提交页面, inputinfo.asp:
<html>
<head>
<title>Change Password</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000" background="bg.jpg">
<form name="form1" method="post" action="resetpwd.asp">
<p align="center"> </p>
<p align="center"> </p>
<p align="center"> </p>
<p align="center">This page is meant for our staff to change the domain user password.<br>
The new password must be not less than 8 characters.</p>
<p> </p>
<table width="48%" border="0" align="center">
<tr>
<td width="85%">Username: </td>
<td width="15%">
<input type="text" name="username" size="20">
</td>
</tr>
<tr>
<td width="85%">Old Password: </td>
<td width="15%">
<input type="password" name="old" size="22">
</td>
</tr>
<tr>
<td width="85%">New Password (not less than 8 characters): </td>
<td width="15%">
<input type="password" name="password1" size="22">
</td>
</tr>
<tr>
<td width="85%"> Re-Type New Password (not less than 8 characters):</td>
<td width="15%">
<input type="password" name="password2" size="22">
</td>
</tr>
<tr>
<td width="85%"> <br>
<input type="submit" name="Submit" value="Submit">
</td>
<td width="15%"> </td>
</tr>
</table>
<p> </p>
<p align="center"> <font size="1">best view under 1024*768</font><br>
<br>
</p>
<p> </p>
</form>
<p> </p></body>
</html>
处理页面, resetpwd.asp: (找到其中的一行:domain = "Your Domain Name Here", 将Your Domain Name Here改成你的域名就行了。)
<%
const L_Title_Text = "IIS - Authentication Manager"
const L_ISM_Text = "Internet Service Manager"
const L_IIS6_Text = "for Internet Information Server 6.0"
const L_PWS_Text = "for Peer Web Services"
const L_PwdSoon_Text = "Your password will expire soon"
const L_ChangePwd_Text = "Do you want to change it now?"
const L_SSL1_Text = "A secure channel ( SSL or PCT ) is necessary in order to change a password"
const L_SSL2_Text = "SSL/PCT is not installed/enabled on your system, please install it to enable this functionality"
const L_PasswordExpired_Text = "Your password has expired"
const L_DefDoc_Text = "Access default document"
const L_OrOther_Text = "or select another document"
const L_ChangeNow_Text = "You can change it now"
const L_Account_Text = "Account"
const L_Domain_Text = "Domain"
const L_OldPassword_Text = "Old password"
const L_NewPassword_Text = "New password"
const L_Confirm_Text = "Confirm new password"
const L_OK_Text = " OK "
const L_Cancel_Text = " Cancel "
const L_Reset_Text = " Reset "
const L_PasswordChanged_Text = "Password successfully changed"
const L_Back_Text = "Back"
const L_BackTo_Text = "Back to "
const L_PasswordToShort_Text = "Either the password is too short or password uniqueness restrictions have not been met."
const L_Invalid_Text = "Invalid username or password"
const L_Error_Text = "Error"
const L_Errornumber_Text = "Error number"
const L_NotExist_Text = "The specified domain or account did not exist"
const L_InvalidUsername_Text = "The specified username contains invalid characters"
const L_InvalidDomainname_Text = "The specified domain name contains invalid characters"
const L_PWDM_Text = "Passwords don't match"
const L_webMailAccess = "Web Mail Access"
%>
<%
On Error resume next
if request.form("password1")<>request.form("password2") then
response.write "your password entries did not match" & "<br>"
response.write "<a href=""javascript:history.back();"">BACK</a>"
response.end
else
old = request.form("old")
username = request.form("UserName")
password = request.form("password1")
domain = "Your Domain Name Here"
if IsInvalidUsername(username) = true then
Response.Write L_InvalidUsername_Text & "."
Response.Write "<br><H3><a href=" & Server.HTMLEncode(Request.ServerVariables("HTTP_REFERER")) & ">" & L_Back_Text & " </a></H3>"
Response.End
end if
' verify that the characters in the domain name are valid
set pUser = GetObject("WinNT://" & domain & "/" & username & ",user")
if Not IsObject(pUser) then
set root = GetObject("WinNT:")
set pUser = root.OpenDSObject("WinNT://" & domain & "/" & username & ",user", username, Request.Form("old"),1)
Response.Write "<!--OpenDSObject call-->"
end if
if Not IsObject(pUser) then
'Response.Write "domain <> null - OpenDSObject also failed"
if err.number = -2147024843 then
Response.Write L_NotExist_Text & "."
else
if err.description <> "" then
Response.Write L_Error_Text & ": " & err.description
else
Response.Write L_Errornumber_Text & ": " & err.number
end if
Response.Write "<br><H3><a href=" & Server.HTMLEncode(Request.ServerVariables("HTTP_REFERER")) & ">Back</a></H3>"
end if
Response.End
end if
err.Clear
pUser.ChangePassword Request.Form("old"), request.form("password1")
if err.number <> 0 then
if err.number = -2147024810 then
Response.Write "<p>" & L_Error_Text & ": " & L_Invalid_Text
elseif err.number = -2147022651 then
Response.Write L_PasswordToShort_Text
else
Response.Write L_Errornumber_Text & ": " & err.number
end if
Response.Write "<br><H3><a href=" & Server.HTMLEncode(Request.ServerVariables("HTTP_REFERER")) & ">" & L_Back_Text & " </a></H3>"
Response.End
else
Response.Write L_PasswordChanged_Text & ".<p>"
end if
response.write "<br>"
end if
%>
<%
function IsInvalidUsername(username)
dim re
set re = new RegExp
' list of invalid characters in a user name.
re.Pattern = "[/\\""\[\]:<>\+=;,@]"
IsInvalidUsername = re.Test(username)
end function
function IsInvalidDomainname(domainname)
dim re
set re = new RegExp
' list of invalid characters in a domain name.
re.Pattern = "[/\\""\[\]:<>\+=;,@!#$%^&\(\)\{\}\|~]"
IsInvalidDomainName = re.Test(domainname)
end function
%>