gusucode.com > 耐品图片管理系统 标准版A > 耐品图片管理系统 标准版A/Api_Response.asp
<!--#include file="Head.asp"-->
<!--#include file="Inc/md5.asp"-->
<!--#include file="Api/Api_Config.asp"-->
<%
'===============================================================
' 著作权号:中国国家版权局著作权登记号2004SR07385
' 版权所有:深圳市耐品科技开发有限公司 www.naipin.com
' 联系电话:0755-26611119 81234844 81234845
' 联系手机:13316911914
' 联系邮箱:naipin@naipin.com
'===============================================================
'=========================================================
' File: Api_Response.asp
' Version: V200605
' Date: 2006-5-12
' Script Written by Lyout
'=========================================================
' Copyright (C) 2006 naipin. All rights reserved.
' Web: http://www.netpic.net,http://www.naipin.com
' Email: naipin@naipin.com
'=========================================================
Dim XMLDom,XmlDoc,Node,Status,Messenge
Dim UserName,Action,Appid
Status = 1
Messenge = ""
If Request.QueryString<>"" Then
SaveUserCookies()
Else
Set XmlDoc = Server.CreateObject("msxml2.FreeThreadedDOMDocument" & MsxmlVersion)
XmlDoc.ASYNC = False
If Not XmlDoc.LOAD(Request) Then
Status = 1
Messenge = "数据非法,操作中止!"
Else
If Not (XmlDoc.documentElement.selectSingleNode("userip") is nothing) Then
Netout.UserTrueIP = XmlDoc.documentElement.selectSingleNode("userip").text
End If
If CheckPost() Then
Select Case Action
Case "checkname"
Checkname()
Case "reguser"
Reguser()
Case "login"
UesrLogin()
Case "logout"
LogoutUser()
Case "update"
UpdateUser()
Case "delete"
Deleteuser()
Case "lock"
Lockuser()
Case "getinfo"
GetUserinfo()
End Select
End If
End If
ReponseData()
Set XmlDoc = Nothing
End If
Set Netout = Nothing
'得到节点的值
Function GetNodeValue(nodeName)
On Error Resume Next
GetNodeValue = XmlDoc.documentElement.selectSingleNode(nodeName).text
If Err Then GetNodeValue = ""
End Function
Sub ReponseData()
If Action <> "getinfo" Then
XmlDoc.loadxml "<root><appid>naipin</appid><status>0</status><body><message/></body></root>"
End If
XmlDoc.documentElement.selectSingleNode("appid").text = "naipin"
XmlDoc.documentElement.selectSingleNode("status").text = status
XmlDoc.documentElement.selectSingleNode("body/message").text = ""
Set Node = XmlDoc.createCDATASection(Replace(Messenge,"]]>","]]>"))
XmlDoc.documentElement.selectSingleNode("body/message").appendChild(Node)
Response.Clear
Response.ContentType="text/xml"
Response.CharSet="gb2312"
Response.Write "<?xml version=""1.0"" encoding=""gb2312""?>"&vbNewLine
Response.Write XmlDoc.documentElement.XML
End Sub
Function CheckPost()
CheckPost = False
Dim Syskey
If XmlDoc.documentElement.selectSingleNode("action") is Nothing or XmlDoc.documentElement.selectSingleNode("syskey") is Nothing or XmlDoc.documentElement.selectSingleNode("username") is Nothing Then
Status = 1
Messenge = Messenge & "<li>非法请求。</li>"
Exit Function
End If
UserName = Replace(Trim(GetNodeValue("username")),"'","")
Syskey = GetNodeValue("syskey")
Action = GetNodeValue("action")
Appid = GetNodeValue("appid")
Dim NewMd5,OldMd5
NewMd5 = Md5(UserName&Api_SysKey,Api_Md5_Len)
Md5OLD = 1
OldMd5 = Md5(UserName&Api_SysKey,Api_Md5_Len)
Md5OLD = 0
If Syskey=NewMd5 or Syskey=OldMd5 Then
CheckPost = True
Else
Status = 1
Messenge = Messenge & "<li>请求数据验证不通过,请与管理员联系。"
End If
End Function
Sub GetUserinfo()
Dim Rs,Sql
Dim Userinfo
XmlDoc.loadxml "<root><appid>naipin</appid><status>0</status><body><message/><email/><question/><answer/><mobile/><phone/><userip/></body></root>"
Sql = "Select Top 1 * From Nt_User Where UserName='"&UserName&"'"
Set Rs = Conn.Execute(Sql)
If Not Rs.Eof And Not Rs.Bof Then
XmlDoc.documentElement.selectSingleNode("body/email").text = Rs("UserEmail")&""
XmlDoc.documentElement.selectSingleNode("body/question").text = Rs("Quesion")&""
XmlDoc.documentElement.selectSingleNode("body/answer").text = Rs("Answer")&""
XmlDoc.documentElement.selectSingleNode("body/mobile").text = Rs("Mobile")&""
XmlDoc.documentElement.selectSingleNode("body/phone").text = Rs("Phone")&""
Status = 0
Messenge = Messenge & "<li>读取用户资料成功。</li>"
Else
Status = 1
Messenge = Messenge & "<li>该用户不存在。</li>"
End If
Rs.Close
Set Rs = Nothing
End Sub
Sub Deleteuser()
Dim D_Users,i
Dim Rs
D_Users = Split(UserName,",")
For i=0 To UBound(D_Users)
Set Rs=Conn.Execute("Select [ID] from [Nt_User] where UserName='"&D_Users(i)&"'")
If not (rs.eof and rs.bof) then
Conn.Execute("delete from Nt_User where ID="&rs(0))
End If
Next
Status = 0
End Sub
Sub SaveUserCookies()
Dim Syskey,Password,SaveCookie
Syskey = Request.QueryString("syskey")
UserName = Request.QueryString("username")
Password = Request.QueryString("password")
SaveCookie = Netout.CheckNumeric(Request.QueryString("savecookie"))
If UserName="" or Syskey="" Then Exit Sub
Dim NewMd5,OldMd5
NewMd5 = Md5(UserName&Api_SysKey,Api_Md5_Len)
Md5OLD = 1
OldMd5 = Md5(UserName&Api_SysKey,Api_Md5_Len)
Md5OLD = 0
If Not (Syskey=NewMd5 or Syskey=OldMd5) Then
Exit Sub
End If
'用户退出
If Password = "" Then
With Netout
.SetCookie "UserId", "0"
.SetCookie "UserName", ""
.SetPurview ""
.SetCookie "GroupID", 5
.SetCookie "Group", ""
End With
Exit Sub
End If
'用户登陆
Dim Rs,Sql,Setting
Set Rs = Server.CreateObject("Adodb.RecordSet")
Sql = "Select a.Id as UserId,a.Setting,b.id as GroupId,b.GroupName from NT_User as a,NT_UserGroup as b where a.Password='"&Password&"' and a.UserName='"&UserName&"' and a.GroupID=b.ID"
Rs.Open Sql,Conn,1,1
If Not Rs.Eof And Not Rs.Bof Then
Setting = split(Rs("Setting"),",")
With Netout
Select case SaveCookie
case 0
case 1:Response.Cookies(.CookieName).Expires=Date+1
case 2:Response.Cookies(.CookieName).Expires=Date+31
case 3:Response.Cookies(.CookieName).Expires=Date+365
End Select
.SetCookie "UserId", Rs("UserId")
.SetCookie "UserName", UserName
.SetPurview Rs("Setting")
.SetCookie "GroupID", Rs("GroupId")
.SetCookie "Group", Rs("GroupName")
End With
Else
Exit Sub
End If
Rs.Close
Set Rs = Nothing
End Sub
Sub Checkname()
Dim i,Rs,Sql
'信息验证
If Netout.strLength(UserName)>20 or Netout.strLength(UserName)<4 Then
Messenge = Messenge & "<li>用户名长度为 4-20 个字符</li>"
'输出错误信息
Status = 1
Exit Sub
End If
Sql="Select * From [Nt_User] Where Username='"&UserName&"'"
Set Rs = Conn.Execute(Sql)
If Not Rs.Eof And Not Rs.Bof Then
Messenge = "您填写的用户名已经被注册。"
Status = 1
Exit Sub
Else
Status = 0
Messenge = "验证通过。"
End If
Rs.Close
Set Rs = Nothing
End Sub
'用户注册
Sub Reguser()
Dim Password,UserEmail,Question,Answer,Mobile,Phone
Dim Temp_tr,i
Password = GetNodeValue("password")
UserEmail = Trim(GetNodeValue("email"))
Question = GetNodeValue("question")
Answer = GetNodeValue("answer")
Mobile = GetNodeValue("mobile")
Phone = GetNodeValue("phone")
If UserName="" or Password="" or Question="" or Answer = "" Then
Status = 1
Messenge = Messenge & "<li>信息填写不完整。</li>"
Exit Sub
End If
Password = Md5(Password,Api_Md5_Len)
Answer = Md5(Answer,Api_Md5_Len)
'信息验证
If Netout.strLength(UserName)>20 or Netout.strLength(UserName)<4 Then
Messenge = Messenge & "<li>用户名长度为 3-20 个字符</li>"
'输出错误信息
Status = 1
Exit Sub
End If
If Netout.chkEmail(UserEmail)=false then
Messenge = Messenge & "<li>Email 地址格式不正确"
'输出错误信息
Status = 1
Exit Sub
End If
Dim Rs,Sql
Dim GroupName,Setting,Settings
Set Rs = Conn.Execute("select GroupName,Setting from NT_UserGroup where ID=4")
GroupName = Rs(0)
Settings = Rs(1)
Set Rs = Server.CreateObject("Adodb.RecordSet")
Sql="Select * From [Nt_user] Where Username='"&UserName&"'"
Rs.Open Sql,Conn,1,3
If Not Rs.Eof And Not Rs.Bof Then
Messenge = "您填写的用户名已经被注册。"
Status = 1
Exit Sub
Else
Status = 0
Rs.addnew
Rs("UserName") = UserName
Rs("TrueName") = UserName
Rs("ManuName") = UserName
Rs("Password") = Password
Rs("UserEmail") = UserEmail
Rs("Mobile") = Mobile
Rs("Phone") = Phone
Rs("Setting") = Settings
Rs("GroupID") = 4
Rs("Question") = Question
Rs("Answer") = Answer
Rs.Update
With Netout
.SetCookie "UserId", .GetScalar("Select Max(Id) from Nt_User")
.SetCookie "UserName", UserName
.SetPurview Settings
.SetCookie "GroupID", 4
.SetCookie "Group", GroupName
End With
End If
Rs.Close
Set Rs = Nothing
If Status = 0 Then
Session("regtime")=now()
Messenge = "注册成功。"
End If
End Sub
'更新用户状态
Sub Lockuser()
Dim UserStatus,Rs,Sql,locktype
If XmlDoc.documentElement.selectSingleNode("userstatus") is Nothing Then
Messenge = "<li>参数非法,中止请求。"
Status = 1
Exit Sub
ElseIf Not IsNumeric(XmlDoc.documentElement.selectSingleNode("userstatus").text) Then
Messenge = "<li>参数非法,中止请求。"
Status = 1
Exit Sub
Else
UserStatus = Clng(XmlDoc.documentElement.selectSingleNode("userstatus").text)
End If
Select Case UserStatus
Case 1
locktype="锁定"
Case 2
locktype="屏蔽"
Case Else
locktype="解锁"
End Select
Status = 0
Messenge = "<li>"&locktype&"成功。"
End Sub
'用户信息修改
Sub UpdateUser()
Dim Rs,Sql
Dim Password,UserEmail,Question,Answer,Mobile,Phone
Password = GetNodeValue("password")
UserEmail = Trim(GetNodeValue("email"))
Question = GetNodeValue("question")
Answer = GetNodeValue("answer")
Mobile = GetNodeValue("mobile")
Phone = GetNodeValue("phone")
If Password<>"" Then
Password = Md5(Password,Api_Md5_Len)
End If
If Answer<>"" THen
Answer = Md5(Answer,Api_Md5_Len)
End If
Set Rs = Server.CreateObject("Adodb.RecordSet")
Sql="Select Top 1 * From [Nt_user] Where Username='"&UserName&"'"
Rs.Open Sql,Conn,1,3
If Not Rs.Eof And Not Rs.Bof Then
If Password<>"" Then Rs("Password") = Password
If Answer<>"" THen Rs("Answer") = Answer
If UserEmail<>"" Then Rs("UserEmail") = UserEmail
If Question<>"" Then Rs("Quesion") = Question
Rs("Mobile") = Mobile
Rs("Phone") = Phone
Rs.update
Status = 0
Messenge = "<li>基本资料修改成功。</li>"
Else
Status = 1
Messenge = "<li>该用户不存在,修改资料失败。"
End If
Rs.Close
Set Rs = Nothing
End Sub
'用户退出
Sub LogoutUser()
With Netout
.SetCookie "UserId", "0"
.SetCookie "UserName", ""
.SetPurview ""
.SetCookie "GroupID", 5
.SetCookie "Group", ""
End With
Status = 0
Messenge = "退出成功。"
End Sub
'用户登陆
Sub UesrLogin()
Dim Password
Dim i
Password = GetNodeValue("password")
If UserName="" or Password="" Then
Status = 1
Messenge = Messenge & "<li>请填写用户名或密码。</li>"
Exit Sub
End If
Password = Md5(Password,Api_Md5_Len)
'用户登陆
Dim Rs,Sql
Set Rs = Server.CreateObject("Adodb.RecordSet")
Sql = "Select a.Id as UserId,a.Setting,b.id as GroupId,b.GroupName from NT_User as a,NT_UserGroup as b where a.Password='"&Password&"' and a.UserName='"&UserName&"' and a.GroupID=b.ID"
Rs.Open Sql,Conn,1,1
If Not Rs.Eof And Not Rs.Bof Then
Status = 0
With Netout
.SetCookie "UserId", Rs("UserId")
.SetCookie "UserName", UserName
.SetPurview Rs("Setting")
.SetCookie "GroupID", Rs("GroupId")
.SetCookie "Group", Rs("GroupName")
End With
Message = "<li>登录成功。</li>"
Else
Message = "<li>登录失败。</li>"
End If
Rs.Close
Set Rs = Nothing
End Sub
%>