<% if Request.QueryString("act")<>"" then Call CheckActionFrom() Select Case Request.QueryString("act") Case "AdminLogin" Call AdminLogin() Case "AdminLogOut" Call AdminLogOut() Case "EditSiteInfo" Call EditSiteInfo() Case "EditAdminInfo" Call EditAdminInfo() Case "UpLogo" Call UpLogo() Case "EditFocPic" Call EditFocPic() Case "DelMenu" Call DelMenu() Case "Del_Pic" Call Del_Pic() Case "Del_Info" Call Del_Info() Case "Del_All_Info" Call Del_All_Info() Case "To_Show" Call To_Show() Case "To_Top" Call To_Top() Case "To_New" Call To_New()''刷新 Case "AddMenu" Call AddMenu() Case "EditMenu" Call EditMenu() Case "Add_News" Call Add_News() Case "Edit_News" Call Edit_News() Case "Add_News_Class" Call Add_News_Class() Case "Edit_News_Class" Call Edit_News_Class() Case "AddProduct" Call AddProduct() Case "EditProduct" Call EditProduct() Case "AddProductClass" Call AddProductClass() Case "EditProductClass" Call EditProductClass() Case "AddServices" Call AddServices() Case "EditServices" Call EditServices() Case "Add_Link" Call Add_Link() Case "Edit_Link" Call Edit_Link() End Select end if %> <% '检测是否外部提交数据 Function CheckActionFrom() server_v1=Cstr(Request.ServerVariables("HTTP_REFERER")) server_v2=Cstr(Request.ServerVariables("SERVER_NAME")) if mid(server_v1,8,len(server_v2))<>server_v2 then response.write "" response.End 'else 'call StopAuthorizedAccess(website_ip) end if End Function '登录 Function AdminLogin() dim rs,sql,username,paddword username=trim(CStr(Request.Form("username"))) password=trim(CStr(Request.Form("password"))) Set rs=Server.CreateObject("ADODB.Recordset") sql="select * from admin where username='"& Replace(username,"'","''") &"' AND password='" & md5(Replace(password,"'","''")) & "'" rs.open sql,connstr,1,3 If Not rs.EOF Or Not rs.BOF then Session("admin") = username session.Timeout=999 Response.Redirect("control.asp") rs.close() set rs=nothing else response.write "" response.end End If End Function '注销 Function AdminLogOut() session("admin")="" session("password")="" response.write("") End Function '更新网站基本信息 Function EditSiteInfo() Set rs=server.createobject("adodb.recordset") sql="select * from site" rs.open sql,conn,1,3 rs("Myname")=trim(request.form("Myname")) rs("Myurl")=trim(request.form("Myurl")) rs("Mytitle")=trim(request.form("Mytitle")) rs("keywords")=trim(request.form("keywords")) rs("description")=trim(request.form("description")) rs("icp")=trim(request.form("icp")) rs("city")=trim(request.form("city")) rs("adminname")=trim(request.form("adminname")) rs("address")=trim(request.form("address")) rs("telphone")=trim(request.form("telphone")) rs("mobile")=trim(request.form("mobile")) rs("qqno")=trim(request.form("qqno")) rs("mailadd")=trim(request.form("mailadd")) rs.update rs.close() set rs=nothing '生成配置文件config.asp set fso=server.CreateObject("Scripting.FileSystemObject") path=server.MapPath("/") if fso.FolderExists(path)=false then fso.CreateFolder(path) end if path=path&"/config.asp" set ts=fso.OpenTextFile(path,2,true,-2) Set rs=server.createobject("adodb.recordset") sql="select * from site" rs.open sql,conn,1,1 Myname=rs("Myname") Myurl=rs("Myurl") Mytitle=rs("Mytitle") keywords=rs("keywords") description=rs("description") icp=rs("icp") adminname=rs("adminname") city=rs("city") address=rs("address") 'ip="127.0.0.1" telphone=rs("telphone") qqno=rs("qqno") qqno2=rs("qqno2") mailadd=rs("mailadd") mobile=rs("mobile") rs.close set rs=nothing dim endstr endstr=">" ts.WriteLine("<%") ts.WriteLine("dim website_name,website_url,website_qq1,website_qq2,website_mail") ts.WriteLine("website_name="""&Myname&"""") ts.WriteLine("website_url="""&Myurl&"""") ts.WriteLine("website_title = """&Mytitle&"""") ts.WriteLine("website_keywords ="""&keywords&"""") ts.WriteLine("website_description ="""&description&"""") ts.WriteLine("website_admin="""&adminname&"""") ts.WriteLine("website_qq1="""&qqno&"""") ts.WriteLine("website_qq2="""&qqno2&"""") ts.WriteLine("website_tel="""&telphone&"""") ts.WriteLine("website_mob="""&mobile&"""") ts.WriteLine("website_mail="""&mailadd&"""") ts.WriteLine("website_address="""&address&"""") ts.WriteLine("website_city="""&city&"""") ts.WriteLine("website_icp="""&icp&"""") 'ts.WriteLine("website_ip="""&ip&"""") ts.WriteLine("%"&endstr) ts.close set ts=nothing set fso=nothing response.write "" End Function '修改密码 Function EditAdminInfo() username=session("admin") oldpassword=Cstr(Request.Form("oldpassword")) password = Cstr(Request.Form("password")) savepass = md5(password) Set rs=server.createobject("adodb.recordset") sql="select * from admin where username='" & username & "'" rs.open sql,conn,1,3 oldpass=rs("password") If oldpass=md5(oldpassword) then rs("username")=username rs("password")=savepass rs.update rs.close set rs=nothing response.write "" Else response.write "" End If End Function '上传网站LOGO Function UpLogo() dim upload,file,formName,formPath,iCount set upload=new clsUp ''建立上传对象 formPath="/images/" upload.AllowExt="jpg;bmp;jpeg;gig;png;" '白名单,可以在这里预设可上传的文件类型,以文件的后缀名来判断,不分大小写,每个后缀名用;号分开 upload.NoAllowExt="asp;js;exe;asa;vbs;" '设置上传类型的黑名单 upload.GetData (1024000) '取得上传数据,限制最大上传1M for each formName in upload.file '列出所有上传了的文件 Set file=upload.file(formName) if File.FileSize<=0 then Response.Write "" else newname="logo.png" upload.SaveToFile formName,Server.mappath(formPath&newname) end if Next response.write "" response.end End Function '修改焦点图片 Function EditFocPic() id=trim(request.form("id")) set rs=server.createobject("ADODB.Recordset") sql="select * from [pic] where id="&id rs.open sql,conn,1,3 rs("link")=trim(request.form("link")) rs("alt")=trim(request.form("alt")) if trim(request.form("url"))<>"" then rs("url")=trim(request.form("url")) end if rs.update rs.close() set rs=nothing Call C_Ad() response.write "" response.end End Function ''生成ad.js文件,焦点图片JS代码 Function C_Ad() set fso=server.CreateObject("Scripting.FileSystemObject") path=server.MapPath("/images") if fso.FolderExists(path)=false then fso.CreateFolder(path) end if path=path&"/ad.js" set ts=fso.OpenTextFile(path,2,true,-2) dim rs,sql,url,link,alt Set rs=Server.CreateObject("ADODB.RecordSet") sql="select * from pic" rs.open sql,conn,1,1 if not rs.eof then url=rs("url") link=rs("link") alt=rs("alt") for t=1 to 4 date1="imgUrl"&t&"="""&rs("url")&""";" date2="imgtext"&t&"="""&rs("alt")&"""" date3="imgLink"&t&"=escape("""&rs("link")&""");" ts.WriteLine(date1) ts.WriteLine(date2) ts.WriteLine(date3) rs.movenext next t=t+1 rs.close set rs=nothing end if ts.WriteLine("var focus_width=340;") ts.WriteLine("var focus_height=240;") ts.WriteLine("var text_height=0;") ts.WriteLine("var swf_height = focus_height+text_height;") ts.WriteLine("var pics = """";") ts.WriteLine("var links = """";") ts.WriteLine("var texts = """";") ts.WriteLine("var pics=imgUrl1+""|""+imgUrl2+""|""+imgUrl3+""|""+imgUrl4") ts.WriteLine("var links=imgLink1+""|""+imgLink2+""|""+imgLink3+""|""+imgLink4") ts.WriteLine("var texts=imgtext1+""|""+imgtext2+""|""+imgtext3+""|""+imgtext4") ts.WriteLine("document.write('');") ts.WriteLine("document.write('');") ts.WriteLine("document.write('');") ts.WriteLine("document.write('');") ts.WriteLine("document.write('');") ts.WriteLine("document.write('');") ts.close set ts=nothing set fso=nothing End Function %> <% '添加栏目 Function AddMenu() Set rs=server.createobject("adodb.recordset") sql="select * from [menu]" rs.open sql,conn,1,3 rs.addnew() rs("m_name")=trim(Request.form("m_name")) rs("m_wz")=trim(Request.form("m_wz")) rs("m_url")=trim(Request.form("m_url")) rs("m_show")=trim(Request.form("m_show")) rs("m_bigid")=trim(Request.form("m_bigid")) rs("m_title")=trim(Request.form("m_title")) rs("m_keywords")=trim(Request.form("m_keywords")) rs("m_description")=trim(Request.form("m_description")) rs("m_html")=trim(Request.form("m_html")) rs("m_comment")=Request.form("m_comment") rs.update rs.close set rs=nothing response.write "" End Function '修改栏目 Function EditMenu() id=Request.form("id") Set rs=server.createobject("adodb.recordset") sql="select * from [menu] where m_id="&id rs.open sql,conn,1,3 rs("m_name")=trim(Request.form("m_name")) rs("m_wz")=trim(Request.form("m_wz")) rs("m_url")=trim(Request.form("m_url")) rs("m_show")=trim(Request.form("m_show")) rs("m_bigid")=trim(Request.form("m_bigid")) rs("m_title")=trim(Request.form("m_title")) rs("m_keywords")=trim(Request.form("m_keywords")) rs("m_description")=trim(Request.form("m_description")) rs("m_html")=trim(Request.form("m_html")) rs("m_comment")=Request.form("m_comment") rs.update rs.close set rs=nothing response.write "" End Function %> <% '添加新闻 Function Add_News() Set rs=server.createobject("adodb.recordset") sql="select * from [news]" rs.open sql,conn,1,3 rs.addnew() rs("title")=Request.form("title") rs("nclass")=Request.form("nclass") rs("top")=Request.form("top") rs("hot")=Request.form("hot") rs("comment")=Request.form("comment") rs("pubdate")=date() rs("puber")="admin" rs.update rs.close() set rs=nothing response.write "" End Function '修改新闻 Function Edit_News() id=trim(request.form("id")) Set rs=server.createobject("adodb.recordset") sql="select * from [news] where id="&id rs.open sql,conn,1,3 rs("title")=Request.form("title") rs("nclass")=Request.form("nclass") rs("top")=Request.form("top") rs("hot")=Request.form("hot") rs("comment")=Request.form("comment") rs.update rs.close set rs=nothing response.write "" End Function ''添加新闻分类 Function Add_News_Class() Set rs=server.createobject("adodb.recordset") sql="select * from news_class" rs.open sql,conn,1,3 rs.addnew() rs("news_class_name")=trim(request("news_class_name")) rs("news_class_wz")=trim(request.form("news_class_wz")) rs.update rs.close set rs=nothing response.write "" End Function ''修改新闻分类 Function Edit_News_Class() news_class_id=request.form("news_class_id") Set rs=server.createobject("adodb.recordset") sql="select * from news_class where id="&news_class_id rs.open sql,conn,1,3 rs("news_class_name")=trim(request.form("news_class_name")) rs("news_class_wz")=trim(request.form("news_class_wz")) rs.update rs.close set rs=nothing response.write "" End Function %> <% Function AddServices() Set rs=server.createobject("adodb.recordset") sql="select * from [Services]" rs.open sql,conn,1,3 rs.addnew() rs("s_name")=trim(Request.form("s_name")) rs("s_wz")=trim(Request.form("s_wz")) rs("s_ico")=trim(Request.form("s_ico")) rs("s_show")=trim(Request.form("s_show")) rs("s_title")=trim(Request.form("s_title")) rs("s_keywords")=trim(Request.form("s_keywords")) rs("s_description")=trim(Request.form("s_description")) rs("s_html")=trim(Request.form("s_html")) rs("s_comment")=Request.form("s_comment") rs.update rs.close set rs=nothing response.write "" End Function Function EditServices() id=trim(request.form("id")) Set rs=server.createobject("adodb.recordset") sql="select * from [Services] where id="&id rs.open sql,conn,1,3 rs("s_name")=trim(Request.form("s_name")) rs("s_wz")=trim(Request.form("s_wz")) if trim(Request.form("s_ico"))<>"" then rs("s_ico")=trim(Request.form("s_ico")) end if rs("s_show")=trim(Request.form("s_show")) rs("s_title")=trim(Request.form("s_title")) rs("s_keywords")=trim(Request.form("s_keywords")) rs("s_description")=trim(Request.form("s_description")) rs("s_html")=trim(Request.form("s_html")) rs("s_comment")=Request.form("s_comment") rs.update rs.close set rs=nothing response.write "" End Function %> <% ''通用删除信息 Function Del_Info() if request("type")="" and request("id")="" then response.write "" response.end else types=CStr(request("type")) id=trim(request("id")) sql="delete * from "&types&" where id="&id conn.execute(sql) tourl=types&".asp" if request("fromurl")<>"" then tourl=trim(request("fromurl")) end if response.write "" end if End Function Function DelMenu() id=Request("id") set rs=server.createobject("ADODB.Recordset") sql="select * from [menu] where m_bigid="&id rs.open sql,conn,1,1 if rs.recordcount>0 then response.write "" rs.close set rs=nothing else sql2="delete * from [menu] where m_id="&id conn.execute(sql2) response.write "" end if End Function Function Del_All_Info() if request("type")="" then response.write "" response.end else types=request("type") end if set rs=server.createobject("adodb.recordset") for each id in request("ids") delsql="delete * from "&types&" where id="&id conn.execute(delsql) next response.write "" End Function ''删除图片 Function Del_Pic() if request("id")="" then response.write "" response.end else id=request("id") end if Set rs=Server.CreateObject("ADODB.RecordSet") sql2="select * from loupan_pic where id="&id rs.open sql2,conn,1,1 loupan_id=rs("loupan_id") img_url=rs("img_url") rs.close Set rs=nothing Ext=right(img_url,3) smallpic_path=left((img_url),len(img_url)-4)&"_small."&Ext '缩略文件名,以原图片_small命名 '删除信息 sql="delete * from loupan_pic where id="&id conn.execute(sql) '删除信息中的图片 set fso=server.CreateObject("scripting.filesystemobject") If fso.FileExists(server.MapPath(img_url)) Then fso.deletefile(server.MapPath(img_url)) fso.deletefile(server.MapPath(smallpic_path)) ''删除缩略图 set fso=nothing end if response.write "" End Function ''删除指定文件 SUB DelFile(filename) dim fo,filenamestr set fo=Server.Createobject("Scripting.FileSystemObject") filenamestr=Server.MapPath(filename) if fo.FileExists(filenamestr) then fo.DeleteFile filenamestr end if set fo=nothing END SUB ''审核,显示 Function To_Show() if request("type")="" and request("id")="" then response.write "" response.end else types=CStr(request("type")) id=CStr(request("id")) set rs=server.createobject("adodb.recordset") sql="select * from "&types&" where id="&id rs.open sql,conn,1,3 if rs("show")=0 then rs("show")=1 else rs("show")=0 end if rs.update rs.close set rs=nothing tourl=types&".asp" if request("fromurl")<>"" then tourl=trim(request("fromurl")) end if response.write "" end if End Function %> <% ''推荐,置顶 Function To_Top() if request("type")="" and request("id")="" then response.write "" response.end else types=CStr(request("type")) id=CStr(request("id")) set rs=server.createobject("adodb.recordset") sql="select * from "&types&" where id="&id rs.open sql,conn,1,3 if rs("top")=0 then rs("top")=1 else rs("top")=0 end if rs.update rs.close set rs=nothing tourl=types&".asp" if request("fromurl")<>"" then tourl=trim(request("fromurl")) end if response.write "" end if End Function %> <% ''刷新 Function To_New() if request("type")="" and request("id")="" then response.write "" response.end else types=CStr(request("type")) id=CStr(request("id")) set rs=server.createobject("adodb.recordset") sql="select * from "&types&" where id="&id rs.open sql,conn,1,3 rs("pubdate")=now() rs.update rs.close set rs=nothing tourl=types&".asp" if request("fromurl")<>"" then tourl=trim(request("fromurl")) end if response.write "" end if End Function %> <% ''添加商品信息 Function AddProduct() set rs=server.createobject("ADODB.Recordset") sql="select * from product" rs.open sql,conn,1,3 rs.addnew() rs("p_name")=Trim(Request.form("p_name")) rs("p_model")=Trim(Request.form("p_model")) rs("p_class")=Trim(Request.form("p_class")) rs("p_price")=Trim(Request.form("p_price")) rs("p_title")=Trim(Request.form("p_title")) rs("p_keywords")=Trim(Request.form("p_keywords")) rs("p_comment")=Trim(Request.form("p_comment")) rs("top")=Trim(Request.form("top")) rs("p_pic")=Trim(Request.form("p_pic")) rs("pubdate")=date() rs.update rs.close response.write "" End Function Function EditProduct() id=Trim(Request.Form("id")) set rs=server.createobject("ADODB.Recordset") sql="select * from [product] where id="&id rs.open sql,conn,1,3 rs("p_name")=Trim(Request.form("p_name")) rs("p_model")=Trim(Request.form("p_model")) rs("p_class")=Trim(Request.form("p_class")) rs("p_price")=Trim(Request.form("p_price")) rs("p_title")=Trim(Request.form("p_title")) rs("p_keywords")=Trim(Request.form("p_keywords")) rs("p_comment")=Trim(Request.form("p_comment")) rs("top")=Trim(Request.form("top")) rs("p_pic")=Trim(Request.form("p_pic")) rs("pubdate")=date() rs.update rs.close response.write "" response.write "" End Function ''添加产品分类 Function AddProductClass() Set rs=server.createobject("adodb.recordset") sql="select * from product_class" rs.open sql,conn,1,3 rs.addnew() rs("p_class_name")=request("p_class_name") rs("p_class_wz")=request("p_class_wz") rs.update rs.close set rs=nothing response.write "" End Function ''更新产品分类 Function EditProductClass() id=Request.Form("p_class_id") Set rs=server.createobject("adodb.recordset") sql="select * from product_class where id="&id rs.open sql,conn,1,3 rs("p_class_name")=request("p_class_name") rs("p_class_wz")=request("p_class_wz") rs.update rs.close set rs=nothing response.write "" End Function %> <% ''添加友情链接 Function Add_Link() Set rs=server.createobject("adodb.recordset") sql="select * from link" rs.open sql,conn,1,3 rs.addnew() rs("sitename")=request("sitename") rs("url")=request("url") rs("alt")=request("alt") rs("show")=request("show") rs("top")=request("top") rs.update rs.close set rs=nothing Call C_Link() End Function ''修改友情链接 Function Edit_Link() id=trim(request.form("id")) Set rs=server.createobject("adodb.recordset") sql="select * from link where id="&id rs.open sql,conn,1,3 rs("sitename")=request("sitename") rs("url")=request("url") rs("alt")=request("alt") rs("show")=request("show") rs("top")=request("top") rs.update rs.close set rs=nothing Call C_Link() End Function ''生成友情链接静态调用文件 Function C_Link() set fso=server.CreateObject("Scripting.FileSystemObject") path=server.MapPath("../") if fso.FolderExists(path)=false then fso.CreateFolder(path) end if path=path&"/links.asp" set ts=fso.OpenTextFile(path,2,true,-2) sql="select * from [link] where show=1 order by id desc" Set rs = Server.CreateObject("ADODB.Recordset") rs.open sql,conn,1,1 While not rs.eof url=rs("url") alt=rs("alt") sitename=rs("sitename") ts.WriteLine(""&sitename&"") rs.movenext() wend rs.close() set rs=nothing ts.close set ts=nothing set fso=nothing response.write "" response.end End Function %>