<%@ codepage ="936" %>
<%
Response.Buffer=true
name=Request.form("name")
name=trim(name)
name=HTMLEncode(name)
oldname=Request.form("oldname")
oldname=trim(oldname)
oldpass=Request.form("oldpass")
oldpassA=oldpass
%>
<%
oldpass=jiamipass(oldpass)
e_mail=Request.form("e_mail")
sex=Request.form("sex")
regpic=Request.form("regpic")
if session("TWT_ARR_ArgALL")="" then response.end
TWT_ArrArg=split(session("TWT_ARR_ArgALL"),"=")
nickname=TWT_ArrArg(0)
myid=TWT_ArrArg(1)
grade=TWT_ArrArg(2)
set TWT_ArrArg=nothing
if nickname="" or myid="" then Response.Redirect "error.ASP?id=210"
checkstr=name&oldpassA&e_mail&sex®pic
if grade=10 and nickname<>name then
response.write "站长不能修改自已的用户名"
response.end
end if
if instr(checkstr,"'")<>0 or instr(checkstr,"|")<>0 or instr(checkstr," ")<>0 or instr(checkstr,"=")<>0 then
response.write "不要捣乱哦。"
response.end
end if
if oldname<>nickname then
response.write "不要捣乱哦。"
response.end
end if
if name="" or oldname="" then
message="帐号不能为空"
elseif ConvLen(name)>10 or ConvLen(oldname)>10 Then
message="用户名不能超过10个字符(中文五个字符)。"
elseif name=jiutian_dabusi then
message="此账号为系统所保留,不允许进行修改。"
elseif oldpass="" then
message="密码不能为空"
else
chrname=len(name)
for i=1 to chrname
snme=mid(name,i,1)
if instr(jiutian_disloginname,snme)<>0 then call errAlt("错误:你是不是有病啊,换名字吧!")
next
if Instr(twt_sys_grade,"|" & name & "|")<>0 or name="大家" or name="系统" or name="江湖小二" or name="无" or name="已结案" or name="未结案" or name="root" then
call errAlt("错误:该名字已被系统保留,不能注册!")
end if
if chrname>=2 then
if left(name,3)="%20" or InStr(name,"+")<>0 OR InStr(name,"=")<>0 or InStr(name,"`")<>0 or InStr(name,"'")<>0 or InStr(name," ")<>0 or InStr(name," ")<>0 or InStr(name,"'")<>0 or InStr(name,chr(34))<>0 or InStr(name,"\")<>0 or InStr(name,",")<>0 or InStr(name,"<")<>0 or InStr(name,">")<>0 or InStr(name,"|")<>0 then
call errAlt("错误:姓名非法!")
end if
else
call errAlt("错误:姓名不能少于两个字符!")
end if
Set conn=Server.CreateObject("ADODB.CONNECTION")
Set rs=Server.CreateObject("ADODB.RecordSet")
connstr=Application("hg_connstr")
conn.open connstr
'校验用户
sql="SELECT 状态 FROM 用户 WHERE 姓名='" & name & "'"
Set Rs=conn.Execute(sql)
If not(Rs.Bof OR Rs.Eof) and name<>nickname Then message="nopass"
rs.close
sql="SELECT 状态 FROM 用户 WHERE 姓名='" & nickname & "' and 密码='" & oldpass& "' and id="&myid
Set Rs=conn.Execute(sql)
If Rs.Bof OR Rs.Eof or message="nopass" Then
message="对不起,你的原密码不对或不是注册用户。"
if message="nopass" then message="对不起,新用户名在数据库中已存在。"
else
if rs("状态")="眠" then
message="你现在休息中,不能修改资料!"
else
sql="update 用户 set 密码='" & oldpass & "',性别='" & sex & "',形象='" & regpic & "',信箱='" & e_mail & "',姓名='" & name & "' where id=" & myid
conn.Execute(sql)
sql="update 物品 set 拥有者='" & name & "' where 拥有者='" & nickname & "'"
conn.Execute(sql)
sql="update 用户 set 小妾='" & name & "' where 小妾='" & nickname & "'"
conn.Execute(sql)
sql="update 用户 set 介绍人='" & name & "' where 介绍人='" & nickname & "'"
conn.Execute(sql)
sql="update 用户 set 师傅='" & name & "' where 师傅='" & nickname & "'"
conn.Execute(sql)
sql="update 用户 set 保留='" & name & "' where 保留='" & nickname & "'"
conn.Execute(sql)
sql="update 用户 set 配偶='" & name & "' where 配偶='" & nickname & "'"
conn.Execute(sql)
sql="update 施法 set 姓名='" & name & "' where 姓名='" & nickname & "'"
conn.Execute(sql)
sql="update 在线赌博 set 姓名='" & name & "' where 姓名='" & nickname & "'"
conn.Execute(sql)
sql="update 人命 set 凶手='" & name & "' where 凶手='" & nickname & "'"
conn.Execute(sql)
sql="update 门派 set 掌门='" & name & "' where 掌门='" & nickname & "'"
conn.Execute(sql)
sql="update myanimal set username='" & name & "' where username='" & nickname & "'"
conn.Execute(sql)
message="恭喜您成功地修改了资料!"
end if
end if
conn.close
set rs=nothing
end if
%>
<%sub errAlt(errstr)%>
<%
Response.End
End sub
Function ConvLen(strname)
dim namelen,zh,zhasc
namelen=0
for i=1 to len(strname)
zh=mid(strname,i,1)
zhasc=asc(zh)
if zhasc<0 then
namelen=namelen+2
else
namelen=namelen+1
if CStr(server.URLEncode(zh))<>CStr(zh) then Response.Redirect "error.asp?id=120"
end if
next
ConvLen=namelen
end Function
%>