gusucode.com > 智睿政府网站管理系统 V2.1.0 > 智睿政府网站管理系统 V2.1.0\code\manage\Admin_sql_admin.asp
<!--#include file="../Include/conn.asp"-->
<!--#include file="Admin_check.asp"-->
<%
response.expires = 0
response.expiresabsolute = now() - 1
response.addHeader "pragma","no-cache"
response.addHeader "cache-control","private"
Response.cachecontrol = "no-cache"
if Instr(session("AdminPurview"),"|123,")=0 then
response.write ("<font color='red')>你不具有该管理模块的操作权限,请返回!</font>")
response.end
end if
'========判断是否具有管理权限
%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<link href="images/Admin_css.css" type=text/css rel=stylesheet>
<title>SQL安全中心</title></head>
<body>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#6298E1">
<tr>
<td height="24" nowrap="nowrap" background="images/th_bg.gif"><font color="ffffff"><b>SQL通用防注入系统</b></font></td>
</tr>
<tr>
<td height="36" align="center" nowrap="nowrap" bgcolor="#EBF2F9"><div align="center"><a href="?Action=config"><b>系统设置</b></a> | <a href="?"><b>查看信息</b></a></div></td>
</tr>
</table>
<br/>
<script language="JavaScript">
<!--
function CheckAll(form) {
for (var i=0;i<form.elements.length;i++) {
var e = form.elements[i];
if (e.name != 'chkall') e.checked = form.chkall.checked;
}
}
function Confirmer()
{
if (confirm("请确定要删除吗?"))
{
return true;
}
else
{
return false;
}
}
//-->
</script>
<%
URL = Request.ServerVariables("URL")
Action = Request("Action")
Select Case Action
Case "act"
Call act()
Case "lock"
Call lockIP()
Case "unlock"
Call UnLockip()
Case "config"
Call config()
Case "saveconfig"
Call saveconfig()
Case Else
Call Main()
end Select
Sub Main()
%>
<table width="99%" border="0" cellpadding="0" cellspacing="0" >
<%
sql="select * from SqlIn order by id desc"
set rs=server.createobject("adodb.recordset")
rs.open sql,conn,1,1
if rs.eof and rs.bof then
response.write "暂无内容"
else
'分页的实现
listnum=20
Rs.pagesize=listnum
page=Request("page")
if (page-Rs.pagecount) > 0 then
page=rs.pagecount
elseif page = "" or page < 1 then
page = 1
end if
rs.absolutepage=page
'编号的实现
j=rs.recordcount
j=j-(page-1)*listnum
i=0
nn=request("page")
if nn="" then
n=0
else
nn=nn-1
n=listnum*nn
end If
Set rsinfo=conn.execute("select * from config")
Kill_IP = rsinfo("Kill_IP")
%>
<tr align="center">
<td width="5%" height=30>编号</td>
<td width="10%" height="30"><font color=red>操作IP</font></td>
<%
If Kill_IP Then
%>
<td width="5%">是否锁定</td>
<%
End If %>
<td>操作页面</td>
<td width="5%">提交方式</td>
<td width="10%">提交参数</td>
<td>提交数据</td>
<td width="10%">操作时间</td>
</tr>
<form action="<%=url%>?Action=act" method=post name=check>
<%do while not rs.eof and i<listnum
n=n+1%>
<tr align="center" >
<td height="30" bgcolor="#EBF2F9"><input name="ID" type="checkbox" id="ID" value=<%=rs("id")%>></td>
<td height="30" bgcolor="#EBF2F9" ><%=rs("SqlIn_IP")%></td>
<%
If Kill_IP Then
%>
<td height="30" bgcolor="#EBF2F9" >
<%if rs("Kill_ip")=true then
response.write "<font color='red'>已锁定</font>"
else
response.write "<font color='green'>已解锁</font>"
end if
%></td>
<%
End If %>
<td height="30" bgcolor="#EBF2F9" ><%=rs("SqlIn_WEB")%></td>
<td height="30" bgcolor="#EBF2F9" ><%=rs("SqlIn_FS")%></td>
<td height="30" bgcolor="#EBF2F9" ><%=N_Replace(rs("SqlIn_CS"))%></td>
<td height="30" bgcolor="#EBF2F9" ><%=N_Replace(rs("SqlIn_SJ"))%></td>
<td height="30" bgcolor="#EBF2F9" ><%=rs("SqlIn_TIME")%></td>
</tr>
<%rs.movenext
i=i+1
j=j-1
loop%>
<%end if%>
</table>
<table width="99%" border="0" cellpadding="0" cellspacing="0" background="images/th_bg.gif">
<tr>
<td height="30">
<input name="chkall" type="checkbox" id="chkall" value="select" onclick="CheckAll(this.form)" >全选
<select name="act" class="textfield">
<option value="del" selected>删除所选记录</option>
<option value="lock">限制记录中IP访问</option>
<option value="unlock">允许记录中IP访问</option>
</select>
<input type=submit name=action value="操作" class="button" onclick="return confirm('确定要进行此操作么?')">
</td>
<td align=right><%=Rs.recordcount%> 条记录 <%=listnum%> 条记录/页 共 <%=rs.pagecount%> 页
<% if page=1 then %>
<%else%>
<a href=<%=URL%>><strong>|<<</strong></a>
<a href=<%=URL%>?page=<%=page-1%>><strong><<</strong></a>
<a href=<%=URL%>?page=<%=page-1%>><b>[<%=page-1%>]</b></a>
<%end if%><% if rs.pagecount=1 then%><%else%><b>[<%=page%>]</b><%end if%>
<% if rs.pagecount-page <> 0 then %>
<a href=<%=URL%>?page=<%=page+1%>><b>[<%=page+1%>]</b></a>
<a href=<%=URL%>?page=<%=page+1%>><strong>>></strong></a>
<a href=<%=URL%>?page=<%=rs.pagecount%>><strong>>>|</strong></a>
<%end if%>
</td>
</tr>
</table>
</form>
<%
end Sub
sub config()
Set rsinfo=conn.execute("select * from config")
N_In = rsinfo("N_In")
Kill_IP = rsinfo("Kill_IP")
WriteSql = rsinfo("WriteSql")
alert_url = rsinfo("alert_url")
alert_info = rsinfo("alert_info")
kill_info = rsinfo("kill_info")
N_type = rsinfo("N_type")
Sec_Forms = rsinfo("Sec_Forms")
Sec_Form_open = rsinfo("Sec_Form_open")
rsinfo.close
Set rsinfo=Nothing
%>
<table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#EBF2F9" >
<tr>
<td><table width="100%" border="0" cellspacing="0" cellpadding="0">
<form name="form" method="post" action="<%=url%>?action=saveconfig">
<tr align="center" >
<td height="30" align="right">当前文件磁盘路径:</td>
<td align="left"> <input name="path" type="text" value="<%=server.mappath(".")&"\"%>" class="textfield" size="100"></td>
</tr>
<tr align="center" >
<td height="30" align="right">需要过滤的关键字:</td>
<td align="left"> <input name="N_In" type="text" value="<%=N_In%>" class="textfield" size="100">
用"|"分开</td>
</tr>
<tr align="center" >
<td height="30" align="right">是否记录入侵者信息:</td>
<td align="left"> <select name="WriteSql">
<option value="1" <%if WriteSql=1 Then response.write "selected"%>>是</option>
<option value="0" <%if WriteSql=0 Then response.write "selected"%>>否</option>
</select></td>
</tr>
<tr align="center" >
<td height="30" align="right">是否锁定IP:</td>
<td align="left"> <select name="Kill_IP">
<option value="1" <%if Kill_IP=1 Then response.write "selected"%>>是</option>
<option value="0" <%if Kill_IP=0 Then response.write "selected"%>>否</option>
</select></td>
</tr>
<tr align="center" >
<td height="30" align="right">是否启用安全表单:</td>
<td align="left"> <select name="Sec_Form_open">
<option value="1" <%if Sec_Form_open=1 Then response.write "selected"%>>是</option>
<option value="0" <%if Sec_Form_open=0 Then response.write "selected"%>>否</option>
</select>
慎用这个功能,除非你对确认此页面无需过滤,并确定对安全没影响!
</td>
</tr>
<tr align="center" >
<td height="30" align="right">您认为安全的表单:</td>
<td align="left">
<input name="Sec_Forms" type="text" class="textfield" style=" " value="<%=Sec_Forms%>" size="50">
用"|"分开</td>
</tr>
<tr align="center" >
<td height="30" align="right">出错后的处理方式:</td>
<td align="left">
<select name="N_type" class="textfield">
<option value="1" <%if N_type=1 Then response.write "selected"%>>直接关闭网页</option>
<option value="2" <%if N_type=2 Then response.write "selected"%>>警告后关闭</option>
<option value="3" <%if N_type=3 Then response.write "selected"%>>跳转到指定页面</option>
<option value="4" <%if N_type=4 Then response.write "selected"%>>警告后跳转</option>
</select></td>
</tr>
<tr align="center" >
<td height="30" align="right">出错后跳转Url:</td>
<td align="left"> <input name="alert_url" type="text" class="textfield" value="<%=alert_url%>">
注意,这里的都是半角符号,就是英文的!
</td>
</tr>
<tr align="center" >
<td align="right">警告提示信息:</td>
<td align="left"> <textarea name="alert_info" cols="45" rows="4" class="textfield"><%=alert_info%></textarea>\n\n换行
</td>
</tr>
<tr align="center" >
<td align="right">阻止访问提示信息:</td>
<td align="left"> <textarea name="kill_info" cols="45" rows="4" class="textfield"><%=kill_info%></textarea>\n\n换行
</td>
</tr>
<tr align="center" >
<td height="35" colspan="2"><div align="center">
<input name="enter_3" type="submit" id="enter_3" value="提交" class="button">
</div></td>
</tr>
</form>
</table></td>
</tr>
</table>
<%
end Sub
Sub act()
dim id,act
If request.form("id")<>"" Then
id = replace(request.form("id"),"'","''")
act = Trim(request.form("act"))
If act="del" Then
conn.execute("delete from SqlIn where id in ( " & id & ")")
ElseIf act="lock" Then
conn.execute("update SqlIn set Kill_ip=true where id in ( " & id & ")")
ElseIf act="unlock" Then
sql="update SqlIn set Kill_ip=false where id in ( " & id & ")"
conn.execute(sql)
End If
End If
Response.Redirect URL
End sub
Sub saveconfig
N_In =replace(request.form("N_In"),"'","''")
Kill_IP =request.form("Kill_IP")
WriteSql =request.form("WriteSql")
alert_url =request.form("alert_url")
alert_info =request.form("alert_info")
kill_info =request.form("kill_info")
N_type =request.form("N_type")
Sec_Forms =request.form("Sec_Forms")
Sec_Form_open=request.form("Sec_Form_open")
sql="update config set N_In='"&N_In&"',Kill_IP="&Kill_IP&",WriteSql="&WriteSql&",alert_url='"&alert_url&"',alert_info='"&alert_info&"',kill_info='"&kill_info&"',N_type="&N_type&",Sec_Forms='"&Sec_Forms&"',Sec_Form_open="&Sec_Form_open&""
'response.write sql
conn.execute(sql)
Application.Lock
set Application("Neeao_config_info")=nothing
Application.unlock
Call main()
End Sub
Function N_Replace(N_urlString)
N_urlString = Replace(N_urlString,"'","''")
N_urlString = Replace(N_urlString, ">", ">")
N_urlString = Replace(N_urlString, "<", "<")
N_Replace = N_urlString
End Function
%>
</BODY>
</HTML>