modifyuser.c
#include "stdio.h"
#include "string.h"
#include <windows.h>
#include <sqlext.h>
#include <sqltypes.h>
#include <odbcss.h>
void write_log(char * log);
int yanzheng(char * tmp_usrname,char * tmp_password);
int modifyuser(char *username,char * password);
int main()
{
int i;
char * data;
char * cookie_data;
char username[10];
char yuan_password[10];
char xin_password[10];
char quexin_password[10];
cookie_data=getenv("HTTP_COOKIE");
data=getenv("QUERY_STRING");
sscanf(data,"username=%[^&]&yuan_pwd=%[^&]&xin_pwd=%[^&]&quexin_pwd=%s",username,yuan_password,xin_password,quexin_password);
printf("Contenttype:text/html\n\n");
printf("<html><head><title>修改结果</title></head><body>");
if(cookie_data!=NULL&&strcmp(cookie_data,"i=1")==0)
{
if(yanzheng(username,yuan_password)==1&&0==strcmp(xin_password,quexin_password))
{
i=modifyuser(username,xin_password);
}
if(i==1)
{
printf("修改成功\n");
}
if(i==2)
{
printf("网络或数据库出错可能是用户名不存在,请重试\n");
}
if(i==3)
{
printf("未知错误有,请重试\n");
}
printf("<a href=/cgi-bin/gm/listuser.cgi>返回用户列表</a><br>");
}
else
{
printf("你无权限访问该网页,请登录<br>");
printf("<a href=/gm/login.html>登录</a>");
}
printf("</body></html>");
return 0;
}
int modifyuser(char *username,char * password)
{
int i;
SQLHENV henv;
SQLHDBC hdbc;
SQLHSTMT hstmt;
SQLRETURN retcode;
char sql1[79]="update usr set pwd = '";
char sql2[30]="' where username='";
char sql3[10]="' ";
strcat(sql1,password);
strcat(sql1,sql2);
strcat(sql1,username);
strcat(sql1,sql3);
write_log(sql1);
retcode=SQLAllocHandle(SQL_HANDLE_ENV,SQL_NULL_HANDLE,&henv);
if(retcode==SQL_SUCCESS || retcode==SQL_SUCCESS_WITH_INFO)
{
retcode=SQLSetEnvAttr(henv,SQL_ATTR_ODBC_VERSION,(void*)SQL_OV_ODBC3,0);
if(retcode==SQL_SUCCESS || retcode==SQL_SUCCESS_WITH_INFO)
{
retcode=SQLAllocHandle(SQL_HANDLE_DBC,henv,&hdbc);
if(retcode==SQL_SUCCESS || retcode==SQL_SUCCESS_WITH_INFO)
{
retcode=SQLConnect(hdbc,(SQLCHAR*)"Csql",SQL_NTS,(SQLCHAR*)"sa",SQL_NTS,(SQLCHAR*)"sa",SQL_NTS); //可修改,数据源,用户名,密码
if(retcode==SQL_SUCCESS || retcode==SQL_SUCCESS_WITH_INFO)
{
retcode=SQLAllocHandle(SQL_HANDLE_STMT,hdbc,&hstmt);
if(retcode==SQL_SUCCESS || retcode==SQL_SUCCESS)
{
SQLINTEGER p=SQL_NTS;
SQLPrepare(hstmt,sql1,79);//第三个参数与数组大小相同,而不是数据库列相同
retcode=SQLExecDirect(hstmt,sql1,79);
if(retcode == SQL_ERROR )
{
i = 2;
}
else if(retcode == SQL_SUCCESS || retcode == SQL_SUCCESS_WITH_INFO)
{
i = 1;
}
else
{
i = 3;
}
}
SQLDisconnect(hdbc);
}
SQLFreeHandle(SQL_HANDLE_DBC,hdbc);
}
}
}
return i;
}
int yanzheng(char * tmp_usrname,char * tmp_password)
{
SQLHENV henv;
SQLHDBC hdbc;
SQLHSTMT hstmt;
SQLRETURN retcode;
char sql1[79]="select pwd from usr where username='";
char sql2[5]="'";
int i;
strcat(sql1,tmp_usrname);
strcat(sql1,sql2);//可修改,sql语句
retcode=SQLAllocHandle(SQL_HANDLE_ENV,SQL_NULL_HANDLE,&henv);
if(retcode==SQL_SUCCESS || retcode==SQL_SUCCESS_WITH_INFO)
{
retcode=SQLSetEnvAttr(henv,SQL_ATTR_ODBC_VERSION,(void*)SQL_OV_ODBC3,0);
if(retcode==SQL_SUCCESS || retcode==SQL_SUCCESS_WITH_INFO)
{
retcode=SQLAllocHandle(SQL_HANDLE_DBC,henv,&hdbc);
if(retcode==SQL_SUCCESS || retcode==SQL_SUCCESS_WITH_INFO)
{
retcode=SQLConnect(hdbc,(SQLCHAR*)"Csql",SQL_NTS,(SQLCHAR*)"sa",SQL_NTS,(SQLCHAR*)"sa",SQL_NTS); //可修改,数据源,用户名,密码
if(retcode==SQL_SUCCESS || retcode==SQL_SUCCESS_WITH_INFO)
{
retcode=SQLAllocHandle(SQL_HANDLE_STMT,hdbc,&hstmt);
if(retcode==SQL_SUCCESS || retcode==SQL_SUCCESS)
{
char list[10]; //数组长度 与 字段长度一致
SQLINTEGER p=SQL_NTS;
SQLPrepare(hstmt,sql1,79);//第三个参数与数组大小相同,而不是数据库列相同
SQLExecDirect(hstmt,sql1,79);
SQLBindCol(hstmt,1,SQL_C_CHAR,list,10,&p); //可修改,第二个参数表示查询哪一列
retcode=SQLFetch(hstmt);
if(retcode == SQL_ERROR )
{
i=2;
}
if(retcode == SQL_SUCCESS || retcode == SQL_SUCCESS_WITH_INFO)
{
int p;
for(p=0;p<strlen(list);p++)
{
if(list[p]==' ')
{
list[p]='\0';
break;
}
}
if(0==strcmp(list,tmp_password))
{
i = 1;
}
else
{
i = 0;
}
}
if(retcode == SQL_NO_DATA)
{
i = 3;
}
}
SQLDisconnect(hdbc);
}
SQLFreeHandle(SQL_HANDLE_DBC,hdbc);
}
}
}
return i;
}
void write_log(char * log)
{
FILE *stream;
stream = fopen( "gm_log.txt", "w" );
fprintf(stream,"%s",log);
fclose( stream );
}