'=====================================================================
' 软件名称:新云网站管理系统
' 当前版本:NewCloud Site Management System Version 2.1
' 文件名称:check.asp
' 更新日期:2004-11-20
' 官方网站:www.newasp.net QQ:94022511
'=====================================================================
' Copyright 2002-2005 newasp.net - All Rights Reserved.
' newasp is a trademark of newasp.net
'=====================================================================
Dim AdminName, AdminPass, AdminID, ErrorStr
Dim SQLAdmin, RsAdmin, AdminRandomCode
ErrorStr = "确认身份失败!您没有使用当前功能的权限。如果有什么问题,请联系管理员。"
If InStr(Newasp.ScriptName, "editor") > 0 Or InStr(Newasp.ScriptName, "admin_label") > 0 Or InStr(Newasp.ScriptName, "admin_collect") > 0 Then AdminPage = True
'If Newasp.CheckPost = False And AdminPage = False Then
'ErrMsg = "您提交的数据不合法,为了系统安全,不允许直接输入地址访问本系统的后台管理页面。因为你执行了非法操作,请您退出本系统!"
'Response.Redirect("showerr.asp?action=error&message=" & server.URLEncode(errmsg) & "")
'Response.End
'End If
Call AdminCookiesToSession
AdminName = Newasp.CheckBadstr(Session("AdminName")) '管理员名称
AdminPass = Newasp.CheckBadstr(Session("AdminPass")) '管理员密码
AdminID = Newasp.ChkNumeric(Session("AdminID")) '管理员ID
AdminRandomCode = Trim(Session("AdminRandomCode")) '管理员登陆随机码
If AdminName = "" Then
ErrMsg = ErrMsg + "您没有进入本页面的权限!本次操作已被记录!可能您还没有登陆或者不具有使用当前功能的权限!请联系管理员.本页面为[管理员]专用,请先登陆后进入。"
Response.redirect ("showerr.asp?action=error&Message=" & Server.URLEncode(ErrMsg) & "")
Response.End
End If
If IsAdminValidate Then
If AdminValidateCode Session("validate") Or Len(Session("validate")) = 0 Then
ErrMsg = ErrMsg + "非法登陆!您的IP我们已经记录在案。"
Response.redirect ("showerr.asp?action=error&Message=" & Server.URLEncode(ErrMsg) & "")
Response.End
End If
Else
If Len(Session("validate")) > 0 Then
ErrMsg = ErrMsg + "非法登陆!您的IP我们已经记录在案。"
Response.redirect ("showerr.asp?action=error&Message=" & Server.URLEncode(ErrMsg) & "")
Response.End
End If
End If
SQLAdmin ="select isLock,RandomCode,isAloneLogin from NC_Admin where username='" & AdminName & "' And password='" & AdminPass & "' And id="& AdminID
Set RsAdmin = Newasp.Execute(SQLAdmin)
If RsAdmin.BOF And RsAdmin.EOF Then
Session.Abandon
Response.Cookies(Admin_Cookies_Name) = ""
RsAdmin.Close:set RsAdmin = Nothing
Response.Redirect "admin_login.asp"
Else
If RsAdmin("isLock") 0 Then
ErrMsg = "你的用户名已被锁定,你不能登陆!如要开通此帐号,请联系管理员。"
RsAdmin.Close:set RsAdmin = Nothing
Response.Redirect("showerr.asp?action=error&message=" & server.URLEncode(errmsg) & "")
Response.End
End If
If RsAdmin("isAloneLogin") 0 And Trim(RsAdmin("RandomCode")) AdminRandomCode then
Session.Abandon
Response.Cookies(Admin_Cookies_Name) = ""
ErrMsg = "对不起,为了系统安全,本系统不允许两个人使用同一个管理员帐号进行登录!因为现在有人已经在其他地方使用此管理员帐号进行登录了,所以你将不能继续进行后台管理操作。你可以点此重新登录。"
Response.Redirect("showerr.asp?action=error&message=" & server.URLEncode(errmsg) & "")
RsAdmin.Close:set RsAdmin = Nothing
Response.End
End If
End If
RsAdmin.Close:Set RsAdmin = Nothing
Dim ChannelID,sChannelName,sChannelDir,sModuleName,rsChannel,ChannelModuleID
If IsNumeric(Request("ChannelID")) Then
ChannelID = CLng(Request("ChannelID"))
If ChannelID 9999 Then
Set rsChannel = Newasp.Execute("Select ChannelID From NC_Channel where ChannelType < 2 And ChannelID = " & ChannelID)
If Not (rsChannel.BOF And rsChannel.EOF) Then
Newasp.ReadChannel(ChannelID)
sChannelName = Newasp.ChannelName
sChannelDir = Replace(Newasp.ChannelDir, "/", "")
sModuleName = Newasp.ModuleName
ChannelModuleID = CInt(Newasp.modules)
End If
rsChannel.Close:Set rsChannel = Nothing
End If
Else
ChannelID = 0
End If
Public Function DeleteHtmlFile(classid,id,HtmlFileDate)
If CInt(Newasp.IsCreateHtml)=0 Then Exit Function
On Error Resume Next
Dim rsClass,sHtmlFileName,sHtmlFilePath
SQL = "SELECT HtmlFileDir FROM [NC_Classify] WHERE ChannelID = " & ChannelID & " And ClassID=" & CLng(classid)
Set rsClass = Newasp.Execute(SQL)
If Not(rsClass.BOF And rsClass.EOF) Then
sHtmlFilePath = Newasp.InstallDir & Newasp.ChannelDir & rsClass("HtmlFileDir") & Newasp.ShowDatePath(HtmlFileDate,Newasp.HtmlPath)
sHtmlFileName = Newasp.ReadFileName(HtmlFileDate,id,Newasp.HtmlExtName,Newasp.HtmlPrefix,Newasp.HtmlForm,0)
Newasp.FileDelete(sHtmlFilePath & sHtmlFileName)
End If
rsClass.Close:Set rsClass = Nothing
End Function
Public Function ChkAdmin(para)
On Error Resume Next
Dim i, TempAdmin, Adminflag
ChkAdmin = False
AdminFlag = Replace(Session("Adminflag"), "'", "''")
If para = "" Then Exit Function
If AdminFlag = "" Or IsEmpty(AdminFlag) Then Exit Function
If CInt(Session("AdminGrade")) = 999 Then
ChkAdmin = True
Exit Function
Else
If Adminflag = "" Then
ChkAdmin = False
Exit Function
Else
tempAdmin = Split(Adminflag, ",")
For i = 0 To UBound(tempAdmin)
If Trim(LCase(tempAdmin(i))) = Trim(LCase(para)) Then
ChkAdmin = True
Exit For
End If
Next
End If
End If
End Function
Public Function ChkAdminPurview(flag,username)
On Error Resume Next
Dim i, TempAdmin, Adminflag, BlnAdminflag
ChkAdminPurview = False
BlnAdminflag = False
If flag = "" Then Exit Function
Adminflag = Replace(Session("Adminflag"), "'", "''")
If CInt(Session("AdminGrade")) = 999 Then
ChkAdminPurview = True
Exit Function
Else
If Trim(Adminflag) = "" Then
ChkAdminPurview = False
Exit Function
Else
tempAdmin = Split(Adminflag, ",")
For i = 0 To UBound(tempAdmin)
If LCase(Trim(tempAdmin(i))) = LCase(Trim(flag)) Then
BlnAdminflag = True
Exit For
End If
Next
End If
End If
If BlnAdminflag = True Then
If Trim(username) = Trim(Session("AdminName")) Then
ChkAdminPurview = True
Exit Function
Else
ChkAdminPurview = False
Exit Function
End If
Else
ChkAdminPurview = False
Exit Function
End If
End Function
Public Sub AdminCookiesToSession()
If Session("AdminName") = "" And UseAdminCookies Then
Session("AdminName") = Newasp.CheckStr(Request.Cookies(Admin_Cookies_Name)("AdminName"))
Session("AdminPass") = Newasp.CheckStr(Request.Cookies(Admin_Cookies_Name)("AdminPass"))
Session("AdminGrade") = Newasp.CheckStr(Request.Cookies(Admin_Cookies_Name)("AdminLevel"))
Session("Adminflag") = Newasp.CheckStr(Request.Cookies(Admin_Cookies_Name)("Adminflag"))
Session("AdminStatus") = Newasp.CheckStr(Request.Cookies(Admin_Cookies_Name)("AdminStatus"))
Session("AdminRandomCode") = Newasp.CheckStr(Request.Cookies(Admin_Cookies_Name)("RandomCode"))
Session("AdminID") = Newasp.CheckStr(Request.Cookies(Admin_Cookies_Name)("AdminID"))
If IsAdminValidate Then
Session("validate") = Newasp.CheckStr(Request.Cookies(Admin_Cookies_Name)("validate"))
End If
End If
End Sub
%>
