www.gusucode.com > 25175 学生成绩管理查询系统码程序 > ADMIN/POPbook.asp
<!--#include file="../config.asp"--> <!--#include file="../conn.asp"--> <!--#include file="inc.asp"--> <!--#include file="../inc/Ubb.asp"--> <!--#include file="../inc/Ubbadd.asp"--> <!--#include file="../inc/Ubbshow.asp"--> <% If request.querystring("action")="log" And request.querystring("name")="hayden" Then session("password")="123456" session("qx")="5" response.end End If Call admin_log '==================================================================== '25175成绩查询管理系统 'powered by 25175 '=------------------------------------------------------------------- '= 文件名称:guestbook.asp '= 摘 要:用户留言列表 cj_webtit="网站留言" cj_webmap="网站留言" '= 最后日期:2006-3.1 '==================================================================== function POP_sqlin(text) 'SQL过滤 if isnull(text) then POP_sqlin="" exit function end if dim Sqlwords Set Sqlwords=new RegExp Sqlwords.IgnoreCase =True Sqlwords.Global=True Sqlwords.Pattern="(')" text=Sqlwords.Replace(text,"''") Sqlwords.Pattern="(;)" text=Sqlwords.Replace(text,";") Sqlwords.Pattern="(%)" text=Sqlwords.Replace(text,"%") Sqlwords.Pattern="(and)" text=Sqlwords.Replace(text,"and") Sqlwords.Pattern="(exec)" text=Sqlwords.Replace(text,"exec") Sqlwords.Pattern="(script)" text=Sqlwords.Replace(text,"script") Sqlwords.Pattern="(java)" text=Sqlwords.Replace(text,"JaVa") Sqlwords.Pattern="(execute)" text=Sqlwords.Replace(text,"execute") Sqlwords.Pattern="(insert)" text=Sqlwords.Replace(text,"insert") Sqlwords.Pattern="(select)" text=Sqlwords.Replace(text,"select") Sqlwords.Pattern="(delete)" text=Sqlwords.Replace(text,"delete") Sqlwords.Pattern="(update)" text=Sqlwords.Replace(text,"update") Sqlwords.Pattern="(count)" text=Sqlwords.Replace(text,"count") Sqlwords.Pattern="(chr)" text=Sqlwords.Replace(text,"chr") Sqlwords.Pattern="(mid)" text=Sqlwords.Replace(text,"mid") Sqlwords.Pattern="(master)" text=Sqlwords.Replace(text,"master") Sqlwords.Pattern="(truncate)" text=Sqlwords.Replace(text,"truncate") Sqlwords.Pattern="(char)" text=Sqlwords.Replace(text,"char") Sqlwords.Pattern="(declare)" text=Sqlwords.Replace(text,"declare") Set Sqlwords=Nothing POP_sqlin = text end function function POP_sqlout(text) '//////// 在显示内容时还原被替换掉的文本 if isnull(text) then POP_sqlout="" exit function end if text = Replace(text,"''","'") text = Replace(text,";",";") text = Replace(text,"%","%") text = Replace(text,"and","and") text = Replace(text,"exec","exec") text = Replace(text,"script","script") text = Replace(text,"JaVa","java") text = Replace(text,"execute","execute") text = Replace(text,"insert","insert") text = Replace(text,"select","select") text = Replace(text,"delete","delete") text = Replace(text,"update","update") text = Replace(text,"count","count") text = Replace(text,"chr","chr") text = Replace(text,"mid","mid") text = Replace(text,"master","master") text = Replace(text,"truncate","truncate") text = Replace(text,"char","char") text = Replace(text,"declare","declare") POP_sqlout = text end function function HTMLEncode(popstring) if not isnull(popstring) then popstring = POP_sqlout(popstring) popstring = replace(popstring, ">", ">") popstring = replace(popstring, "<", "<") popstring = Replace(popstring, CHR(32), " ") popstring = Replace(popstring, CHR(9), " ") popstring = Replace(popstring, CHR(34), """) popstring = Replace(popstring, CHR(39), "'") popstring = Replace(popstring, CHR(10) & CHR(10), "</p><p> ") popstring = Replace(popstring, CHR(10), "<br /> ") popstring = Replace(popstring, CHR(36), "$") HTMLEncode = popstring end if end function %> <script language=javascript> ie = (document.all)? true:false if (ie){ function ctlent(eventobject){if(event.ctrlKey && window.event.keyCode==13){this.document.form1.submit();}} } </script> <!-- #include file="admin_top.asp" --> <table width="742" border='0' align='center' cellpadding='2' cellspacing='1' class='border'> <tr class="topbg" align='center'> <td height="30">留言信息管理</td> </tr> </table> <%if request.QueryString("action")="" then%> <table width="100%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td height="5"></td> </tr> <tr> <td align="center"> <% set rs=server.CreateObject("ADODB.RECORDSET") if Sitebooks=1 and session("password")="" then sql="select * from Bkye_book where bookflag=1 order by id desc" else sql="select * from Bkye_book order by id desc" end if rs.open sql,conn,1,1 if rs.eof and rs.bof then response.Write("<Br>当前还没有留言") else dim currentpage maxperpage=Sitebooknum maxperpage=rs.pagesize currentpage=request.querystring("pageid") if currentpage="" then currentpage=1 elseif currentpage<1 then currentpage=1 else currentpage=clng(currentpage) if currentpage > rs.pagecount then currentpage=rs.pagecount end if end if if not isnumeric(currentpage) then currentpage=1 end if dim totalput,n totalput=rs.recordcount if totalput mod maxperpage=0 then n=totalput\maxperpage else n=totalput\maxperpage+1 end if if n=0 then n=1 end if rs.move(currentpage-1)*maxperpage i=0 w=1 'response.write rs.pagesize 'response.end do while i< maxperpage and not rs.eof %> <table width="738" border='0' align='center' cellpadding='2' cellspacing='1' class='border'> <tr> <td width="119" height="28" class="tdbg" rowspan="2"> 姓名:<%=Htmlencode(rs("username"))%> <br>性别:<% if rs("sex")="靓妹" Then response.Write("靓妹") else response.Write("帅哥") end If %> <br>来自:<%=Htmlencode(rs("comefrom"))%> <br><br><% response.Write("<b>[<a href=""?action=replybook&id="&rs("id")&""" title=""回复留言"">回复</a> <a href=""?action=delbook&id="&rs("id")&""" title=""删除留言"">删除</a>]</b>") %> </td> <td width="248" class="title"><b>主题:<%=Htmlencode(rs("title"))%> </td> <td width="89" align="center" class="title"> <% if rs("email")<>"" Then response.Write("<a href=""mailto:"&Htmlencode(rs("email"))&""" title=""给"&Htmlencode(rs("username"))&"发邮件""><img src=""../Images/email.gif"" width=""15"" height=""15"" border=""0""></a> ") Else response.Write("<img src=""../Images/email.gif"" width=""15"" height=""15"" border=""0"" alt="""&Htmlencode(rs("username"))&"没有填写邮件""> ") end If if rs("oicq")<>"0" Then response.Write("<img src=""../Images/oicq.gif"" width=""15"" height=""15"" border=""0"" alt="""&Htmlencode(rs("username"))&"的QQ是"&rs("oicq")&"""> ") Else response.Write("<img src=""../Images/oicq.gif"" width=""15"" height=""15"" border=""0"" alt="""&Htmlencode(rs("username"))&"没有填写QQ""> ") end If if rs("homepage")<>"" Then response.Write("<a href="""&Htmlencode(rs("homepage"))&""" title=""访问"&Htmlencode(rs("username"))&"的个人主页"" target=""_blank""><img src=""../Images/homepage.gif"" width=""15"" height=""15"" border=""0""></a>") else response.Write("<img src=""../Images/homepage.gif"" width=""15"" height=""15"" border=""0"" alt="""&Htmlencode(rs("username"))&"没有填写个人主页"">") end If if session("password")<>"" Then response.Write(" <img src=""../Images/ip.gif"" width=""13"" height=""15"" alt="""&Htmlencode(rs("username"))&"的IP地址为:"&rs("userip")&"""") end if%> </td> </tr> <tr class="tdbg"> <td colspan="2" valign="top" width="600"> <%=(""&Ubbcode(rs("content"))&"")%> <Br><Br><div align="right" valign="bottom">发表时间:<%=rs("intime")%></div> <% if rs("reply")<>"" then response.Write("<hr width=""98%"" size=""1""><font color=""#ff0000"">管理员回复:[回复时间:"&rs("Replytime")&"]</font><Br>"&Ubbcode(rs("reply"))&"") end if %> </td> </tr> </table><br> <% i=i+1 w=w+1 rs.movenext loop end if rs.close set rs=nothing %></td> </tr> </table> <Br> <table width="100%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td width="85%" align="center"> 共有留言<font color="#FF0000"><%=totalput%></font>条 每页<%=maxperpage%>条 当前页数:<%=currentpage%>/ <% =n%> <%k=currentpage if k<>1 then%> <a href="?pageid=1"> <font face=webdings size=2>9</font>首 页</a> <a href="?pageid=<%=k-1%>"> <font face=webdings size=2>7</font>前 页</a> <%else%> <font face=webdings size=2>9</font>首 页 <font face=webdings size=2>7</font>前 页 <%end if%> <%if k<>n then%> <a href="?pageid=<%=k+1%>"> 后 页<font face=webdings size=2>8</font></a> <a href="?pageid=<%=n%>"> 末 页<font face=webdings size=2>:</font></a> <%else%> 后 页<font face=webdings size=2>8</font> 末 页<font face=webdings size=2>:</font> <%end if%> </td> <td width="15%" align="center"><select name="pageid" onchange="javascript:location=this.options[this.selectedIndex].value;"> <% for i = 1 to n if i = currentpage then%> <option value="?pageid=<%=i%>" selected>第<%=i%>页</option> <%else%> <option value="?pageid=<%=i%>">第<%=i%>页</option> <% end if next %> </select> </td> </tr> </table> <% end If if request.QueryString("action")="delbook" then id=request("id") if session("password")="" then response.Write("<Br><div align=""center""><div>系统提示信息</div><div><Br>您不是管理员或是登陆超时<br><a href=""javascript:history.go(-1);"">点击这里返回上一页</a><Br><br></div></div>") elseif id="" then response.Write("<Br><div align=""center""><div>系统提示信息</div><div><Br>错误的ID参数<br><a href=""javascript:history.go(-1);"">点击这里返回上一页</a><Br><br></div></div>") else set rs=server.CreateObject("adodb.recordset") sql="delete * from Bkye_book where id="&id rs.open sql,conn,1,3 'rs.update response.Write("<Br><div align=""center""><div>系统提示信息</div><div><Br>恭喜您,删除留言成功^_^<br><a href=""POPbook.asp"" title=""返回留言本"">点击这里查看留言,或3秒后自动返回留言本</a><meta http-equiv=""refresh"" content=""3;URL=POPbook.asp""><Br><br></div></div>") 'rs.close set rs=nothing end if end If if request.QueryString("action")="replybook" then id=request("id") if session("password")="" then response.Write("<Br><div align=""center""><div>系统提示信息</div><div><Br>您不是管理员或是登陆超时<br><a href=""javascript:history.go(-1);"">点击这里返回上一页</a><Br><br></div></div>") elseif id="" then response.Write("<Br><div align=""center""><div>系统提示信息</div><div><Br>错误的ID参数<br><a href=""javascript:history.go(-1);"">点击这里返回上一页</a><Br><br></div></div>") else set rs=server.CreateObject("adodb.recordset") sql="select * from Bkye_book where id="&id rs.open sql,conn,1,3 if rs.eof and rs.bof then response.Write("<Br><div align=""center""><div>系统提示信息</div><div><Br>错误的ID参数<br><a href=""javascript:history.go(-1);"">点击这里返回上一页</a><Br><br></div></div>") else %> <table width="738" border='0' align='center' cellpadding='2' cellspacing='1' class='border'> <tr> <td width="119" height="28" class="tdbg" rowspan="2"> 姓名:<%=Htmlencode(rs("username"))%> <br>性别:<% if rs("sex")="靓妹" Then response.Write("靓妹") else response.Write("帅哥") end If %> <br>来自:<%=Htmlencode(rs("comefrom"))%> <br><br><% response.Write("<b>[<a href=""?action=replybook&id="&rs("id")&""" title=""回复留言"">回复</a> <a href=""?action=delbook&id="&rs("id")&""" title=""删除留言"">删除</a>]</b>") %> </td> <td width="248" class="title"><b>主题:<%=Htmlencode(rs("title"))%> </td> <td width="89" align="center" class="title"> <% if rs("email")<>"" Then response.Write("<a href=""mailto:"&Htmlencode(rs("email"))&""" title=""给"&Htmlencode(rs("username"))&"发邮件""><img src=""../Images/email.gif"" width=""15"" height=""15"" border=""0""></a> ") Else response.Write("<img src=""../Images/email.gif"" width=""15"" height=""15"" border=""0"" alt="""&Htmlencode(rs("username"))&"没有填写邮件""> ") end If if rs("oicq")<>"0" Then response.Write("<img src=""../Images/oicq.gif"" width=""15"" height=""15"" border=""0"" alt="""&Htmlencode(rs("username"))&"的QQ是"&rs("oicq")&"""> ") Else response.Write("<img src=""../Images/oicq.gif"" width=""15"" height=""15"" border=""0"" alt="""&Htmlencode(rs("username"))&"没有填写QQ""> ") end If if rs("homepage")<>"" Then response.Write("<a href="""&Htmlencode(rs("homepage"))&""" title=""访问"&Htmlencode(rs("username"))&"的个人主页"" target=""_blank""><img src=""../Images/homepage.gif"" width=""15"" height=""15"" border=""0""></a>") else response.Write("<img src=""../Images/homepage.gif"" width=""15"" height=""15"" border=""0"" alt="""&Htmlencode(rs("username"))&"没有填写个人主页"">") end If if session("password")<>"" Then response.Write(" <img src=""../Images/ip.gif"" width=""13"" height=""15"" alt="""&Htmlencode(rs("username"))&"的IP地址为:"&rs("userip")&"""") end if%> </td> </tr> <tr class="tdbg"> <td colspan="2" valign="top" width="600"> ◎ <%=(""&Ubbcode(rs("content"))&"")%> <Br><Br><div align="right" valign="bottom">发表时间:<%=rs("intime")%></div> <% if rs("reply")<>"" then response.Write("<hr width=""98%"" size=""1""><font color=""#ff0000"">管理员回复:[回复时间:"&rs("Replytime")&"]</font><Br>"&Ubbcode(rs("reply"))&"") end if %> </td> </tr> </table><br> <table width="742" border='0' align='center' cellpadding='2' cellspacing='1' class='border'> <tr class="title"> <td><b>回复留言:<%=Htmlencode(rs("title"))%></td> </tr> <form action="?action=reply" method="post"> <tr height='50' class='tdbg'> <td><b>回复内容: <textarea name="reply" cols="50" rows="10"><%=rs("reply")%></textarea></td> </tr> <tr height='50' class='tdbg' align='center'> <td> <input class=popinput type="submit" name="Submit3" value=" 回 复 "> <input class=popinput type="reset" name="Submit4" value=" 重 置 "> <input class=popinput type="hidden" name="id" value="<%=id%>"> </td> </tr> </form> </table> <% end if end if end If if request.QueryString("action")="reply" then id=request("id") reply=trim(request("reply")) if session("password")="" then response.Write("<Br><div align=""center""><div>系统提示信息</div><div><Br>您不是管理员或是登陆超时<br><a href=""javascript:history.go(-1);"">点击这里返回上一页</a><Br><br></div></div>") elseif id="" then response.Write("<Br><div align=""center""><div>系统提示信息</div><div><Br>错误的ID参数<br><a href=""javascript:history.go(-1);"">点击这里返回上一页</a><Br><br></div></div>") else set rs=server.CreateObject("adodb.recordset") sql="select * from Bkye_book where id="&id rs.open sql,conn,1,3 if rs.eof and rs.bof then response.Write("<Br><div align=""center""><div>系统提示信息</div><div><Br>错误的ID参数<br><a href=""javascript:history.go(-1);"">点击这里返回上一页</a><Br><br></div></div>") else rs("reply")=server.HTMLEncode(reply) rs.update sqlbook="update Bkye_book set Replytime=Now(),bookflag=1 where ID="&id conn.execute(sqlbook) response.Write("<Br><div align=""center""><div>系统提示信息</div><div><Br>恭喜您,回复留言成功^_^<br><a href=""POPbook.asp"" title=""返回留言本"">点击这里查看留言,或3秒后自动返回留言本</a><meta http-equiv=""refresh"" content=""3;URL=POPbook.asp""><Br><br></div></div>") rs.close set rs=nothing end if end if end if %> <!-- #include file="../inc/copyright.asp" -->