master.asp

方舟网免费空间申请程序(自助建站系统) v3.0 1 界面美观 2 后台管理功能强大：A 可以设置多种参数

	</table></td></tr></table>
	<%
End SUB

SUB SysSave()
	if not SetPower(0,7) then exit SUB
	dim upload_Component,SysEmail,CooSelTitle,rs
	CooSelTitle=CheckStr(GetValue(request.form("CooSelTitle"),"str"," "))
	SysEmail=CheckStr(GetValue(request.form("SysEmail0"),"str",""))&"|"&CheckStr(GetValue(request.form("SysEmail1"),"str",""))&"|"&CheckStr(GetValue(request.form("SysEmail2"),"str",""))&"|"&CheckStr(GetValue(request.form("SysEmail3"),"str",""))
	upload_Component=GetValue(request.form("upload_Component"),"int",0)
	set rs=Server.CreateObject("ADODB.recordset")
	rs.open "config",CONN,1,3
	rs("upload_Component")=upload_Component
	rs("Reg_SysEmail")=SysEmail
	rs("CooSelTitle")=CooSelTitle
	rs.update
	rs.close
	set rs=nothing
End SUB

Sub ADD()
dim SQL,rs,NewID
	if SetPower(2,1)=false then
		call GetError("<br><li>你没有管理所有帐号权限 ，添加用户失败")
	end if
	if checkchar(GetUserName,"")=false then
		GetError("<li>提交的用户帐号“"+GetUserName+"”含非法字符")
	end if
	SQL="select * from [userlist] where UserName='"&GetUserName&"'"
	set rs=Server.CreateObject("ADODB.recordset")
	rs.open SQL,CONN,1,3
	if not rs.EOF then
		rs.close
		GetError "<br><li> 该用户已经已存在！"
	else
		rs.addnew
		rs("UserName")=GetUserName
		rs("UserPassword")=md5(GetUserName,md5order)
		rs("UserPath")=UseRootpathCreate&GetUserName
		rs("UseQuota")="0"
		rs("sFlag")="000000000,000000000,000000000"
		rs("MasterFlag")=0
		rs("lockuser")=0
		rs.update
		newID=rs("UserID")
		rs.close
		set rs=nothing
		response.redirect("Master.asp?action=editSin&UserID="&newID) 
	end if
end Sub

SUB  ADDadmin()
dim rs,UserID,UserName,UserPassword
	if  SetPower(1,6)=false then
		GetError("<br><li>你没有修改管理级别权限，修改级别失败")
	end if
	set rs=CONN.Execute("select UserName,UserPassword from [userlist] where UserID="&ModiUserID)

	if rs.EOF then
			rs.close
		set rs=nothing
		GetError("<li>提交的用户帐号不存在,添加没有成功")
	else
		UserName=rs(0)
		UserPassword=rs(1)
		rs.close
		if checkchar(UserName,"")=false then
			GetError("<br><li>提交的用户帐号“"+UserName+"”含非法字符,添加没有成功")
		end if
		set rs=CONN.Execute("select adduser from [admin] where adduser='"&UserName&"'")
		if rs.eof then
			SQL="insert into [admin] (UserName,adduser,[password],MasterFlag)values('"&UserName&"','"&UserName&"','"&UserPassword&"',1)"
			CONN.Execute(SQL)
		end if
		rs.close
	end if
	set rs=nothing
		CONN.Execute("update [userlist] set MasterFlag=1 where UserID="&ModiUserID)
	if GetValue(request.QueryString("optionSin"),"str","false")="true" then
		response.redirect("Master.asp?action=editSin&UserID="&ModiUserID)
	end if
End SUB 

SUB removeUser()
	dim rs,UserMasterFlag,deldir
	deldir=request.queryString("deldir")
	if SetPower(1,6)=false then
		call GetError("<br><li>你没有修改管理级别权限，注销失败")
	end if
	if SetPower(2,1)=false then
		call GetError("<br><li>你没有管理所有用户权限，注销失败")
	end if
	set rs=CONN.Execute("select [MasterFlag] from admin where adduser='"&GetUserName&"'")
	if not rs.EOF then
		UserMasterFlag=rs(0)
		if MasterFlag<UserMasterFlag then
			GetError "<br><li>不能注销级别比你高的管理员！"
		elseif GetUserName=membername then 
			GetError "<br><li>不能注销自己当前登陆管理帐号"
		end if
	end if
		rs.close
		set rs=nothing
	if deldir="1" then Call DelFolder(GetUserName) '删除注册目录
	CONN.Execute "delete from [userlist] where UserName='"&GetUserName&"'" 
	CONN.Execute "delete from admin where adduser='"&GetUserName&"'" 
End SUB

SUB removeMaster()
	if SetPower(1,6)=false then
		call GetError("<br><li>你没有修改管理级别权限，修改失败")
	end if
	set rs=CONN.Execute("select MasterFlag,UserName from [userlist] where UserID="&ModiUserID)
	if rs.eof then
		GetError "<br><li>指定用户不存在！"
	else
		if MasterFlag<rs(0) then 
			GetError "<br><li>不能取消级别比你高的管理员"
		else
			if rs(1)=membername then 
				GetError "<br><li>不能取消自己当前登陆管理帐号权限"
			else
				CONN.Execute "delete from admin where adduser='"&rs("UserName")&"'" 
				CONN.Execute "update [userlist] set MasterFlag=0 where UserID="&ModiUserID 
			end if
		end if
	end if
	rs.close
	set rs=nothing
	if GetValue(request.QueryString("optionSin"),"str","false")="true" then
		response.redirect("Master.asp?action=editSin&UserID="&ModiUserID)
	end if
End SUB

SUB ManaloginCheck()
	dim SQL,rs
	dim UserName,Password
	UserName=checkStr(GetValue(request.form("AdminName"),"str",""))
	Password=md5(GetValue(request.form("AdminPassword"),"str",""),md5order)
	dim GetCode
	GetCode=GetValue(request.form("GetCode"),"int",-1)
	if GetCode<>int(Session("GetCode")) then
		call GetError("<br><li>校验码不正确！")
	end iF
	SQL="select id From admin where UserName='"&UserName&"' and [password]='"&Password&"' and  adduser='"&membername&"'"
	set rs=CONN.execute(SQL)
	if rs.eof then
		call GetError("<br><li>管理帐号或管理密码不对！")
	else
		Session("Master.ASP")="loginYes"
		response.redirect("Master.ASP")
	end if
End SUB

SUB ModiSave()
	dim SQL,rs
	dim fd,foundErr,info,chk

	dim UserID,ID

	dim UserName
	dim Reg_Name
	dim UserPassword
	dim UserPath
	dim UserMasterFlag
	dim AdminName
	dim AdminPassword

	dim oldUserName
	dim oldUserPassword
	dim oldUserPath
	dim oldUserMasterFlag
	dim oldAdminName
	dim oldAdminPassword
	dim oldUserGroupID
	dim UserGroupID
	dim lockuser
	dim oldlockuser
	dim UseQuota
	dim oldUseQuota
	dim oldReg_Name

	dim pathStr

	dim isNulladmin
		isNulladmin=false

	UserID=clng(GetValue(request.form("UserID"),"int",-1))
	foundErr=false
	SQL="select U.UserPath,U.MasterFlag,U.UserName,U.UserPassword,A.UserName,A.[password],A.id,U.GroupID,U.lockuser,U.UseQuota,U.Reg_Name from [userlist] as U left join [admin] as A on U.UserName=A.adduser where UserID="&UserID
	set rs=conn.Execute(SQL)

	if Not rs.eof then
		oldUserPath=rs(0)
		oldUserMasterFlag=rs(1)
		oldUserName=rs(2)
		oldUserPassword=rs(3)
		oldAdminName=rs(4)
		oldAdminPassword=rs(5)
		ID=rs(6)
		oldUserGroupID=rs(7)
		oldlockuser=rs(8)
		oldUseQuota=rs(9)
		oldReg_Name=rs(9)
		rs.close
	else
		info=info+"<br><li>编辑用户不存在，或非法操作！"
		foundErr=true
	end if
		if isNull(oldAdminName) then isNulladmin=true
	
		Reg_Name=CheckStr(GetValue(request.form("Reg_Name"),"str",oldReg_Name))
		UserName=CheckStr(GetValue(request.form("UserName"),"str",oldUserName))
		UserPassword=GetValue(request.form("UserPassword"),"str","")
		UserMasterFlag=GetValue(request.form("UserMasterFlag"),"int",oldUserMasterFlag)
		AdminName=CheckStr(GetValue(request.form("AdminName"),"str",oldAdminName))	
		AdminPassword=GetValue(request.form("AdminPassword"),"str","")
		UserGroupID=GetValue(request.form("GroupID"),"int",oldUserGroupID)
		lockuser=GetValue(request.form("lockuser"),"int",0)
		'路径组合!
		CreateDir=GetValue(request.form("CreateDir"),"str","")
		pathStr=GetValue(request.queryString("pathStr"),"str","")
		if GetAction="AddPath" then
			chk=checkfolder(pathStr,0)
			if chk<>"True" then  
				foundErr=true
				info=info+chk
			end if
			if checkchar(pathStr,"/")=false then
				foundErr=true
				info=info+("<br><li>新添加的用户管理路径含非法字符！")
			End if
		end if

		dim upth
		UserPath=clearChar(request.form("UserPath")(1))
		UseQuota=CastNum(request.form("UseQuota")(1),1,0)
		chk=checkfolder(UserPath,0)
		if chk<>"True" then  
			foundErr=true
			info=info+chk
		end if
		

		if request.form("UserPath").count>1 then
			for i=2 to request.form("UserPath").count
				upth=clearChar(request.form("UserPath")(i))
				chk=checkfolder(upth,0)
				if chk<>"True" then  
					foundErr=true
					info=info+chk
					chk="True"
				end if
				if checkchar(upth,"/")=false then
					foundErr=true
					info=info+("<br><li>用户管理路径含非法字符！")
				End if
				UserPath=UserPath&"|"&upth

				UseQuota=UseQuota&"|"&CastNum(request.form("UseQuota")(i),1,0)
			next 
		end if

		'dim item
		'for each item in request.form("UserPath")
			'response_write (item),1
		'next
		'--------//
	if SetPower(1,7)=false then UserPath=oldUserPath
	if SetPower(1,6)=false then UserMasterFlag=oldUserMasterFlag

	if checkchar(UserName,"")=false  then
		foundErr=true
		info=info+("<br><li>用户名含非法字符！")
	End if
	if  checkchar(AdminName,"")=false then
		foundErr=true
		info=info+("<br><li>后台用户名含非法字符！")
	End if

	if UserName<>oldUserName then
		set rs=CONN.execute("select UserID From [userlist] where UserName='"&UserName&"'")
		if Not rs.eof then
			foundErr=true
			info=info+("<br><li>提交用户名"""&UserName&"""已经存在！")
		end if
		rs.close
	end if

	if UserID=memberid and lockUser<>oldlockUser then 
		GetError "<br><li>不能锁定自己当前登陆管理帐号"
	End iF
	
	if Not isNulladmin then
		if AdminName<>oldAdminName then
			set rs=CONN.execute("select id From [admin] where UserName='"&AdminName&"'")
			if Not rs.eof then
				foundErr=true
				info=info+("<br><li>提交后台用户名"""&AdminName&"""已经存在！")
			end if
			rs.close
		end if
	end if

	IF foundErr then GetError info
	
	if GetAction="AddPath" then 
		UserPath=UserPath&"|"&pathStr
		UseQuota=UseQuota&"|0"
	end if

	dim upthArr,ubp,j
	upthArr=split(UserPath,"|")
	ubp=ubound(upthArr)
	for i=0 to  ubp-1
		for j=i+1 to ubp
			if strcomp(upthArr(i),upthArr(j))=0 then
				foundErr=true
				info=info+"<li>第"&j+1&"个管理路径"""&upthArr(i)&"""重复设置</li>"
			end if
		next
	next
	IF foundErr then GetError info

	for i=0 to ubound(upthArr)
		if Not fso.FolderExists(server.mappath(upthArr(i))) then
			if  CreateDir="checked" then
				on error resume next
				Fso.CreateFolder(Server.mappath(upthArr(i)))
				if err.number<>0 then
					foundErr=true
					info=info+"<li>"&err.description&"("&mid(upthArr(i),1,inStrRev(upthArr(i),"/"))&")</li>"
					err.clear
				end if
				on error goto 0
			else
				foundErr=true
				info=info+("<br><li>提交的用户路径"""&upthArr(i)&"""不存在！</li><li>如果需要创建新目录,请先复选目录创建!</li>")
			end if
		End if
	next
	IF foundErr then GetError(info)

	'if GetAction="AddPath" then 
	'	if Not fso.FolderExists(server.mappath(pathStr)) then
	'		Fso.CreateFolder(Server.mappath(pathStr))
	'	end if
	'end if

		dim UserPassword_1
			UserPassword_1=UserPassword
	if UserPassword<>"" then
		if UserPassword<>oldUserPassword then UserPassword=md5(UserPassword,md5order)
	else
		UserPassword=oldUserPassword
	end if

	if Not isNulladmin then
		if AdminPassword<>"" then
			if AdminPassword<>oldAdminPassword then AdminPassword=md5(AdminPassword,md5order)
		else
			AdminPassword=oldAdminPassword
		end if
	end if