www.gusucode.com > 艺术签名文章资讯网源代码 > 艺术签名文章资讯网源代码/624/api/api_reponse.asp
<!--#include file="../conn.asp"-->
<!--#include file="../inc/const.asp"-->
<!--#include file="../inc/chkinput.asp"-->
<!--#include file="../inc/md5.asp"-->
<!--#include file="cls_api.asp"-->
<%
'=========================================================
'-- File: api_reponse.asp
'-- Version: NewAsp Site Management System 2.1 sp1
'-- Date: 2006-10-11
'-- Script Written by newasp.net
'=========================================================
'-- Copyright (C) 2003,2006 NewAsp.Net. All rights reserved.
'-- Web: http://www.newasp.net,http://www.newasp.cn
'-- Email: newasp@163.com
'-- 声明:本程序修改自动网论坛系统Api接口
'=========================================================
Dim XMLDom,XmlDoc,Node,Status,Messenge
Dim UserName,Act,appid
Status = 1
Messenge = ""
If Request.QueryString<>"" Then
SaveUserCookie()
Else
Set XmlDoc = Server.CreateObject("msxml2.FreeThreadedDOMDocument" & MsxmlVersion)
XmlDoc.ASYNC = False
If Not XmlDoc.LOAD(Request) Then
Status = 1
Messenge = "数据非法,操作中止!"
appid = "未知"
Else
If CheckPost() Then
Select Case Act
Case "checkname"
Checkname()
Case "reguser"
UserReguser()
Case "login"
UesrLogin()
Case "logout"
LogoutUser()
Case "update"
UpdateUser()
Case "delete"
Deleteuser()
Case "lock"
Lockuser()
Case "getinfo"
GetUserinfo()
End Select
End If
End If
ReponseData()
Set XmlDoc = Nothing
End If
Sub ReponseData()
If Act <> "getinfo" Then
XmlDoc.loadxml "<root><appid>dvbbs</appid><status>0</status><body><message/></body></root>"
End If
XmlDoc.documentElement.selectSingleNode("appid").text = "newasp"
If API_Debug And Act <> "reguser" Then
XmlDoc.documentElement.selectSingleNode("status").text = 0
Messenge = ""
Else
XmlDoc.documentElement.selectSingleNode("status").text = status
End If
XmlDoc.documentElement.selectSingleNode("body/message").text = ""
Set Node = XmlDoc.createCDATASection(Replace(Messenge,"]]>","]]>"))
XmlDoc.documentElement.selectSingleNode("body/message").appendChild(Node)
Response.Clear
Response.ContentType="text/xml"
Response.CharSet="gb2312"
Response.Write "<?xml version=""1.0"" encoding=""gb2312""?>"&vbNewLine
Response.Write XmlDoc.documentElement.XML
End Sub
Function CheckPost()
CheckPost = False
Dim Syskey
If XmlDoc.documentElement.selectSingleNode("action") is Nothing or XmlDoc.documentElement.selectSingleNode("syskey") is Nothing or XmlDoc.documentElement.selectSingleNode("username") is Nothing Then
Status = 1
Messenge = Messenge & "<li>非法请求。</li>"
Exit Function
End If
UserName = Newasp.CheckBadstr(XmlDoc.documentElement.selectSingleNode("username").text)
Syskey = XmlDoc.documentElement.selectSingleNode("syskey").text
Act = XmlDoc.documentElement.selectSingleNode("action").text
Appid = XmlDoc.documentElement.selectSingleNode("appid").text
Dim NewMd5,OldMd5
NewMd5 = Md5(UserName & API_ConformKey)
Md5OLD = 1
OldMd5 = Md5(UserName & API_ConformKey)
Md5OLD = 0
If API_ConformKey = "API_TEST" Or Syskey = "Syskey" Then
Status = 1
Messenge = Messenge & "<li>默认非法请求。请修改你整合的默认设置</li>"
Exit Function
End If
If Syskey=NewMd5 Or Syskey=OldMd5 Then
CheckPost = True
Else
Status = 1
Messenge = Messenge & "<li>请求数据验证不通过,请与管理员联系。</li>"
End If
End Function
Sub GetUserinfo()
Dim Rs,Sql
XmlDoc.loadxml "<root><appid>dvbbs</appid><status>0</status><body><message/><email/><question/><answer/><savecookie/><truename/><gender/><birthday/><qq/><msn/><mobile/><telephone/><address/><zipcode/><homepage/><userip/><jointime/><experience/><ticket/><valuation/><balance/><posts/><userstatus/></body></root>"
Sql = "SELECT TOP 1 * FROM NC_User WHERE UserName='" & Newasp.CheckBadstr(UserName) & "'"
Set Rs = Newasp.Execute(Sql)
If Not Rs.Eof And Not Rs.Bof Then
XmlDoc.documentElement.selectSingleNode("body/email").text = Rs("usermail") & ""
XmlDoc.documentElement.selectSingleNode("body/question").text = Rs("question") & ""
XmlDoc.documentElement.selectSingleNode("body/answer").text = Rs("answer") & ""
XmlDoc.documentElement.selectSingleNode("body/gender").text = Rs("Usersex") & ""
XmlDoc.documentElement.selectSingleNode("body/birthday").text = ""
XmlDoc.documentElement.selectSingleNode("body/mobile").text = ""
XmlDoc.documentElement.selectSingleNode("body/userip").text = Rs("userlastip") & ""
XmlDoc.documentElement.selectSingleNode("body/jointime").text = Rs("JoinTime") & ""
XmlDoc.documentElement.selectSingleNode("body/experience").text = Rs("experience") & ""
XmlDoc.documentElement.selectSingleNode("body/ticket").text = ""
XmlDoc.documentElement.selectSingleNode("body/valuation").text = Rs("userpoint") & ""
XmlDoc.documentElement.selectSingleNode("body/balance").text = Rs("usermoney") & ""
XmlDoc.documentElement.selectSingleNode("body/posts").text = Rs("postcode") & ""
XmlDoc.documentElement.selectSingleNode("body/userstatus").text = Rs("UserLock")
XmlDoc.documentElement.selectSingleNode("body/homepage").text = Rs("HomePage") & ""
XmlDoc.documentElement.selectSingleNode("body/qq").text = Rs("oicq")
XmlDoc.documentElement.selectSingleNode("body/msn").text = ""
XmlDoc.documentElement.selectSingleNode("body/truename").text = Rs("TrueName") & ""
XmlDoc.documentElement.selectSingleNode("body/telephone").text = Rs("phone") & ""
XmlDoc.documentElement.selectSingleNode("body/address").text = Rs("address") & ""
Status = 0
Messenge = Messenge & "<li>读取用户资料成功。</li>"
Else
Status = 1
Messenge = Messenge & "<li>该用户不存在。</li>"
End If
Rs.Close
Set Rs = Nothing
End Sub
Sub Checkname()
Dim Rs,SQL,UserEmail
UserEmail = Newasp.checkstr(Trim(XmlDoc.documentElement.selectSingleNode("email").text))
If IsValidEmail(UserEmail) = False Then
Messenge = "<li>您的Email有错误!</li>"
Status = 1
Exit Sub
End If
If CInt(Newasp.ChkSameMail) = 1 Then
Set Rs = Newasp.Execute("SELECT userid FROM NC_User WHERE usermail='" & UserEmail & "'")
If Not Rs.EOF Then
Status = 1
Messenge = "<li>此邮箱["&UserEmail&"]已经占用,请您换一个邮箱再注册吧。</li>"
Exit Sub
End If
Rs.Close:Set Rs = Nothing
End If
Set Rs = Newasp.Execute("SELECT username FROM NC_User WHERE username = '" & UserName & "'")
If Not (Rs.bof And Rs.EOF) Then
Status = 1
Messenge = "<li>Sorry!此用户已经存在,请换一个用户名再试!</li>"
Else
Status = 0
Messenge = "<li><font color=red><b>" & UserName & "</b></font> 尚未被人使用,赶紧注册吧!</li>"
End If
Rs.Close:Set Rs = Nothing
End Sub
Sub UserReguser()
Dim nickname,UserPass,UserEmail,Question,Answer,usercookies
Dim strGroupName,Password,usersex,sex
Dim Rs,SQL
UserPass = Newasp.checkstr(XmlDoc.documentElement.selectSingleNode("password").text)
UserEmail = Newasp.checkstr(Trim(XmlDoc.documentElement.selectSingleNode("email").text))
Question = Newasp.checkstr(XmlDoc.documentElement.selectSingleNode("question").text)
Answer = Newasp.checkstr(XmlDoc.documentElement.selectSingleNode("answer").text)
sex = Newasp.ChkNumeric(XmlDoc.documentElement.selectSingleNode("gender").text)
If sex = 0 Then
usersex = "女"
Else
usersex = "男"
End If
usercookies = 1
If UserName = "" Or UserPass = "" Then
Status = 1
Messenge = Messenge & "<li>请填写用户名或密码。"
Exit Sub
End If
If Question = "" Then Question = Newasp.GetRandomCode
If Answer = "" Then Answer = Newasp.GetRandomCode
nickname = UserName
Password = md5(UserPass)
Answer = md5(Answer)
If Newasp.IsValidStr(UserName) = False Then
Messenge = Messenge & "<li>登录账号中含有非法字符!</li>"
Status = 1
Exit Sub
End If
If IsValidEmail(UserEmail) = False Then
Messenge = Messenge & "<li>您的Email有错误!</li>"
Status = 1
Exit Sub
End If
Set Rs = Newasp.Execute("SELECT username FROM NC_User WHERE username='" & UserName & "'")
If Not (Rs.BOF And Rs.EOF) Then
Status = 1
Messenge = Messenge & "<li>Sorry!此用户已经存在,请换一个用户名再试!</li>"
Exit Sub
End If
Rs.Close:Set Rs = Nothing
Set Rs = Newasp.Execute("SELECT username FROM NC_Admin WHERE username='" & UserName & "'")
If Not (Rs.BOF And Rs.EOF) Then
Status = 1
Messenge = Messenge & "<li>Sorry!此用户已经存在,请换一个用户名再试!</li>"
Exit Sub
End If
Rs.Close:Set Rs = Nothing
If CInt(Newasp.ChkSameMail) = 1 Then
Set Rs = Newasp.Execute("SELECT userid FROM NC_User WHERE usermail='" & UserEmail & "'")
If Not Rs.EOF Then
Status = 1
Messenge = Messenge & "<li>对不起!本系统已经限制一个邮箱只能注册一个账号。</li><li>此邮箱["&UserEmail&"]已经占用,请您换一个邮箱再注册吧。</li>"
Exit Sub
End If
Rs.Close:Set Rs = Nothing
End If
'---
Set Rs = Newasp.Execute("SELECT GroupName FROM NC_UserGroup WHERE Groupid=3")
If Rs.BOF And Rs.EOF Then
strGroupName = "普通会员"
Else
strGroupName = Newasp.CheckBadstr(Rs(0))
If Len(strGroupName) = 0 Then strGroupName = "普通会员"
End If
Rs.Close:Set Rs = Nothing
Set Rs = Server.CreateObject("ADODB.Recordset")
SQL = "SELECT * FROM NC_User WHERE (userid is null)"
Rs.Open SQL,Conn,1,3
Rs.Addnew
Rs("username") = UserName
Rs("password") = Password
Rs("nickname") = UserName
Rs("UserGrade") = 1
Rs("UserGroup") = strGroupName
Rs("UserClass") = 0
If CInt(Newasp.AdminCheckReg) = 1 Then
Rs("UserLock") = 1
Else
Rs("UserLock") = 0
End If
Rs("UserFace") = "face/1.gif"
Rs("userpoint") = CLng(Newasp.AddUserPoint)
Rs("usermoney") = 0
Rs("savemoney") = 0
Rs("prepaid") = 0
Rs("experience") = 10
Rs("charm") = 10
Rs("TrueName") = UserName
Rs("usersex") = usersex
Rs("usermail") = UserEmail
Rs("oicq") = ""
Rs("question") = Question
Rs("answer") = Answer
Rs("JoinTime") = Now()
Rs("ExpireTime") = Now()
Rs("LastTime") = Now()
Rs("Protect") = 0
Rs("usermsg") = 0
Rs("userlastip") = Newasp.GetUserip
Rs("userlogin") = 0
Rs("usersetting") = ",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"
Rs.update
Rs.Close
Set Rs = Nothing
Status = 0
Messenge = "用户注册成功。"
End Sub
Sub UesrLogin()
Dim UserPass
UserPass = Newasp.checkstr(XmlDoc.documentElement.selectSingleNode("password").text)
If UserName="" or UserPass="" Then
Status = 1
Messenge = Messenge & "<li>请填写用户名或密码。</li>"
Exit Sub
End If
UserPass = Md5(UserPass)
If ChkUserLogin(username,UserPass,1) Then
Status = 0
Messenge = Messenge & "<li>登陆成功。</li>"
Else
Status = 1
Messenge = Messenge & "<li>登陆失败。</li>"
End If
End Sub
Sub LogoutUser()
Response.Cookies(Newasp.Cookies_Name).path = "/"
Response.Cookies(Newasp.Cookies_Name)("userid") = ""
Response.Cookies(Newasp.Cookies_Name)("username") = ""
Response.Cookies(Newasp.Cookies_Name)("password") = ""
Response.Cookies(Newasp.Cookies_Name)("nickname") = ""
Response.Cookies(Newasp.Cookies_Name)("UserGrade") = ""
Response.Cookies(Newasp.Cookies_Name)("UserGroup") = ""
Response.Cookies(Newasp.Cookies_Name)("UserClass") = ""
Response.Cookies(Newasp.Cookies_Name)("UserToday") = ""
Response.Cookies(Newasp.Cookies_Name)("usercookies") = ""
Response.Cookies(Newasp.Cookies_Name)("LastTimeDate") = ""
Response.Cookies(Newasp.Cookies_Name)("LastTimeIP") = ""
Response.Cookies(Newasp.Cookies_Name)("LastTime") = ""
Response.Cookies(Newasp.Cookies_Name) = ""
End Sub
Sub UpdateUser()
Dim Rs,SQL
Dim UserPass,UserEmail,Question,Answer
UserPass = Newasp.checkstr(XmlDoc.documentElement.selectSingleNode("password").text)
UserEmail = Newasp.checkstr(Trim(XmlDoc.documentElement.selectSingleNode("email").text))
Question = Newasp.checkstr(XmlDoc.documentElement.selectSingleNode("question").text)
Answer = Newasp.checkstr(XmlDoc.documentElement.selectSingleNode("answer").text)
If UserPass <> "" Then
UserPass = Md5(UserPass)
End If
If Answer <> "" THen
Answer = Md5(Answer)
End If
If IsValidEmail(UserEmail) = False Then
UserEmail = ""
End If
Set Rs = Server.CreateObject("Adodb.RecordSet")
SQL = "SELECT TOP 1 * FROM [NC_User] WHERE Username='" & UserName & "'"
If Not IsObject(Conn) Then ConnectionDatabase
Rs.Open SQL,Conn,1,3
If Not Rs.Eof And Not Rs.Bof Then
If UserPass <> "" Then Rs("password") = UserPass
If Answer <> "" THen Rs("answer") = Answer
If UserEmail <> "" Then Rs("usermail") = UserEmail
If Question <> "" Then Rs("question") = Question
Rs.update
Status = 0
Messenge = "<li>基本资料修改成功。</li>"
Else
Status = 1
Messenge = "<li>该用户不存在,修改资料失败。</li>"
End If
Rs.Close
Set Rs = Nothing
If UserPass <> "" And Status = 0 Then
Response.Cookies(Newasp.Cookies_Name)("password") = UserPass
End If
End Sub
Sub Deleteuser()
Dim Del_Users,i,AllUserID,Del_UserName
Dim Rs
Del_Users = Split(UserName,",")
For i = 0 To UBound(Del_Users)
Del_UserName = Newasp.CheckBadstr(Del_Users(i))
Set Rs = Newasp.Execute("SELECT userid,username FROM [NC_User] WHERE UserName='" & Del_UserName & "'")
If Not (Rs.Eof And Rs.Bof) Then
AllUserID = AllUserID & Rs(0) & ","
Newasp.Execute("UPDATE NC_Message SET delsend=1 WHERE sender='"& Newasp.CheckStr(Rs(1)) &"'")
Newasp.Execute("DELETE FROM NC_Message WHERE flag=0 And incept='"& Newasp.CheckStr(Rs(1)) &"'")
Messenge = Messenge & "<li>用户(" & Del_UserName & ")删除成功。</li>"
End If
Next
Set Rs = Nothing
If AllUserID <> "" Then
If Right(AllUserID,1) = "," Then AllUserID = Left(AllUserID,Len(AllUserID)-1)
Newasp.Execute ("DELETE FROM NC_User WHERE userid in (" & AllUserID & ")")
Newasp.Execute ("DELETE FROM NC_Favorite WHERE userid in (" & AllUserID & ")")
Newasp.Execute ("DELETE FROM NC_Friend WHERE userid in (" & AllUserID & ")")
End If
Status = 0
End Sub
Sub Lockuser()
Dim UserStatus
If XmlDoc.documentElement.selectSingleNode("userstatus") is Nothing Then
Messenge = "<li>参数非法,中止请求。</li>"
Status = 1
Exit Sub
ElseIf Not IsNumeric(XmlDoc.documentElement.selectSingleNode("userstatus").text) Then
Messenge = "<li>参数非法,中止请求。</li>"
Status = 1
Exit Sub
Else
UserStatus = Clng(XmlDoc.documentElement.selectSingleNode("userstatus").text)
End If
If UserStatus = 0 Then
Newasp.Execute ("UPDATE NC_User SET UserLock=0 WHERE Username='" & UserName & "'")
Else
Newasp.Execute ("UPDATE NC_User SET UserLock=1 WHERE Username='" & UserName & "'")
End If
Status = 0
End Sub
Sub SaveUserCookie()
Dim S_syskey,Password,usercookies,TruePassWord,userclass,Userhidden
S_syskey = Request.QueryString("syskey")
UserName = Newasp.CheckBadstr(Request.QueryString("UserName"))
Password = Request.QueryString("Password")
usercookies = Request.QueryString("savecookie")
If UserName="" or S_syskey="" Then Exit Sub
Dim NewMd5,OldMd5
NewMd5 = Md5(UserName & API_ConformKey)
Md5OLD = 1
OldMd5 = Md5(UserName & API_ConformKey)
Md5OLD = 0
If Not (S_syskey=NewMd5 or S_syskey=OldMd5) Then
Exit Sub
End If
If usercookies="" or Not IsNumeric(usercookies) Then usercookies = 0
'用户退出
If Password = "" Then
Response.Cookies(Newasp.Cookies_Name).path = "/"
Response.Cookies(Newasp.Cookies_Name)("userid") = ""
Response.Cookies(Newasp.Cookies_Name)("username") = ""
Response.Cookies(Newasp.Cookies_Name)("password") = ""
Response.Cookies(Newasp.Cookies_Name)("nickname") = ""
Response.Cookies(Newasp.Cookies_Name)("UserGrade") = ""
Response.Cookies(Newasp.Cookies_Name)("UserGroup") = ""
Response.Cookies(Newasp.Cookies_Name)("UserClass") = ""
Response.Cookies(Newasp.Cookies_Name)("UserToday") = ""
Response.Cookies(Newasp.Cookies_Name)("usercookies") = ""
Response.Cookies(Newasp.Cookies_Name)("LastTimeDate") = ""
Response.Cookies(Newasp.Cookies_Name)("LastTimeIP") = ""
Response.Cookies(Newasp.Cookies_Name)("LastTime") = ""
Response.Cookies(Newasp.Cookies_Name) = ""
Exit Sub
End If
ChkUserLogin username,password,usercookies
End Sub
Function ChkUserLogin(username,password,usercookies)
ChkUserLogin = False
Dim Rs,SQL,Group_Setting
If Not IsObject(Conn) Then ConnectionDatabase
Set Rs = Server.CreateObject("ADODB.Recordset")
SQL = "SELECT * FROM [NC_User] WHERE username='" & UserName & "'"
Rs.Open SQL, Conn, 1, 3
If Not (Rs.BOF And Rs.EOF) Then
If password <> Rs("password") Then
ChkUserLogin = False
Exit Function
End If
If Rs("UserLock") <> 0 Then
ChkUserLogin = False
Exit Function
End If
Response.Cookies(Newasp.Cookies_Name)("LastTimeDate") = Rs("LastTime")
Response.Cookies(Newasp.Cookies_Name)("LastTimeIP") = Rs("userlastip")
Response.Cookies(Newasp.Cookies_Name)("LastTime") = Rs("LastTime")
Group_Setting=Split(Newasp.UserGroupSetting(Rs("UserGrade")), "|||")
If Rs("userpoint") < 0 Then
Rs("userpoint") = CLng(Group_Setting(25))
Else
Rs("userpoint") = Rs("userpoint") + CLng(Group_Setting(25))
End If
If Rs("experience") < 0 Then
Rs("experience") = CLng(Group_Setting(32))
Else
Rs("experience") = Rs("experience") + CLng(Group_Setting(32))
End If
If Rs("charm") < 0 Then
Rs("charm") = CLng(Group_Setting(33))
Else
Rs("charm") = Rs("charm") + CLng(Group_Setting(33))
End If
Rs("LastTime") = Now()
Rs("userlastip") = Newasp.GetUserip
Rs("UserLogin") = Rs("UserLogin") + 1
Rs.Update
Select Case usercookies
Case 0
Response.Cookies(Newasp.Cookies_Name)("usercookies") = usercookies
Case 1
Response.Cookies(Newasp.Cookies_Name).Expires=Date+1
Response.Cookies(Newasp.Cookies_Name)("usercookies") = usercookies
Case 2
Response.Cookies(Newasp.Cookies_Name).Expires=Date+31
Response.Cookies(Newasp.Cookies_Name)("usercookies") = usercookies
Case 3
Response.Cookies(Newasp.Cookies_Name).Expires=Date+365
Response.Cookies(Newasp.Cookies_Name)("usercookies") = usercookies
End Select
Response.Cookies(Newasp.Cookies_Name).path = "/"
Response.Cookies(Newasp.Cookies_Name)("userid") = Rs("userid")
Response.Cookies(Newasp.Cookies_Name)("username") = Rs("username")
Response.Cookies(Newasp.Cookies_Name)("password") = Rs("password")
Response.Cookies(Newasp.Cookies_Name)("nickname") = Rs("nickname")
Response.Cookies(Newasp.Cookies_Name)("UserGrade") = Rs("UserGrade")
Response.Cookies(Newasp.Cookies_Name)("UserGroup") = Rs("UserGroup")
Response.Cookies(Newasp.Cookies_Name)("UserClass") = Rs("UserClass")
Response.Cookies(Newasp.Cookies_Name)("UserToday") = Rs("UserToday")
ChkUserLogin = True
End If
Rs.Close
Set Rs = Nothing
End Function
%>