gusucode.com > 耐品图片管理系统 标准版A > 耐品图片管理系统 标准版A/Api_Response.asp
<!--#include file="Head.asp"--> <!--#include file="Inc/md5.asp"--> <!--#include file="Api/Api_Config.asp"--> <% '=============================================================== ' 著作权号:中国国家版权局著作权登记号2004SR07385 ' 版权所有:深圳市耐品科技开发有限公司 www.naipin.com ' 联系电话:0755-26611119 81234844 81234845 ' 联系手机:13316911914 ' 联系邮箱:naipin@naipin.com '=============================================================== '========================================================= ' File: Api_Response.asp ' Version: V200605 ' Date: 2006-5-12 ' Script Written by Lyout '========================================================= ' Copyright (C) 2006 naipin. All rights reserved. ' Web: http://www.netpic.net,http://www.naipin.com ' Email: naipin@naipin.com '========================================================= Dim XMLDom,XmlDoc,Node,Status,Messenge Dim UserName,Action,Appid Status = 1 Messenge = "" If Request.QueryString<>"" Then SaveUserCookies() Else Set XmlDoc = Server.CreateObject("msxml2.FreeThreadedDOMDocument" & MsxmlVersion) XmlDoc.ASYNC = False If Not XmlDoc.LOAD(Request) Then Status = 1 Messenge = "数据非法,操作中止!" Else If Not (XmlDoc.documentElement.selectSingleNode("userip") is nothing) Then Netout.UserTrueIP = XmlDoc.documentElement.selectSingleNode("userip").text End If If CheckPost() Then Select Case Action Case "checkname" Checkname() Case "reguser" Reguser() Case "login" UesrLogin() Case "logout" LogoutUser() Case "update" UpdateUser() Case "delete" Deleteuser() Case "lock" Lockuser() Case "getinfo" GetUserinfo() End Select End If End If ReponseData() Set XmlDoc = Nothing End If Set Netout = Nothing '得到节点的值 Function GetNodeValue(nodeName) On Error Resume Next GetNodeValue = XmlDoc.documentElement.selectSingleNode(nodeName).text If Err Then GetNodeValue = "" End Function Sub ReponseData() If Action <> "getinfo" Then XmlDoc.loadxml "<root><appid>naipin</appid><status>0</status><body><message/></body></root>" End If XmlDoc.documentElement.selectSingleNode("appid").text = "naipin" XmlDoc.documentElement.selectSingleNode("status").text = status XmlDoc.documentElement.selectSingleNode("body/message").text = "" Set Node = XmlDoc.createCDATASection(Replace(Messenge,"]]>","]]>")) XmlDoc.documentElement.selectSingleNode("body/message").appendChild(Node) Response.Clear Response.ContentType="text/xml" Response.CharSet="gb2312" Response.Write "<?xml version=""1.0"" encoding=""gb2312""?>"&vbNewLine Response.Write XmlDoc.documentElement.XML End Sub Function CheckPost() CheckPost = False Dim Syskey If XmlDoc.documentElement.selectSingleNode("action") is Nothing or XmlDoc.documentElement.selectSingleNode("syskey") is Nothing or XmlDoc.documentElement.selectSingleNode("username") is Nothing Then Status = 1 Messenge = Messenge & "<li>非法请求。</li>" Exit Function End If UserName = Replace(Trim(GetNodeValue("username")),"'","") Syskey = GetNodeValue("syskey") Action = GetNodeValue("action") Appid = GetNodeValue("appid") Dim NewMd5,OldMd5 NewMd5 = Md5(UserName&Api_SysKey,Api_Md5_Len) Md5OLD = 1 OldMd5 = Md5(UserName&Api_SysKey,Api_Md5_Len) Md5OLD = 0 If Syskey=NewMd5 or Syskey=OldMd5 Then CheckPost = True Else Status = 1 Messenge = Messenge & "<li>请求数据验证不通过,请与管理员联系。" End If End Function Sub GetUserinfo() Dim Rs,Sql Dim Userinfo XmlDoc.loadxml "<root><appid>naipin</appid><status>0</status><body><message/><email/><question/><answer/><mobile/><phone/><userip/></body></root>" Sql = "Select Top 1 * From Nt_User Where UserName='"&UserName&"'" Set Rs = Conn.Execute(Sql) If Not Rs.Eof And Not Rs.Bof Then XmlDoc.documentElement.selectSingleNode("body/email").text = Rs("UserEmail")&"" XmlDoc.documentElement.selectSingleNode("body/question").text = Rs("Quesion")&"" XmlDoc.documentElement.selectSingleNode("body/answer").text = Rs("Answer")&"" XmlDoc.documentElement.selectSingleNode("body/mobile").text = Rs("Mobile")&"" XmlDoc.documentElement.selectSingleNode("body/phone").text = Rs("Phone")&"" Status = 0 Messenge = Messenge & "<li>读取用户资料成功。</li>" Else Status = 1 Messenge = Messenge & "<li>该用户不存在。</li>" End If Rs.Close Set Rs = Nothing End Sub Sub Deleteuser() Dim D_Users,i Dim Rs D_Users = Split(UserName,",") For i=0 To UBound(D_Users) Set Rs=Conn.Execute("Select [ID] from [Nt_User] where UserName='"&D_Users(i)&"'") If not (rs.eof and rs.bof) then Conn.Execute("delete from Nt_User where ID="&rs(0)) End If Next Status = 0 End Sub Sub SaveUserCookies() Dim Syskey,Password,SaveCookie Syskey = Request.QueryString("syskey") UserName = Request.QueryString("username") Password = Request.QueryString("password") SaveCookie = Netout.CheckNumeric(Request.QueryString("savecookie")) If UserName="" or Syskey="" Then Exit Sub Dim NewMd5,OldMd5 NewMd5 = Md5(UserName&Api_SysKey,Api_Md5_Len) Md5OLD = 1 OldMd5 = Md5(UserName&Api_SysKey,Api_Md5_Len) Md5OLD = 0 If Not (Syskey=NewMd5 or Syskey=OldMd5) Then Exit Sub End If '用户退出 If Password = "" Then With Netout .SetCookie "UserId", "0" .SetCookie "UserName", "" .SetPurview "" .SetCookie "GroupID", 5 .SetCookie "Group", "" End With Exit Sub End If '用户登陆 Dim Rs,Sql,Setting Set Rs = Server.CreateObject("Adodb.RecordSet") Sql = "Select a.Id as UserId,a.Setting,b.id as GroupId,b.GroupName from NT_User as a,NT_UserGroup as b where a.Password='"&Password&"' and a.UserName='"&UserName&"' and a.GroupID=b.ID" Rs.Open Sql,Conn,1,1 If Not Rs.Eof And Not Rs.Bof Then Setting = split(Rs("Setting"),",") With Netout Select case SaveCookie case 0 case 1:Response.Cookies(.CookieName).Expires=Date+1 case 2:Response.Cookies(.CookieName).Expires=Date+31 case 3:Response.Cookies(.CookieName).Expires=Date+365 End Select .SetCookie "UserId", Rs("UserId") .SetCookie "UserName", UserName .SetPurview Rs("Setting") .SetCookie "GroupID", Rs("GroupId") .SetCookie "Group", Rs("GroupName") End With Else Exit Sub End If Rs.Close Set Rs = Nothing End Sub Sub Checkname() Dim i,Rs,Sql '信息验证 If Netout.strLength(UserName)>20 or Netout.strLength(UserName)<4 Then Messenge = Messenge & "<li>用户名长度为 4-20 个字符</li>" '输出错误信息 Status = 1 Exit Sub End If Sql="Select * From [Nt_User] Where Username='"&UserName&"'" Set Rs = Conn.Execute(Sql) If Not Rs.Eof And Not Rs.Bof Then Messenge = "您填写的用户名已经被注册。" Status = 1 Exit Sub Else Status = 0 Messenge = "验证通过。" End If Rs.Close Set Rs = Nothing End Sub '用户注册 Sub Reguser() Dim Password,UserEmail,Question,Answer,Mobile,Phone Dim Temp_tr,i Password = GetNodeValue("password") UserEmail = Trim(GetNodeValue("email")) Question = GetNodeValue("question") Answer = GetNodeValue("answer") Mobile = GetNodeValue("mobile") Phone = GetNodeValue("phone") If UserName="" or Password="" or Question="" or Answer = "" Then Status = 1 Messenge = Messenge & "<li>信息填写不完整。</li>" Exit Sub End If Password = Md5(Password,Api_Md5_Len) Answer = Md5(Answer,Api_Md5_Len) '信息验证 If Netout.strLength(UserName)>20 or Netout.strLength(UserName)<4 Then Messenge = Messenge & "<li>用户名长度为 3-20 个字符</li>" '输出错误信息 Status = 1 Exit Sub End If If Netout.chkEmail(UserEmail)=false then Messenge = Messenge & "<li>Email 地址格式不正确" '输出错误信息 Status = 1 Exit Sub End If Dim Rs,Sql Dim GroupName,Setting,Settings Set Rs = Conn.Execute("select GroupName,Setting from NT_UserGroup where ID=4") GroupName = Rs(0) Settings = Rs(1) Set Rs = Server.CreateObject("Adodb.RecordSet") Sql="Select * From [Nt_user] Where Username='"&UserName&"'" Rs.Open Sql,Conn,1,3 If Not Rs.Eof And Not Rs.Bof Then Messenge = "您填写的用户名已经被注册。" Status = 1 Exit Sub Else Status = 0 Rs.addnew Rs("UserName") = UserName Rs("TrueName") = UserName Rs("ManuName") = UserName Rs("Password") = Password Rs("UserEmail") = UserEmail Rs("Mobile") = Mobile Rs("Phone") = Phone Rs("Setting") = Settings Rs("GroupID") = 4 Rs("Question") = Question Rs("Answer") = Answer Rs.Update With Netout .SetCookie "UserId", .GetScalar("Select Max(Id) from Nt_User") .SetCookie "UserName", UserName .SetPurview Settings .SetCookie "GroupID", 4 .SetCookie "Group", GroupName End With End If Rs.Close Set Rs = Nothing If Status = 0 Then Session("regtime")=now() Messenge = "注册成功。" End If End Sub '更新用户状态 Sub Lockuser() Dim UserStatus,Rs,Sql,locktype If XmlDoc.documentElement.selectSingleNode("userstatus") is Nothing Then Messenge = "<li>参数非法,中止请求。" Status = 1 Exit Sub ElseIf Not IsNumeric(XmlDoc.documentElement.selectSingleNode("userstatus").text) Then Messenge = "<li>参数非法,中止请求。" Status = 1 Exit Sub Else UserStatus = Clng(XmlDoc.documentElement.selectSingleNode("userstatus").text) End If Select Case UserStatus Case 1 locktype="锁定" Case 2 locktype="屏蔽" Case Else locktype="解锁" End Select Status = 0 Messenge = "<li>"&locktype&"成功。" End Sub '用户信息修改 Sub UpdateUser() Dim Rs,Sql Dim Password,UserEmail,Question,Answer,Mobile,Phone Password = GetNodeValue("password") UserEmail = Trim(GetNodeValue("email")) Question = GetNodeValue("question") Answer = GetNodeValue("answer") Mobile = GetNodeValue("mobile") Phone = GetNodeValue("phone") If Password<>"" Then Password = Md5(Password,Api_Md5_Len) End If If Answer<>"" THen Answer = Md5(Answer,Api_Md5_Len) End If Set Rs = Server.CreateObject("Adodb.RecordSet") Sql="Select Top 1 * From [Nt_user] Where Username='"&UserName&"'" Rs.Open Sql,Conn,1,3 If Not Rs.Eof And Not Rs.Bof Then If Password<>"" Then Rs("Password") = Password If Answer<>"" THen Rs("Answer") = Answer If UserEmail<>"" Then Rs("UserEmail") = UserEmail If Question<>"" Then Rs("Quesion") = Question Rs("Mobile") = Mobile Rs("Phone") = Phone Rs.update Status = 0 Messenge = "<li>基本资料修改成功。</li>" Else Status = 1 Messenge = "<li>该用户不存在,修改资料失败。" End If Rs.Close Set Rs = Nothing End Sub '用户退出 Sub LogoutUser() With Netout .SetCookie "UserId", "0" .SetCookie "UserName", "" .SetPurview "" .SetCookie "GroupID", 5 .SetCookie "Group", "" End With Status = 0 Messenge = "退出成功。" End Sub '用户登陆 Sub UesrLogin() Dim Password Dim i Password = GetNodeValue("password") If UserName="" or Password="" Then Status = 1 Messenge = Messenge & "<li>请填写用户名或密码。</li>" Exit Sub End If Password = Md5(Password,Api_Md5_Len) '用户登陆 Dim Rs,Sql Set Rs = Server.CreateObject("Adodb.RecordSet") Sql = "Select a.Id as UserId,a.Setting,b.id as GroupId,b.GroupName from NT_User as a,NT_UserGroup as b where a.Password='"&Password&"' and a.UserName='"&UserName&"' and a.GroupID=b.ID" Rs.Open Sql,Conn,1,1 If Not Rs.Eof And Not Rs.Bof Then Status = 0 With Netout .SetCookie "UserId", Rs("UserId") .SetCookie "UserName", UserName .SetPurview Rs("Setting") .SetCookie "GroupID", Rs("GroupId") .SetCookie "Group", Rs("GroupName") End With Message = "<li>登录成功。</li>" Else Message = "<li>登录失败。</li>" End If Rs.Close Set Rs = Nothing End Sub %>