manacteditok.asp

此程序为网上下载

<%@ codepage ="936" %>
<%Response.Expires=0
nickname=Session("hxf_u_nickname")
grade=Int(Session("hxf_u_grade"))
userip=Request.ServerVariables("REMOTE_ADDR")
if nickname="" then Response.Redirect "manerr.asp?id=100"
If grade <> 12 Then
 qx = Split(Application("wsaxhxf_c_grade" & grade), "{]")
 If qx(19) <> "1" Then Response.Redirect "manerr.asp?id=260"
End If
id=Request.Form("id")
actname=Trim(Request.Form("actname"))
range=Trim(Request.Form("range"))
if range<>"1" and range<>"0" then range="0"
actnl=Trim(Request.Form("act"))
actnl=Replace(actnl,chr(13)&chr(10),"")
actnl=Replace(actnl,"<","&lt;")
actnl=Replace(actnl,">","&gt;")
actnl=Replace(actnl,"&","&amp;")
if range<>0 and range<>1 then range=""
if actname="" or actnl="" or range="" or len(actnl)<=2 then Response.Redirect "manerr.asp?id=102"
if left(actnl,2)<>"//" then Response.Redirect "manerr.asp?id=103"
if left(actnl,4)="//##" then Response.Redirect "manerr.asp?id=104"
if len(actnl)>100 or len(actname)>4 then Response.Redirect "manerr.asp?id=105"
if InStr(actnl,"%%")<>0 and range="0" then Response.Redirect "manerr.asp?id=106"
if InStr(actnl,"%%")=0 and range="1" then Response.Redirect "manerr.asp?id=107"
if InStr(actnl,"|")<>0 or InStr(actnl,"\")<>0 or InStr(actnl,chr(34))<>0 then Response.Redirect "manerr.asp?id=108"
 n=Year(date())
 y=Month(date())
 r=Day(date())
 s=Hour(time())
 f=Minute(time())
 m=Second(time())
 if len(y)=1 then y="0" & y
 if len(r)=1 then r="0" & r
 if len(s)=1 then s="0" & s
 if len(f)=1 then f="0" & f
 if len(m)=1 then m="0" & m
 sj=n & "-" & y & "-" & r & " " & s & ":" & f & ":" & m 
Set conn=Server.CreateObject("ADODB.CONNECTION")
Set rs=Server.CreateObject("ADODB.RecordSet")
connstr=Application("wsaxhg_connstr")
conn.open connstr
sql="SELECT acttype,name,act FROM actlib WHERE id=" & id
rs.open sql,conn,1,3
if rs.Eof and rs.Bof then
 rs.close
 conn.close
 set rs=nothing
 set conn=nothing
 Response.Redirect "manerr.asp?id=261"
end if
rs("acttype")=range
rs("name")=actname
rs("act")=actnl
rs.Update
rs.close
sql = "INSERT INTO logs (type, logtime, name, ip, opertion) VALUES ('4', '" & sj & "', '" & nickname & "', '" & userip & "', '编辑ID为<font color=red>[" & id & "]</font>的动作 <font color=green>类型</font>：[<font color=blue>" & range & "</font>] <font color=green>名称：</font>  " & actname & "。<font color=green>内容：</font> " & actnl & "')"
conn.Execute sql
conn.close
set rs=nothing
set conn=nothing%><html>
<head>
<title>动作管理</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<link rel="stylesheet" href="readonly/style.css">
</head>
<body bgcolor="#FFFFFF" class=p150>
<div align="center">
<h1><font color="0099FF">【动作管理】</font></h1>
<font color="#FF0000">【编辑动作】</font></div>
<hr noshade size="1" color=009900>
<b>［操作完成］</b><br>
　　ID 为 <font color="#FF0000"><%=id%></font> 的动作已经修改!<br><div align=center><a href="javascript:history.go(-2)">返回</a></div>
<div align=center></div>
<hr noshade size="1" color=009900>
<div align=center class=cp><%Response.Write "序列号：<font color=blue>" & Application("wsaxhxf_c_sn") & "</font>，授权给：<font color=blue>" & Application("wsaxhxf_c_user") & "</font><br><font color=999999>" & Application("wsaxhxf_c_copyright") & "</font>"%></div>
</body>
</html>