var SysIniStart = new Date().getTime() ;
var Sys = new Object() ;
Sys.Name = "系统处理类" ;
Sys.Ver = "1.0" ;
Sys.LogSize = 1024 ; //日志的最大容量,单位“KB”
//--------- SQL注入检测类 Start ---------
Sys.isLogSqlIn = true ; //是否记录遭受的SQL注入攻击
Sys.SqlInKey = "'|;|select|update|delete" ; //Sql不安全的关键字,用“|”间隔
Sys.SqlInLogPath = new String(Server.MapPath("SqlInLog.txt")) ; //记录SQL攻击的文件
Sys.SqlInWarningWords = "/
<Div Style=/"Position:Absolute;Left:200px;Top:100px;/">/
<Table Border=1 BorderColor=/"#CCCCCC/">/
<Tr><Td Align=/"Left/" BgColor=/"#CCCCCC/">警告:</Td></Tr>/
<Tr><Td Align=/"Center/" BgColor=/"#B9D3EE/">/
<Br>请不要在参数中加入如/"',select,update,delete/"等SQL关键字.<Br>/
</Td></Tr>/
</Table>/
</Div>/
" ; //当遭受SQL攻击时显示的警告信息,换行前面加"/"
//--------- SQL注入检测类 End ---------
//--------- 系统错误信息记录类 Start ---------
Sys.isLogError = true ; //是否记录错误信息
Sys.ErrorLogPath = new String(Server.MapPath("ErrorLog.txt")) ; //记录错误信息的文件
Sys.ErrorWarningWords = "/
<Div Style=/"Position:Absolute;Left:200px;Top:100px;/">/
<Table Border=1 BorderColor=/"#CCCCCC/">/
<Tr><Td Align=/"Left/" BgColor=/"#CCCCCC/">出错了:</Td></Tr>/
<Tr><Td Align=/"Left/" BgColor=/"#B9D3EE/">/
错误信息:<Br>/
{ErrorMessage}/
</Td></Tr>/
<Tr><Td Align=/"Center/" BgColor=/"#CCCCCC/">/
请<A Href=/"#/" onClick=/"JavaScript:history.go(-1);/">点击此处</A>返回.<Br>/
</Td></Tr>/
</Table>/
</Div>/
" ; //当出现错误的时候显示的错误信息,换行前面加"/",{ErrorMessage}不要更改,下面错误处理时要用到的
//--------- 系统错误信息记录类 End ---------
//所有的Get类函数 Start -----
Sys.getIP = function (isCheckProxy) { //是否检测代理,默认True
if(isCheckProxy == null) {isCheckProxy = true ;}
var IP ;
if(isCheckProxy) {
IP = new String(Request.ServerVariables("HTTP_X_FORWARDED_FOR")) ;
}
if(IP == "undefined" || !isCheckProxy) {
IP = new String(Request.ServerVariables("Remote_Addr")) ;
}
return IP ;
}
Sys.getQueryString = function (QName,isCheckSqlIn) { //是否检测Sql注入,默认True
if(isCheckSqlIn == null) {isCheckSqlIn = true ;}
var RequestString = new String(Request.Querystring(QName)) ;
if(isCheckSqlIn) {
var SqlInKeys = Sys.SqlInKey.split("|") ;
for(var i = 0 ; i < SqlInKeys.length ; i++) {
if(RequestString.indexOf(SqlInKeys[i]) !== -1) {
//----- 开始记录攻击信息 -----
var D = new Date() ;
var NowTime = D.getYear() + "-" + D.getMonth() + "-" + D.getDate() + " " + D.getHours() + ":" + D.getMinutes() + ":" + D.getSeconds() ;
var LogStr = new String() ;
LogStr += "----------- SqlIn Infomation ------------------" + String.fromCharCode(10) ;
LogStr += "Time : " + NowTime + String.fromCharCode(10) ;
LogStr += "IP : " + Sys.getIP() + String.fromCharCode(10) ;
LogStr += "Method : Get" + String.fromCharCode(10) ;
LogStr += "URL : " + Request.ServerVariables("URL") + String.fromCharCode(10) ;
LogStr += "StrName : " + QName + String.fromCharCode(10) ;
LogStr += "Argument : " + RequestString + String.fromCharCode(10) ;
LogStr += "SqlInKey : " + SqlInKeys[i] + String.fromCharCode(10) ;
LogStr += "----------- SqlIn Infomation End --------------" + String.fromCharCode(10) ;
Sys.WriteLog(Sys.SqlInLogPath,LogStr) ;
//----- 攻击信息纪录完成 -----
Response.Write(Sys.SqlInWarningWords) ;
Response.End() ;
}
}
}
return RequestString ;
}
Sys.getFormString = function (FName,isCheckSqlIn) { //是否检测Sql注入,默认False
if(isCheckSqlIn == null) {isCheckSqlIn = false ;}
var FormString = new String(Request.Form(FName)) ;
if(isCheckSqlIn) {
var SqlInKeys = Sys.SqlInKey.split("|") ;
for(var i = 0 ; i < SqlInKeys.length ; i++) {
if(FormString.indexOf(SqlInKeys[i]) !== -1) {
//----- 开始记录攻击信息 -----
var D = new Date() ;
var NowTime = D.getYear() + "-" + D.getMonth() + "-" + D.getDate() + " " + D.getHours() + ":" + D.getMinutes() + ":" + D.getSeconds() ;
var LogStr = new String() ;
LogStr += "----------- SqlIn Infomation ------------------" + String.fromCharCode(10) ;
LogStr += "Time : " + NowTime + String.fromCharCode(10) ;
LogStr += "IP : " + Sys.getIP() + String.fromCharCode(10) ;
LogStr += "Method : Post" + String.fromCharCode(10) ;
LogStr += "URL : " + Request.ServerVariables("URL") + String.fromCharCode(10) ;
LogStr += "SqlInKey : " + SqlInKeys[i] + String.fromCharCode(10) ;
LogStr += "----------- SqlIn Infomation End --------------" + String.fromCharCode(10) ;
Sys.WriteLog(Sys.SqlInLogPath,LogStr) ;
//----- 攻击信息纪录完成 -----
Response.Write(Sys.SqlInWarningWords) ;
Response.End() ;
}
}
}
return FormString ;
}
Sys.getCookies = function (CName,isCheckSqlIn) { //是否检测Sql注入,默认True
if(isCheckSqlIn == null) {isCheckSqlIn = true ;}
var CookieString = new String(Request.Cookies(CName)) ;
if(isCheckSqlIn) {
var SqlInKeys = Sys.SqlInKey.split("|") ;
for(var i = 0 ; i < SqlInKeys.length ; i++) {
if(CookieString.indexOf(SqlInKeys[i]) !== -1) {
//----- 开始记录攻击信息 -----
var D = new Date() ;
var NowTime = D.getYear() + "-" + D.getMonth() + "-" + D.getDate() + " " + D.getHours() + ":" + D.getMinutes() + ":" + D.getSeconds() ; var LogStr = new String() ;
LogStr += "----------- SqlIn Infomation ------------------" + String.fromCharCode(10) ;
LogStr += "Time : " + NowTime + String.fromCharCode(10) ;
LogStr += "IP : " + Sys.getIP() + String.fromCharCode(10) ;
LogStr += "Method : Cookies" + String.fromCharCode(10) ;
LogStr += "URL : " + Request.ServerVariables("URL") + String.fromCharCode(10) ;
LogStr += "StrName : " + CName + String.fromCharCode(10) ;
LogStr += "Argument : " + CookieString + String.fromCharCode(10) ;
LogStr += "SqlInKey: " + SqlInKeys[i] + String.fromCharCode(10) ;
LogStr += "----------- SqlIn Infomation End --------------" + String.fromCharCode(10) ;
Sys.WriteLog(Sys.SqlInLogPath,LogStr) ;
//----- 攻击信息纪录完成 -----
Response.Write(Sys.SqlInWarningWords) ;
Response.End() ;
}
}
}
return CookieString ;
}
Sys.getRequestString = function (RName,isCheckSqlIn) { //是否检测Sql注入,默认True
if(isCheckSqlIn == null) {isCheckSqlIn = true ;}
var RequestString = new String(Request(RName)) ;
if(isCheckSqlIn) {
var SqlInKeys = Sys.SqlInKey.split("|") ;
for(var i = 0 ; i < SqlInKeys.length ; i++) {
if(RequestString.indexOf(SqlInKeys[i]) !== -1) {
//----- 开始记录攻击信息 -----
var D = new Date() ;
var NowTime = D.getYear() + "-" + D.getMonth() + "-" + D.getDate() + " " + D.getHours() + ":" + D.getMinutes() + ":" + D.getSeconds() ; var LogStr = new String() ;
LogStr += "----------- SqlIn Infomation ------------------" + String.fromCharCode(10) ;
LogStr += "Time : " + NowTime + String.fromCharCode(10) ;
LogStr += "IP : " + Sys.getIP() + String.fromCharCode(10) ;
LogStr += "Method : Request" + String.fromCharCode(10) ;
LogStr += "URL : " + Request.ServerVariables("URL") + String.fromCharCode(10) ;
LogStr += "StrName : " + RName + String.fromCharCode(10) ;
LogStr += "Argument : " + RequestString + String.fromCharCode(10) ;
LogStr += "SqlInKey: " + SqlInKeys[i] + String.fromCharCode(10) ;
LogStr += "----------- SqlIn Infomation End --------------" + String.fromCharCode(10) ;
Sys.WriteLog(Sys.SqlInLogPath,LogStr) ;
//----- 攻击信息纪录完成 -----
Response.Write(Sys.SqlInWarningWords) ;
Response.End() ;
}
}
}
return RequestString ;
}
//所有的Get类函数 End -----
//所有的Set类函数 Start -----
Sys.setSession = function (Key,Value) {
Session(Key) = Value ;
}
Sys.setApp = function (Key,Value) {
Application(Key) = Value ;
}
Sys.setCookie = function (Key,Value) {
Response.Cookies(Key) = Value ;
}
//所有的Set类函数 End -----
//所有的Read类函数 Start -----
Sys.readSession = function (Key) {
return Session(Key) ;
}
Sys.readApp = function (Key) {
return Application(Key) ;
}
//所有的Read类函数 End -----
//所有的Del类函数 Start -----
Sys.delSession = function (Key) {
Session(Key) = undefined ;
}
Sys.delApp = function (Key) {
Application(Key) = undefined ;
}
//所有的Del类函数 End -----
//错误处理 Start -----
Sys.ErrorLog = function (e) {
var D = new Date() ;
var NowTime = D.getYear() + "-" + D.getMonth() + "-" + D.getDate() + " " + D.getHours() + ":" + D.getMinutes() + ":" + D.getSeconds() ;
var LogStr = new String() ;
LogStr += "----------- Error Infomation ------------------" + String.fromCharCode(10) ;
LogStr += "Time : " + NowTime + String.fromCharCode(10) ;
LogStr += "IP : " + Sys.getIP() + String.fromCharCode(10) ;
LogStr += "ErrorName : " + e.name + String.fromCharCode(10) ;
LogStr += "ErrorNumber : " + (e.number & 0xFFFF) + String.fromCharCode(10) ;
LogStr += "ErrorDescription : " + e.description + String.fromCharCode(10) ;
LogStr += "----------- Error Infomation End --------------" + String.fromCharCode(10) ;
Sys.WriteLog(Sys.ErrorLogPath,LogStr) ;
Response.Write(Sys.ErrorWarningWords.replace("{ErrorMessage}",e.description)) ;
Response.End() ;
}
Sys.WriteLog = function (LogPath,LogContent) {
var FSO = Server.CreateObject("Scripting.FileSystemObject") ;
var LogFile = FSO.OpenTextFile(LogPath,1,true) ;
if(((FSO.GetFile(LogPath).Size) % 1024) > Sys.LogSize) {
FSO.DeleteFile(LogPath) ;
}
var OldLogStr = new String() ;
try {
OldLogStr = LogFile.ReadAll() ;
}
catch (e) {
OldLogStr = "Copyrights (C) Sys.Object." ;
}
LogFile.Close() ;
FSO.DeleteFile(LogPath)
var LogFile = FSO.OpenTextFile(LogPath,2,true) ;
LogFile.WriteLine(LogContent + OldLogStr) ;
LogFile.Close() ;
var FSO = null ;
}
//错误处理 End -----
var SysIniEnd = new Date().getTime() ;
Response.Write("SysIni Spend[" + (SysIniEnd - SysIniStart) + "]ms.") ;