")
fString = Replace(fString, CHR(10), " ")
HTMLEncode = fString
end if
end function
function UHTMLEncode(fString)
if not isnull(fString) then
fString = Replace(fString, " ", CHR(32))
fString = Replace(fString, " ", CHR(9))
fString = Replace(fString, """, CHR(34))
fString = Replace(fString, "'", CHR(39))
fString = Replace(fString, "", CHR(13))
fString = Replace(fString, "
", CHR(10) & CHR(10))
fString = Replace(fString, " ", CHR(10))
HTMLEncode2 = fString
end if
end function
function checkadmin()
if session("Admin")="" then
response.redirect filename&"?action=login"
response.end
end if
end function
action=request.querystring("action")
id=request.querystring("id")
if id<>"" and not isnumeric(id) then
response.write ""
response.end
end if
%>
<%
dh=5
maxpagesize=6 '每页显示留言数
Response.Buffer=True
Response.Expires = -1
reply=0
modify=0
errormsg=""
%>
<%
action=request.querystring("action")
select case action
case "userwrite"
if request.form("user")="" then
errormsg=errormsg&"您忘了填写自己的名字了!"&"
"
end if
if request.form("content")="" then
errormsg=errormsg&"您没有填写留言信息!"&"
"
end if
if request.form("email")="" then
errormsg=errormsg&"您没有填写联系方式!"&"
"
end if
if errormsg="" then
set rs=Server.CreateObject("ADODB.Recordset")
sql="select * from guestbook where User='"&request.form("user")&"'"
rs.open sql,conn,1,3
if not rs.eof then
if rs("pwd")<>md5(request.form("pwd")) then
errormsg=errormsg&"该名字已被保留!"&"
"
else
rs.addnew
rs("User")=code(request.form("User"))
rs("email")=code(request.form("email"))
rs("content")=code(request.form("content"))
rs("sex")=code(request.form("sex"))
secret=request.form("secret")
rs("from")=Request.ServerVariables("REMOTE_ADDR")
if secret<>1 then secret=0
rs("secret")=secret
rs("pwd")=md5(request.form("pwd"))
mdate=date()&" "&time()
rs("Mdate")=mdate
rs.update
set rs=nothing
response.Redirect "message.asp"
response.end
end if
else
rs.addnew
rs("User")=code(request.form("User"))
rs("email")=code(request.form("email"))
rs("content")=code(request.form("content"))
rs("sex")=code(request.form("sex"))
secret=request.form("secret")
rs("from")=Request.ServerVariables("REMOTE_ADDR")
if secret<>1 then secret=0
rs("secret")=secret
rs("pwd")=md5(request.form("pwd"))
mdate=date()&" "&time()
rs("Mdate")=mdate
rs.update
set rs=nothing
response.Redirect "message.asp"
response.end
end if
end if
case "delete"
if request.cookies("administrator")="admin" then
MessageID=request.querystring("MessageID")
set rs=Server.CreateObject("ADODB.Recordset")
sql="delete * from guestbook where MessageID="&MessageID&""
rs.open sql,conn,1,3
set rs=nothing
end if
case "reply"
if request.cookies("administrator")="admin" then
reply=1
end if
case "replyok"
if request.cookies("administrator")="admin" then
MessageID=request.querystring("MessageID")
set rs=Server.CreateObject("ADODB.Recordset")
sql="select * from guestbook where MessageID="&MessageID&""
rs.open sql,conn,1,3
rs("Reply")=code_admin(request.form("reply"))
Rdate=date()&" "&time()
rs("Rdate")=Rdate
rs.update
set rs=nothing
end if
case "modify"
if request.cookies("administrator")="admin" then
modify=1
end if
case "modifyok"
if request.cookies("administrator")="admin" then
MessageID=request.querystring("MessageID")
set rs=Server.CreateObject("ADODB.Recordset")
sql="select * from guestbook where MessageID="&MessageID&""
rs.open sql,conn,1,3
rs("Reply")=code_admin(request.form("reply"))
Rdate=date()&" "&time()
rs("Rdate")=Rdate
rs.update
set rs=nothing
end if
end select
%>
<%
if errormsg<>"" then
errormsgbox()
response.end
end if
set rs=Server.CreateObject("ADODB.Recordset")
if reply=1 then
sql="select * from guestbook where MessageID="&request.querystring("MessageID")&""
rs.open sql,conn,1,3
guestbookbox(reply)
elseif modify=1 then
sql="select * from guestbook where MessageID="&request.querystring("MessageID")&""
rs.open sql,conn,1,3
guestbookbox(modify)
else
sql="select * from guestbook order by MessageID desc"
rs.open sql,conn,1,3
if not rs.eof then
rs.pagesize=maxpagesize
ipagecount=rs.pagecount
if len(request.querystring("page"))=0 then
curpage=1
else
curpage=cint(request.querystring("page"))
end if
rs.absolutepage=curpage
strurl=""
ii=0
do until rs.eof or ii=maxpagesize
guestbookbox(show)
ii=ii+1
rs.movenext
loop
%>
<% showpagebar ipagecount,curpage,strurl %>
<% end if
end if
%>
<%
select case action
case "modpassed"
checkadmin
User=htmlencode(request.form("User"))
oldpass=md5(request.form("oldpass"))
newpass=md5(request.form("newpass"))
newpass2=md5(request.form("confirm"))
sub Checkpass(password)
set rs=conn.execute("SELECT * FROM [Admin] WHERE user='"&session("Admin")&"' AND pass='"&password&"'")
if rs.eof then
response.write ""
response.end
end if
end sub
Checkpass oldpass
if newpass="" then
response.write ""
response.end
end if
if newpass<>newpass2 then
response.write ""
response.end
end if
conn.execute("update [Admin] SET pass='"&newpass&"' WHERE user='"&session("Admin")&"'")
session("Admin")=User
response.write ""
response.end
case "logout"
response.write ""
response.cookies("administrator")=""
response.end
case "logincheck"
User=htmlencode(request.form("User"))
password=md5(request.form("password"))
function CheckLogin(User,password)
set rs=conn.execute("SELECT * FROM [admin] WHERE user='"&User&"' AND pass='"&password&"'")
if not rs.eof then
session("admin")=rs("user")
response.write ""
response.cookies("administrator")="admin"
response.end
else
response.write ""
response.end
end if
end function
CheckLogin User,password
case "login"
%>
Administrator Login
<%
case "modpass"
checkadmin
%>
Password Modify
<% end select %>
Copyright @ JS DETAILING Steel Detailing Co. Ltd. All right reserved
<%
sub showpagebar(totalpage,curpage,strurl)
dim strpage
crupage=getvalidpageno(totalpage,curpage)
response.write "
"
response.write "
"
response.write "Page:"&curpage&"/"&totalpage&" "
if instr(strurl,"?")=0 then
strpage="?page="
else
strpage="&page="
end if
if curpage>1 then
response.write " [One] "
else
response.write " [One] "
end if
if curpage>=2 then
response.write " [Previous] "
else
response.write " [Previous] "
end if
if cint(curpage)Next] "
else
response.write " [Next] "
end if
if cint(curpage)<>cint(totalpage) then
response.write " [End] "
else
response.write " [End] "
end if
if request.cookies("administrator")="admin" then
response.write " [Logout] [Password]
"
else
response.write "[Management]"
end if
end sub
function getvalidpageno(pagecount,curpage)
dim ipage
ipage=curpage
if cint(curpage)<1 then
ipage=1
end if
if cint(ipage)>cint(pagecount) then
ipage=pagecount
end if
getvalidpageno=ipage
end function
Function code(strers)
strer=strers
strer=replace(strer,"<","<")
strer=replace(strer,">",">")
strer=replace(strer," "," ")
strer=replace(strer,CHR(9)," ")
strer=replace(strer,CHR(32)," ")
strer=replace(strer,CHR(13)," ")
strer=replace(strer,vbCrlf," ")
strer=replace(strer,"'","'")
strer=replace(strer,"""",""")
code=strer
end function
Function code_admin(strers)
strer=strers
strer=replace(strer,vbCrlf," ")
code_admin=strer
end function
Function recode_admin(strers)
strer=strers
strer=replace(strer," ",vbCrlf)
recode_admin=strer
end function
function guestbookbox(action)%>
