buyuser.asp

1. 硬件环境：MS WINDOWS NT PACK 4 OR LATER /WIN2000 WITH IIS 4.0 OR LATER /WIN9X+PWS 2. 数 据 库：Access2000

 <!-- #include file="setup.asp" -->
<%
Menu=Server.HTMLEncode(Trim(Request.QueryString("Menu")))
Set rs = Server.CreateObject("ADODB.Recordset")
validate "Login.asp",1
select case Menu
	case "post"
		Forcedid=Request.QueryString("Forcedid")
		UsID=Request.QueryString("inceptid")
		Set Rs = Conn.Execute("Select Forced_Stat,Forced_now,Forced_OK,Forced_SendUs,Forced_ProName,Forced_Title From Forced_sale where Forced_ID="&Forcedid)
		if Rs("Forced_Stat") > Rs("Forced_now") Then
		Money=Rs("Forced_Stat")
		else
		Money=Rs("Forced_now")+1
		end if%>
		<HTML><META http-equiv=Content-Type content="text/html; charset=gb2312">
		<link href=css.css rel=stylesheet>
		<body topmargin=0 bgcolor="C4D4E5">
		<style>
		.bt {BORDER-RIGHT: 1px; BORDER-TOP: 1px; FONT-SIZE: 9pt; BORDER-LEFT: 1px; BORDER-BOTTOM: 1px;}
		</style>
		<TITLE>发送消息</TITLE>
		<SCRIPT>
		var i=0;
		function check(theForm) {
		if(theForm.content.value == "" ) {
		alert("不能发空讯息！");
		return false;
		}
		if (theForm.content.value.lengtd > 255){
		alert("对不起，您的讯息不能超过 255 个字节！");
		return false;
		}
		i++;if (i>1) {document.form.submit1.disabled = true;}return true;
		}
		function presskey(eventobject){if(event.ctrlKey && window.event.keyCode==13){this.document.form.submit();}}
		</SCRIPT>
		<form name=form action="BuyUser.asp?menu=addpost&incept=<%=UsID%>" method="post" ID="Form1">
		<TABLE WIDTH=300 BORDER=0 CELLPADDING=3 CELLSPACING=0 BGCOLOR=C4D4E5 ID="Table1">
		<tr><td height="23" align="center"><FONT COLOR=FFFFFF><b><%=Rs("Forced_Title")%></b></FONT></td></tr>
		</TABLE>
		<table width="300" height="115"border="0" cellpadding="00" cellspacing="0" ID="Table2">
		<tr bgcolor="#F8F8F8">
		<td><table width="100%"border="0" cellspacing="0" cellpadding="00" ID="Table3">
		<tr><td height="23"><div align="right">
		<input type=hidden name="Forcedid" value=<%=Forcedid%> ID="Hidden1">卖方:</div></td>
		<td><%=Rs("Forced_SendUs")%></td>
		</tr>
		<tr>
			<td height="15" align="right">产品:</td>
			<td><%= Rs("Forced_ProName") %></td>
			</tr>
		<tr>
			<td height="13" colspan="2"><hr width="200" size="1"></td>
			</tr>
		<tr>
			<td height="13" align="right">买方:</td>
			<td><%=Request.Cookies("Username")%></td>
			</tr>
		<tr>
		<td width="33%" height="19" align="right">需要数量:</td>
		<td width="67%"><input type="text" name="Nums" ID="Text2" value="1"></td>
		</tr>
		<tr>
		<td height="19" align="right"> 每件出价:</td>
		<td height="19"><input type="text" name="TMoney" ID="Text3" value="<%=Money%>"></td>
		</tr>
		</table></td>
		</tr>
		</table>
		<TABLE WIDTH=300 BORDER=0 CELLSPACING=0 CELLPADDING=0 height="30" ID="Table4">
		<tr ALIGN=center>
		<TD width="100" height="21" bgcolor="#C4D4E5"><input type="radio" name="radiobutton" value="radiobutton" ID="Radio1" Onclick="JavaScript:Text3.value=<%= Rs("Forced_OK") %>">
			一口价</td>
		<TD width="100" bgcolor="#C4D4E5"><input type="radio" name="radiobutton" value="radiobutton" ID="Radio2" Onclick="JavaScript:Text3.value=<%= Money %>">
			竟标价</td>
		<TD width="100" bgcolor="#C4D4E5"><input name=submit1 type="submit" value="发送讯息" onclick="return check(this.form)" ID="Submit1" ></td>
		</TR>
		</TABLE>
		
		</form>
<%case "addpost"
		if instr(Request.ServerVariables("http_referer"),""&Request.ServerVariables("server_name")&"") = 0 then error 2,"来源错误",""
		if Request.QueryString("incept")=Request.Cookies("User") then Error 2,"不允许自己抬价哦！",""
		
		TMoney=int(Request.form("TMoney"))
		Nums=int(Request.form("Nums"))
		Forcedid=int(Request.form("Forcedid"))
		if len(TMoney)=0 or len(Nums)=0 or len(Forcedid)=0 Then Error 1,"参数非法传递!",""
		if IsNumEric(TMoney)=False or IsNumEric(Nums)=False or IsNumEric(Forcedid)=False Then Error 1,"参数非法传递!",""
		
		Set Rs = Conn.Execute("Select Forced_Now,Forced_OvTime,Forced_Conceal From Forced_sale where Forced_ID="&Forcedid)
		if DateDiff("d",Rs("Forced_OvTime"),Now()) > 0 Then Error 2,"不允许出价！\n该产品信息已经过期！",""
		if Trim(Rs("Forced_Conceal"))>1 Then Error 2,"不允许出价！\n该产品信息已经过期！",""
		if TMoney <  Rs("Forced_Now") Then Error 2,"您出的价格不能少于 "&Forced_Now& " 元!",""
		Conn.BeginTrans
			Conn.Execute("insert into BuyUser(BuyName,BuyUserID,BuyMoney,BuyNums,ForcedID)values('"&Request.Cookies("Username")&"',"&Request.Cookies("User")&","&TMoney&","&Nums&","&Forcedid&")")
			Conn.Execute("insert into message(PostName,PostID,InceptID,InceptName,content)values('系统消息','1',"&Request("incept")&",'"&conn.execute("Select UserName_2 from UserInfo where UserID="&Request("incept"))(0)&"','您拍卖的产品有人出价了哦，赶快进入拍卖区看看吧！')")
			Conn.Execute("update UserInfo set UserPrestige=UserPrestige+1 where UserID="&Request("incept"))
			Conn.Execute("update Forced_sale set Forced_Now="&TMoney&",Forced_Buy=Forced_Buy+1 where Forced_ID="&Forcedid)
		if Conn.Errors.Count <> 0 then
			Error 2,"执行过程中有错误发生,请待网络恢复正常再重试！",""
			Conn.RollbackTrans
			Conn.Close
			Set Conn = Nothing
			Response.End 
		else
			Conn.CommitTrans
		end if
		Conn.Close
		Set Conn = Nothing
		Response.Write "发送成功！<script>window.close();</script>"
case "BuyOKNow"
		Forcedid=Request.Form("Forced_ID")
		BuyUserID=Request.Form("BuyUserID")
		BuyName=Request.Form("BuyName")
		if Trim(Conn.Execute("Select Forced_Conceal From Forced_sale where Forced_ID="&Forcedid)(0)) > 1 Then Error 2,"无法操作！\n该产品已经被拍卖！","" 
		
		Sql="Update Forced_sale Set Forced_Conceal = '2',Forced_User='"&BuyName&"',Forced_UserID='"&BuyUserID&"' where Forced_ID="&Forcedid
		Conn.Execute(Sql)
		
		Set R = Conn.Execute("Select UserEmail_2,UserQQ,UserTel,UserICQ,UserWeb,UserPhoto From Userinfo where Userid="&BuyUserID)
		%>
		
		<TABLE WIDTH=300 BORDER=0 CELLPADDING=3 CELLSPACING=0 BGCOLOR=C4D4E5 ID="Table9">
		<tr><td height="23" align="center">祝您交易成功，用户<%=BuyName%>的联系方式如下：</td>
		</tr>
		</TABLE>
		<table width="300" height="115"border="0" cellpadding="00" cellspacing="0" ID="Table10">
		<tr bgcolor="#F8F8F8">
		<td><table width="100%"border="0" cellspacing="0" cellpadding="00" ID="Table11">
		<tr><td height="18" align="right">买方:</td>
		<td>&nbsp;</td>
		</tr>
		<tr>
		<td width="33%" height="19" align="right"> 联系电话:  </td>
		<td width="67%">&nbsp;<%=R("UserTel")%></td>
		</tr>
		<tr>
		<td height="19" align="right"> 联系Email:</td>
		<td height="19">&nbsp;<%=R("UserEmail_2")%></td>
		</tr>
		<tr>
		  <td height="19" align="right"> ＱＱ号码:  </td>
		  <td height="19">&nbsp;<%=R("UserQQ")%></td>
		  </tr>
		<tr>
		  <td height="19" align="right"> ICQ 号码:  </td>
		  <td height="19">&nbsp;<%=R("UserICQ")%></td>
		  </tr>
		<tr>
		  <td height="19" align="right"> 个人主页:  </td>
		  <td height="19">&nbsp;<%=R("UserWeb")%></td>
		  </tr>
		</table></td>
		</tr>
		</table>
		<TABLE WIDTH=300 BORDER=0 CELLSPACING=0 CELLPADDING=0 height="30" ID="Table12">
		<tr ALIGN=center>
		<TD height="21" bgcolor="#C4D4E5"><input name=submit1 type="button" value="关闭窗口" onclick="JavaScript:window.close();" ID="Submit3" ></td>
		</TR>
		</TABLE>

		
<% R.Close
Set R = Nothing

		Response.End
case "BuyOK"
		Forcedid=Request.QueryString("Forcedid")
		UsID=Request.QueryString("inceptid")
		BuyID=Request.QueryString("BuyID")
		
		Set R = Conn.Execute("Select BuyID,BuyUserID,BuyName,BuyMoney,BuyNums From BuyUser where BuyID="&BuyID&" Order by BuyMoney Desc,BuyTime Desc")
		Set Rs = Conn.Execute("Select Forced_SendUsID,Forced_SendUs,Forced_ProName,Forced_Title From Forced_sale where Forced_ID="&Forcedid)
		if Trim(Request.Cookies("User")) <> Trim(Rs("Forced_SendUsID")) Then Error 1,"您不是此产品卖家，无权限操作!",""%>
		<META http-equiv=Content-Type content="text/html; charset=gb2312">
		<link href=css.css rel=stylesheet>
		<body topmargin=0 bgcolor="C4D4E5">
		<style>
		.bt {BORDER-RIGHT: 1px; BORDER-TOP: 1px; FONT-SIZE: 9pt; BORDER-LEFT: 1px; BORDER-BOTTOM: 1px;}
		</style>
		<TITLE>发送消息</TITLE>
		<form name=form action="BuyUser.asp?menu=BuyOKNow&incept=<%=UsID%>" method="post" ID="Form2">
		<TABLE WIDTH=300 BORDER=0 CELLPADDING=3 CELLSPACING=0 BGCOLOR=C4D4E5 ID="Table5">
		<tr><td height="23" align="center"><FONT COLOR=FFFFFF><b><%=Rs("Forced_Title")%></b></FONT></td></tr>
		</TABLE>
		<table width="300" height="115"border="0" cellpadding="00" cellspacing="0" ID="Table6">
		<tr bgcolor="#F8F8F8">
		<td><table width="100%"border="0" cellspacing="0" cellpadding="00" ID="Table7">
		<tr><td height="23"><div align="right"><input type=hidden name="Forced_ID" value=<%=Forcedid%>>
		卖方:</div></td>
		<td><%=Rs("Forced_SendUs")%></td>
		</tr>
		<tr>
		<td height="15" align="right">产品:</td>
		<td><%= Rs("Forced_ProName") %></td>
		</tr>
		<tr>
		<td height="13" colspan="2"><hr width="200" size="1"></td>
		</tr>
		<tr><td height="13" align="right">买方:<input type=hidden name="BuyUserID" value=<%=R("BuyUserID")%> ><input type=hidden name="BuyName" value=<%=R("BuyName")%> ID="Hidden2"></td>
		<td><%=R("BuyName")%></td>
		</tr>
		<tr>
		<td width="33%" height="19" align="right">需要数量:</td>
		<td width="67%"><input type="text" name="Nums" ID="Text1" value="<%=R("BuyNums")%>" disabled></td>
		</tr>
		<tr>
		<td height="19" align="right"> 每件出价:</td>
		<td height="19"><input type="text" name="TMoney" ID="Text4" value="<%=R("BuyMoney")%>" disabled></td>
		</tr>
		</table></td>
		</tr>
		</table>
		<TABLE WIDTH=300 BORDER=0 CELLSPACING=0 CELLPADDING=0 height="30" ID="Table8">
		<tr ALIGN=center>
		<TD height="21" bgcolor="#C4D4E5"><input name=submit1 type="submit" value="成 交" onclick="return check(this.form)" ID="Submit2" ></td>
		</TR>
		</TABLE>
		
		</form>		
<%R.Close
Rs.Close
Set R = Nothing
Set Rs = Nothing

end select
response.end%>