请帮我看一下这是怎么回事,我把截图发出来,后面我把源码也放在下面,谢谢

[img]http://jianghaibo.ik8.com/1.jpg[/img]
[img]http://jianghaibo.ik8.com/2.jpg[/img]
[img]http://jianghaibo.ik8.com/3.jpg[/img]

_____________________________________________________________________________________
<% if Len(Session("SuperAdmin")) = 0 then Response.Redirect "../logout.asp" %>
<!--#include file="../../common/dbcon.inc.asp" -->
<!--#include file="../../common/mdv.inc.asp" -->
<%
iEditID         = Encode(Request.QueryString("CusTomerID"))
iGroupID        = Encode(Request.QueryString("GroupID"))

if Request.Form("submit") <> "" then
    szUserName    = Encode(Request.Form("UserName"))
    szPassWord    = Encode(Request.Form("PassWord"))
    szMD5Pass    = Encode(Request.Form("MD5Pass"))
    iStatus        = Encode(Request.Form("Status"))

    if Len(szPassWord) > 0 then
        if szMD5Pass <> szPassWord then szPassWord = MD5(szPassWord)
    else
        szPassWord = MD5("")
    end if
    
    if iEditID <> "" then
        szSQL = "UPDATE CusTomer SET UserName='" &amp;amp;amp;amp;amp; szUserName &amp;amp;amp;amp;amp; "'"
        szSQL = szSQL &amp;amp;amp;amp;amp; ",UserPass='" &amp;amp;amp;amp;amp; szPassWord &amp;amp;amp;amp;amp; "'"
        szSQL = szSQL &amp;amp;amp;amp;amp; ",Status=" &amp;amp;amp;amp;amp; iStatus
        szSQL = szSQL &amp;amp;amp;amp;amp; " WHERE CusTomer_ID=" &amp;amp;amp;amp;amp; iEditID
        con.Execute szSQL
        if iStatus = 0 then szPassWord = Left(szPassWord, 15) &amp;amp;amp;amp;amp; "Z"
        ModifyFtpUserPass iEditID, szPassWord
        'SysLog "修改频道用户 nm:" &amp;amp;amp;amp;amp; szUserName, 0
        szErrorMsg = "onLoad=alert('频道用户信息修改成功！');this.location='ftpuser_list.asp';"
    else
        szSQL = "SELECT CusTomer_ID FROM CusTomer WHERE UserName='" &amp;amp;amp;amp;amp; szUserName &amp;amp;amp;amp;amp; "'"
        rsData.Open szSQL,con,1,3
        if not rsData.EOF then
            szErrorMsg = "onLoad=alert('你注册的用户名已经存在！');history.back(-1);"
        else
            if Left(szUserName, 1) = "!" then
                Response.Write "<script language='JScript'>alert('请不要使用非法字符注册用户！');history.back();</script>"
                Response.End
            end if

            szSQL = "INSERT INTO CusTomer(UserName,UserPass,UserMail,Status,CreateDate)"
            szSQL = szSQL &amp;amp;amp;amp;amp; "VALUES('" &amp;amp;amp;amp;amp; szUserName &amp;amp;amp;amp;amp; "','" &amp;amp;amp;amp;amp; szPassWord &amp;amp;amp;amp;amp; "','" &amp;amp;amp;amp;amp; szUserName &amp;amp;amp;amp;amp; "@company.com'," &amp;amp;amp;amp;amp; iStatus &amp;amp;amp;amp;amp; ",'" &amp;amp;amp;amp;amp; now &amp;amp;amp;amp;amp; "')"
            con.Execute szSQL

            set rsData_Group = Server.CreateObject("ADODB.Recordset")
            szSQL = "SELECT Group_ID FROM GroupInfo WHERE GroupName='内容管理组'"
            rsData_Group.Open szSQL,con,1,3
            if not rsData_Group.EOF then iGroupID = rsData_Group("Group_ID")
            rsData_Group.Close

            x = SetCusTomerInitGroup(szUserName, iGroupID)
            'SysLog "添加频道用户 nm:" &amp;amp;amp;amp;amp; szUserName, 0
            szErrorMsg = "onLoad=alert('频道用户信息添加成功！');this.location='ftpuser_list.asp';"
        end if
        rsData.Close
    end if
end if

if iEditID <> "" then
    szSQL = "SELECT * FROM CusTomer WHERE CusTomer_ID=" &amp;amp;amp;amp;amp; iEditID
    rsData.Open szSQL,con,1,3
    if not rsData.EOF then
        szUserName    = rsData("UserName")
        szPassWord    = rsData("UserPass")
        iStatus        = rsData("Status")
    end if
    rsData.Close
end if

if Len(iStatus) = 0 then iStatus = 1
%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=GB2312">
<link rel="stylesheet" type="text/css" href="../../common/css/main.css">
</head>
<body background="../../images/admin/admin.gif" <% =szErrorMsg %>>
<img src="../../images/admin/ftpuser_set.gif">


<table border="1" cellspacing="4" bordercolor="#CCCCCC" width="500" align="center">
  <form method="POST" name="FtpUser" onSubmit="return CheckForm();">
  <tr>
    <td width="30%" height="24" align="right"><b>频道用户名</b>&nbsp;</td>
    <td width="35%"><input type="text" name="UserName" value="<% =szUserName %>" size="20" maxlength="20"<% if iEditID <> "" then Response.Write " readonly" %>></td>
    <td align="right" width="15%"><b>帐号状态</b>&nbsp;</td>
    <td width="20%">
      <select name="Status">
        <option value="0"<% if iStatus = "0" then Response.Write " selected" %>> 禁用 </option>
        <option value="1"<% if iStatus = "1" then Response.Write " selected" %>> 启用 </option>
      </select>
    </td>
  </tr>
  <tr>
    <td align="right" height="24"><b>频道用户密码</b>&nbsp;</td>
    <td colspan="3">
      <input type="password" name="PassWord" value="<% =szPassWord %>" size="20" maxlength="15"></td>
      <input type="hidden" name="MD5Pass" value="<% =szPassWord %>">
  </tr>
  <tr>
    <td align="right" height="24"><b>频道用户密码确认</b>&nbsp;</td>
    <td colspan="3"><input type="password" name="PassWordConfirm" value="<% =szPassWord %>" size="20" maxlength="15">
    </td>
  </tr>
  <tr>
    <td align="center" height="30" colspan="4">
      <input type="hidden" name="id" value="<% =iEditID %>">
      <input type="submit" value="保存内容管理员信息 >>>" name="submit">　　
      <input type="button" value="[ 返回 ]" onClick="window.navigate('ftpuser_list.asp');">
    </td>
  </tr>
  </form>
</table>

<% if Len(iEditID) > 0 then %>
<table border="1" cellspacing="4" bordercolor="#CCCCCC" width="500" align="center">
  <form method="POST" name="FileSrvInfo" onSubmit="return CheckForm();">
  <tr>
    <td align="right" height="24" width="30%"><b>文件服务器选择</b>&nbsp;</td>
    <td width="70%">
      <select name="FileSrvAddr" onchange="GetServerDiskInfo(this.options[this.selectedIndex].value, '<% =szUserName %>')">
        <option value="0">- 请选择地址 -</option>
<%
szSQL = "SELECT StreamServerIP.IPAddr FROM StreamServerIP"
szSQL = szSQL &amp;amp;amp;amp;amp; " INNER JOIN StreamServerAdapter ON StreamServerIP.Adapter_ID=StreamServerAdapter.Adapter_ID"
szSQL = szSQL &amp;amp;amp;amp;amp; " WHERE StreamServerAdapter.AdapterType=2"
rsData.Open szSQL,con,1,3
do while not rsData.EOF
%>
        <option value="<% =rsData("IPAddr") %>"><% =rsData("IPAddr") %></option>
<%
    rsData.MoveNext
loop
rsData.Close
%>
      </select>
    </td>
  </tr>
  <tr>
    <td align="right" height="24"><b>服务器磁盘选择</b>&nbsp;</td>
    <td id="oDiskInfoDIV">&nbsp;</td>
  </tr>
  <tr>
    <td align="center" height="30" colspan="2">
      <input disabled id="CreateUserBTN" type="button" value="在服务器上保存用户 >>>" onclick="CreateFtpUser()">　　
    </td>
  </tr>
  </form>
</table>

<script language="JavaScript">
function GetServerDiskInfo(szFileSrvAddr, szUserName)
{
    if(szFileSrvAddr == 0)
    {
        oDiskInfoDIV.innerHTML = "&nbsp;请选择文件服务器！";
        FileSrvInfo.CreateUserBTN.disabled = true;
        return;
    }
    FileSrvInfo.CreateUserBTN.disabled = false;
    oDiskInfoDIV.innerHTML = "正在读取信息，请稍候...";    
    var oXMLHttpRequest = new ActiveXObject("Microsoft.XMLHTTP");
    oXMLHttpRequest.Open("GET", "../../upload.fas?act=1&loginip=" + szFileSrvAddr + "&loginport=3000&loginpswd=123456&username=" + szUserName, false);
    oXMLHttpRequest.Send();
    szDiskInfo = oXMLHttpRequest.responseText;
    oDiskInfoDIV.innerHTML = szDiskInfo;
    delete oXMLHttpRequest;
}

function CreateFtpUser()
{
    if(document.FtpUser.MD5Pass.value != document.FtpUser.PassWord.value)
    {
        alert("\n内容管理员密码尚未保存！");
        return false;
    }

    szFileSrvAddr    = FileSrvInfo.FileSrvAddr.value;
    szSelectedDisk    = FileSrvInfo.SelectDisk.value;
    szUserName        = FtpUser.UserName.value;
    szUserPass        = FtpUser.PassWord.value;
    if(szFileSrvAddr.length == 0 || szSelectedDisk.length == 0)
    {
        alert("参数错误！");
        return;
    }
    var oXMLHttpRequest = new ActiveXObject("Microsoft.XMLHTTP");
    szURL = "../../upload.fas?act=2&loginip=" + szFileSrvAddr + "&loginport=3000&loginpswd=123456&loginport2=3001"
    szURL = szURL + "&username=" + szUserName + "&userpswd=" + szUserPass + "&userdir=" + szSelectedDisk;
    oXMLHttpRequest.Open("GET", szURL, false);
    oXMLHttpRequest.Send();
    szAPIRet = oXMLHttpRequest.responseText;
    delete oXMLHttpRequest;
    if(szDiskInfo == "0")
        alert("在服务器" + szFileSrvAddr + "的" + szSelectedDisk + "磁盘上保存用户出错！");
    else
        alert("保存用户成功！");

    GetServerDiskInfo(szFileSrvAddr, szUserName);
}
</script>
<% end if %>
<script language="JavaScript">
function KillSpace(x)
{
    while((x.length > 0) && (x.charAt(0) == ' '))x = x.substring(1, x.length);
    while((x.length > 0) && (x.charAt(x.length - 1) == ' '))x = x.substring(0, x.length - 1);
    return x;
}

function CheckForm()
{
    document.FtpUser.UserName.value            = KillSpace(document.FtpUser.UserName.value);
    document.FtpUser.PassWord.value            = KillSpace(document.FtpUser.PassWord.value);
    document.FtpUser.PassWordConfirm.value    = KillSpace(document.FtpUser.PassWordConfirm.value);
    document.FtpUser.MD5Pass.value            = KillSpace(document.FtpUser.MD5Pass.value);

    if(document.FtpUser.UserName.value.length == 0 || document.FtpUser.UserName.value.substr(0, 1) == '!')
    {
        alert("\n请输入正确的内容管理员名，不能含有[!]符号作为内容管理员名头！");
        document.FtpUser.UserName.focus();
        return false;
    }

    if(document.FtpUser.PassWord.value != document.FtpUser.PassWordConfirm.value)
    {
        alert("\n内容管理员密码和确认密码不同！");
        document.FtpUser.PassWordConfirm.focus();
        return false;
    }

    return true;
}
</script>
</body>
</html>
<!--#include file="../../common/dbend.inc.asp" -->