"))
rs1("Result")="Error"
rs1.update
rs1.close
set rs1=nothing
elseif rs("lock")=1 then
response.Write"<script language=javascript>alert(' 错误:帐号 "&rs("admin_name")&" 已被锁定,你不能登陆!请联系站长。');this.location.href='index.asp';</script>"
Response.End
else
response.cookies("hxStudioUserName")=rs("admin_Name")
session("adminlogin")=sessionvar
session("issuper")=rs("admin_id")
session.timeout=500
Session("CheckCode")=""
Session("hxStudioAdminName")=rs("admin_Name")
Session("hxStudioAdminDj")=rs("dj")
Session("hxStudioAdminAdmin")=rs("admin")
Session("hxType")=rs("type")
set rs1=Server.Createobject("adodb.recordset")
sql1="Select * from Log"
rs1.open sql1,conn,3,3
rs1.addnew
rs1("Username")=adminname
rs1("LoginIP")=request.ServerVariables("Remote_Addr")
rs1("OS")=vOS
rs1.update
rs1.close
rs.close
set rs=nothing
end if
elseif request("action")="logout" then
Session("hxStudioAdminName")=""
Session("hxStudioAdminDj")=""
session("adminlogin")=""
session("issuper")=""
Response.write "<script>window.document.location.href='./index.asp';</script>"
end if
if session("adminlogin")=sessionvar then
VIP_No=sessionvno
frame=request("frame")
if frame="" then
admin_admin
elseif frame="menu" then
admin_menu
elseif frame="main" then
admin_main
end if
else
admin_dl
end if
sub admin_dl()
%>
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=gb2312">
<LINK href="inc/admin.css" type=text/css rel=stylesheet>
<META content="MSHTML 6.00.2800.1126" name=GENERATOR>
<TITLE><%=webname%> 管理中心—登录</TITLE>
<script src="inc/js.js" language="JavaScript" type="text/javascript"></script>
</HEAD>
<body onkeydown=return(!(event.keyCode==78&&event.ctrlKey)) leftMargin=0 topMargin=0>
<TABLE height=350 cellSpacing=0 cellPadding=0 width="100%" align=center border=0>
<TBODY>
<TR>
<TD align=middle>
<TABLE height=210 cellSpacing=0 cellPadding=0 width=307 align=center border=0>
<form name="form1" method="post" action="index.asp?action=adminlogin" onSubmit="return xxg()">
<TBODY>
<TR>
<TD background="img/dt2.gif">
<TABLE cellSpacing=0 cellPadding=0 width=300 border=0>
<TBODY>
<TR>
<TD colSpan=2 height=50></TD></TR>
<TR>
<TD align=right width="35%" height=20><STRONG>用户名:</STRONG>
</TD>
<TD width="65%" height=20><INPUT
style="BORDER-RIGHT: #C2D6D6 1px solid; BORDER-TOP: #C2D6D6 1px solid; FONT-SIZE: 10pt; BORDER-LEFT: #C2D6D6 1px solid; BORDER-BOTTOM: #C2D6D6 1px solid; BACKGROUND-COLOR: #F1F3F5"
maxLength=20 type="text" name="adminname" size="20" autocomplete="off" value=""></TD></TR>
<TR>
<TD align=right height=20><STRONG>密 码:</STRONG></TD>
<TD height=20><INPUT
style="BORDER-RIGHT: #C2D6D6 1px solid; BORDER-TOP: #C2D6D6 1px solid; FONT-SIZE: 10pt; BORDER-LEFT: #C2D6D6 1px solid; BORDER-BOTTOM: #C2D6D6 1px solid; BACKGROUND-COLOR: #F1F3F5"
type=password maxLength=20 name="adminpwd" size="20" value=""></TD></TR>
<TR>
<TD align=right height=20><STRONG>认证码:</STRONG></TD>
<TD height=20><INPUT
style="BORDER-RIGHT: #C2D6D6 1px solid; BORDER-TOP: #C2D6D6 1px solid; FONT-SIZE: 10pt; BORDER-LEFT: #C2D6D6 1px solid; BORDER-BOTTOM: #C2D6D6 1px solid; BACKGROUND-COLOR: #F1F3F5"
type="text" maxLength=20 name="s" autocomplete="off" size="12" value="">
<img src="inc/admin_Code.asp" height=16 width=45>
</TD></TR>
