有用户名id均为NULL是为什么,求教大侠
全部代码如下:(今日发现几个数据库中都都null的id和密码,密码是md5加密的。不清楚怎么才能不让注册这种用户呢,是否是注入攻击,被黑了?请高人指点,小生新手
)<%
Function Checkstr(Str)
If Isnull(Str) Then
CheckStr = ""
Exit Function
End If
Str = Replace(Str,Chr(0),"", 1, -1, 1)
'Str = Replace(Str, """, "", 1, -1, 1)
Str = Replace(Str,"<?","", 1, -1, 1)
Str = Replace(Str,">?","", 1, -1, 1)
Str = Replace(Str, "script", "", 1, -1, 0)
Str = Replace(Str, "SCRIPT", "", 1, -1, 0)
Str = Replace(Str, "Script", "", 1, -1, 0)
Str = Replace(Str, "script", "", 1, -1, 1)
Str = Replace(Str, "object", "", 1, -1, 0)
Str = Replace(Str, "OBJECT", "", 1, -1, 0)
Str = Replace(Str, "Object", "", 1, -1, 0)
Str = Replace(Str, "object", "", 1, -1, 1)
Str = Replace(Str, "applet", "", 1, -1, 0)
Str = Replace(Str, "APPLET", "", 1, -1, 0)
Str = Replace(Str, "Applet", "", 1, -1, 0)
Str = Replace(Str, "applet", "", 1, -1, 1)
Str = Replace(Str, "[", "")
Str = Replace(Str, "]", "")
Str = Replace(Str, """", "", 1, -1, 1)
Str = Replace(Str, "=", "", 1, -1, 1)
Str = Replace(Str, "'", "", 1, -1, 1)
Str = Replace(Str, "select", "", 1, -1, 1)
Str = Replace(Str, "execute", "", 1, -1, 1)
Str = Replace(Str, "exec", "", 1, -1, 1)
Str = Replace(Str, "join", "", 1, -1, 1)
Str = Replace(Str, "union", "", 1, -1, 1)
Str = Replace(Str, "where", "", 1, -1, 1)
Str = Replace(Str, "insert", "", 1, -1, 1)
Str = Replace(Str, "delete", "", 1, -1, 1)
Str = Replace(Str, "update", "", 1, -1, 1)
Str = Replace(Str, "like", "", 1, -1, 1)
Str = Replace(Str, "drop", "", 1, -1, 1)
Str = Replace(Str, "create", "", 1, -1, 1)
Str = Replace(Str, "rename", "", 1, -1, 1)
Str = Replace(Str, "count", "", 1, -1, 1)
Str = Replace(Str, "chr", "", 1, -1, 1)
Str = Replace(Str, "mid", "", 1, -1, 1)
Str = Replace(Str, "truncate", "", 1, -1, 1)
Str = Replace(Str, "nchar", "", 1, -1, 1)
Str = Replace(Str, "char", "", 1, -1, 1)
Str = Replace(Str, "alter", "", 1, -1, 1)
Str = Replace(Str, "cast", "", 1, -1, 1)
Str = Replace(Str, "exists", "", 1, -1, 1)
Str = Replace(Str,Chr(13),"<?br>;", 1, -1, 1)
CheckStr = Replace(Str,"ˇ","ˇˇ", 1, -1, 1)
End Function
%>
<% '//SQL防注入函数,参数UnSql_Words为传入的变量或字串,UnSql_Class为类型 1数字型,2字符型 Function UnSql(UnSql_Words,UnSql_Class) If UnSql_Class = 1 Then If IsNumeric(UnSql_Words) = False Then Response.Write "<title>错误:请勿尝注非法注入</title>" Response.Write "<font size=2>偶一直在那痛苦滴边缘徘徊!</font>" Response.Write " <font color=#ffffff size=2>[BY 枫知秋,QQ 600251]</font>" Response.End() End If Else UnSql_Words = Replace(UnSql_Words,"'","") UnSql_Words = Replace(UnSql_Words,";","") UnSql_Words = Replace(UnSql_Words,"=","") UnSql_Words = Replace(UnSql_Words,">","") UnSql_Words = Replace(UnSql_Words,"<","") End If UnSql = UnSql_Words End Function %>
<!--#include file="coss.asp"-->
<!--#include file = "md5.asp"-->
<%
Private Function getIP()
Dim strIPAddr
If Request.ServerVariables("HTTP_X_FORWARDED_FOR") = "" OR InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), "unknown") > 0 Then
strIPAddr = Request.ServerVariables("REMOTE_ADDR")
ElseIf InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ",") > 0 Then
strIPAddr = Mid(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), 1, InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ",")-1)
ElseIf InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ";") > 0 Then
strIPAddr = Mid(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), 1, InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ";")-1)
Else
strIPAddr = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
End If
getIP = Trim(Mid(strIPAddr, 1, 30))
End Function
Function ChkInvaildWord(Words)
Const InvaildWords="select|update|delete|insert|union|--|,|'" '需要过滤得字符以“|”隔开,最后结束的字符必须是|
ChkInvaildWord=True
InvaildWord=Split(InvaildWords,"|")
inWords=LCase(Trim(Words))
For i=LBound(InvaildWord) To UBound(InvaildWord)
If Instr(inWords,InvaildWord(i))>0 Then
ChkInvaildWord=True
Exit Function
End If
Next
ChkInvaildWord=False
End Function
if(request("action")="save") then
id=request("id")
pwd1=request("passwd")
pwd2=request("passwd_re")
an1=request("anquanma")
an2=request("anquanma2")
if(ChkInvaildWord(id) or ChkInvaildWord(pwd1) or ChkInvaildWord(pwd2) or ChkInvaildWord(an1) or ChkInvaildWord(an2)) then
Response.write "<SCRIPT language=JavaScript>alert('包含非法字符!');history.go(-1);</SCRIPT>"
Response.End
end if
if pwd1<>pwd2 then
Response.write "<SCRIPT language=JavaScript>alert('两次密码不一致!');history.go(-1);</SCRIPT>"
Response.End
end if
if an1<>an2 then
Response.write "<SCRIPT language=JavaScript>alert('两次安全码不一致!');history.go(-1);</SCRIPT>"
Response.End
end if
pwd1 = md5(pwd1)
Set rs1= Server.CreateObject("ADODB.Recordset")
SQL="Select * from account_login where name='"&Checkstr(request("username"))&id&"'"
rs1.open SQL,conn,1,3
if rs1.eof or rs1.bof then
rs1.addnew
rs1("name")=id
rs1("password")=pwd1
rs1("anquanma")=an1
rs1.update
rs1.close
Response.write "<SCRIPT language=JavaScript>alert('注册成功!');history.go(-1);</SCRIPT>"
else
rs1.close
Response.write "<SCRIPT language=JavaScript>alert('ID已经被使用,注册失败!');history.go(-1);</SCRIPT>"
Response.End
end if
set rs1=nothing
end if
%>
<html>
<head>
<STYLE type=text/css>
BODY {
FONT-SIZE: 12px; COLOR: #c0c7c6
}
TD {
FONT-SIZE: 12px; COLOR: #c0c7c6
}
TH {
FONT-SIZE: 12px; COLOR: #c0c7c6
}
BODY {
MARGIN: 0px; BACKGROUND-COLOR: #1a2621
}
.style5 {
COLOR: #ffff00
}
</STYLE>
<LINK href="/image/woool.css" type=text/css rel=stylesheet>
<STYLE type=text/css>
BODY {
COLOR: #ffffff;
margin-top: 130px;
background-image: url(/image/gunz00_renewal.jpg);
}
TD {
COLOR: #ffffff
}
TH {
COLOR: #ffffff
}
A:link {
COLOR: #ffffff
}
A {
FONT-SIZE: 14px
}
.STYLE6 {color: #000000}
</STYLE>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<meta name="GENERATOR" content="Microsoft FrontPage 6.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>注册帐号</title>
</head>
<script language="vbscript">
function checkform()
Set regEx = New RegExp
struserid = Document.form.id.value
if struserid ="" then
msgbox("请输入你的帐号!")
document.form.id.focus()
checkform=false
exit function
end if
regEx.Pattern = "\W"
regEx.IgnoreCase = false
Set Match = regEx.Execute(struserid)
if Match.count>0 then
msgbox("您的帐号不符合规则!")
document.form.id.focus()
checkform=false
exit function
End if
set Match = nothing
if len(struserid) < 4 or len(struserid)>12 then
msgbox("帐号长度不正确,请输入长度4-12位的帐号!")
document.form.id.focus()
checkform=false
exit function
end if
if len(document.form.passwd.value) < 6 or len(document.form.passwd.value) > 12 then
msgbox("错误的密码长度,请输入长度6-12位的密码!")
document.form.passwd.focus()
checkform=false
exit function
end if
if len(document.form.anquanma.value) < 4 or len(document.form.anquanma.value) > 12 then
msgbox("错误的安全码长度,请输入长度4-12位的安全码!")
document.form.anquanma.focus()
checkform=false
exit function
end if
if instr(document.form.passwd.value," ") > 0 then
msgbox("密码中不能有空格")
document.form.passwd.focus()
checkform=false
exit function
end if
if instr(document.form.anquanma.value," ") > 0 then
msgbox("安全码中不能有空格")
document.form.anquanma.focus()
checkform=false
exit function
end if
if (document.form.passwd.value <> document.form.passwd_re.value) then
msgbox("两次输入的密码不一致!")
document.form.passwd_re.focus()
checkform=false
exit function
end if
if (document.form.anquanma.value <> document.form.anquanma2.value) then
msgbox("两次输入的安全码不一致!")
document.form.anquanma2.focus()
checkform=false
exit function
end if
document.form.action="reg.asp?action=save"
return true
end function
</script>
<body link="#FFFFFF" vlink="#FFFFFF" alink="#FFFFFF" style="background-color: #FFFFFF">
<div align="center">
<center>
<TABLE cellSpacing=0 cellPadding=0 width="81%"
bgColor=#006699 border=0 height="310">
<form name='form' method='post' action='' onSubmit="javascript:return checkform();">
<TR>
<TD width="28%"
height=48 bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF" bgcolor="#FFFFFF"><span class="STYLE6"> <b><font size="3">账号注册</font></b></span></TD>
<TD width="72%" bgColor=#FFFFFF height="48" bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF">
<span class="STYLE6"> 版权所有:开心</span></TD>
</TR>
<TR bgcolor="#006699">
<TD width="28%"
height=43 bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF" bgcolor="#FFFFFF">
<b><span class="STYLE6">*帐号:</span></b></TD>
<TD width="72%" height="43" bgcolor="#FFFFFF" bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF"><span class="STYLE6">
<input type="text" name="id" maxlength="12" size="12">
字符或数字组成,不区分大小写,长度4~12位</span></TD>
</TR>
<TR bgcolor="#006699">
<TD
height=34 bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF" bgcolor="#FFFFFF"><b><span class="STYLE6">*安全码:</span></b></TD>
<TD height="34" bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF" bgcolor="#FFFFFF"><span class="STYLE6">
<input name="anquanma" type="text" id="anquanma" size="12" maxlength="12">
长度4~12位,找回密码用,不要和密码一致,为了防止有人骗取玩家密码,GM不处理修改密码业务</span></TD>
</TR>
<TR bgcolor="#006699">
<TD
height=34 bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF" bgcolor="#FFFFFF"><b><span class="STYLE6">*确认安全码:</span></b></TD>
<TD height="34" bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF" bgcolor="#FFFFFF"><span class="STYLE6">
<input name="anquanma2" type="text" id="anquanma2" size="12" maxlength="12">
长度4~12位,找回密码用,不要和密码一致,为了防止有人骗取玩家密码,GM不处理修改密码业务</span></TD>
</TR>
<TR bgcolor="#006699">
<TD width="28%"
height=34 bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF" bgcolor="#FFFFFF">
<b><span class="STYLE6">*密码:</span></b></TD>
<TD width="72%" height="34" bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF" bgcolor="#FFFFFF"><span class="STYLE6">
<input type="password" name="passwd" maxlength="12" size="12">
字符、数字或特殊字符组成,区分大小写,长度6~12位</span></TD>
</TR>
<TR bgcolor="#006699">
<TD width="28%"
height=50 bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF" bgcolor="#FFFFFF">
<b><span class="STYLE6">*确认密码:</span></b></TD>
<TD width="72%" height="50" bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF" bgcolor="#FFFFFF"><font color="#CC33FF">
<input type="password" name="passwd_re" maxlength="12" size="12">
</font><font color="#99CC00"> </font><span class="STYLE6">字符、数字或特殊字符组成,区分大小写,长度6~12位</span></TD>
</TR>
<TR>
<TD width="28%"
height=67 bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF" bgcolor="#FFFFFF">
<p> </p></TD>
<TD width="72%" bgColor=#FFFFFF height="67" bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF"> <p align="left">
<input type="submit" value="现在注册" name="B1">
</TD>
</TR>
</form>
</TABLE>
</center>
</div>
</body>
</html>
