问题描述:
因为本人开始用动网时做了很多修改的地方
升级后都会把我修改的地方覆盖掉,又要重新来,累!~~~
针对非法成为管理员的漏洞大家有什么好的的方法,不用官方的升级包
本人的方法是
1,在conn.asp加入如下代码:
'==============================================================
'彻底删除非法成为管理员的用户
Dim Alan_AdminRs,Alan_BadAdminNameString
Set Alan_AdminRs = Conn.Execute("Select UserName From Dv_Admin Where ID Not In(2,6,9,12)")
If Alan_AdminRs.EOF And Alan_AdminRs.BOF Then
Else
Alan_BadAdminNameString = ""
Do WHile NOt Alan_AdminRs.EOF
Alan_BadAdminNameString = Alan_BadAdminNameString &"'"& Alan_AdminRs(0) &"',"
Alan_AdminRs.MoveNext
Loop
Set Alan_AdminRs = Nothing
End If
If Alan_BadAdminNameString <> "" Then
Alan_BadAdminNameString = Left(Alan_BadAdminNameString,Len(Alan_BadAdminNameString)-1)
Conn.Execute("Delete From Dv_admin Where UserName In("& Alan_BadAdminNameString &")")
Conn.Execute("Delete From Dv_User Where UserName In("& Alan_BadAdminNameString &")")
End If
'===============================================================
2,在后台管理首面index.asp加<!--#include file="myCheck.asp"-->
myCheck.asp代码
'绑定管理员ID
If Dvbbs.UserID<>1 Then
Response.write "非法管理员!!!!"
Response.End()
End If
3,在帖子的管理页面admin_postings.asp加入
Dim Alan_AdminList,Alan_iList,Alan_IsAdmin
Alan_IsAdmin = False
'绑定版主或管理员的ID列表
Alan_AdminList = "2,8,423,1051,1143,44,48,167,169,173,211,629,1386,1408,1445,1474"
Alan_AdminList = Split(Alan_AdminList, ",")
For Alan_iList = 0 To Ubound(Alan_AdminList)
If Trim(Dvbbs.UserID)=Trim(Alan_AdminList(Alan_iList)) Then
Alan_IsAdmin = True
Exit For
End If
Next
If Alan_IsAdmin = False Then
Response.Clear()
Response.write "非法管理权限"
Response.End()
End If
不知道各位大侠都有什么好的方法??
问题解答:
对动网非法成为管理员的漏洞防范这个旅游问答期待您的解答,请登录账号或关注微信公众号回答这个问题。
上海旅游网