<%@language=vbscript codepage=936 %>
<%
dim UserID,Action,FoundErr,ErrMsg
dim rsUser,sqlUser
Action=trim(request("Action"))
UserID=trim(request("UserID"))
if UserID="" then
FoundErr=True
ErrMsg=ErrMsg & "
参数不足!
"
call WriteErrMsg()
else
Set rsUser=Server.CreateObject("Adodb.RecordSet")
sqlUser="select * from [User] where UserID=" & Clng(UserID)
rsUser.Open sqlUser,conn,1,3
if rsUser.bof and rsUser.eof then
FoundErr=True
ErrMsg=ErrMsg & "
找不到指定的用户!
"
else
if Action="Modify" then
dim UserName,Password,Question,Answer,Sex,Email,Homepage,LockUser,Comane,Add,Somane,Zip,Phone,Fox
UserName=trim(request("UserName"))
Password=trim(request("Password"))
Question=trim(request("Question"))
Answer=trim(request("Answer"))
Sex=trim(Request("Sex"))
Email=trim(request("Email"))
Homepage=trim(request("Homepage"))
Comane=trim(request("Comane"))
Add=trim(request("Add"))
Somane=trim(request("Somane"))
Zip=trim(request("Zip"))
Phone=trim(request("Phone"))
Fox=trim(request("Fox"))
LockUser=trim(request("LockUser"))
if UserName="" or strLength(UserName)>14 or strLength(UserName)<4 then
founderr=true
errmsg=errmsg & "
请输入用户名(不能大于14小于4)
"
else
if Instr(UserName,"=")>0 or Instr(UserName,"%")>0 or Instr(UserName,chr(32))>0 or Instr(UserName,"?")>0 or Instr(UserName,"&")>0 or Instr(UserName,";")>0 or Instr(UserName,",")>0 or Instr(UserName,"'")>0 or Instr(UserName,",")>0 or Instr(UserName,chr(34))>0 or Instr(UserName,chr(9))>0 or Instr(UserName,"")>0 or Instr(UserName,"$")>0 then
errmsg=errmsg+"
用户名中含有非法字符
"
founderr=true
else
dim sqlReg,rsReg
sqlReg="select * from [User] where UserName='" & Username & "' and UserID<>" & UserID
set rsReg=server.createobject("adodb.recordset")
rsReg.open sqlReg,conn,1,1
if not(rsReg.bof and rsReg.eof) then
founderr=true
errmsg=errmsg & "
用户名已经存在!请换一个用户名再试试!
"
end if
rsReg.Close
set rsReg=nothing
end if
end if
if Password<>"" then
if strLength(Password)>12 or strLength(Password)<6 then
founderr=true
errmsg=errmsg & "
请输入密码(不能大于12小于6)。如不想修改,请留空!
"
else
if Instr(Password,"=")>0 or Instr(Password,"%")>0 or Instr(Password,chr(32))>0 or Instr(Password,"?")>0 or Instr(Password,"&")>0 or Instr(Password,";")>0 or Instr(Password,",")>0 or Instr(Password,"'")>0 or Instr(Password,",")>0 or Instr(Password,chr(34))>0 or Instr(Password,chr(9))>0 or Instr(Password,"")>0 or Instr(Password,"$")>0 then
errmsg=errmsg+"
密码中含有非法字符
"
founderr=true
end if
end if
end if
if Sex="" then
founderr=true
errmsg=errmsg & "
性别不能为空
"
else
sex=cint(sex)
if Sex<>0 and Sex<>1 then
Sex=1
end if
end if
if Email="" then
else
if IsValidEmail(Email)=false then
errmsg=errmsg & "
您的Email有错误
"
founderr=true
end if
end if
if LockUser="" then
FoundErr=True
ErrMsg=ErrMsg & "
用户状态不能为空!
"
end if
if FoundErr<>true then
rsUser("UserName")=UserName
if Password<>"" then
rsUser("Password")=md5(Password)
end if
rsUser("Question")=Question
if Answer<>"" then
rsUser("Answer")=md5(Answer)
end if
rsUser("Sex")=Sex
rsUser("Email")=Email
rsUser("HomePage")=HomePage
rsUser("Comane")=Comane
rsUser("Add")=Add
rsUser("Somane")=Somane
rsUser("Zip")=Zip
rsUser("Phone")=Phone
rsUser("Fox")=Fox
rsUser("LockUser")=LockUser
rsUser.update
rsUser.Close
set rsUser=nothing
call CloseConn()
response.redirect "UserManage.asp"
end if
end if
end if
if FoundErr=True then
call WriteErrMsg()
else
%>
<%
end if
rsUser.close
set rsUser=nothing
end if
call CloseConn()
%>