gusucode.com > CRM源码带手机版ASP源码程序 > Data/Function.asp
<% Response.Addheader "Content-Type","text/html; charset=gb2312" Dim action,subAction,arrList,otype Dim strNormal,strAdmin,strCounter,strToPrint Dim conn,connstr,MDBPath Accsql=""&Accsql&"" ' 0 为access数据库 ,1 为mssql数据库 set rs=server.CreateObject("adodb.recordset") Set conn = Server.CreateObject("ADODB.Connection") MDBPath = Server.MapPath(""&Data_MDBPath&"") if Accsql="0" then conn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & MDBPath 'conn.Open "Driver={Microsoft Access Driver (*.mdb)};DBQ="+MDBPath elseif Accsql="1" then Conn.open "Provider=SQLOLEDB;Data Source="&Data_Source&";User ID="&Data_User&";Password="&Data_Password&";Initial Catalog="&Data_Catalog&"" end if if Keeponline = 1 then Session("CRM_account") = Request.Cookies(CookieKey)("CRM_account") Session("CRM_name") = Request.Cookies(CookieKey)("CRM_name") Session("CRM_uId") = Request.Cookies(CookieKey)("CRM_uId") Session("CRM_level") = Request.Cookies(CookieKey)("CRM_level") Session("CRM_group") = Request.Cookies(CookieKey)("CRM_group") Session("CRM_qx") = Request.Cookies(CookieKey)("CRM_qx") Session("CRM_MR") = Request.Cookies(CookieKey)("CRM_MR") Session("CRM_Accsql") = Request.Cookies(CookieKey)("CRM_Accsql") Session("Data_Source") = Request.Cookies(CookieKey)("Data_Source") Session("Data_User") = Request.Cookies(CookieKey)("Data_User") Session("Data_Password") = Request.Cookies(CookieKey)("Data_Password") Session("Data_Catalog") = Request.Cookies(CookieKey)("Data_Catalog") Session("Data_MDBPath") = Request.Cookies(CookieKey)("Data_MDBPath") Session("CRM_url") = Request.Cookies(CookieKey)("CRM_url") end if if Session("CRM_level")<>"" then arrUser = getUserList(Session("CRM_level"),Session("CRM_group"),Session("CRM_MR")) end if '路径过滤 Dim url1,url2,url3,httpurl url1=Request.Servervariables("url") url2=InstrRev(url1,"/") url3=len(url1) httpurl=Right(url1,url3-url2) '权限范围 Function getUserList(intLevel,intGroup,inManagerange) Dim rs,strUserList Set rs = Server.CreateObject("ADODB.Recordset") if intLevel<>"" and intGroup<>"" then arrManagerange = Replace(Replace(inManagerange," ",""),",", "','") rs.Open "Select * From [user] where uName In ( Select uName From [user] Where uLevel < "&Session("CRM_level")&" And uGroup = "&Session("CRM_group")&" or uName in ( '"&arrManagerange&"' ) )",conn,1,1 else Response.write"<script>location.href=""../main/login.asp"";</script>" end if strUserList = "'"&Session("CRM_name")&"'" '添加自己 Do While Not rs.BOF And Not rs.EOF if rs("uName") <> Session("CRM_name") then '跳过自己 strUserList = strUserList & ",'" & rs("uName") & "'" end if rs.MoveNext Loop rs.Close Set rs = Nothing getUserList = strUserList End Function '防SQL注入,防止外部提交 Dim GetFlag Dim ErrorSql Dim RequestKey Dim ForI ErrorSql = "'~;~(~)~exec~update~*~%~chr~mid~master~truncate~char~declare~srcipt" ErrorSql = split(ErrorSql,"~") If Request.ServerVariables("REQUEST_METHOD")="GET" Then GetFlag=True Else GetFlag=False End If If GetFlag Then For Each RequestKey In Request.QueryString For ForI=0 To Ubound(ErrorSql) If Instr(LCase(Request.QueryString(RequestKey)),ErrorSql(ForI))<>0 Then response.write "<script>location.href=""index.asp"";</script>" Response.End End If Next Next End If %>