3.asp

网佳网络办公系统（以下简称OA）是一套基于B/S模式的无纸化办公系统。[显著特点：无须安装客户端] 主要功能模块：管理 公文 车辆 通知 档案 值班 人事 审批 仓库 主界面 软件下载 个

<%
'逮捕
function daipu(fn1,from1,to1)
    if InStr(fn1,"'")<>0 or InStr(fn1,"`")<>0 or InStr(fn1,"=")<>0 or InStr(fn1,"-")<>0 or InStr(fn1,",")<>0 then 
         Response.Write "<script language=JavaScript>{alert('你想做什么？想捣乱吗？！');}</script>"
         Response.End
         exit function
    end if
    if fn1="" or to1=from1 or to1="大家" then
Response.Write "<script language=JavaScript>{alert('逮捕得有理由还的看对象啊,格式为/逮捕 捣乱!');}</script>"
Response.End
        exit function
    end if
	i=isin(to1)
	if i=999 then
		 daipu="逮捕失败！"
		 exit function
	end if
         Set conn=Server.CreateObject("ADODB.CONNECTION")
         Set rs=Server.CreateObject("ADODB.RecordSet")
         connstr=Application("hg_connstr")
         conn.open connstr
	     sql="SELECT grade FROM 用户 WHERE 姓名='" & from1 & "' and 门派='六扇门' and grade>6"
	     Set Rs=conn.Execute(sql)	     
	if rs.eof or rs.bof then
Response.Write "<script language=JavaScript>{alert('你不是六扇门的人或者是你的等级不够!');}</script>"
Response.End
	else
	     dj=rs("grade")
         sql="select grade,门派 from 用户 where 姓名='" & to1 & "'"
		 set rs=conn.execute(sql)
	          if dj<=rs("grade") and rs("门派")="六扇门" then
			       daipu="不能逮捕同级或等级比你高的网管！"
		      else
                   sql="select id from 卡片拥有 where 卡片名称='免罪卡' and 拥有者='"&to1&"' and 数值>0"
                   set rs=conn.execute(sql)
                        if not(rs.eof or rs.bof) then
                              id=rs("ID")
			                  sql="update 卡片拥有 set 数值=数值-1 where id=" & id
			                  conn.execute sql
			                  daipu="六扇门的人准备用根铁索套在"&to1&"的脖子上,就在此时,"&to1&"掏出身上的免罪卡说,慢着,我身上有免罪卡,嘿嘿!"
                        else
                        	  sql="update 用户 set 状态='狱',登录=now()+3 where 姓名='" & to1 & "'"
			                  conn.execute sql
			                  call boot(to1)
			                  daipu="<b>六扇门的<font color=red>["&from1&"]</font>拿了根铁索套在<font color=red>[" & to1 & "]</font>的脖子上，连拉带扯的把<font color=red>[" & to1 & "]</font>押到了牢房！<font color=009900>[原因]：" & fn1 & "</font></b>"
                			  '记录在案
                			  userip=Request.ServerVariables("REMOTE_ADDR")
				              sql="select * from logdata where 时限=true"
				              set rs=conn.execute(sql)
				              if rs.eof or rs.bof then
				              sql="INSERT INTO logdata (logtime,name,ip,opertion) VALUES ("
				              sql=sql & SqlStr(sj) & ","
				              sql=sql & SqlStr(from1) & ","
				              sql=sql & SqlStr(userip) & ","
				              sql=sql & SqlStr(daipu) & ")"
				              else
				              id=rs("id")
				              sql="update logdata set name='"&from1&"',ip='"&userip&"',opertion='"&daipu&"',logtime="&sqlstr(sj)&",时限=false where id="&id				
				              end if
				              conn.execute sql
			            end if
		     end if
	end if
	rs.close
	conn.close
	set rs=nothing
	set conn=nothing
end function
%>