<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>
<!--#include file="Connections/conn_news.asp" -->
<%
' *** Restrict Access To Page: Grant or deny access to this page
MM_authorizedUsers="3"
MM_authFailedURL="../default.htm"
MM_grantAccess=false
If Session("MM_Username") <> "" Then
If (false Or CStr(Session("MM_UserAuthorization"))="") Or _
(InStr(1,MM_authorizedUsers,Session("MM_UserAuthorization"))>=1) Then
MM_grantAccess = true
End If
End If
If Not MM_grantAccess Then
MM_qsChar = "?"
If (InStr(1,MM_authFailedURL,"?") >= 1) Then MM_qsChar = "&"
MM_referrer = Request.ServerVariables("URL")
if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?" & Request.QueryString()
MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" & Server.URLEncode(MM_referrer)
Response.Redirect(MM_authFailedURL)
End If
%>
<%
' *** Edit Operations: declare variables
Dim MM_editAction
Dim MM_abortEdit
Dim MM_editQuery
Dim MM_editCmd
Dim MM_editConnection
Dim MM_editTable
Dim MM_editRedirectUrl
Dim MM_editColumn
Dim MM_recordId
Dim MM_fieldsStr
Dim MM_columnsStr
Dim MM_fields
Dim MM_columns
Dim MM_typeArray
Dim MM_formVal
Dim MM_delim
Dim MM_altVal
Dim MM_emptyVal
Dim MM_i
MM_editAction = CStr(Request.ServerVariables("SCRIPT_NAME"))
If (Request.QueryString <> "") Then
MM_editAction = MM_editAction & "?" & Request.QueryString
End If
' boolean to abort record edit
MM_abortEdit = false
' query string to execute
MM_editQuery = ""
%>
<%
' *** Insert Record: set variables
If (CStr(Request("MM_insert")) = "form1") Then
MM_editConnection = MM_conn_news_STRING
MM_editTable = "t_mob"
MM_editRedirectUrl = "yns_mlist.asp"
MM_fieldsStr = "m_name|value|m_content|value"
MM_columnsStr = "m_name|',none,''|m_content|',none,''"
' create the MM_fields and MM_columns arrays
MM_fields = Split(MM_fieldsStr, "|")
MM_columns = Split(MM_columnsStr, "|")
' set the form values
For MM_i = LBound(MM_fields) To UBound(MM_fields) Step 2
MM_fields(MM_i+1) = CStr(Request.Form(MM_fields(MM_i)))
Next
' append the query string to the redirect URL
If (MM_editRedirectUrl <> "" And Request.QueryString <> "") Then
If (InStr(1, MM_editRedirectUrl, "?", vbTextCompare) = 0 And Request.QueryString <> "") Then
MM_editRedirectUrl = MM_editRedirectUrl & "?" & Request.QueryString
Else
MM_editRedirectUrl = MM_editRedirectUrl & "&" & Request.QueryString
End If
End If
End If
%>
<%
' *** Insert Record: construct a sql insert statement and execute it
Dim MM_tableValues
Dim MM_dbValues
If (CStr(Request("MM_insert")) <> "") Then
' create the sql insert statement
MM_tableValues = ""
MM_dbValues = ""
For MM_i = LBound(MM_fields) To UBound(MM_fields) Step 2
MM_formVal = MM_fields(MM_i+1)
MM_typeArray = Split(MM_columns(MM_i+1),",")
MM_delim = MM_typeArray(0)
If (MM_delim = "none") Then MM_delim = ""
MM_altVal = MM_typeArray(1)
If (MM_altVal = "none") Then MM_altVal = ""
MM_emptyVal = MM_typeArray(2)
If (MM_emptyVal = "none") Then MM_emptyVal = ""
If (MM_formVal = "") Then
MM_formVal = MM_emptyVal
Else
If (MM_altVal <> "") Then
MM_formVal = MM_altVal
ElseIf (MM_delim = "'") Then ' escape quotes
MM_formVal = "'" & Replace(MM_formVal,"'","''") & "'"
Else
MM_formVal = MM_delim + MM_formVal + MM_delim
End If
End If
If (MM_i <> LBound(MM_fields)) Then
MM_tableValues = MM_tableValues & ","
MM_dbValues = MM_dbValues & ","
End If
MM_tableValues = MM_tableValues & MM_columns(MM_i)
MM_dbValues = MM_dbValues & MM_formVal
Next
MM_editQuery = "insert into " & MM_editTable & " (" & MM_tableValues & ") values (" & MM_dbValues & ")"
If (Not MM_abortEdit) Then
' execute the insert
Set MM_editCmd = Server.CreateObject("ADODB.Command")
MM_editCmd.ActiveConnection = MM_editConnection
MM_editCmd.CommandText = MM_editQuery
MM_editCmd.Execute
MM_editCmd.ActiveConnection.Close
If (MM_editRedirectUrl <> "") Then
Response.Redirect(MM_editRedirectUrl)
End If
End If
End If
<%
dim founderr,errmsg
founderr=false
errmsg=""
if session("adminlogin")<>sessionvar then
founderr=true
errmsg=errmsg+"<br>"+"<li>你尚未登录,或者超时了!请<a href='yns_login.asp'>重新登录</a>!"
call diserror()
response.end
else
if request.form("MM_insert") then
if request.form("action")="newcat" then
opendown
sql="select * from d_cat"
set rs=server.createobject("adodb.recordset")
rs.open sql,conn,1,3
rs.addnew
dim cat_name
cat_name=trim(replace(request.form("cat_name"),"'",""))
if cat_name="" then
founderr=true
errmsg=errmsg+"<br>"+"<li>你必须填写分类名称!"
else
rs("cat_name")=cat_name
end if
if founderr then
call diserror()
response.end
else
rs.update
rs.close
set rs=nothing
response.redirect "yns_down.asp"
end if
elseif request.form("action")="newclass" then
opendown
sql="select * from d_class"
set rs=server.createobject("adodb.recordset")
rs.open sql,conn,1,3
rs.addnew
dim class_name,cat_id
cat_id=cint(request.form("cat_id"))
class_name=trim(replace(request.form("class_name"),"'",""))
if cat_id<1 then
founderr=true
errmsg=errmsg+"<br>"+"<li>你必须选择所属分类名称!"
else
rs("cat_id")=cat_id
end if
if class_name="" then
founderr=true
errmsg=errmsg+"<br>"+"<li>你必须填写子分类名称!"
else
rs("class_name")=class_name
end if
if founderr then
call diserror()
response.end
else
rs.update
rs.close
set rs=nothing
response.redirect "yns_down.asp"
end if
elseif request.form("action")="editcat" then
if cint(request.form("id"))<1 then
founderr=true
errmsg=errmsg+"<br>"+"<li>非法的分类参数!"
call diserror()
response.end
end if
opendown
sql="select * from d_cat where cat_id="&request.form("id")
set rs=server.createobject("adodb.recordset")
rs.open sql,conn,1,3
cat_name=trim(replace(request.form("cat_name"),"'",""))
if cat_name="" then
founderr=true
errmsg=errmsg+"<br>"+"<li>你必须填写分类名称!"
else
rs("cat_name")=cat_name
end if
if founderr then
call diserror()
response.end
else
rs.update
rs.close
set rs=nothing
response.redirect "yns_down.asp"
end if
elseif request.form("action")="editclass" then
if cint(request.form("id"))<1 then
founderr=true
errmsg=errmsg+"<br>"+"<li>非法的分类参数!"
call diserror()
response.end
end if
opendown
sql="select * from d_class where class_id="&request.form("id")
set rs=server.createobject("adodb.recordset")
rs.open sql,conn,1,3
cat_id=cint(request.form("cat_id"))
class_name=trim(replace(request.form("class_name"),"'",""))
if cat_id<1 then
founderr=true
errmsg=errmsg+"<br>"+"<li>你必须选择所属分类名称!"
else
rs("cat_id")=cat_id
end if
if class_name="" then
founderr=true
errmsg=errmsg+"<br>"+"<li>你必须填写子分类名称!"
else
rs("class_name")=class_name
end if
if founderr then
call diserror()
response.end
else
rs.update
rs.close
set rs=nothing
response.redirect "yns_down.asp"
end if
elseif request.form("action")="delcat" then
if cint(request.form("id"))<1 then
founderr=true
errmsg=errmsg+"<br>"+"<li>非法的分类参数!"
call diserror()
response.end
end if
opendown
sql="select * from d_cat where cat_id="&request.form("id")
set rs=server.createobject("adodb.recordset")
rs.open sql,conn,1,3
rs.delete
rs.close
set rs=nothing
response.redirect "yns_down.asp"
elseif request.form("action")="delclass" then
if cint(request.form("id"))<1 then
founderr=true
errmsg=errmsg+"<br>"+"<li>非法的分类参数!"
call diserror()
response.end
end if
opendown
sql="select * from d_class where class_id="&request.form("id")
set rs=server.createobject("adodb.recordset")
rs.open sql,conn,1,3
rs.delete
rs.close
set rs=nothing
response.redirect "yns_down.asp"
end if
end if
call admin_nav()
call admindown_body()
closedatabase
call adminendpage()
end if
%>
