浏览模式: 标准 | 列表2006年06月的文章

ASP网站防黑小技巧

Submitted by on 2006, June 30, 11:23 PM

为什么有些网站会被黑,甚至会被删除网站内容,主要原因并不是因为黑客有多大的本事,而是你网站自身存在漏洞,现在比较流行的有SQL注入等漏洞,那怎么去预防他.现在给出以下一些方法.
首先1:后台数据库入口地址一定要复杂不能用诸如ADMIN啊houtai啊一类的文件夹作为管理员的入口,这样就算"黑客"扫到你的密码也无法正确登陆进来哈.
其次:要注意你的UOLOAD文件,检查一下,最好是加个验证,当你登陆后系统有个SESSION参数,在UPLOAD文面判断一下,防止人家直接用海洋顶端一类的木马上传
代码:
<%
if session("admin")=""then response.redirect"error.asp"
%>
在数据连接文件一般为CONN.ASP里面加防注入的代码把下面的代码放在最开头的地方,或者你也可以从网上查找其他防SQL注入代码

代码:
<%dim sql_injdata
SQL_injdata = ""|and|exec|ins&#101;rt|sel&#101;ct|del&#101;te|up&#100;ate|count|*|%|chr|mid|master|truncate|char|declare"
SQL_inj = split(SQL_Injdata,"|")

If Request.QueryString<>"" Then
For Each SQL_Get In Request.QueryString
For SQL_Data=0 To Ubound(SQL_inj)
if instr(Request.QueryString(SQL_Get),Sql_Inj(Sql_DATA))>0 Then
Response.Write "<Script Language=JavaScript>alert("toy/红骑士提示↓小子请不要在参数中包含非法字符尝试注入!");history.back(-1)</Script>"
Response.end
end if
next
Next
End If

If Request.Form<>"" Then
For Each Sql_Post In Request.Form
For SQL_Data=0 To Ubound(SQL_inj)
if instr(Request.Form(Sql_Post),Sql_Inj(Sql_DATA))>0 Then
Response.Write "<Script Language=JavaScript>alert("toy/68590839提示↓小样请不要在参数中包含非法字符尝试注入,就你菜鸟!nnHTTP://www.panasia.cn  ");history.back(-1)</Script>"
Response.end
end if
next
next
end if
%>

最后用工具扫描是否存在漏洞

Tags: 安全

网站|ASP备忘 | 评论:2 | Trackbacks:0 | 阅读:1762

asp成生HTML方法总结

Submitted by on 2006, June 30, 5:32 PM

方法一:FSO

Set fs = Cr&#101;ateObject("Scripting.FileSystemObject")
NewFile=Server.MapPath("/asp/chap06/at/newfile.html")
"新建一文件/newfile.html,若该文件已存在,则覆盖它
Set a = fs.Cr&#101;ateTextFile(NewFile, True)
Response.Write"新文件已建立!"
a.close
File=Server.MapPath("newfile.html")
Set txt=fs.OpenTextFile(File,8,True)               "打开成可以在结尾写入数据的文件
data1="这句话是使用WriteLine方法写入的哦!~~"
txt.WriteLine data1
data2="这句话是使用Write方法写入的哦!~~"
txt.Write data2
txt.Close

方法二:XMLHTTP

<%
Set xml = Server.Cr&#101;ateObject("Microsoft.XMLHTTP")
"把下面的地址替换成你的首页的文件地址,一定要用http://开头的绝对路径,不能写相对路径
xml.Open "GET", "http://www.phpup.com&#..., False
xml.Send  
BodyText=xml.ResponseBody
BodyText=BytesToBstr(BodyText,"gb2312")
Set xml = Nothing
Dim fso, MyFile
Set fso = Cr&#101;ateObject("Scripting.FileSystemObject")
Set MyFile= fso.Cr&#101;ateTextFile(server.MapPath("aa.htm"), True)
MyFile.WriteLine(BodyText)
MyFile.Close

其他:

1

下面的例子是将、index.asp?id=1/index.asp?id=2/index.asp?id=3/这三个动态
页面,分别生成ndex1.htm,index2.htm,index3.htm存在根目录下面:

<%
dim strUrl,Item_Classid,id,FileName,FilePath,Do_Url,Html_Temp
Html_Temp="<UL>"
For i=1 To 3
Html_Temp = Html_Temp&amp;"<LI>"
Item_Classid = i
FileName = "Index"&amp;Item_Classid&amp;".htm"
FilePath = Server.MapPath("/")&amp;"\"&amp;FileName Html_Temp = Html_Temp&amp;FilePath&amp;"</LI>"
Do_Url = "http://"
Do_Url = Do_Url&amp;Request.ServerVariables("SERVER_NAME")&amp;"/main/index.asp"
Do_Url = Do_Url&amp;"?Item_Classid="&amp;Item_Classid

strUrl = Do_Url
dim objXmlHttp
set objXmlHttp = Server.cr&#101;ateObject("Microsoft.XMLHTTP")
objXmlHttp.open "GET",strUrl,false
objXmlHttp.send()
Dim binFileData
binFileData = objXmlHttp.responseBody
Dim objAdoStream
set objAdoStream = Server.cr&#101;ateObject("ADODB.Stream")
objAdoStream.Type = 1
objAdoStream.Open()
objAdoStream.Write(binFileData)
objAdoStream.SaveToFile FilePath,2
objAdoStream.Close()

Next
Html_Temp = Html_Temp&amp;"<UL>"
%>

<%
Response.Write ( "成功生成文件:" )
Response.Write ( "<BR>" )
Response.Write Html_Temp
%>

Function BytesToBstr(body,Cset)
        dim objstream
        set objstream = Server.Cr&#101;ateObject("adodb.stream")
        objstream.Type = 1
        objstream.Mode =3
        objstream.Open
        objstream.Write body
        objstream.Position = 0
        objstream.Type = 2
        objstream.Charset = Cset
        BytesToBstr = objstream.ReadText
        objstream.Close
        set objstream = nothing
End Function
%>

2

<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>
<%
public tempelatefile,tmpdata
sub ofile()"打开文件,并把文件内容放到tmpdata
on error resume next
tmpdata=""
set Astream=Server.Cr&#101;ateObject ("Adodb.Stream")
Astream.type=2"文件类型文本
Astream.Mode = 3"读写
Astream.open
Astream.CharSet = "GB2312""字符集
Astream.LoadFromFile(tempelatefile)"从文件装载
Assp=Astream.size
if err.number<>0 then
  xz=-18
  response.Write tempelatefile&amp;"<br>"
  err.clear
  tmpdata=""
else
  tmpdata=Astream.ReadText(Assp)
end if

end sub

sub save_file()
ofile()
recfilen=server.MapPath(dts)
Astream.Flush
Astream.close
Astream.type=2
Astream.Mode = 3
Astream.open
Astream.CharSet = "GB2312"
Astream.position=0
Astream.Writetext tmpdata,1"写入数据到stream
Astream.SaveToFile recfilen,2"保存到文件

end sub

function dts()"产生随机文件名
if len(month(now()))>1 then
  mm=month(now())
else
  mm="0"&amp;month(now())
end if
if len(day(now()))>1 then
  d=day(now())
else
  d="0"&amp;day(now())
end if
if len(hour(now()))>1 then
  h=hour(now())
else
  h="0"&amp;hour(now())
end if
if len(minute(now()))>1 then
  m=minute(now())
else
  m="0"&amp;minute(now())
end if
if len(second(now()))>1 then
  s=second(now())
else
  s="0"&amp;second(now())
end if
Randomize
upperbound=9999
lowerbound=1000
rds=Int((upperbound - lowerbound + 1) * Rnd + lowerbound)  
dts="htm/"&amp;year(now())&amp;mm&amp;d&amp;h&amp;m&amp;s&amp;rds&amp;".htm"
end function

title=request.Form("title")
content=request.Form("content")
tmpdata=replace(tmpdata,"<title></title>",title)"以拥护提交内容替换
tmpdata=replace(tmpdata,"<content></content>",content)
tempelatefile=server.MapPath("tempelate/1.htm")"模版文件
save_file()
%>

Tags: tohtml

网站|ASP备忘 | 评论:0 | Trackbacks:0 | 阅读:1605

保存远程的文件到本地

Submitted by on 2006, June 30, 5:31 PM

"==================================================
"过程名:SaveRemoteFile
"作 用:保存远程的文件到本地
"参 数:LocalFileName ------ 本地文件名
" RemoteFileUrl ------ 远程文件URL
"==================================================
sub SaveRemoteFile(LocalFileName,RemoteFileUrl)
dim Ads,Retrieval,GetRemoteData
Set Retrieval = Server.Cr&#101;ateObject("Microsoft.XMLHTTP")
With Retrieval
.Open "Get", RemoteFileUrl, False, "", ""
.Send
GetRemoteData = .ResponseBody
End With
Set Retrieval = Nothing
Set Ads = Server.Cr&#101;ateObject("Adodb.Stream")
With Ads
.Type = 1
.Open
.Write GetRemoteData
.SaveToFile server.MapPath("pic/"&amp;LocalFileName),2
.Cancel()
.Close()
End With
Set Ads=nothing
end sub

测试
SaveRemoteFile "test.gif","/images/logo.gif"

Tags: 远程

网站|ASP备忘 | 评论:0 | Trackbacks:0 | 阅读:1268

程序中同一个用户不允许同时登陆两次

Submitted by on 2006, June 30, 5:29 PM

程序中同一个用户不允许同时登陆两次
代码:
<%
if 登录成功 then
session("username")=request("username")
application(session("username"))=session.SessionID
"每个用户生成的sessionID是不同的
response.Redirect("index.asp")
end if
%>


其他需要验证的页面

代码:
<%
if application(session("username"))=session.SessionID then
response.Write("已经登陆")
else
response.Write("没有登陆")
end if %>

Tags: asp函数

网站|ASP备忘 | 评论:0 | Trackbacks:0 | 阅读:1331

注册帐号时密码随机生成的ASP代码

Submitted by on 2006, June 30, 5:27 PM

ASP生成随机密码的两个函数:
函数一
代码:
<%
function makePassword(byVal maxLen)
Dim strNewPass
Dim whatsNext, upper, lower, intCounter
Randomize
For intCounter = 1 To maxLen
whatsNext = Int((1 - 0 + 1) * Rnd + 0)
If whatsNext = 0 Then
’character
upper = 90
lower = 65
Else
upper = 57
lower = 48
End If
strNewPass = strNewPass &amp; Chr(Int((upper - lower + 1) * Rnd + lower))
Next
makePassword = strNewPass
end function
%>


makePassword(str) ’str 密码的位数
函数二
代码:
<% Function gen_key(digits)
dim char_array(35)
char_array(0) = "0"
char_array(1) = "1"
char_array(2) = "2"
char_array(3) = "3"
char_array(4) = "4"
char_array(5) = "5"
char_array(6) = "6"
char_array(7) = "7"
char_array(8) = "8"
char_array(9) = "9"
char_array(10) = "A"
char_array(11) = "B"
char_array(12) = "C"
char_array(13) = "D"
char_array(14) = "E"
char_array(15) = "F"
char_array(16) = "G"
char_array(17) = "H"
char_array(18) = "I"
char_array(19) = "J"
char_array(20) = "K"
char_array(21) = "L"
char_array(22) = "M"
char_array(23) = "N"
char_array(24) = "O"
char_array(25) = "P"
char_array(26) = "Q"
char_array(27) = "R"
char_array(28) = "S"
char_array(29) = "T"
char_array(30) = "U"
char_array(31) = "V"
char_array(32) = "W"
char_array(33) = "X"
char_array(34) = "Y"
char_array(35) = "Z"
randomize
do while len(output) < digits
num = char_array(Int(35 * Rnd + 0))
output = output + num
loop
gen_key = output
End Function
%>

gen_key(str) ’str为密码位数  
这个函数还可以扩展。。如果你还要加上“大小写敏感区分大小写”特性的话,修改数组大小为char_array(50),然后在后面列出所有可能的小写字符。例如:
char_array(36) = "a"
char_array(37) = "b"
...............类推

Tags: asp函数, 随机

网站|ASP备忘 | 评论:0 | Trackbacks:0 | 阅读:1252

TSYS中的分页功能示例[zt]

Submitted by on 2006, June 30, 5:23 PM

最喜欢把TSYS大卸八块了,里面仔细找找,能挖出不少有用的东西,供自己编程用!以前鱼发过一个主题收集站长常用的代码,我觉得有时间的话把TSYS分解一下,不失为一个好话题!

下面是我提取的一个分页功能的示范页,以后ASP分页就用他了,是我用过最方便的!
红色的为重点!
演示:http://www.zsctrip.com/mem...

代码:

<%Option Explicit%>
<!--#include file="Include/Config.asp" -->
<html>
<head>
<title>member.asp</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<meta name="keywords" content="zsctrip user">
<meta name="Version" content="zsctrip user v1.0">
</head>

<body bgcolor="#FFFFFF">
<table width="100%" border="0" cellspacing="5" cellpadding="0">
  <tr>
    <td> </td>
  </tr>
</table>
<%
Dim Rs
    Set Rs=Server.Cr&#101;ateObject("ADODB.RecordSet")

Dim Conn
Set Conn = Server.Cr&#101;ateObject("Adodb.Connection")
    Conn.Open ConnStr
                
Dim Sql
    Sql="Sel&#101;ct * From Dv_User o&#114;der By UserId DESC"
    Rs.PageSize=20 "这里设置单页显示数
        Rs.CacheSize=Rs.PageSize
    Rs.Open Sql,Conn,1,1
Dim CurrentPage
    If Request("CurrentPage")="" Then
        CurrentPage=1
    Else
        CurrentPage=Request("CurrentPage")
    End If    
    If Not(Rs.Eof And Rs.Bof) Then
        Rs.AbsolutePage=CurrentPage
    End If
Dim sKey,WorkType
%>
<table width="100%" border="0" cellpadding="3" cellspacing="1" class="ContentTabBg">
  <tr class="BarTitleBg">
    <td width="9%" height="15">记录ID</td>
    <td>会员ID</td>
    <td>会员EMAIL</td>
    <td width="17%" align="center">会员级别</td>
    <td width="12%" align="center">编辑</td>
  </tr>
  <%
  Dim I
  For I=1 To Rs.PageSize
      If Rs.Eof Then
        Exit For
    End If
  %>
  <tr>
    <td width="9%" height="24" bgcolor="#FFFFFF" class="BarTitle"><%=Rs("UserId")%></td>
    <td width="16%" bgcolor="#FFFFFF"><%=Rs("UserName")%></td>
    <td width="46%" bgcolor="#FFFFFF"><%=Rs("UserEmail")%></td>
    <td width="17%" align="center" bgcolor="#FFFFFF"><%=Rs("UserClass")%></td>
    <td width="12%" align="center" bgcolor="#FFFFFF"> </td>
  </tr>
  <%
      Rs.MoveNext
  Next%>
</table>
<table width="100%" border="0" cellpadding="5" cellspacing="0">
  <tr>
    <td align="right">
      <script src="Include/Tkl_PageList.js"></script> "关键是这句话跟这个文件
      <script>Tkl_PageListBar(<%=Rs.PageCount%>,<%=CurrentPage%>,"")</script> "这里是显示分页的地方!
    </td>
</tr>
</table>
<%
Rs.Close
Set Rs=Nothing
%>
</body>
</html>

Tags: tsys, 分页

网站|ASP备忘 | 评论:0 | Trackbacks:0 | 阅读:1332

Microsoft .Net 框架 SDK 快速入门教程地址

Submitted by on 2006, June 30, 1:14 AM

http://chs.gotdotnet.com/q...

网站|ASP倒奶 | 评论:0 | Trackbacks:0 | 阅读:1580

世界上最远的距离(中英文对照版)

Submitted by on 2006, June 30, 1:12 AM

  The furthest distance in the world
  Is not between life and death  
  But when I stand in front of you  
  Yet you don\'t know that  
  I love you  
  The furthest distance in the world  
  Is not when i stand in font of you  
  Yet you can\'t see my love  
  But when undoubtedly knowing the love from both  
  Yet cannot  
  Be togehter  
  The furthest distance in the world  
  Is not being apart while being in love  
  But when plainly can not resist the yearning  
  Yet pretending  
  You have never been in my heart  
  The furthest distance in the world  
  Is not  
  But using one\'s indifferent heart  
  To dig an uncrossable river  
  For the one who loves you

    不是生与死的距离
  而是我站在你面前你不知道我爱你
  
  世界上最远的距离  
  不是我站在你面前你不知道我爱你  
    而是爱到痴迷却不能说我爱你  
    
  世界上最远的距离
  不是我不能说我爱你  
  而是想你痛彻心脾却只能深埋心底  

  世界上最远的距离  
    不是我不能说我想你  
    而是彼此相爱却不能够在一起  

  世界上最远的距离  
    不是彼此相爱 却不能够在一起  
    而是明知道真爱无敌却装作毫不在意  

  世界上最远的距离  
    不是树与树的距离  
    而是同根生长的树枝却无法在风中相依  

  世界上最远的距离  
    不是树枝无法相依  
    而是相互了望的星星却没有交汇的轨迹  

  世界上最远的距离  
    不是星星之间的轨迹  
    而是纵然轨迹交汇却在转瞬间无处寻觅  

  世界上最远的距离  
    不是瞬间便无处寻觅  
    而是尚未相遇便注定无法相聚  

  世界上最远的距离  
    是鱼与飞鸟的距离  
    一个在天,一个却深潜海底

乱谈|杂七杂八 | 评论:0 | Trackbacks:0 | 阅读:2119

让文本框里只能输入数字

Submitted by on 2006, June 30, 1:11 AM

代码:

<input onkeyup="if(event.keyCode !=37 && event.keyCode != 39) value=value.replace(/\D/g,'');"onbeforepaste="clipboardData.setData('text',clipboardData.getData('text').replace(/\D/g,''))">


这个方法可以限制在此文本框中只能输入数字,输入字母或其他则被自动消除掉。

网页|前台相关 | 评论:0 | Trackbacks:0 | 阅读:1221

企业网站常用中英文对照表

Submitted by on 2006, June 30, 1:09 AM


引用
网站导航 site map

公司简介 PROFILE or COMPANY Profile or Company

公司设备 EQUIPMENT Equipment

公司荣誉 GLORIES Glories

企业文化 CULTURE Culture

产品展示 PRODUCT Product

资质认证 quality certification

企业规模 SCALE Scale

营销网络 Sales Network

组织机构 orGANIZATION organization

合作加盟 Join in Cooperation

技术力量 TECHNOLOGY Technology

经理致辞 Manager`s oration

发展历程 Development history

工程案例 Engineering Projects

业务范围 Business Scope

分支机构 Branches

供求信息 Supply & Demand

经营理念 Operation Principle

产品销售 SALES Sales

联系我们 CONTACT US Contact Us

信息发布 INFORMATION Information

返回首页 HOMEPAGE Homepage

产品定购 orDER order

分类浏览 Browse by category

电子商务 E-Business

公司实力 STRENGTH Strength

版权所有 Copy right

友情连结 Hot link

应用领域 Application Fields

人力资源 Human Resource HR

领导致辞 Leader`s oration

企业资质 Enterprise qualification

行业新闻 Trade news

行业动态 Trends

客户留言 Customer Message

客户服务 Customer Service

新闻动态 News & Trends

公司名称 Company Name

销售热线 Sales Hot-line

联系人 Contact Person

您的要求 Your requirements

建设中 In construction

证书 CERTIFICATE Certificate

地址 ADD Add

邮编 POSTAL CODE Zipcode

电话 TEL Tel

传真 FAX Fax

产品名称 Product Name

产品说明 DESCRIPTION Description

价格 Price

品牌 Brand

规格 Specification

尺寸 Size

生产厂家 MANUFACUTURER Manufacturer

型号 Model

产品标号 Item No.

技术指标 Technique Data

产品描述 Description

产地 Production Place

销售信息 Sales Information

用途 Application

论坛 Forum

在线订购 On-line order

招商 Enterprise-establishing

招标 Bid inviting

综述 General

业绩 Achievements

招聘 Join Us

求贤纳士 Join Us

大事 Great Event

动态 Trends

服务 Service

投资 Investment

行业 Industry

规划 Programming

环境 Environment

发送 Delivery

提交 Submit

重写 Reset

登录 Enter

注册 Login

中国企业网技术支持 Powered by ce.net.cn

社区 Community

业务介绍 Business introduction

在线调查 Online inquiry Inquiry

下载中心 Download

会员登陆 Member Entrance

意见反馈 Feedback

常见问题 FAQ

中心概况 General Profile

教育培训 Education & Training

游乐园 amusement park

在线交流 Online communication

专题报道 Special report

网页|前台相关 | 评论:0 | Trackbacks:0 | 阅读:1058

Records:401234