技术信息(用于支持人员)
错误类型:
ADODB.Field (0x80020009)
BOF 或 EOF 中有一个是“真”,或者当前的记录已被删除,所需的操作要求一个当前的记录。
/cvip/Search.asp
浏览器类型:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon)
网页:
GET /cvip/Search.asp
时间:
2007年3月22日, 11:45:27
<table width="779" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF">
<tr>
<td width="228" align="center" valign="top"><br>
<table width="95%" border="0" align="center" cellpadding="1" cellspacing="1" class="TableAll">
<tr>
<td height="25" align="center" class="TrTop">使用说明</td>
</tr>
<tr>
<td class="TrBody">VIP会员管理系统 </td>
</tr>
</table>
<br>
<table width="95%" border="0" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC" class="TableAll">
<tr>
<td height="25" align="center" class="TrTop">权限使用说明</td>
</tr>
<tr>
<td height="109" align="center" bgcolor="#FFFFFF"><table width="100%" border="0" cellpadding="0" cellspacing="1" class="w9pt">
<tr>
<td height="19" align="center">超级管理员</td>
<td class="TrBody">最高权限!有所有功能!</td>
</tr>
<tr>
<td height="19" align="center">信息管理员</td>
<td class="TrBody">拥护部分功能!</td>
</tr>
<tr>
<td height="18" align="center">VIP会员</td>
<td class="TrBody">只能查看自己的信息!</td>
</tr>
</table></td>
</tr>
</table>
<br>
<table width="95%" border="0" cellpadding="0" cellspacing="1" class="TableAll">
<tr>
<td height="25" align="center" class="TrTop">系统其他说明</td>
</tr>
<tr>
<td align="left" bgcolor="#FFFFFF"><table width="100%" border="0" cellpadding="2" cellspacing="1" class="w9pt">
<tr>
<td>系统根据不同的管理员,显示不同的功能。操作时请谨慎,数据删除后将不能恢复!</td>
</tr>
</table></td>
</tr>
</table></td>
<td width="551"><table height="450" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF">
<tr>
<td align="center" valign="top" bgcolor="#FFFFFF">
<%
'-----------------------------------------------------------
'过滤非法SQL字符
'-----------------------------------------------------------
function ReplaceBadChar(strChar)
if strChar="" then
ReplaceBadChar=""
else
ReplaceBadChar=replace(replace(replace(replace(replace(replace(replace(strChar,"'",""),"*",""),"?",""),"(",""),")",""),"<",""),".","")
end if
end function
'-----------------------------------------------------------
'取得表单数据
'-----------------------------------------------------------
UserName=ReplaceBadChar(trim(Request.Form("username")))
pwd=ReplaceBadChar(Trim(Request.Form("pwd")))
act=ReplaceBadChar(Trim(Request.QueryString("act")))
'-----------------------------------------------------------
'生成SQL代码
'-----------------------------------------------------------
if session("UserName")="" then
StrSql1="Select * From XcUserInfo where UserName='"&UserName&"'"
set rs1=server.CreateObject("adodb.recordset")
if not rs.eof then
StrSql="Select * From XcUserInfo where UserName='"&UserName&"' and pwd='"&pwd&"'"
Set Rs=Conn.execute(StrSql)
If Not Rs.Eof Then
session("id")=rs("id")
session("UserName")=rs("UserName")
session("pwd")=rs("pwd")
'ShowHave()
Else
ShowNot()
End If
else
response.Write("<script> alert('对不起,不存在这个用户!!!');</script>")
response.Redirect("index.asp")
end if
end if
if session("UserName")="" then
response.redirect("index.asp")
else
StrSqls="Select * From XcUserInfo where UserName='"&session("UserName")&"' and pwd='"&session("pwd")&"'"
Set Rs=Conn.execute(StrSqls)
call ShowHave()
end if
if act="info" then
call ShowInfo()
end if
if act="ps" then
call pas()
end if
%>
<% Sub pas()
if ReplaceBadChar(Trim(Request.QueryString("mode")))="edit" then
if trim(Request("pasa"))="" then
response.write("<script> alert('密码不能为空!!!')</script>")
response.redirect("search.asp?act=ps")
else
if trim(Request("pasa"))<>trim(Request("pasb"))then
response.write("<script> alert('两次输入密码不一至!!!')</script>")
response.redirect("search.asp?act=ps")
end if
end if
sqlstr="select * from XcUserInfo where id="&session("id")&" or UserName='"&session("UserName")&"'"
response.write(sqlstr)
'response.end
set rss=server.createobject("adodb.recordset")
rss.open sqlstr,conn,3,2
rss("pwd")=request("pasa")
rss.update
rss.close
set rss=nothing
response.Write("<script> alert('修改密码成功!!!')</script>")
response.redirect("search.asp")
end if
%>
<br>
<style>
td{font-size:9pt;}
</style>
<table width="500" border="0" cellpadding="0" cellspacing="1" class="TableAll">
<tr>
<td align="center" class="TrTop">修改密码</td>
</tr>
<tr>
<td height="30" align="center" bgcolor="#FFFFFF" class="9ptred"><form name="form1" method="post" action="?act=ps&mode=edit">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td> 输入密码</td>
<td><input name="pasa" type="password" id="pasa" style="width:100px" ></td>
<td>确认密码</td>
<td><input name="pasb" type="password" id="pasb" style="width:100px" ></td>
<td><input type="submit" name="Submit" value="提交"></td>
</tr>
</table>
</form>
</td>
</tr>
</table>
<% End Sub%>
<% Sub ShowNot() %>
<br>
<table width="500" border="0" cellpadding="0" cellspacing="1" class="TableAll">
<tr>
<td align="center" class="TrTop"> </td>
</tr>
<tr>
<td height="30" align="center" bgcolor="#FFFFFF" class="9ptred">对不起,没有您查询的会员信息</td>
</tr>
</table>
<% End Sub%>
<% Sub ShowHave() %>
<br>
<table width="501" border="0" cellpadding="0" cellspacing="1" class="TableAll">
<tr align="center" class="TrTop">
<td width="113" height="25">会员卡卡号</td>
<td width="113" height="25">姓名</td>
<td width="163" height="25">详细信息</td>
<td width="106">留言</td>
<td width="106"> </td>
</tr>
<%
Do while Not Rs.Eof
%>
<tr align="center" bgcolor="#FFFFFF">
<td height="30"> <%=Rs("UNumber")%></td>
<td> <%=Rs("UserName")%></td>
<!--< td><a href="Search.asp?UserNum=< % =R s("UNumber")%>">详细信息</a></td>-->
<td><a href="Search.asp?act=info">详细信息</a></td>
<td><a href="RepUser.asp?UserNum=<%=Rs("UNumber")%>&UserName=<%=Rs("UserName")%>" target="_blank">给他/她留言</a></td>
<td><a href="search.asp?act=ps">修改密码</a></td>
</tr>
<%
Rs.MoveNext
Loop
rs.close
%>
</table>
<% End Sub %>
<%
Sub ShowInfo()
StrSql="Select * From XcUserInfo where id=" & cint(session("id")) & " and UserName='"&session("UserName")&"'"
'response.Write(StrSql)
'response.End()
Set Rs=Conn.execute(StrSql)
%>
<br>
<table width="500" border="1" cellpadding="0" cellspacing="1"
bordercolor="#ABABAB" background="Images/Byz.gif" class="TableAll" bordercolordark="#FFFFFF">
<tr align="center">
<td colspan="5" class="TrTop">VIP会员详细信息</td>
</tr>
<tr>
<td width="64" height="25" align="center">会员姓名</td>
<td width="109"><%=Rs("UserName")%></td>
<td width="70" align="center">会员卡号</td>
<td width="115"><%=Rs("UNumber")%></td>
<td width="124" rowspan="7" align="center" valign="middle">
<%
Response.Write("<A href=" & Rs("Pic") & " Target=blank><img src=" & Rs("Pic") &" width=100 height=150 Border=0></A>")
%></td>
</tr>
<tr>
<td height="25" align="center">会员生日</td>
<td><%=Rs("UAge")%></td>
<td align="center">会员性别</td>
<td><%=Rs("USex")%></td>
</tr>
<tr>
<td height="25" align="center">会员积分</td>
<td height="25"><%=Rs("PenName")%></td>
<td align="center">身体状况</td>
<td><%=Rs("Zk")%></td>
</tr>
<tr>
<td height="25" align="center">护照号码</td>
<td><%=Rs("Hzhao")%></td>
<td align="center">婚嫁状况</td>
<td><%=Rs("UserTest")%></td>
</tr>
<tr>
<td height="25" align="center">联系电话</td>
<td><%=Rs("UTel")%></td>
<td align="center">有效期限</td>
<td><%=Rs("EduType")%></td>
</tr>
<tr>
<td height="25" align="center">入会方式</td>
<td><%=Rs("Edu")%></td>
<td align="center">入会时间</td>
<td><%=Rs("Rtuan")%></td>
</tr>
<tr>
<td height="25" align="center">向往国家</td>
<td><%=Rs("Gjia")%></td>
<td align="center">会员照片</td>
<td> </td>
</tr>
<tr>
<td height="25" align="center">家庭成员</td>
<td colspan="4"><%=Rs("Usercy")%></td>
</tr>
<tr>
<td height="25" align="center">工作单位</td>
<td colspan="4"><%=Rs("Userdw")%></td>
</tr>
<tr>
<td height="25" align="center">家庭住址</td>
<td colspan="4"><%=Rs("UAddr")%></td>
</tr>
<tr>
<td height="25" align="center">其他</td>
<td height="190" colspan="4" valign="top"><table width="95%" border="0" align="center" cellpadding="1" cellspacing="1" class="w9pt">
<tr>
<td><%=Rs("UOther")%></td>
</tr>
</table></td>
</tr>
</table>
<% End Sub %>
</td>
</tr>
</table></td>
</tr>
</table>
<%
'rs1.close
'set rs1=nothing
%>