")
fString = Replace(fString, CHR(10), " ")
HTMLEncode = fString
end if
end function
function UHTMLEncode(fString)
if not isnull(fString) then
fString = Replace(fString, " ", CHR(32))
fString = Replace(fString, " ", CHR(9))
fString = Replace(fString, """, CHR(34))
fString = Replace(fString, "'", CHR(39))
fString = Replace(fString, "", CHR(13))
fString = Replace(fString, "
", CHR(10) & CHR(10))
fString = Replace(fString, " ", CHR(10))
HTMLEncode2 = fString
end if
end function
function checkadmin()
if session("Admin")="" then
response.redirect filename&"?action=login"
response.end
end if
end function
action=request.querystring("action")
id=request.querystring("id")
if id<>"" and not isnumeric(id) then
response.write ""
response.end
end if
%>
<%
dh=5
maxpagesize=8 '每页显示留言数
Response.Buffer=True
Response.Expires = -1
reply=0
modify=0
errormsg=""
%>
<%
action=request.querystring("action")
select case action
case "userwrite"
if request.form("user")="" then
errormsg=errormsg&"您忘了填写自己的名字了!"&"
"
end if
if request.form("content")="" then
errormsg=errormsg&"您没有填写留言信息!"&"
"
end if
if request.form("email")="" then
errormsg=errormsg&"您没有填写邮箱!"&"
"
end if
verifycode=request.Form("verifycode")
if IsNumeric(verifycode) then verifycode=cint(verifycode) else verifycode=0
if verifycode<>cint(session("numcode")) then
errormsg=errormsg&"验证码输入有误!"&"
"
end if
if errormsg="" then
set rs=Server.CreateObject("ADODB.Recordset")
sql="select * from guestbook where User='"&request.form("user")&"'"
rs.open sql,conn,1,3
if not rs.eof then
if rs("pwd")<>md5(request.form("pwd")) then
errormsg=errormsg&"该名字已被保留!"&"
"
else
rs.addnew
rs("User")=code(request.form("User"))
rs("email")=code(request.form("email"))
rs("content")=code(request.form("content"))
rs("sex")=code(request.form("sex"))
secret=request.form("secret")
rs("from")=Request.ServerVariables("REMOTE_ADDR")
if secret<>1 then secret=0
rs("secret")=secret
rs("pwd")=md5(request.form("pwd"))
mdate=date()&" "&time()
rs("Mdate")=mdate
rs.update
set rs=nothing
response.Redirect "index.asp"
response.end
end if
else
rs.addnew
rs("User")=code(request.form("User"))
rs("email")=code(request.form("email"))
rs("content")=code(request.form("content"))
rs("sex")=code(request.form("sex"))
secret=request.form("secret")
rs("from")=Request.ServerVariables("REMOTE_ADDR")
if secret<>1 then secret=0
rs("secret")=secret
rs("pwd")=md5(request.form("pwd"))
mdate=date()&" "&time()
rs("Mdate")=mdate
rs.update
set rs=nothing
response.Redirect "index.asp"
response.end
end if
end if
case "delete"
if request.cookies("administrator")="admin" then
MessageID=request.querystring("MessageID")
set rs=Server.CreateObject("ADODB.Recordset")
sql="delete * from guestbook where MessageID="&MessageID&""
rs.open sql,conn,1,3
set rs=nothing
end if
case "reply"
if request.cookies("administrator")="admin" then
reply=1
end if
case "replyok"
if request.cookies("administrator")="admin" then
MessageID=request.querystring("MessageID")
set rs=Server.CreateObject("ADODB.Recordset")
sql="select * from guestbook where MessageID="&MessageID&""
rs.open sql,conn,1,3
rs("Reply")=code_admin(request.form("reply"))
Rdate=date()&" "&time()
rs("Rdate")=Rdate
rs.update
set rs=nothing
end if
case "ontop"
if request.cookies("administrator")="admin" then
MessageID=request.querystring("MessageID")
set rs=Server.CreateObject("ADODB.Recordset")
sql="select * from guestbook where MessageID="&MessageID&""
rs.open sql,conn,1,3
rs("ontop")=code_admin(request.form("ontop"))
rs.update
set rs=nothing
end if
case "modify"
if request.cookies("administrator")="admin" then
modify=1
end if
case "modifyok"
if request.cookies("administrator")="admin" then
MessageID=request.querystring("MessageID")
set rs=Server.CreateObject("ADODB.Recordset")
sql="select * from guestbook where MessageID="&MessageID&""
rs.open sql,conn,1,3
rs("Reply")=code_admin(request.form("reply"))
Rdate=date()&" "&time()
rs("Rdate")=Rdate
rs.update
set rs=nothing
end if
end select
%>
golf oilpaintings made in china人体油画几何装饰画名画复制画框批发零售广州维美油画中心留言本
<% txt=500 '留言的最大字数 %>
<%
if errormsg<>"" then
errormsgbox()
response.end
end if
set rs=Server.CreateObject("ADODB.Recordset")
if reply=1 then
sql="select * from guestbook where MessageID="&request.querystring("MessageID")&""
rs.open sql,conn,1,3
guestbookbox(reply)
elseif modify=1 then
sql="select * from guestbook where MessageID="&request.querystring("MessageID")&""
rs.open sql,conn,1,3
guestbookbox(modify)
else
sql="select * from guestbook order by MessageID desc"
rs.open sql,conn,1,3
if not rs.eof then
rs.pagesize=maxpagesize
ipagecount=rs.pagecount
if len(request.querystring("page"))=0 then
curpage=1
else
curpage=cint(request.querystring("page"))
end if
rs.absolutepage=curpage
strurl=""
ii=0
do until rs.eof or ii=maxpagesize
guestbookbox(show)
ii=ii+1
rs.movenext
loop
%>
<% showpagebar ipagecount,curpage,strurl %>
<% end if
end if
%>
<%
select case action
case "modpassed"
checkadmin
User=htmlencode(request.form("User"))
oldpass=md5(request.form("oldpass"))
newpass=md5(request.form("newpass"))
newpass2=md5(request.form("confirm"))
sub Checkpass(password)
set rs=conn.execute("SELECT * FROM [Admin] WHERE user='"&session("Admin")&"' AND pass='"&password&"'")
if rs.eof then
response.write ""
response.end
end if
end sub
Checkpass oldpass
if newpass="" then
response.write ""
response.end
end if
if newpass<>newpass2 then
response.write ""
response.end
end if
conn.execute("update [Admin] SET pass='"&newpass&"' WHERE user='"&session("Admin")&"'")
session("Admin")=User
response.write ""
response.end
case "logout"
response.write ""
response.cookies("administrator")=""
response.end
case "logout"
response.write ""
response.cookies("administrator")=""
response.end
case "logincheck"
User=htmlencode(request.form("User"))
password=md5(request.form("password"))
function CheckLogin(User,password)
set rs=conn.execute("SELECT * FROM [admin] WHERE user='"&User&"' AND pass='"&password&"'")
if not rs.eof then
session("admin")=rs("user")
response.write ""
response.cookies("administrator")="admin"
response.end
else
response.write ""
response.end
end if
end function
CheckLogin User,password
case "login"
%>
<%
sub showpagebar(totalpage,curpage,strurl)
dim strpage
crupage=getvalidpageno(totalpage,curpage)
response.write "
"
response.write "
"
response.write "页数:"&curpage&"/"&totalpage&" "
if instr(strurl,"?")=0 then
strpage="?page="
else
strpage="&page="
end if
if curpage>1 then
response.write " [第一页] "
else
response.write " [第一页] "
end if
if curpage>=2 then
response.write " [上一页] "
else
response.write " [上一页] "
end if
if cint(curpage)下一页] "
else
response.write " [下一页] "
end if
if cint(curpage)<>cint(totalpage) then
response.write " [最末页] "
else
response.write " [最末页] "
end if
if request.cookies("administrator")="admin" then
response.write "
"
else
response.write "管理留言"
end if
end sub
function getvalidpageno(pagecount,curpage)
dim ipage
ipage=curpage
if cint(curpage)<1 then
ipage=1
end if
if cint(ipage)>cint(pagecount) then
ipage=pagecount
end if
getvalidpageno=ipage
end function
Function code(strers)
strer=strers
strer=replace(strer,"<","<")
strer=replace(strer,">",">")
strer=replace(strer," "," ")
strer=replace(strer,CHR(9)," ")
strer=replace(strer,CHR(32)," ")
strer=replace(strer,CHR(13)," ")
strer=replace(strer,vbCrlf," ")
strer=replace(strer,"'","'")
strer=replace(strer,"""",""")
code=strer
end function
Function code_admin(strers)
strer=strers
strer=replace(strer,vbCrlf," ")
code_admin=strer
end function
Function recode_admin(strers)
strer=strers
strer=replace(strer," ",vbCrlf)
recode_admin=strer
end function
function guestbookbox(action)%>
<% if rs("secret")=0 then%><%=rs("content")%><% else %><% if request.cookies("administrator")="admin" then%><%=rs("user")%> 说的悄悄话: <%=rs("content")%><%else%>悄悄话...
<%
end if
end if %>
<% if reply=1 then
replybox(reply)
elseif modify=1 then
replybox(modify)
elseif rs("reply")<>"" then
replybox(show)
end if %>