<% dim Action,UserName,FoundErr,ErrMsg dim rsUser,sqlUser Action=trim(request("Action")) UserName=trim(request("UserName")) if Action="" and session("UserName")="" then response.redirect "Server.asp" end if if Action="Modify" and UserName<>"" then Set rsUser=Server.CreateObject("Adodb.RecordSet") sqlUser="select * from [User] where UserName='" & UserName & "'" rsUser.Open sqlUser,conn,1,3 if rsUser.bof and rsUser.eof then FoundErr=True ErrMsg=ErrMsg & "
  • 找不到指定的用户!
    • " else dim OldPassword,Password,PwdConfirm OldPassword=trim(request("OldPassword")) Password=trim(request("Password")) PwdConfirm=trim(request("PwdConfirm")) if OldPassword="" then FoundErr=True ErrMsg=ErrMsg & "
  • 请输入旧密码!
    • " else if Instr(OldPassword,"=")>0 or Instr(OldPassword,"%")>0 or Instr(OldPassword,chr(32))>0 or Instr(OldPassword,"?")>0 or Instr(OldPassword,"&")>0 or Instr(OldPassword,";")>0 or Instr(OldPassword,",")>0 or Instr(OldPassword,"'")>0 or Instr(OldPassword,",")>0 or Instr(OldPassword,chr(34))>0 or Instr(OldPassword,chr(9))>0 or Instr(OldPassword,"")>0 or Instr(OldPassword,"$")>0 then errmsg=errmsg+"
  • 旧密码中含有非法字符
    • " founderr=true else if md5(OldPassword)<>rsUser("Password") then FoundErr=True ErrMsg=ErrMsg & "
  • 你输入的旧密码不对,没有权限修改!
    • " end if end if end if if strLength(Password)>12 or strLength(Password)<6 then founderr=true errmsg=errmsg & "
  • 请输入新密码(不能大于12小于6)。
    • " else if Instr(Password,"=")>0 or Instr(Password,"%")>0 or Instr(Password,chr(32))>0 or Instr(Password,"?")>0 or Instr(Password,"&")>0 or Instr(Password,";")>0 or Instr(Password,",")>0 or Instr(Password,"'")>0 or Instr(Password,",")>0 or Instr(Password,chr(34))>0 or Instr(Password,chr(9))>0 or Instr(Password,"")>0 or Instr(Password,"$")>0 then errmsg=errmsg+"
  • 新密码中含有非法字符
    • " founderr=true end if end if if PwdConfirm="" then FoundErr=True ErrMsg=ErrMsg & "
  • 请输入确认密码!
    • " else if PwdConfirm<>Password then FoundErr=True ErrMsg=ErrMsg & "
  • 确认密码与新密码不一致!
    • " end if end if if FoundErr<>true then rsUser("Password")=md5(Password) rsUser.update end if end if rsUser.close set rsUser=nothing if FoundErr=True then call WriteErrMsg() else response.write"" end if else %>
         会员中心
         会 员 中 心
    修改用户密码
    用 户 名: <%=session("UserName")%> ">
    旧 密 码:
    新 密 码:
    确认密码:
    <% end if call CloseConn() %>