www.gusucode.com > 云网互动影视系统(12套模版和资源联盟) 6.2 > 云网互动影视系统(12套模版和资源联盟) 6.2.4/免费版/API/API_Response.asp
<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>
<%
'******************************************************
'文件名: API_Response.asp
'描 述: 云网影视系统PDO远程接口函数文件
'版 本: 云网影视正式版及更高版本适用
'******************************************************
%>
<!-- #Include File = "../Conn.asp" -->
<!-- #Include File = "../Function/Function.asp" -->
<!-- #Include File = "../Function/Md5.asp" -->
<!-- #Include File = "API_Config.asp"-->
<!-- #Include File = "API_Function.asp"-->
<%
Dim recXml
Action = Trim(Request("Action"))
FoundErr = False
ErrMsg = ""
sPE_Items(conSyskey,1) = Trim(Request.QueryString(sPE_Items(conSysKey,0)))
sPE_Items(conUsername,1) = Trim(Request.QueryString(sPE_Items(conUserName,0)))
sPE_Items(conPassword,1) = Trim(Request.QueryString(sPE_Items(conPassword,0)))
sPE_Items(conSavecookie,1) = Trim(Request.QueryString(sPE_Items(conSavecookie,0)))
If sPE_Items(conSyskey,1) <> "" Then
If sPE_Items(conUsername,1) <> "" Then
If sPE_Items(conPassword,1) <> "" Then
WriteCookies
Response.Write ""
Else
CleanCookies
Response.Write ""
End If
End If
Else
DealResponse
End If
Sub WriteCookies()
If Not CheckSysKey(sPE_Items(conUsername,1),sPE_Items(conSyskey,1)) Then
Exit Sub
End If
If sPE_Items(conSavecooke,1) <> "" Then
sPE_Items(conSavecooke,1) = PE_CLng(sPE_Items(conSavecooke,1))
End If
Select Case sPE_Items(conSavecooke,1)
Case 0
'not save
Case 1
Response.Cookies("YWNTUserCookie")("UserName").Expires = Date + 1
Response.Cookies("YWNTUserCookie")("Password").Expires = Date + 1
Case 2
Response.Cookies("YWNTUserCookie")("UserName").Expires = Date + 31
Response.Cookies("YWNTUserCookie")("Password").Expires = Date + 31
Case 3
Response.Cookies("YWNTUserCookie")("Password").Expires = Date + 365
Response.Cookies("YWNTUserCookie")("UserName").Expires = Date + 365
End Select
Response.Cookies("YWNTUserCookie")("UserName") = sPE_Items(conUsername,1)
Response.Cookies("YWNTUserCookie")("Password") = sPE_Items(conPassword,1)
Response.Cookies("YWNTUserCookie")("CookieDate") = sPE_Items(conSavecooke,1)
End Sub
Sub CleanCookies()
If Not CheckSysKey(sPE_Items(conUsername,1),sPE_Items(conSyskey,1)) Then
Exit Sub
End If
Response.Cookies("YWNTUserCookie")("UserName") = ""
Response.Cookies("YWNTUserCookie")("Password") = ""
Response.Cookies("YWNTUserCookie")("CookieDate") = ""
End Sub
Sub DealResponse()
On Error Resume Next
If createXmlDom Then
sMyXmlDoc.Load Request
If sMyXmlDoc.parseError.errorCode <> 0 Then
FoundErr = True
ErrMsg = sMyXmlDoc.parseError.reason & "001"
Else
sPE_Items(conSyskey,1) = getNodeText(sPE_Items(conSysKey,0))
sPE_Items(conUsername,1) = getNodeText(sPE_Items(conUserName,0))
sPE_Items(conAction,1) = getNodeText(sPE_Items(conAction,0))
If sPE_Items(conSysKey,1) = "" Or sPE_Items(conUsername,1) = "" Or sPE_Items(conAction,1) = "" Then
FoundErr = True
ErrMsg = "未包含必须元素,数据同步被拒绝!"
End If
If Not CheckSysKey(sPE_Items(conUsername,1),sPE_Items(conSyskey,1)) Then
FoundErr = True
ErrMsg = "安全码不符,数据同步被拒绝!"
End If
End If
Else
FoundErr = True
ErrMsg = "服务器不支持MSXML对象。"
End If
If Err Then
FoundErr = True
ErrMsg = Err.Description
Err.Clear
WriteErrXml
Exit Sub
End If
If FoundErr Then
sPE_Items(conStatus,1) = "1"
sPE_Items(conMessage,1) = ErrMsg
prepareXML False
WriteXml
Exit Sub
End If
'已处理的元素:syskey,username
'错误检测完成,开始处理数据
sPE_Items(conAction,1) = getNodeText(sPE_Items(conAction,0))
'已处理的元素:syskey,username,action
Select Case sPE_Items(conAction,1)
Case "checkname"
Call checkUser
Case "reguser"
Call createUser
Case "login"
Call loginUser
Case "logout"
Call CleanCookies
Case "update"
Call UpdateUser
Case "delete"
Call DeleteUser
Case "getinfo"
Call GetUserInfo
End Select
If FoundErr Then
sPE_Items(conStatus,1) = "1"
sPE_Items(conMessage,1) = ErrMsg
prepareXML(False)
WriteXml
Exit Sub
Else
sPE_Items(conStatus,1) = "0"
prepareXML(False)
WriteXml
End If
End Sub
Sub checkUser
sPE_Items(conEmail,1) = getNodeText(sPE_Items(conEmail,0))
CheckUserName(sPE_Items(conUsername,1))
CheckUserEmail(sPE_Items(conEmail,1))
End Sub
Sub createUser
sPE_Items(conEmail,1) = getNodeText(sPE_Items(conEmail,0))
If CheckUserName(sPE_Items(conUsername,1)) = False Or CheckUserEmail(sPE_Items(conEmail,1)) = False Then
Exit Sub
End If
prepareData True
Dim sqlReg, rsReg ,CheckNum
Set rsReg = Server.CreateObject(YWNT_TMS_RS)
sqlReg = "select * from YWNT_TMS_Users"
rsReg.Open sqlReg,conn,1,3
rsReg.addnew
rsReg("UsersName") = sPE_Items(conUsername,1)
rsReg("UsersPassword") = MD5(sPE_Items(conPassword,1),16)
rsReg("UsersTrueName") = sPE_Items(conTruename,1)
rsReg("UsersProblems") = sPE_Items(conQuestion,1)
rsReg("UsersAnswer") = sPE_Items(conAnswer,1)
rsReg("UsersEmail") = sPE_Items(conEmail,1)
rsReg("UsersGroup")=GetUsersSystem("UsersRegGroup")
rsReg("UsersType")=GetUsersSystem("UsersRegType")
Select Case GetUsersSystem("UsersRegType")
Case 0
rsReg("UsersCoin")=GetUsersSystem("UsersRegCoin")
Case 1
rsReg("UsersCoinDate")=Now()+GetUsersSystem("UsersRegDate")
End Select
rsReg("UsersRegDate")=date()
rsReg.Update
rsReg.Close
Set rsReg = Nothing
End Sub
Sub loginUser
Dim oklook
sPE_Items(conPassword,1) = getNodeText(sPE_Items(conPassword,0))
sPE_Items(conPassword,1) = Md5(sPE_Items(conPassword,1),16)
Dim tRs
Set tRs = Conn.Execute("select UsersName,UsersPassword from YWNT_TMS_Users where UsersName='" & sPE_Items(conUsername,1) & "' and UsersPassword='"&sPE_Items(conPassword,1)&"'")
If tRs.Bof And tRs.Eof Then
FoundErr = True
ErrMsg = ErrMsg & "Pass:" & sPE_Items(conPassword,1) & "--user:" & sPE_Items(conUsername,1)
Else
Call UsersLoginSever(tRS("UsersName"),tRS("UsersPassword"))
End If
tRs.Close
Set tRs = Nothing
End Sub
Sub UpdateUser
Dim tRs,tUserID
Set tRs = Conn.Execute("SELECT UsersName FROM YWNT_TMS_Users WHERE UsersName='" & sPE_Items(conUsername,1) & "'")
If tRs.Eof And tRs.Bof Then
FoundErr = True
ErrMsg = "数据库中没有此用户的记录!"
End If
tRs.Close
Set tRs = Nothing
If FoundErr Then Exit Sub
prepareData True
On Error Resume Next
Dim tSql
tSql = "SELECT * FROM YWNT_TMS_Users WHERE UsersName='" & sPE_Items(conUsername,1) & "'"
Set tRs = Server.CreateObject("adodb.recordset")
tRs.Open tSql,Conn,1,3
If sPE_Items(conPassword,1) <> "" Then
tRs("UsersPassword") = MD5(sPE_Items(conPassword,1),16)
End If
If sPE_Items(conQuestion,1) <> "" Then
tRs("UsersProblems") = sPE_Items(conQuestion,1)
End If
If sPE_Items(conAnswer,1) <> "" Then
tRs("UsersAnswer") = sPE_Items(conAnswer,1)
End If
If sPE_Items(conEmail,1) <> "" Then
tRs("UsersEmail") = sPE_Items(conEmail,1)
End If
If sPE_Items(conUserstatus,1) <> "" Then
tRs("UsersState") = sPE_Items(conUserstatus,1)
End If
If sPE_Items(conQQ,1) <> "" Then
tRs("UsersQQ") = sPE_Items(conQQ,1)
End If
tRs.UPDATE
tRs.Close
End Sub
Sub DeleteUser
Dim arrUserNames,iUserIndex
arrUserNames = Split(sPE_Items(conUsername,1),",")
For iUserIndex = 0 to Ubound(arrUserNames)
Dim rsDel
delName = arrUsernames(iUserIndex)
Conn.Execute "delete from YWNT_TMS_Users WHERE UsersName='" & delName & "'"
conn.execute "delete from YWNT_TMS_UsersCollection WHERE CollectionUsers = '"&delName&"'"
conn.execute "delete from YWNT_TMS_Comments WHERE CommentsUsers = '"&delName&"'"
conn.execute "delete from YWNT_TMS_UsersLog WHERE UsersName = '"&delName&"'"
conn.execute "delete from YWNT_TMS_DemandMovie WHERE DemandUsers = '"&delName&"'"
Next
End Sub
Sub GetUserInfo
Dim rsInfo,dsUser
Set rsInfo = Conn.Execute("SELECT * FROM YWNT_TMS_Users WHERE UsersName='" & sPE_Items(conUsername,1) & "'")
If rsInfo.Eof And rsInfo.Bof Then
FoundErr = True
ErrMsg = "查询的用户不存在"
Else
sPE_Items(conPassword,1) = rsInfo("UsersPassword")
sPE_Items(conEmail,1) = rsInfo("UsersEmail")
sPE_Items(conQuestion,1) = rsInfo("UsersProblems")
sPE_Items(conAnswer,1) = rsInfo("UsersAnswer")
sPE_Items(conJointime,1) = rsInfo("UsersRegDate")
sPE_Items(conUserIP,1) = rsInfo("UsersIP")
sPE_Items(conBalance,1) = ""
sPE_Items(conExperience,1) = ""
sPE_Items(conValuation,1) = ""
sPE_Items(conTicket,1) = ""
sPE_Items(conPosts,1) = ""
sPE_Items(conUserstatus,1) = rsInfo("UsersState")
sPE_Items(conTruename,1) = rsInfo("UsersTrueName")
sPE_Items(conQQ,1) = rsInfo("UsersQQ")
End If
rsInfo.Close
If FoundErr Then
Set rsInfo = Nothing
Exit Sub
End If
End Sub
Function CheckSysKey(iName,iSysKey)
If IsNull(iName) or iName = "" or IsNull(iSysKey) or iSysKey = "" Then
CheckSysKey = False
Exit Function
End If
If Len(iSysKey) = 32 Then
iSysKey = Mid(iSysKey,9,16)
End If
Dim strPEKey
strPEKey = Md5(iName&API_Key,16)
If Lcase(iSysKey) = Lcase(strPEKey) Then
CheckSysKey = True
Else
CheckSysKey = False
End If
End Function
Function CheckUserName(iName)
FoundErr = False
If InStr(iName, "=") > 0 Or InStr(iName, "%") > 0 Or InStr(iName, Chr(32)) > 0 Or InStr(iName, "?") > 0 Or InStr(iName, "&") > 0 Or InStr(iName, ";") > 0 Or InStr(iName, ",") > 0 Or InStr(iName, "'") > 0 Or InStr(iName, ",") > 0 Or InStr(iName, Chr(34)) > 0 Or InStr(iName, Chr(9)) > 0 Or InStr(iName, "") > 0 Or InStr(iName, "$") > 0 Or InStr(iName, "*") Or InStr(iName, "|") Or InStr(iName, """") > 0 Then
FoundErr = True
ErrMsg = ErrMsg & "用户名中含有非法字符"
End If
If FoundErr = True Then Exit Function
Dim rsCheckReg
Set rsCheckReg = Conn.Execute("select UsersName from YWNT_TMS_Users where UsersName='" & iName & "'")
If Not (rsCheckReg.Eof And rsCheckReg.Bof) Then
FoundErr = True
ErrMsg = ErrMsg & "“" & iName & "”已经存在!请换一个用户名再试试!"
End If
rsCheckReg.Close
Set rsCheckReg = Nothing
If FoundErr = True Then
CheckUserName = False
Else
CheckUserName = True
End If
End Function
Function CheckUserEmail(iEmail)
Dim SqlcheckUser,rsCheckReg,rsCheckUser
If iEmail<> "" Then
strSqlcheckUser = "SELECT UsersEmail FROM YWNT_TMS_Users WHERE UsersEmail='"& iEmail &"'"
Set rsCheckUser = Conn.Execute(strSqlCheckUser)
If Not (rsCheckUser.Eof AND rsCheckUser.Bof) Then
FoundErr = True
ErrMsg = ErrMsg & "您所填写的Email已经存在!"
CheckUserEmail = False
Else
CheckUserEmail = True
End If
rsCheckUser.Close
Set rsCheckUser = Nothing
Else
CheckUserEmail = True
End If
End Function
%>