<%
dim conn
dim connstr
on error resume next
connstr="DBQ="+server.mappath("db.mdb")+";DefaultDir=;DRIVER={Microsoft Access Driver (*.mdb)};"
set conn=server.createobject("ADODB.CONNECTION")
conn.open connstr
Function Deal(exp1)
dim exp2
exp2=Replace(exp1,"<","<")
exp2=Replace(exp2,">",">")
exp2=Replace(exp2,"'","''")
exp2=Replace(exp2,Chr(13)," ")
Deal=exp2
End Function
%>
<% if request.querystring("action")=""or request.querystring("action")="view"then
%>
<%end if%>
|
|
<%
if request.querystring("action")="admin"then
%>
<%else%>
<%
if request.querystring("action")="adminlogin"then
username=request.form("user")
password=request.form("password")
if instr(password,"'")>0 then
response.write("密码格式错误!")
else
Set rs = Server.CreateObject("ADODB.Recordset")
sql="Select * From admin where name='"&username&"'and password='"&password&"'"
rs.Open sql,conn,1,3
if rs.eof then
%>
用户名或者密码不对!重新登录
返回
<%
else
session("admin")="admin"
response.redirect"index.asp"
end if
end if
%>
<%else%>
<%
if request.querystring("action")="reply"then
if session("admin")="admin"then
thisid=request.querystring("id")
conn.close
else
response.redirect"index.asp?action=admin"
end if
%>
<%
else
%>
<%
if request.querystring("action")="addreply"then
if session("admin")="admin"then
replyid=request.querystring("id")
set rs=server.createobject("adodb.recordset")
sql="select reply From book where id= "+CStr(replyid)
rs.open sql,conn,1,3
reply=request.form("reply")
rs("reply")=deal(reply)
rs.update
rs.close
set rs=nothing
conn.close
response.redirect"index.asp"
else
response.redirect"index.asp?action=admin"
end if
%>
<%else%>
<%
if request.querystring("action")="del"then
if session("admin")="admin"then
delid=request.querystring("id")
set rs=server.createobject("adodb.recordset")
sql="delete * From book where id= "+CStr(delid)
rs.open sql,conn,1,3
rs.close
set rs=nothing
conn.close
response.redirect"index.asp"
else
response.redirect"index.asp?action=admin"
end if
%>
返回
<%
else
%>
<%
if request.querystring("action")="new"then
tit=request.form("tit")
com=request.form("com")
name=request.form("name")
from=request.form("from")
oicq=request.form("oicq")
homepage=request.form("homepage")
if tit=""or com=""or name=""then%>
留言主题,内容和您的姓名为必填项目!
返回
<%else
mail=request.form("mail")
set rs=server.createobject("adodb.recordset")
sql="select * from book where (id is null)"
rs.open sql,conn,1,3
rs.addnew
rs("tit")=deal(tit)
rs("com")=deal(com)
rs("name")=deal(name)
rs("from")=deal(from)
rs("oicq")=deal(oicq)
rs("mail")=deal(mail)
rs("homepage")=deal(homepage)
if request.form("r1")=0 then
rs("sex")=0
else
rs("sex")=1
end if
rs("ip")=Request("REMOTE_ADDR")
rs("date")=now
rs.update
rs.close
set rs=nothing
conn.close
response.redirect "index.asp"%>
<%end if%>
<%
else
if request.querystring("action")=""or request.querystring("action")="view"then
page=request.querystring("page")
set rs=server.createobject("adodb.recordset")
sql="select * from book order by id desc"
rs.open sql,conn,1,3
maxjilu=rs.recordcount
t=page*10
rs.absoluteposition=t+1
f=t+10
for i=t+1 to f
idd=rs("id")
%>
<%
rs.movenext
if rs.eof then
exit for
rs.close
conn.close
end if
next
tt=page*10
if page<0 then
page=0
end if
if tt>=maxjilu then
ttt=page-1
end if
if maxjilu-tt<10 then
ttt=page-1
else
ttt=page
end if
u=1
do while u*10
|
|
|