|
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有帐号?立即注册
x
ActiveServerPage技术为应用开发商提供了基于脚本的直观、快速、高效的应用开发手段,极大地提高了开发的效果。在讨论ASP的安全性问题之前,让我们来看看ASP是怎么工作的。用户注册册及确认在线的ASP程序。
1.SQL的表及贮存历程
---------------------------------------------
CREATETABLE[dbo].[userbaseinfo](
[userid][varchar](50)NOTNULL,
[password][varchar](50)NOTNULL,
[validcodelogin][char](50)NOTNULL,
[userlevel][char](1)NULL,
[logintime][char](50)NULL
)ON[PRIMARY]
GO
altertableuserbaseinfo
add
constraintPK_userbaseinfo_userid
primarykey(userid)
Go
CREATETABLE[dbo].[userdetailinfo](
[userid][varchar](50)NOTNULL,
[password][varchar](30)NOTNULL,
[realname][varchar](10)NULL,
[sex][char](10)NULL,
[birthday][datetime]NULL,
[idcode][varchar](50)NULL,
[address][varchar](300)NULL,
[email][varchar](50)NULL,
[telephone][varchar](50)NULL
)ON[PRIMARY]
GO
altertableuserdetailinfo
add
constraintPK_userdetailinfo_userid
primarykey(userid)
Go
SETQUOTED_IDENTIFIEROFFSETANSI_NULLSON
GO
CREATEprocdbo.proc_GetRandom_internal
--获得校验码
@minNuminteger,
@maxNuminteger,
@RandomNumfloatoutput
as
setnocounton
declare@numRangeinteger
declare@ranSeedinteger
declare@curTimedatetime
begin
select@numRange=@maxNum-@minNum+1
select@curTime=getdate()
select@ranSeed=datediff(s,2000-1-1,@curTime)
select@ranSeed=@ranSeed+1
select@RandomNum=rand()*@numRange+@minNum
--print@RandomNum
return
end
GO
SETQUOTED_IDENTIFIEROFF
GO
SETANSI_NULLSON
GO
SETQUOTED_IDENTIFIEROFF
GO
SETANSI_NULLSON
GO
CREATEprocdbo.proc_GetValidCode_Internal
--获得校验码
@CodeLengthinteger,
@ValidCodevarchar(10)output
as
setnocounton
declare@chrRndchar(1)
declare@chrRndNointeger
begin
select@ValidCode=""
while(@CodeLength>0)
begin
execproc_GetRandom_internal1,52,@chrRndNooutput
if@chrRndNo>26
begin
select@chrRndNo=@chrRndNo+6
end
select@chrRnd=char(@chrRndNo+64)
select@ValidCode=@ValidCode+@chrRnd
select@CodeLength=@CodeLength-1
end
print@validCode
return
end
GO
SETQUOTED_IDENTIFIEROFF
GO
SETANSI_NULLSON
GO
SETQUOTED_IDENTIFIEROFF
GO
SETANSI_NULLSON
GO
CREATEprocdbo.proc_UserInfoUpdate
--用户更新团体信息
@ValidCodeLoginvarchar(10),
@RealNameVarchar(10),
@SexVarchar(10),
@Birthdaydatetime,
@IDCodeVarchar(50),
@AddressVarchar(300),
@eMailVarchar(50),
@TelephoneVarchar(50)
as
setnocounton
declare@UserValidFlagint
declare@ValidCodeRegvarchar(30)
declare@UserLevelvarchar(1)
declare@UserIDvarchar(30)
begin
execproc_isUserValidbyCode_internal@ValidCodeLogin,@UserValidFlagoutput
if@UserValidFlag<0
begin
--select@UserValidFlagasresultID
---1用户还没有登录
---2用户超时
return@UserValidFlag
end
select@UserID=UserIDfromUserBaseinfowhereValidCodeLogin=@ValidCodeLogin
UpdateUserDetailInfo
setRealName=@RealName,
Sex=@Sex,
Birthday=@Birthday,
IDCode=@IDCode,
Address=@Address,
eMail=@eMail,
Telephone=@Telephone
where
UserID=@UserID;
if(@RealName=""or@Birthday=""or@Sex=""or@IDCode=""or@Address=""or@eMail=""or@Telephone="")
begin
--select-3asresultID
return-3--信息还没有全体填写
end
select0asresultID
end
GO
SETQUOTED_IDENTIFIEROFF
GO
SETANSI_NULLSON
GO
SETQUOTED_IDENTIFIERON
GO
SETANSI_NULLSON
GO
createprocdbo.proc_UserLogOut
--用户加入
@ValidCodeLoginvarchar(10)
as
setnocounton
declare@UserValidFlagint
declare@UserLevelvarchar(9)
begin
execproc_isUserValidbyCode_internal@ValidCodeLogin,@UserValidFlagoutput
if(@UserValidFlag<0)
begin
--select@UserValidFlagasresultID
return@UserValidFlag
---1用户还没有登录
---2用户超时
end
UpdateUserBaseInfo
setValidCodeLogin=,
LoginTime=1970-1-1
where
ValidCodeLogin=@ValidCodeLogin
--select0asresultID
return0
end
GO
SETQUOTED_IDENTIFIEROFF
GO
SETANSI_NULLSON
GO
SETQUOTED_IDENTIFIEROFF
GO
SETANSI_NULLSON
GO
CREATEprocdbo.proc_UserRegBase
--用户基础材料注册
@UserIDVarchar(30),
@PasswordVarchar(30)
as
setnocounton
declare@UserLevelvarchar(9)
--declare@ValidCodeRegvarchar(10)
declare@ValidCodeLoginvarchar(10)
declare@LoginTimedatetime
declare@userExistint
declare@PwdLengthint
begin
select@UserLevel="0"
select@PwdLength=4
if(datalength(@Password)<@PwdLength)
begin
select-4asreturnID
return-4--暗码长度不敷
end
--execproc_GetValidCode_internal10,@ValidCodeRegoutput--获得用户注册校验码
execproc_GetValidCode_internal10,@ValidCodeLoginoutput--获得用户登录校验码
execproc_isUserExist_internal@UserID,@userExistoutput--获得用户存在标记
select@LoginTime=getdate()
print@userExist
if@userExist=0
begin
select-1asresultID
return-1--用户已存在
end
--拔出用户基础信息表
insertintoUserBaseInfo
(UserID,Password,UserLevel,ValidCodeLogin,LoginTime)
Values(@UserID,@Password,@UserLevel,@ValidCodeLogin,@LoginTime)
--拔出用户具体信息表
insertintoUserDetailInfo
(UserID,Password)Values(@UserID,@Password)
--获得用户注册校验码,登录校验码
select0asresultID
selectValidCodeLoginfromUserBaseInfowhereUserID=@UserID
return0
end
GO
SETQUOTED_IDENTIFIEROFF
GO
SETANSI_NULLSON
GO
SETQUOTED_IDENTIFIEROFF
GO
SETANSI_NULLSON
GO
createprocdbo.proc_isUserExist_internal
--判别用户名是不是存在
@UserIDVarchar(30),
@existFlagintoutput
as
setnocounton
begin
ifnotEXISTS(select*fromUserBaseInfowhereUserID=@UserID)
begin
select@existFlag=-1
return
end
select@existFlag=0
return
end
GO
SETQUOTED_IDENTIFIEROFF
GO
SETANSI_NULLSON
GO
SETQUOTED_IDENTIFIEROFF
GO
SETANSI_NULLSON
GO
createprocdbo.proc_isUserValidbyCode_internal
--用户身份查验(依据登录校验码)
@ValidCodeLoginvarchar(10),
@validFlagintoutput
as
setnocounton
declare@LoginTimedatetime
declare@curTimedatetime
declare@diffTimedatetime
begin
ifnotEXISTS(select*fromUserBaseInfowhereValidCodeLogin=@ValidCodeLogin)
begin
select@validFlag=-1--用户还没有登录
return
end
select@LoginTime=(selectLoginTimefromUserBaseInfowhereValidCodeLogin=@ValidCodeLogin)
select@curTime=getdate()
select@diffTime=datediff(hh,@LoginTime,@curTime)
if@diffTime>=10
begin
select@validFlag=-2--用户超时
return
end
select@LoginTime=getdate()--获得用户最初登录工夫
updateUserBaseInfosetLoginTime=@LoginTimewhereValidCodeLogin=@ValidCodeLogin
select@validFlag=0
return
end
GO
SETQUOTED_IDENTIFIEROFF
GO
SETANSI_NULLSON
GO
Access是一种桌面数据库,只适合数据量少的应用,在处理少量数据和单机访问的数据库时是很好的,效率也很高。但是它的同时访问客户端不能多于4个。access数据库有一定的极限,如果数据达到100M左右,很容易造成服务器iis假死,或者消耗掉服务器的内存导致服务器崩溃。 |
|