📄 user-users.asp
字号:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<!--#include file="../Includes/site-dataconn.asp" -->
<!--#include file="../Includes/func-common.asp" -->
<!--#include file="../Includes/site-config.asp" -->
<!--#include file="../Includes/func-aspcode.asp" -->
<!--#include file="../Includes/func-htmlcode.asp" -->
<%
Response.Expires = 60
Response.Expiresabsolute = Now() - 1
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "no-cache"
%>
<html>
<head>
<title>// <%=Site_Name%> //</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<LINK REL=stylesheet TYPE="text/css" HREF="../Includes/Site-Style.css">
</head>
<body>
<%
'Admin Check
if session("admin") <> true then
response.redirect(Site_Forum_URL & "/default.asp")
end if
%>
<table width="100%" height="10" border="0" cellspacing="0" cellpadding="1">
<tr valign="top">
<td width="150">
<!--#include file="inc-navigation.asp" -->
</td>
<td align="center">
<%
Action = request.querystring("Action")
if Action = "" then Action = "Search"
if Action = "Submit" then
'check that the form was submitted from here
if instr(1, request.servervariables("HTTP_REFERER"), "?", 1) > 0 then
strReferedBy = left(request.servervariables("HTTP_REFERER"), (instr(1, request.servervariables("HTTP_REFERER"), "?", 1)-1))
else
strReferedBy = request.servervariables("HTTP_REFERER")
end if
strCurrentURL = Site_Forum_URL &"/Admin/user-users.asp"
if lcase(strReferedBy) <> lcase(strCurrentURL) then
response.redirect(Site_Forum_URL & "/default.asp")
end if
if request.querystring("Clear") <> "" then
'Clear user ban
set rsBan = server.createobject("adodb.recordset")
sqlBan = "UPDATE Forum_Users SET User_Status = 1 WHERE User_ID = "& int(request.querystring("Clear")) &";"
rsBan.open sqlBan, adoConn
set rsBan = nothing
set rsBan = server.createobject("adodb.recordset")
sqlBan = "SELECT * Forum_BadIP WHERE Bad_IP ='"& request.form("Address") &"';"
rsBan.cursortype = 2
rsBan.locktype = 3
rsBan.open sqlBan, adoConn, CMDText
if not (rsBan.eof or rsBan.bof) then
rsBan.delete
end if
rsBan.close
set rsBan = nothing
strHeader = "Success"
strMessage = "The user has successfully had their ban removed and they may now log back in to the forums."
end if
if request.querystring("Ban") <> "" then
'Ban user
set rsBan = server.createobject("adodb.recordset")
sqlBan = "UPDATE Forum_Users SET User_Status = 2 WHERE User_ID = "& int(request.querystring("Ban")) &";"
rsBan.open sqlBan, adoConn
set rsBan = nothing
strHeader = "Success"
strMessage = "The user has been successfully banned and they may no longer log into the forums."
if request.form("IP") = 1 then
set rsBan = server.createobject("adodb.recordset")
sqlBan = "INSERT INTO Forum_BadIP VALUES ('"& request.form("Address") &"');"
rsBan.open sqlBan, adoConn, CMDText
set rsBan = nothing
strHeader = "Success"
strMessage = "The user has been successfully banned and they may no longer log into the forums. Their IP address has also been added to the banned IP Address list preventing them from accessing the forums from their PC under a different account."
end if
end if
if request.querystring("Delete") <> "" then
'Delete the user from the database (to add: delete any other details relating to the user)
set rsDelete = server.createobject("adodb.recordset")
sqlDelete = "SELECT * FROM Forum_Users WHERE User_ID = "& int(request.querystring("Delete")) &""
rsDelete.cursortype = 2
rsDelete.locktype = 3
rsDelete.open sqlDelete, adoConn, CMDText
if not (rsDelete.eof or rsDelete.bof) then
rsDelete.delete
strHeader = "// Deleted"
strMessage = "The selected user has now been deleted from the user base"
else
strHeader = "// Error"
strMessage = "The selecetd user could not be found, please resubmit your search query and try again."
end if
rsDelete.close
set rsDelete = nothing
'Update stats
set rsStats = server.createobject("adodb.recordset")
sqlStats = "SELECT User_ID, User_Name FROM Forum_Users ORDER BY User_Join_Date DESC;"
rsStats.open sqlStats, adoConn
strUserID = rsStats("User_ID")
strUserName = rsStats("User_Name")
rsStats.close
if strUserID <> "" then
sqlStats = "UPDATE Forum_Stats SET Stats_Users = (Stats_Users - 1), Stats_User_ID = "& strUserID &", Stats_User_Name = '"& strUserName &"';"
rsStats.open sqlStats, adoConn
end if
set rsStats = nothing
end if
if request.querystring("Update") <> "" then
'Update user details
if request.form("Day") <> "00" and request.form("Month") <> "00" and request.form("Year") <> "" then
strDOB = request.form("Day") & request.form("Month")
if len(request.form("Year")) <= 2 then
if int(request.form("Year")) > 40 then
strDOB = strDOB & "19" & request.form("Year")
else
strDOB = strDOB & "20" & request.form("Year")
end if
else
strDOB = strDOB & request.form("Year")
end if
else
strDOB = ""
end if
set rsUpdate = server.createobject("adodb.recordset")
sqlUpdate = "SELECT * FROM forum_users WHERE User_ID = "& int(request.querystring("Update")) &""
rsUpdate.cursortype = 2
rsUpdate.locktype = 3
rsUpdate.open sqlUpdate, adoConn, CMDText
if not (rsUpdate.eof or rsUpdate.bof) then
rsUpdate("User_Name") = clean_text(request.form("Name"), 0)
rsUpdate("User_Password") = sql_encode(request.form("Password"))
rsUpdate("User_Email") = sql_encode(request.form("Email"))
rsUpdate("User_Location") = sql_encode(request.form("Location"))
rsUpdate("User_DOB") = strDOB
rsUpdate("User_Title") = clean_text(request.form("Title"), 0)
rsUpdate("User_Avatar") = sql_encode(request.form("Avatar"))
rsUpdate("User_ICQ") = sql_encode(request.form("ICQ"))
rsUpdate("User_MSN") = sql_encode(request.form("MSN"))
rsUpdate("User_AIM") = sql_encode(request.form("AIM"))
rsUpdate("User_Posts") = request.form("Posts")
rsUpdate("User_Location") = sql_encode(request.form("Location"))
'To allow images in signatures comment out the next line and uncomment the line following it
rsUpdate("User_Signature") = bbcode(clean_text(request.form("Signature"), 0), 0)
'rsUpdate("User_Signature") = bbcode(clean_text(request.form("Signature")), 1)
rsUpdate("User_Biography") = clean_text(request.form("Biography"), 0)
rsUpdate("User_Website") = request.form("Website")
if request.form("ShowEmail") = 1 then
rsUpdate("User_Email_View") = 1
else
rsUpdate("User_Email_View") = 0
end if
if request.form("ShowOnline") = 1 then
rsUpdate("User_Online_View") = 1
else
rsUpdate("User_Online_View") = 0
end if
if request.form("AcceptEmail") = 1 then
rsUpdate("User_Admin_Email") = 1
else
rsUpdate("User_Admin_Email") = 0
end if
rsUpdate.update
rsUpdate.close
set rsUpdate = nothing
'set success message
strHeader = "// Update Success"
strMessage = "The users details have been successfully updated."
else
'set error message
strHeader = "// Update Error"
strMessage = "Unfortunately there was an error updating the specified users details. Please re-enter your search criteria and try again."
end if
end if
%>
<table border="0" cellspacing="1" cellpadding="2" align="center" class="main">
<tr valign="middle" class="title">
<td align="center"><%=Site_Name%> <%=strHeader%></td>
</tr>
<tr class="body">
<td align="center">
<%=strMessage%>
</td>
</tr>
</table>
<%
end if
if Action = "Confirm" then
'Check form was submitted from here
if instr(1, request.servervariables("HTTP_REFERER"), "?", 1) > 0 then
strReferedBy = left(request.servervariables("HTTP_REFERER"), (instr(1, request.servervariables("HTTP_REFERER"), "?", 1)-1))
else
strReferedBy = request.servervariables("HTTP_REFERER")
end if
strCurrentURL = Site_Forum_URL &"/Admin/user-users.asp"
if lcase(strReferedBy) <> lcase(strCurrentURL) then
response.redirect(Site_Forum_URL & "/default.asp")
end if
'Grab user name
set rsConfirm = server.createobject("adodb.recordset")
sqlConfirm = "SELECT User_ID, User_Name FROM forum_users WHERE User_ID = "& int(request.querystring("User")) &""
rsConfirm.open sqlConfirm, adoConn, CMDText
if not (rsConfirm.eof or rsConfirm.bof) then
strID = rsConfirm("User_ID")
strUser = rsConfirm("User_Name")
end if
rsConfirm.close
set rsConfirm = nothing
if strID <> "" then
'Display delete user confirmation message
%>
<table border="0" cellspacing="1" cellpadding="2" align="center" class="main">
<tr valign="middle" class="title">
<td align="center"><%=Site_Name%> // Confirm Delete</td>
</tr>
<tr valign="top" class="body">
<td>
Are you sure that you want to delete the user <%=strUser%>?
</td>
</tr>
<tr valign="top" class="body">
<td align="right">
<a href="user-users.asp?Action=Submit&Delete=<%=strID%>">Yes</a> - <a href="user-users.asp">No</a>
</td>
</tr>
</table>
<%
else
'User not found, display error
%>
<table border="0" cellspacing="1" cellpadding="2" align="center" class="main">
<tr valign="middle" class="title">
<td align="center"><%=Site_Name%> // Oops</td>
<tr valign="top" class="body">
<td align="left">
There's been an error and the user that you specified could not be found. Please resubmit your search for the user and try again.
</td>
</tr>
</table>
<%
end if
end if
if Action = "Search" then
%>
<table border="0" cellspacing="1" cellpadding="1" align="center" class="main">
<form action="user-users.asp?Action=Search" method="post" >
<tr valign="middle" class="title">
<td align="center"><%=Site_Name%> // User Search</td>
</tr>
<tr valign="top" class="body">
<td align="left">
Please enter your search criteria in the boxes provided below, not all fields are required and if you are unsure as to certain details it's best if the field is left blank.
</td>
<tr valign="top" class="body">
<td align="center">
User Name
<input name="Name" type="text" id="Name" value="<%=request.form("Name")%>" style="border: 1px solid black;" size="20">
Email
<input name="Email" type="text" id="Email" value="<%=request.form("Email")%>" style="border: 1px solid black;" size="20">
I.P
<input name="IP" type="text" id="IP" value="<%=request.form("IP")%>" style="border: 1px solid black;" size="20">
<br>
<br>
<input type="submit" name="Submit" value="Search" style="border: 1px solid black;">
</td>
</tr>
</form>
</table>
<%
if (request.form("Name") <> "" or request.form("Email") <> "" or request.form("IP") <> "") and request.querystring("Update") = "" then
%>
<table border="0" cellspacing="1" cellpadding="2" align="center" class="main">
<tr valign="top" class="title">
<td colspan="3"><%=Site_Name%> // Search Results</td>
</tr>
<tr valign="top" class="sub-title">
<td>
User Name
</td>
<td>
Email
</td>
<td width="100" align="center">
Options
</td>
</tr>
<%
'Find all of the users that meet the search criteria, if any
Set rsUser = Server.CreateObject("ADODB.Recordset")
SqlUser = "SELECT User_ID, User_Name, User_Email FROM forum_users WHERE (User_Name LIKE '%"& request.form("Name") &"%'"
if request.form("Email") <> "" then
SqlUser = SqlUser & " AND User_Email LIKE '%" & request.form("Email") & "%'"
end if
if request.form("IP") <> "" then
SqlUser = SqlUser & " AND User_IP LIKE '%" & request.form("IP") & "%'"
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -