原来我看到一段代码如下,是显示在线人数的数字的,这个程序在别的页面上用<img src="OnlineCount.asp">来进行显示,但是奇怪的是:原来能正常显示的,但不知道是否2000升级了什么,现在其他的电脑IE浏览的时候显示不出(如图一),而有些朋友的NetScape却能显示正常???
我觉得应该是两种浏览器的区别造成的,现在我想根据这个程序另用一种更“兼容”的方式(或者VB)来写,但是,看来看去,真心话:看得不是很懂。。。。。:(,看看各位高手指点一下。
————————————————————————————————————————————————————
<%@ Language=JavaScript %>
<%
var strCountData="1234567890";
var theTime=new Date();
function GetOnline()
{
if (typeof(Application("GuestOnline"))=="undefined")
Application("GuestOnline")="0";
}
function checkGuest()
{
//check Me
if (typeof(Session("test"))=="undefined")
Session("test")="guest";
var strUserName=String(Session("test"));
var strGuestOnline=String(Application("GuestOnline"));
var GuestArray=strGuestOnline.split("\n");
var i;
var iGuestNum;
if (typeof(Session("GuestNum"))=="undefined")
{
for (i=0;i<GuestArray.length;i++)
{
if (GuestArray[i]=="0") break;
}
Session("GuestNum")=i;
}
iGuestNum=Session("GuestNum")*1;
if (iGuestNum>10000)iGuestNum=10000;
var strFormatTime=theTime.getTime();
strFormatTime="0000000000000000000"+strFormatTime;
strFormatTime=strFormatTime.substr(strFormatTime.length-16,16);
GuestArray[iGuestNum]=strFormatTime+strUserName;
strGuestOnline=GuestArray.join("\n");
Application("GuestOnline")=strGuestOnline;
return 1;
}
function GetNumber()
{
//Count Guests on line
var strFormatTime=theTime.getTime()-5*60*1000;
strFormatTime="0000000000000000000"+strFormatTime;
strFormatTime=strFormatTime.substr(strFormatTime.length-16,16);
var strGuestOnline=String(Application("GuestOnline"));
var GuestArray=strGuestOnline.split("\n");
var iGuestCounter=0;
var i;
for (i=0;i<GuestArray.length;i++)
{
if (GuestArray[i].substr(0,16)> strFormatTime)
iGuestCounter++;
else if (GuestArray[i].length>0)
GuestArray[i]="0";
}
strGuestOnline=GuestArray.join("\n");
Application("GuestOnline")=strGuestOnline;
strCountData=iGuestCounter;
return strCountData;
}
function OutPut()
{
var i;
strCountData=""+strCountData;
var strDigits= new Array(
"0","0x3c","0x66","0x66","0x66","0x66","0x66","0x66","0x66","0x66","0x3c", //0
"1","0x30","0x38","0x30","0x30","0x30","0x30","0x30","0x30","0x30","0x30", //1
"2","0x3c","0x66","0x60","0x60","0x30","0x18","0x0c","0x06","0x06","0x7e", //2
"3","0x3c","0x66","0x60","0x60","0x38","0x60","0x60","0x60","0x66","0x3c", //3
"4","0x30","0x30","0x38","0x38","0x34","0x34","0x32","0x7e","0x30","0x78", //4
"5","0x7e","0x06","0x06","0x06","0x3e","0x60","0x60","0x60","0x66","0x3c", //5
"6","0x38","0x0c","0x06","0x06","0x3e","0x66","0x66","0x66","0x66","0x3c", //6
"7","0x7e","0x66","0x60","0x60","0x30","0x30","0x18","0x18","0x0c","0x0c", //7
"8","0x3c","0x66","0x66","0x66","0x3c","0x66","0x66","0x66","0x66","0x3c", //8
"9","0x3c","0x66","0x66","0x66","0x66","0x7c","0x60","0x60","0x30","0x1c"); //9
var iCharCount=strCountData.length;
var iCharWidth=8;
var iCharHeight=10;
var theBit;
var theNum;
Response.ContentType ="image/x-xbitmap";
Response.Expires =0;
Response.Write ("#define counter_width "+ iCharWidth*iCharCount+"\r\n"); //图形宽
Response.Write ("#define counter_height "+ iCharHeight+"\r\n"); //图形高
Response.Write ("static unsigned char counter_bits[]={\r\n");
for (iRow=0;iRow<iCharHeight;iRow++)
for (i=0;i<iCharCount;i++)
{
theBit=strCountData.charAt(i);
for (k=0;k<strDigits.length;k+=(iCharHeight+1))
{
if (strDigits[k]==theBit)break;
}
if (k>=strDigits.length)k=0;
theOffset=k+1;
Response.Write (strDigits[theOffset+iRow]);
Response.Write (",");
}
Response.Write ("};\r\n");
}
GetOnline();
checkGuest();
GetNumber();
OutPut();
%>
————————————————————————————————————————————————————
在网络上搜索了好久,我终于明白了是什么原因了。。。。
因为这个代码的显示是使用了“Xbm图形格式”,也就是这个Response.ContentType ="image/x-xbitmap";
——————————————————————————————————-———————————-—
这个被广泛采用的生成验证代码的技术,微软在XP的SP2升级包中默认禁止掉它了。。。这就需要从Xbm的漏洞谈起了。
Microsoft Internet EXPlorer和Outlook EXPress在处理WEB页,HTML邮件,EMAIL附件中畸形Xbm图象文件会导致崩溃,问题存在于对Xbm文件中的内容缺少检查,MSIE按照图象规定的长度和宽度分配内存,攻击者可以提高超大的长度和宽度数值导致系统消耗内存或者访问冲突。
换句话说,如果构造一个长宽的尺寸特别大的Xbm文件,很容易导致Windows的内存耗尽,导致程序无响应或者死机。本身来说,这不算一个特别严重的漏洞,因为根据安全公告,无法造成溢出,不会存在太大的权限漏洞。但是由于XP的SP2强调安全性,因此将Xbm功能禁用了。从这点上可以看出,SP2对于安全的确比较重视,将有漏洞的功能基本上都补上或禁用了,作为网络管理员,我对微软的做法表示支持,因为操作系统默认设置的不安全,常常是造成非专业用户被攻击的首要因素。
——————————————————————————————————-———————————-—
但是我不知道在这样的代码中,如何进行修改?采取一种什么样的方法来生成“在线人数”的显示呢??各位兄弟,能帮帮看一下吗??
[此贴子已经被作者于2005-12-23 19:44:30编辑过]