- <%@ CODEPAGE=936%>
- <%
- Session.CodePage=936
- Response.Charset="GBK"
- Dim Conn
- sub OpenConn()
- On Error Resume next
- Set Conn= Server.CreateObject("ADODB.Connection")
- '链接access
- 'databaseurl="#KO.mdb"
- 'Conn.ConnectionString="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath(databaseurl)
- '链接2000
- Conn.ConnectionString="Provider=SQLOLEDB;Data Source=(local);DATABASE=kn_online;UID=sa;pwd=slleo"
- Conn.Open
- if err.number<>0 then
- response.write("<div style='font-size:11px;font-weight:bold;border:1px #ccc solid;background:#fdfdea;padding:6px 10px;text-align:left;margin-bottom:8px;color:red;'>SQL数据库连接失败!请联系管理员解决!</div>")
- response.End
- end if
- end sub
- sub CloseConn()
- On Error Resume Next
- If IsObject(Conn) Then
- conn.close
- set conn=nothing
- end if
- end sub
- Function CheckStr(byVal ChkStr)
- Dim Str:Str=ChkStr
- Str=Trim(Str)
- If IsNull(Str) Then
- CheckStr = ""
- Exit Function
- End If
- Dim re
- Set re=new RegExp
- re.IgnoreCase =True
- re.Global=True
- re.Pattern="(\r\n){3,}"
- Str=re.Replace(Str,"$1$1$1")
- Set re=Nothing
- 'Str = Replace(Str,"'","''")
- Str = Replace(Str,"'",""")
- Str = Replace(Str, "select", "select")
- Str = Replace(Str, "join", "join")
- Str = Replace(Str, "union", "union")
- Str = Replace(Str, "where", "where")
- Str = Replace(Str, "insert", "insert")
- Str = Replace(Str, "delete", "delete")
- Str = Replace(Str, "update", "update")
- Str = Replace(Str, "like", "like")
- Str = Replace(Str, "drop", "drop")
- Str = Replace(Str, "create", "create")
- Str = Replace(Str, "modify", "modify")
- Str = Replace(Str, "rename", "rename")
- Str = Replace(Str, "alter", "alter")
- Str = Replace(Str, "cast", "cast")
- CheckStr=Str
- End Function
- action=trim(request("action"))
- if action="do" then
- openconn()
- charid=trim(CheckStr(request.form("charid")))
- pass=trim(CheckStr(request.form("pass")))
- Set rcs=conn.execute("select strAccountID from CURRENTUSER where [strAccountID]='"&charid&"'")
- If Not rcs.eof Then
- response.write("该账号当前在线,不可进行操作!")
- else
- set rs=conn.execute("select strAccountID,strPasswd from [TB_USER] where [strAccountID]='"&charid&"' and [strPasswd]='"&pass&"'")
- if not rs.eof then
- set cs=conn.execute("select strAccountID,bnation from ACCOUNT_CHAR where strAccountID='"&charid&"'")
- if not cs.eof then
- if cs("bnation")=1 then
- conn.execute("EXEC HumanNT '"&charid&"'")
- response.write("成功转成人族!")
- else
- conn.execute("EXEC KarusNT '"&charid&"'")
- response.write("成功转成兽族!")
- end if
- else
- response.write("该ID还没有创建账号!")
- end if
- else
- response.write("账号或密码不对!")
- end if
- rs.close:set rs=Nothing
- End if
- closeconn()
- end if
- %>
- <style>
- *{font-family:arial;font-size:12px;color:#000;}
- .listTbl{border-top:1px #777574 solid;border-left:1px #777574 solid;}
- .listTbl th{font-weight:bold;background:#4d4e48;}
- .listTbl th,
- .listTbl td{border-right:1px #777574 solid;border-bottom:1px #777574 solid;padding:4px;}
- </style>
- <form action="?action=do" method="post">
- <table width="98%" border="0" cellspacing="0" cellpadding="0" class="listTbl">
- <tr>
- <td width="70">用户ID:</td>
- <td align="left"><input type="text" name="charid" /></td>
- </tr>
- <tr>
- <td>密码:</td>
- <td align="left"><input type="password" name="pass" /></td>
- </tr>
- <tr>
- <td> </td>
- <td align="left"><input type="submit" value="转换" /></td>
- </tr>
- </table>
- </form>
- <%closeconn()%>
|
