<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>
<!--#include file="inc/Md5.asp"-->
<%
dbpath = server.mappath("inc/wlyhx1#5.asa")
set conn = server.createobject("adodb.connection")
connstr="Provider=Microsoft.Jet.OLEDB.4.0;Data Source="&dbpath
conn.Open connstr
function HTMLEncode(fString)
if not isnull(fString) then
fString = replace(fString, ">", ">")
fString = replace(fString, "<", "<")
fString = Replace(fString, CHR(32), " ")
fString = Replace(fString, CHR(9), " ")
fString = Replace(fString, CHR(34), """)
fString = Replace(fString, CHR(39), "'")
fString = Replace(fString, CHR(13), "")
fString = Replace(fString, CHR(10) & CHR(10), "</p><p> ")
fString = Replace(fString, CHR(10), "<br> ")
HTMLEncode = fString
end if
end function
function UHTMLEncode(fString)
if not isnull(fString) then
fString = Replace(fString, " ", CHR(32))
fString = Replace(fString, " ", CHR(9))
fString = Replace(fString, """, CHR(34))
fString = Replace(fString, "'", CHR(39))
fString = Replace(fString, "", CHR(13))
fString = Replace(fString, "</p><p> ", CHR(10) & CHR(10))
fString = Replace(fString, "<br> ", CHR(10))
HTMLEncode2 = fString
end if
end function
function checkadmin()
if session("Admin")="" then
response.redirect filename&"?action=login"
response.end
end if
end function
action=request.querystring("action")
id=request.querystring("id")
if id<>"" and not isnumeric(id) then
response.write "<script>alert('非法的ID!');this.location.href='message.asp';</SCRIPT>"
response.end
end if
%>
<%
dh=5
maxpagesize=6 '每页显示留言数
Response.Buffer=True
Response.Expires = -1
reply=0
modify=0
errormsg=""
%>
<%
action=request.querystring("action")
select case action
case "userwrite"
if request.form("user")="" then
errormsg=errormsg&"您忘了填写自己的名字了!"&"<p>"
end if
if request.form("content")="" then
errormsg=errormsg&"您没有填写留言信息!"&"<p>"
end if
if request.form("email")="" then
errormsg=errormsg&"您没有填写联系方式!"&"<p>"
end if
if errormsg="" then
set rs=Server.CreateObject("ADODB.Recordset")
sql="select * from guestbook where User='"&request.form("user")&"'"
rs.open sql,conn,1,3
if not rs.eof then
if rs("pwd")<>md5(request.form("pwd")) then
errormsg=errormsg&"该名字已被保留!"&"<p>"
else
rs.addnew
rs("User")=code(request.form("User"))
rs("email")=code(request.form("email"))
rs("content")=code(request.form("content"))
rs("sex")=code(request.form("sex"))
secret=request.form("secret")
rs("from")=Request.ServerVariables("REMOTE_ADDR")
if secret<>1 then secret=0
rs("secret")=secret
rs("pwd")=md5(request.form("pwd"))
mdate=date()&" "&time()
rs("Mdate")=mdate
rs.update
set rs=nothing
response.Redirect "message.asp"
response.end
end if
else
rs.addnew
rs("User")=code(request.form("User"))
rs("email")=code(request.form("email"))
rs("content")=code(request.form("content"))
rs("sex")=code(request.form("sex"))
secret=request.form("secret")
rs("from")=Request.ServerVariables("REMOTE_ADDR")
if secret<>1 then secret=0
rs("secret")=secret
rs("pwd")=md5(request.form("pwd"))
mdate=date()&" "&time()
rs("Mdate")=mdate
rs.update
set rs=nothing
response.Redirect "message.asp"
response.end
end if
end if
case "delete"
if request.cookies("administrator")="admin" then
MessageID=request.querystring("MessageID")
set rs=Server.CreateObject("ADODB.Recordset")
sql="delete * from guestbook where MessageID="&MessageID&""
rs.open sql,conn,1,3
set rs=nothing
end if
case "reply"
if request.cookies("administrator")="admin" then
reply=1
end if
case "replyok"
if request.cookies("administrator")="admin" then
MessageID=request.querystring("MessageID")
set rs=Server.CreateObject("ADODB.Recordset")
sql="select * from guestbook where MessageID="&MessageID&""
rs.open sql,conn,1,3
rs("Reply")=code_admin(request.form("reply"))
Rdate=date()&" "&time()
rs("Rdate")=Rdate
rs.update
set rs=nothing
end if
case "modify"
if request.cookies("administrator")="admin" then
modify=1
end if
case "modifyok"
if request.cookies("administrator")="admin" then
MessageID=request.querystring("MessageID")
set rs=Server.CreateObject("ADODB.Recordset")
sql="select * from guestbook where MessageID="&MessageID&""
rs.open sql,conn,1,3
rs("Reply")=code_admin(request.form("reply"))
Rdate=date()&" "&time()
rs("Rdate")=Rdate
rs.update
set rs=nothing
end if
end select
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<title>Js detailing</title>
<link href="css.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="png.js"></script>
<script type="text/javascript" src="flash.js"></script>
<script language="JavaScript">
function affirm(url)
{
if (confirm("Are you sure you want to delete it?"))
{return location.href=url}
}</script>
<style type="text/css">
<!--
body {
background-color: #ababab;
background-image: url(pic/gs_bg.jpg);
background-repeat:repeat-x;
}
-->
</style>
</head>
<body>
<table width="100%" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td height="5" align="center" valign="top" bgcolor="#bbbbbb"><img src="pic/nei_top1.gif" width="880" height="5" /></td>
</tr>
</table>
<table width="800" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td width="186" height="92" valign="bottom"><script type="text/javascript">LoadFlash('transparent','logo.swf', 184, 75);</script></td>
<td width="614" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="607" height="35" align="right"><a href="index.html">Home |</a> <a href="#">Favorites |</a> <a href="#">Links</a></td>
<td width="12" align="right" valign="top"><img src="pic/top_tiao.gif" width="2" height="29" /></td>
</tr>
<tr>
<td height="57" colspan="2" valign="top"><script type="text/javascript">LoadFlash('transparent','menu.swf', 614, 59);</script></td>
</tr>
</table></td>
</tr>
<tr>
<td height="141" valign="bottom"><img src="pic/message_01.jpg" width="184" height="150" /></td>
<td valign="top"><img src="pic/banner.png" width="616" height="150" /></td>
</tr>
</table>
<table width="800" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td height="23"><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td height="20" colspan="2"></td>
</tr>
<tr>
<td width="174" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="15%" height="23" align="center" valign="middle" class="dian">◆</td>
<td width="85%" height="23" valign="middle"><a href="company.html">Company </a></td>
</tr>
<tr>
<td height="2" colspan="2" valign="middle"><img src="pic/hengxian.gif" width="100%" height="2" /></td>
</tr>
<tr>
<td height="23" align="center" valign="middle"><span class="dian">◆</span></td>
<td height="23" valign="middle"><a href="contact.html">Contact Us</a></td>
</tr>
<tr>
<td height="2" colspan="2" valign="middle"><img src="pic/hengxian.gif" width="100%" height="2" /></td>
</tr>
<tr>
<td height="23" align="center" valign="middle"><span class="dian">◆</span></td>
<td height="23" valign="middle"><a href="message.asp">Online Message</a></td>
</tr>
<tr>
<td height="2" colspan="2" valign="middle"><img src="pic/hengxian.gif" width="100%" height="2" /></td>
</tr>
<tr>
<td height="186" colspan="2" valign="bottom"><img src="pic/hotline.png" width="172" height="105" /></td>
</tr>
<tr>
<td height="257" colspan="2" align="center" valign="bottom"><img src="pic/our.png" width="102" height="182" /></td>
</tr>
</table></td>
<td width="626" height="100%" rowspan="14" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="10" rowspan="4"></td>
<td width="458"><img src="pic/online.gif" width="147" height="12" /></td>
<td width="160" class="ziti">Home > Online Message</td>
</tr>
<tr>
<td colspan="2" valign="bottom"><img src="pic/fenge.gif" width="616" height="3" /></td>
</tr>
<tr>
<td colspan="2"></td>
</tr>
<tr>
<td height="4" colspan="2"><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="2%" rowspan="2" ></td>
<td width="98%" height="15" ></td>
</tr>
<tr>
<td height="390" valign="top">
<table border=0 cellspacing=0 width=100%>
<form name="userwrite" method="post" action="message.asp?action=userwrite">
<tr>
<td width="14%" height="25" align="right"><strong>
Your Name:</strong></td>
<td width="86%" align="left">
<input type=text name="User" size=20 id="User4" class=input value="" maxlength="30">
<input name="sex" type="radio" value="Male" checked >
Male
<input type="radio" name="sex" value="Female" > Female</td>
</tr>
<tr>
<td width="14%" height="25" align="right"><b>
Telephone:</b></td>
<td align="left">
<input type=text name="email" size=20 id="email4" class=input value="" maxlength="50"> </td>
</tr>
<tr>
<td colspan="2" align="right">
<table width="100%" border=0 cellpadding="0" cellspacing="0">
<tr>
<td width="14%" align="right">
<b> Content:</b><br></td>
<td width="86%" align="left"><textarea name="content" cols="50" rows="6" class=input id="textarea3"
onkeydown=gbcount(this.form.content,this.form.total,this.form.used,this.form.remain);
onkeyup=gbcount(this.form.content,this.form.total,this.form.used,this.form.remain);></textarea></td>
</tr>
</table></td>
</tr>
<tr align="center">
<td height="30" colspan="2">
<input name="Submit2" type="submit" value=" Enter " class=input> </td>
</tr>
</form>
</table>
<%
if errormsg<>"" then
errormsgbox()
response.end
end if
set rs=Server.CreateObject("ADODB.Recordset")
if reply=1 then
sql="select * from guestbook where MessageID="&request.querystring("MessageID")&""
rs.open sql,conn,1,3
guestbookbox(reply)
elseif modify=1 then
sql="select * from guestbook where MessageID="&request.querystring("MessageID")&""
rs.open sql,conn,1,3
guestbookbox(modify)
else
sql="select * from guestbook order by MessageID desc"
rs.open sql,conn,1,3
if not rs.eof then
rs.pagesize=maxpagesize
ipagecount=rs.pagecount
if len(request.querystring("page"))=0 then
curpage=1
else
curpage=cint(request.querystring("page"))
end if
rs.absolutepage=curpage
strurl=""
ii=0
do until rs.eof or ii=maxpagesize
guestbookbox(show)
ii=ii+1
rs.movenext
loop
%>
<table border="0" cellspacing="0" cellpadding="0" align="center" width="600">
<tr align="center">
<td height="28">
<% showpagebar ipagecount,curpage,strurl %> </td>
</tr>
</table>
<% end if
end if
%>
<table width="600" align="center" cellpadding="0" cellspacing="0">
<tr>
<td align="center">
<%
select case action
case "modpassed"
checkadmin
User=htmlencode(request.form("User"))
oldpass=md5(request.form("oldpass"))
newpass=md5(request.form("newpass"))
newpass2=md5(request.form("confirm"))
sub Checkpass(password)
set rs=conn.execute("SELECT * FROM [Admin] WHERE user='"&session("Admin")&"' AND pass='"&password&"'")
if rs.eof then
response.write "<script>alert('The old password error!');this.location.href='"&filename&"?action=modpass';</SCRIPT>"
response.end
end if
end sub
Checkpass oldpass
if newpass="" then
response.write "<script>alert('New password can not be empty!');this.location.href='"&filename&"?action=modpass';</SCRIPT>"
response.end
end if
if newpass<>newpass2 then
response.write "<script>alert('Two new password inconsistent!');this.location.href='"&filename&"?action=modpass';</SCRIPT>"
response.end
end if
conn.execute("update [Admin] SET pass='"&newpass&"' WHERE user='"&session("Admin")&"'")
session("Admin")=User
response.write "<script>alert('The success of revision!');this.location.href='message.asp';</SCRIPT>"
response.end
case "logout"
response.write "<script>this.location.href='message.asp';</SCRIPT>"
response.cookies("administrator")=""
response.end
case "logincheck"
User=htmlencode(request.form("User"))
password=md5(request.form("password"))
function CheckLogin(User,password)
set rs=conn.execute("SELECT * FROM [admin] WHERE user='"&User&"' AND pass='"&password&"'")
if not rs.eof then
session("admin")=rs("user")
response.write "<script>this.location.href='message.asp';</SCRIPT>"
response.cookies("administrator")="admin"
response.end
else
response.write "<script>alert('Manager authentication failure!');this.location.href='"&filename&"?action=login';</SCRIPT>"
response.end
end if
end function
CheckLogin User,password
case "login"
%>
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td height="25" colspan="2"align="center">Administrator Login</td>
</tr>
<form name="form1" method="post" action="<% =filename %>message.asp?action=logincheck">
<tr>
<td height="13"></td>
<td></td>
</tr>
<tr>
<td height="25">Administrator:</td>
<td><input type="text" name="User" class="input"></td>
</tr>
<tr>
<td height="25">Password:</td>
<td><input type="password" name="password" class="input"></td>
</tr>
<tr>
<td height="40" colspan="2" align="center"> <input name="Submit3" type="submit" value=" Enter " class="input"> <input name="reset" type="reset" value=" Reset " class="input"></td>
</tr>
</form>
</table>
<br>
<br>
<%
case "modpass"
checkadmin
%>
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td height="25" colspan="2" align="center">Password Modify</td>
</tr>
<form name="form1" method="post" action="<% =filename %>?action=modpassed">
<tr>
<td height="16" align="center"></td>
<td></td>
</tr>
<tr>
<td height="25" align="center">Name:</td>
<td><input name="User" type="text" id="User10" value="<% =session("admin") %>" size="20" maxlength="16" readonly class="input"></td>
</tr>
<tr>
<td height="25" align="center">Old Password:</td>
<td><input name="oldpass" type="password" id="oldpass5" maxlength="16" class="input"></td>
</tr>
<tr>
<td height="25" align="center">New Password:</td>
<td><input name="newpass" type="password" id="newpass5" maxlength="16" class="input"></td>
</tr>
<tr>
<td height="25" align="center">Confirm Password:</td>
<td><input name="confirm" type="password" id="confirm5" maxlength="16" class="input"></td>
</tr>
<tr>
<td height="40" colspan="2" align="center"><input name="Submit2" type="submit" id="Submit24" value=" Modify " class="input"> <input name="reset" type="reset" id="reset5" value=" Reset " class="input"></td>
</tr>
</form>
</table>
<% end select %> </td>
</tr>
</table></td>
</tr>
</table> </td>
</tr>
</table></td>
</tr>
</table>
</td>
</tr>
</table>
<table width="800" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td height="30" colspan="3" valign="middle"><img src="pic/in_hengxian.gif" width="100%" height="2" /></td>
</tr>
<tr>
<td width="653" height="44" align="right"><span class="STYLE4">Copyright @ JS DETAILING Steel Detailing Co. Ltd. All right reserved</span></td>
<td width="32" align="center"><img src="pic/in_tiao.gif" width="2" height="37" /></td>
<td width="115"><img src="pic/logo4.png" width="103" height="37" /></td>
</tr>
</table>
</body>
</html>
<%
sub showpagebar(totalpage,curpage,strurl)
dim strpage
crupage=getvalidpageno(totalpage,curpage)
response.write "<table width=''100%''>"
response.write "<tr><td width=''100%'' lign=''right'' class=text1>"
response.write "Page:"&curpage&"/"&totalpage&" "
if instr(strurl,"?")=0 then
strpage="?page="
else
strpage="&page="
end if
if curpage>1 then
response.write " [<a href="&strurl&strpage&"1>One</a>] "
else
response.write " [One] "
end if
if curpage>=2 then
response.write " [<a href="&strurl&strpage&curpage-1&">Previous</a>] "
else
response.write " [Previous] "
end if
if cint(curpage)<cint(totalpage) then
response.write " [<a href="&strurl&strpage&curpage+1&">Next</a>] "
else
response.write " [Next] "
end if
if cint(curpage)<>cint(totalpage) then
response.write " [<a href="&strurl&strpage&totalpage&">End</a>] "
else
response.write " [End] "
end if
if request.cookies("administrator")="admin" then
response.write " [<a href=message.asp?action=logout>Logout</a>] [<a href=message.asp?action=modpass>Password</a>]</td></tr></table>"
else
response.write "[<a href=message.asp?action=login>Management</a>]</td></tr></table>"
end if
end sub
function getvalidpageno(pagecount,curpage)
dim ipage
ipage=curpage
if cint(curpage)<1 then
ipage=1
end if
if cint(ipage)>cint(pagecount) then
ipage=pagecount
end if
getvalidpageno=ipage
end function
Function code(strers)
strer=strers
strer=replace(strer,"<","<")
strer=replace(strer,">",">")
strer=replace(strer," "," ")
strer=replace(strer,CHR(9)," ")
strer=replace(strer,CHR(32)," ")
strer=replace(strer,CHR(13),"<br>")
strer=replace(strer,vbCrlf,"<br>")
strer=replace(strer,"'","'")
strer=replace(strer,"""",""")
code=strer
end function
Function code_admin(strers)
strer=strers
strer=replace(strer,vbCrlf,"<br>")
code_admin=strer
end function
Function recode_admin(strers)
strer=strers
strer=replace(strer,"<br>",vbCrlf)
recode_admin=strer
end function
function guestbookbox(action)%>
<table width="600" border="0" cellspacing="0" cellpadding="0" align="center">
<tr>
<td valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0">
<%if request.cookies("administrator")="admin" then%>
<tr>
<td style="padding:6px;">Telephone:<font class="message"><%=rs("email")%></font> Sex:<font class="message"><%=rs("sex")%></font> IP:<font class="message"><%=rs("from")%></font>
[<a href="javascript:affirm('message.asp?action=delete&MessageID=<%=rs("MessageID")%>')" >Delete</a>]
<% if rs("reply")<>"" then %>[<a href="message.asp?action=modify&MessageID=<%=rs("MessageID")%>" >Modify</a>]
<% else %>
[<a href="message.asp?action=reply&MessageID=<%=rs("MessageID")%>" >Reply</a>]
<%end if%>
</td>
</tr>
<% end if%>
<tr>
<td><table width="100%" border="0" cellpadding="0" cellspacing="0" >
<tr>
<td height="18" style="padding:2px;" valign="bottom"><table width="100%" border="0" cellspacing="2" cellpadding="2">
<tr>
<td height="12" width="439"><font class="message"><b><%=rs("user")%></b></font> Say:</td>
<td height="12"><font class="message"><%=rs("MDate")%></font></td>
</tr>
</table></td>
</tr>
</table>
<table border="0" cellpadding="0" cellspacing="0" width="100%" style=" table-layout:fixed;word-break:break-all">
<tr>
<td height="1"> </td>
</tr>
<tr>
<td style="padding:6px;"><font class="message"><%=rs("content")%></font></td>
</tr>
</table>
<% if reply=1 then
replybox(reply)
elseif modify=1 then
replybox(modify)
elseif rs("reply")<>"" then
replybox(show)
end if %>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td height="3" bgcolor="#E5E5E5"> </td>
</tr>
<tr>
<td height="6"> </td>
</tr>
</table> </td>
</tr>
</table> </td>
</tr>
</table>
<%end function
function replybox(action) %>
<table width="600" border="0" align="center" cellpadding="0" cellspacing="0">
<% if action=show then%>
<form>
<% elseif action=reply then%><form name="reply" method="post" action="message.asp?action=replyok&MessageID=<%=rs("MessageID")%>">
<% elseif action=modify then%>
<form name="modify" method="post" action="message.asp?action=modifyok&MessageID=<%=rs("MessageID")%>">
<% end if %>
<tr>
<td height="1"> </td>
</tr>
<tr>
<td height="22" colspan="3" style="padding:5px;"> Reply
<% if action<>show then %>
<% end if %>
<%if action<>show then%>
<input name="Submit" type="submit" value=" Enter " class="input">
<%end if%><%=rs("RDate")%></td>
</tr>
<tr>
<td height="1"> </td>
</tr>
<tr>
<td colspan="3" style="padding:5px;"><font color="#ac0000">
<% if action=show then%>
<%=rs("reply")%>
<% elseif action=reply then%>
<textarea name="reply" style="width:80%" rows="12" class="input"></textarea>
<% elseif action=modify then%><br>
<textarea name="reply" style="width:80%" rows="12" class="input"><%=recode_admin(rs("reply"))%></textarea>
<% end if %>
</font></td>
</tr>
</form>
</table>
<%
end function
sub errormsgbox() %>
<table width="600" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td height="30" colspan="3" align="center"><strong><font color="#394544">
Error!</font></strong></td>
</tr>
<tr>
<td width="100%" align="center" valign="middle"><br>
<font color="#394544"><%=errormsg%></font><br>
</td>
</tr>
<tr>
<td height="20" colspan="3" align="center">
<input name="Submit" type="button" class="input" onClick="javascript:history.go(-1)" value=" Return ">
</td>
</tr>
</table>
<% end sub %>
</div>