突然整理硬盘时找到了两年前写的一个网站,准备扔掉,但是还是把部分方法保留到博客吧!虽然现在对于自己已经用处不大,但是还是纪念一下!
生成验证码:
- using System;
- using System.Data;
- using System.Configuration;
- using System.Collections;
- using System.Web;
- using System.Web.Security;
- using System.Web.UI;
- using System.Web.UI.WebControls;
- using System.Web.UI.WebControls.WebParts;
- using System.Web.UI.HtmlControls;
- using System.Drawing;
- public partial class CheckCode : System.Web.UI.Page
- {
- protected void Page_Load(object sender, EventArgs e)
- {
- if (!this.IsPostBack)
- {
- //生成验证码
- string temp = this.GetCode(4);
- HttpCookie cookie = new HttpCookie("yzm");
- cookie.Value = temp;
- Response.Cookies.Add(cookie);
- //画图
- this.GetCheckCodeImage(temp);
- }
- }
- //产生随机字符串
- private string GetCode(int num)
- {
- string[] source ={ "1", "2", "3", "4", "5", "6", "7", "8", "9", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J",
- "K", "L", "M", "N", "O","P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z" ,"a", "b", "c", "d", "e", "f", "g", "h", "i", "j",
- "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y","z"};
- string code = "";
- Random rd = new Random();
- for (int i = 0; i < num; i++)
- {
- code += source[rd.Next(0, source.Length)];
- }
- Session["ValidateCode"] = code;//将字符串保存到Session中,以便需要时进行验证
- return code;
- }
- #region 验证码
- /// <summary>
- /// 生成验证码
- /// </summary>
- /// <param name="checkCode"></param>
- private void GetCheckCodeImage(string checkCode)
- {
- if (checkCode == null || checkCode.Trim() == String.Empty) return;
- System.Drawing.Bitmap image = new System.Drawing.Bitmap((int)Math.Ceiling((checkCode.Length * 12.5)),25);
- Graphics g = Graphics.FromImage(image);
- try
- {
- Random random = new Random(); //生成随机生成器
- g.Clear(Color.White); //清空图片背景色
- for (int i = 0; i < 5; i++) //画图片的背景噪音线
- {
- int x1 = random.Next(image.Width);
- int x2 = random.Next(image.Width);
- int y1 = random.Next(image.Height);
- int y2 = random.Next(image.Height);
- g.DrawLine(new Pen(Color.Silver), x1, y1, x2, y2);
- }
- Font font = new System.Drawing.Font("Arial", 12, (System.Drawing.FontStyle.Bold | System.Drawing.FontStyle.Italic));
- System.Drawing.Drawing2D.LinearGradientBrush brush = new System.Drawing.Drawing2D.LinearGradientBrush(new Rectangle(0, 0, image.Width, image.Height), Color.Blue, Color.DarkRed, 1.2f, true);
- g.DrawString(checkCode, font, brush, 2, 2);
- //画图片的前景噪音点
- for (int i = 0; i < 60; i++)
- {
- int x = random.Next(image.Width);
- int y = random.Next(image.Height);
- image.SetPixel(x, y, Color.FromArgb(random.Next()));
- }
- //画图片的边框线
- g.DrawRectangle(new Pen(Color.Silver), 0, 0, image.Width - 1, image.Height - 1);
- System.IO.MemoryStream ms = new System.IO.MemoryStream();
- image.Save(ms, System.Drawing.Imaging.ImageFormat.Gif);
- Response.ClearContent();
- Response.ContentType = "image/Gif";
- Response.BinaryWrite(ms.ToArray());
- }
- finally
- {
- g.Dispose();
- image.Dispose();
- }
- }
- #endregion
- }
清空缓存:
- //清空客户端页面缓存
- public static void ClearClientPageCache()
- {
- HttpContext.Current.Response.Buffer = true;
- HttpContext.Current.Response.Expires = 0;
- HttpContext.Current.Response.ExpiresAbsolute = DateTime.Now.AddDays(-1);
- HttpContext.Current.Response.AddHeader("pragma", "no-cache");
- HttpContext.Current.Response.AddHeader("cache-control", "private");
- HttpContext.Current.Response.CacheControl = "no-cache";
- }
- using System;
- using System.Collections.Generic;
- using System.Web;
- using System.Text;
- using System.Text.RegularExpressions;
- public class PagingCollection<T>
- {
- private int pagezise;
- public int Pagezise
- {
- get { return pagezise; }
- set { pagezise = value; }
- }
- private int pageindex;
- public int Pageindex
- {
- get { return pageindex; }
- set { pageindex = value; }
- }
- private int TotalCount;
- public int TotalCount1
- {
- get { return TotalCount; }
- set { TotalCount = value; }
- }
- private int TotalPage=0;
- public int TotalPage1
- {
- get { return TotalPage; }
- set { TotalPage = value; }
- }
- private string url;
- public string Url
- {
- get { return url; }
- set { url = value; }
- }
- private string urlparms;
- public string Urlparms
- {
- get {
- return urlparms; }
- set { urlparms = value; }
- }
- /// <summary>
- /// 分页数据构造
- /// </summary>
- /// <param name="source"></param>
- /// <param name="pageindex"></param>
- /// <param name="pagezise"></param>
- /// <param name="totalcount"></param>
- /// <param name="url"></param>
- public PagingCollection(int pageindex, int pagezise, int totalcount, string url)
- {
- this.pageindex = pageindex;
- this.pagezise = pagezise;
- TotalCount = totalcount;
- TotalPage = (int)Math.Ceiling(TotalCount / (double)pagezise);
- this.url = url;
- }
- public PagingCollection(int pageindex, int pagezise, int totalcount, string url,string urlparms)
- {
- this.pageindex = pageindex;
- this.pagezise = pagezise;
- TotalCount = totalcount;
- TotalPage = (int)Math.Ceiling(TotalCount / (double)pagezise);
- this.url = url;
- this.urlparms = urlparms;
- }
- #region 分页属性 返回分页数据
- public string GetPatePar
- {
- get
- {
- if (TotalCount1 > 0)
- {
- StringBuilder str = new StringBuilder();
- int startpage = (pageindex - 1) / 10 * 10 + 1;
- int endpage = (pageindex - 1) / 10 * 10 + 10;
- int x = endpage > TotalPage ? TotalPage : endpage;
- str.Append("<div style=' color:#1E5494;'>共" + TotalPage1 + "页 / 当前第" + pageindex + "页 ");
- if (HasPreviousPage)
- {
- str.Append("<a href=" + url + "?page=1" + GetURLParms + "" + urlparms + ">首页</a> ");
- str.Append("<a href=" + url + "?page=" + (pageindex - 1) + GetURLParms + "" + urlparms + ">上一页</a>");
- }
- else
- {
- str.Append("<a href=#>首页 </a>");
- str.Append("<a href=#>上一页</a>");
- }
- for (int i = startpage; i <= x; i++)
- {
- if (i == pageindex)
- {
- str.Append(string.Format("<a style='margin-left:3px; margin-right:3px;padding:2px 4px 2px 4px;color:red;border:1px solid #cccccc;background-color:#ffffff; '>" + i + "</a>"));
- }
- else
- {
- str.Append(string.Format("<a style='margin-left:3px; margin-right:3px;' href=" + url + "?page=" + i + GetURLParms + "" + urlparms + ">" + i + "</a>"));
- }
- }
- if (HasNextPage)
- {
- str.Append("<a href=" + url + "?page=" + (pageindex + 1) + GetURLParms + "" + urlparms + ">下一页 </a>");
- str.Append("<a href=" + url + "?page=" + TotalPage + GetURLParms + "" + urlparms + ">尾页</a>");
- }
- else
- {
- str.Append("<a href=#>下一页 </a>");
- str.Append("<a href=#>尾页</a>");
- }
- str.Append("</div>");
- return str.ToString();
- }
- else
- {
- return "<font color=red>暂无数据!</font>";
- }
- }
- }
- #endregion
- /// <summary>
- /// url重写
- /// </summary>
- private string GetURLParms
- {
- get
- {
- string query = HttpContext.Current.Request.Url.Query;
- query = Regex.Replace(query, @"\?page=\d*", "", RegexOptions.Compiled);
- return query;
- }
- }
- /// <summary>
- ///判断是否有上一页
- /// </summary>
- public bool HasPreviousPage
- {
- get
- {
- return (pageindex > 1);
- }
- }
- /// <summary>
- ///判断是否有下一页
- /// </summary>
- public bool HasNextPage
- {
- get
- {
- return (pageindex < TotalPage);
- }
- }
- }
- /// <summary>
- /// 分页数据类
- /// </summary>
- /// <typeparam name="T"></typeparam>
- public class PageBean<T>
- {
- IList<T> datasource = new List<T>();
- public IList<T> Datasource
- {
- get { return datasource; }
- set { datasource = value; }
- }
- int pagesum;
- public int Pagesum
- {
- get { return pagesum; }
- set { pagesum = value; }
- }
- public PageBean(IList<T> datasource, int pagesum)
- {
- this.datasource = datasource;
- this.pagesum = pagesum;
- }
- public PageBean()
- {
- //
- // TODO: 在此处添加构造函数逻辑
- //
- }
- }
生成图片水印:
- using System;
- using System.Data;
- using System.Configuration;
- using System.Web;
- using System.Web.Security;
- using System.Web.UI;
- using System.Web.UI.WebControls.WebParts;
- using System.Web.UI.HtmlControls;
- using System.IO;
- using System.Drawing;
- using System.Drawing.Imaging;
- /// <summary>
- /// PictureHandler 的摘要说明
- /// </summary>
- public class PicHandler : IHttpHandler
- {
- public void ProcessRequest(HttpContext context)
- {
- context.Response.ContentType = "text/plain";
- string imgUrl = context.Request.PhysicalPath;//得到当前处理图片的物理路径
- if (File.Exists(imgUrl))
- {
- Image img = Image.FromFile(imgUrl);//通过图片路径得到图片对象
- Image watering = Image.FromFile(context.Server.MapPath("~/themes/images/water.jpg"));//得到数字水印图片
- Graphics g = Graphics.FromImage(img);//通过图片对象创建画布
- g.DrawImage(watering, new Rectangle(img.Width - watering.Width, img.Height - watering.Height, watering.Width, watering.Height), 0, 0, watering.Width, watering.Height, GraphicsUnit.Pixel);//画图
- context.Response.ContentType = "image/jpeg";//设置图片的格式
- img.Save(context.Response.OutputStream, ImageFormat.Jpeg);//把图片保存在输出流中
- g.Dispose();//销毁画布
- img.Dispose();//销毁图片
- context.Response.End();
- }
- else
- {
- Image defaultimg = Image.FromFile(context.Server.MapPath("~/themes/images/water.jpg"));//通过图片路径得到默认图片对象
- Image watering = Image.FromFile(context.Server.MapPath("~/themes/images/water.jpg"));//得到数字水印图片
- Graphics g = Graphics.FromImage(defaultimg);//通过图片对象创建画布
- g.DrawImage(watering, new Rectangle(defaultimg.Width - watering.Width, defaultimg.Height - watering.Height, watering.Width, watering.Height), 0, 0, watering.Width, watering.Height, GraphicsUnit.Pixel);//画图
- context.Response.ContentType = "image/jpeg";//设置图片的格式
- defaultimg.Save(context.Response.OutputStream, ImageFormat.Jpeg);
- g.Dispose();
- defaultimg.Dispose();
- context.Response.End();
- }
- }
- public bool IsReusable
- {
- get
- {
- return false;
- }
- }
- }
防注入过滤:
- using System;
- using System.Data;
- using System.Configuration;
- using System.Web;
- using System.Web.Security;
- using System.Web.UI;
- using System.Web.UI.WebControls;
- using System.Web.UI.WebControls.WebParts;
- using System.Web.UI.HtmlControls;
- using System.Data.SqlClient;
- /// <summary>
- /// SqlCheck 的摘要说明
- /// </summary>
- public class SqlCheck
- {
- public void CheckSql()
- {
- string jk1986_sql = "exec↓select↓drop↓alter↓exists↓union↓and↓or↓xor↓order↓mid↓asc↓execute↓xp_cmdshell↓insert↓update↓delete↓join↓declare↓char↓sp_oacreate↓wscript.shell↓xp_regwrite↓'↓;↓--";
- string[] jk_sql = jk1986_sql.Split('↓');
- foreach (string jk in jk_sql)
- {
- // -----------------------防 Post 注入-----------------------
- if (System.Web.HttpContext.Current.Request.Form != null)
- {
- for (int k = 0; k < System.Web.HttpContext.Current.Request.Form.Count; k++)
- {
- string getsqlkey = System.Web.HttpContext.Current.Request.Form.Keys[k];
- string getip;
- if (System.Web.HttpContext.Current.Request.Form[getsqlkey].ToLower().Contains(jk) == true)
- {
- System.Web.HttpContext.Current.Response.Write("<script Language=JavaScript>alert('请勿提交非法字符!');</" + "script>");
- System.Web.HttpContext.Current.Response.Write("非法操作!系统做了如下记录 ↓" + "<br>");
- if (System.Web.HttpContext.Current.Request.ServerVariables["HTTP_X_FORWARDED_FOR"] != null)
- {
- getip = System.Web.HttpContext.Current.Request.ServerVariables["HTTP_X_FORWARDED_FOR"];
- }
- else
- {
- getip = System.Web.HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"];
- }
- System.Web.HttpContext.Current.Response.Write("操 作 I P :" + getip + "<br>");
- System.Web.HttpContext.Current.Response.Write("操 作 时 间:" + DateTime.Now.ToString() + "<br>");
- System.Web.HttpContext.Current.Response.Write("操 作 页 面:" + System.Web.HttpContext.Current.Request.ServerVariables["URL"] + "<br>");
- System.Web.HttpContext.Current.Response.Write("提 交 方 式:P O S T " + "<br>");
- System.Web.HttpContext.Current.Response.Write("提 交 参 数:" + jk + "<br>");
- System.Web.HttpContext.Current.Response.Write("提 交 数 据:" + System.Web.HttpContext.Current.Request.Form[getsqlkey].ToLower() + "<br>");
- System.Web.HttpContext.Current.Response.End();
- }
- }
- }
- // -----------------------防 GET 注入-----------------------
- if (System.Web.HttpContext.Current.Request.QueryString != null)
- {
- for (int k = 0; k < System.Web.HttpContext.Current.Request.QueryString.Count; k++)
- {
- string getsqlkey = System.Web.HttpContext.Current.Request.QueryString.Keys[k];
- string getip;
- if (System.Web.HttpContext.Current.Request.QueryString[getsqlkey].ToLower().Contains(jk) == true)
- {
- System.Web.HttpContext.Current.Response.Write("<script Language=JavaScript>alert('请勿提交非法字符!');</" + "script>");
- System.Web.HttpContext.Current.Response.Write("非法操作!系统做了如下记录 ↓" + "<br>");
- if (System.Web.HttpContext.Current.Request.ServerVariables["HTTP_X_FORWARDED_FOR"] != null)
- {
- getip = System.Web.HttpContext.Current.Request.ServerVariables["HTTP_X_FORWARDED_FOR"];
- }
- else
- {
- getip = System.Web.HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"];
- }
- System.Web.HttpContext.Current.Response.Write("操 作 I P :" + getip + "<br>");
- System.Web.HttpContext.Current.Response.Write("操 作 时 间:" + DateTime.Now.ToString() + "<br>");
- System.Web.HttpContext.Current.Response.Write("操 作 页 面:" + System.Web.HttpContext.Current.Request.ServerVariables["URL"] + "<br>");
- System.Web.HttpContext.Current.Response.Write("提 交 方 式:G E T " + "<br>");
- System.Web.HttpContext.Current.Response.Write("提 交 参 数:" + jk + "<br>");
- System.Web.HttpContext.Current.Response.Write("提 交 数 据:" + System.Web.HttpContext.Current.Request.QueryString[getsqlkey].ToLower() + "<br>");
- System.Web.HttpContext.Current.Response.End();
- }
- }
- }
- // -----------------------防 Cookies 注入-----------------------
- if (System.Web.HttpContext.Current.Request.Cookies != null)
- {
- for (int k = 0; k < System.Web.HttpContext.Current.Request.Cookies.Count; k++)
- {
- string getsqlkey = System.Web.HttpContext.Current.Request.Cookies.Keys[k];
- string getip;
- if (System.Web.HttpContext.Current.Request.Cookies[getsqlkey].Value.ToLower().Contains(jk) == true)
- {
- System.Web.HttpContext.Current.Response.Write("<script Language=JavaScript>alert('请勿提交非法字符!');</" + "script>");
- System.Web.HttpContext.Current.Response.Write("非法操作!系统做了如下记录 ↓" + "<br>");
- if (System.Web.HttpContext.Current.Request.ServerVariables["HTTP_X_FORWARDED_FOR"] != null)
- {
- getip = System.Web.HttpContext.Current.Request.ServerVariables["HTTP_X_FORWARDED_FOR"];
- }
- else
- {
- getip = System.Web.HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"];
- }
- System.Web.HttpContext.Current.Response.Write("操 作 I P :" + getip + "<br>");
- System.Web.HttpContext.Current.Response.Write("操 作 时 间:" + DateTime.Now.ToString() + "<br>");
- System.Web.HttpContext.Current.Response.Write("操 作 页 面:" + System.Web.HttpContext.Current.Request.ServerVariables["URL"] + "<br>");
- System.Web.HttpContext.Current.Response.Write("提 交 方 式: Cookies " + "<br>");
- System.Web.HttpContext.Current.Response.Write("提 交 参 数:" + jk + "<br>");
- System.Web.HttpContext.Current.Response.Write("提 交 数 据:" + System.Web.HttpContext.Current.Request.Cookies[getsqlkey].Value.ToLower() + "<br>");
- System.Web.HttpContext.Current.Response.End();
- }
- }
- }
- }
- }
- }
页面过滤HTML:
- /// <summary>
- /// 过滤标记
- /// </summary>
- /// <param name="NoHTML">包括HTML,脚本,数据库关键字,特殊字符的源码 </param>
- /// <returns>已经去除标记后的文字</returns>
- public static string NoHTML(string Htmlstring)
- {
- if (Htmlstring == null)
- {
- return "";
- }
- else
- {
- //删除脚本
- Htmlstring = Regex.Replace(Htmlstring, @"<script[^>]*?>.*?</script>", "", RegexOptions.IgnoreCase);
- //删除HTML
- Htmlstring = Regex.Replace(Htmlstring, @"<(.[^>]*)>", "", RegexOptions.IgnoreCase);
- Htmlstring = Regex.Replace(Htmlstring, @"([\r\n])[\s]+", "", RegexOptions.IgnoreCase);
- Htmlstring = Regex.Replace(Htmlstring, @"-->", "", RegexOptions.IgnoreCase);
- Htmlstring = Regex.Replace(Htmlstring, @"<!--.*", "", RegexOptions.IgnoreCase);
- Htmlstring = Regex.Replace(Htmlstring, @"&(quot|#34);", "\"", RegexOptions.IgnoreCase);
- Htmlstring = Regex.Replace(Htmlstring, @"&(amp|#38);", "&", RegexOptions.IgnoreCase);
- Htmlstring = Regex.Replace(Htmlstring, @"&(lt|#60);", "<", RegexOptions.IgnoreCase);
- Htmlstring = Regex.Replace(Htmlstring, @"&(gt|#62);", ">", RegexOptions.IgnoreCase);
- Htmlstring = Regex.Replace(Htmlstring, @"&(nbsp|#160);", " ", RegexOptions.IgnoreCase);
- Htmlstring = Regex.Replace(Htmlstring, @"&(iexcl|#161);", "\xa1", RegexOptions.IgnoreCase);
- Htmlstring = Regex.Replace(Htmlstring, @"&(cent|#162);", "\xa2", RegexOptions.IgnoreCase);
- Htmlstring = Regex.Replace(Htmlstring, @"&(pound|#163);", "\xa3", RegexOptions.IgnoreCase);
- Htmlstring = Regex.Replace(Htmlstring, @"&(copy|#169);", "\xa9", RegexOptions.IgnoreCase);
- Htmlstring = Regex.Replace(Htmlstring, @"&#(\d+);", "", RegexOptions.IgnoreCase);
- Htmlstring = Regex.Replace(Htmlstring, "xp_cmdshell", "", RegexOptions.IgnoreCase);
- //删除与数据库相关的词
- Htmlstring = Regex.Replace(Htmlstring, "select", "", RegexOptions.IgnoreCase);
- Htmlstring = Regex.Replace(Htmlstring, "insert", "", RegexOptions.IgnoreCase);
- Htmlstring = Regex.Replace(Htmlstring, "delete from", "", RegexOptions.IgnoreCase);
- Htmlstring = Regex.Replace(Htmlstring, "count''", "", RegexOptions.IgnoreCase);
- Htmlstring = Regex.Replace(Htmlstring, "drop table", "", RegexOptions.IgnoreCase);
- Htmlstring = Regex.Replace(Htmlstring, "truncate", "", RegexOptions.IgnoreCase);
- Htmlstring = Regex.Replace(Htmlstring, "asc", "", RegexOptions.IgnoreCase);
- Htmlstring = Regex.Replace(Htmlstring, "mid", "", RegexOptions.IgnoreCase);
- Htmlstring = Regex.Replace(Htmlstring, "char", "", RegexOptions.IgnoreCase);
- Htmlstring = Regex.Replace(Htmlstring, "xp_cmdshell", "", RegexOptions.IgnoreCase);
- Htmlstring = Regex.Replace(Htmlstring, "exec master", "", RegexOptions.IgnoreCase);
- Htmlstring = Regex.Replace(Htmlstring, "net localgroup administrators", "", RegexOptions.IgnoreCase);
- Htmlstring = Regex.Replace(Htmlstring, "and", "", RegexOptions.IgnoreCase);
- return Htmlstring ;
- }
- }
扫一扫
96
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
