<% if CheckUserLogined()=False then response.Redirect "User_Login.asp" end if dim Action,FoundErr,ErrMsg dim OldPassword,Password,PwdConfirm dim rsUser,sqlUser Action=trim(request("Action")) UserName=trim(request("UserName")) OldPassword=trim(request("OldPassword")) Password=trim(request("Password")) PwdConfirm=trim(request("PwdConfirm")) if Action="Modify" and UserName<>"" then Set rsUser=Server.CreateObject("Adodb.RecordSet") sqlUser="select * from " & db_User_Table & " where " & db_User_Name & "='" & UserName & "'" rsUser.Open sqlUser,Conn_User,1,3 if rsUser.bof and rsUser.eof then FoundErr=True ErrMsg=ErrMsg & "
  • 找不到指定的用户!
    • " else if OldPassword="" then FoundErr=True ErrMsg=ErrMsg & "
  • 请输入旧密码!
    • " else if Instr(OldPassword,"=")>0 or Instr(OldPassword,"%")>0 or Instr(OldPassword,chr(32))>0 or Instr(OldPassword,"?")>0 or Instr(OldPassword,"&")>0 or Instr(OldPassword,";")>0 or Instr(OldPassword,",")>0 or Instr(OldPassword,"'")>0 or Instr(OldPassword,",")>0 or Instr(OldPassword,chr(34))>0 or Instr(OldPassword,chr(9))>0 or Instr(OldPassword,"")>0 or Instr(OldPassword,"$")>0 then errmsg=errmsg+"
  • 旧密码中含有非法字符
    • " founderr=true else if md5(OldPassword)<>rsUser(db_User_Password) then FoundErr=True ErrMsg=ErrMsg & "
  • 你输入的旧密码不对,没有权限修改!
    • " end if end if end if if strLength(Password)>12 or strLength(Password)<6 then founderr=true errmsg=errmsg & "
  • 请输入新密码(不能大于12小于6)。
    • " else if Instr(Password,"=")>0 or Instr(Password,"%")>0 or Instr(Password,chr(32))>0 or Instr(Password,"?")>0 or Instr(Password,"&")>0 or Instr(Password,";")>0 or Instr(Password,",")>0 or Instr(Password,"'")>0 or Instr(Password,",")>0 or Instr(Password,chr(34))>0 or Instr(Password,chr(9))>0 or Instr(Password,"")>0 or Instr(Password,"$")>0 then errmsg=errmsg+"
  • 新密码中含有非法字符
    • " founderr=true end if end if if PwdConfirm="" then FoundErr=True ErrMsg=ErrMsg & "
  • 请输入确认密码!
    • " else if PwdConfirm<>Password then FoundErr=True ErrMsg=ErrMsg & "
  • 确认密码与新密码不一致!
    • " end if end if if FoundErr<>true then Password=md5(Password) rsUser(db_User_Password)=Password rsUser.update Response.Cookies("asp163")("Password") = PassWord end if end if rsUser.close set rsUser=nothing if FoundErr=True then call WriteErrMsg() else call WriteSuccessMsg("成功修改密码!") end if else %> 修改用户密码
    修改用户密码
    用 户 名: <%=Trim(Request.Cookies("asp163")("UserName"))%> ">
    旧 密 码:
    新 密 码:
    确认密码:
    <% end if call CloseConn_User() %>