Dim sql As String
Dim myconn As OleDbConnection
Dim myCmd As OleDbCommand
'查询数据
Function getdatareader(ByVal str As String) As OleDbDataReader
myCmd=New OleDbCommand(str, myconn)
myconn.Open()
getdatareader=myCmd.ExecuteReader()
End Function
'字符串执行子程序
Function executesql(ByVal sql As String)
myCmd=New OleDbCommand(sql, myconn)
myconn.Open()
myCmd.ExecuteNonQuery()
myconn.Close()
End Function
'欣慰添加子程序
Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs)
Dim strConn As String
strConn="Provider=Microsoft.Jet.OLEDB.4.0;Data Source="&Server.MapPath("./")&"DB_51aspx/news.mdb"
myconn=New OleDbConnection(strConn)
If Session("user")="administrator" Then
step1.Visible="true"
If Page.Request("action")="add" Then
Dim title, author, from, content As String
Dim classid As Integer
title=Page.Request("title")
author=Page.Request("author")
from=Page.Request("from")
content=Page.Request("content")
classid=Page.Request("Classes")
sql="insert into News(Title,Author,Original,Content,UpdateTime,ClassesID) values('"&title&"','"&
author&"','"&from&"','"&content&"','"&DateTime.Now()&"','"&classid&"')"
executesql(sql)
MsgBox("新闻添加成功!", 0, "提示")
End If
Else
Response.Redirect("login.aspx")
End If
End Sub
'修改操作子程序
Dim sql As String
Dim bianhao As Integer
Dim title, author, from, content As String
Dim classid, specialid As Integer
Dim myconn As OleDbConnection
Dim myCmd, newscmd As OleDbCommand
Dim dtCmd As OleDbDataAdapter
Dim dtSet As DataSet
Dim dv As DataView
'获取数据子程序
Function getdatareader(ByVal str As String) As OleDbDataReader
myCmd=New OleDbCommand(str, myconn)
myconn.Open()
getdatareader=myCmd.ExecuteReader()
End Function
'执行字符串子程序
Function executesql(ByVal sql As String)
myCmd=New OleDbCommand(sql, myconn)
myconn.Open()
myCmd.ExecuteNonQuery()
myconn.Close()
End Function
'执行修改操作子程序
Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs)
If Session("user")="administrator" Then
Dim strConn As String
strConn="Provider=Microsoft.Jet.OLEDB.4.0;Data Source="&Server.MapPath("./")&"DB_51aspx/news.mdb"
myconn=New OleDbConnection(strConn)
If Not Page.IsPostBack Then
step1.Visible="true"
'显示新闻内容
bianhao=Page.Request("newsid")
sql="select Title,Author,Original,Content,ClassesID from News where NewsID="&bianhao
Dim Reader As OleDbDataReader=getdatareader(sql)
While Reader.Read()
title=Reader.Item(0)
author=Reader.Item(1)
from=Reader.Item(2)
content=Reader.Item(3)
classid=Reader.Item(4)
End While
myconn.Close()
End If
If Page.Request("action")="edit" Then
title=Page.Request("title")
author=Page.Request("author")
from=Page.Request("from")
content=Page.Request("content")
classid=Page.Request("Classes")
sql="update News set Title='"&title&"',Author='"&author&"',Original='"&from&"',Content='"&
content&"',UpdateTime='"&DateTime.Now()&"',ClassesID="&classid&" where NewsID="&bianhao
executesql(sql)
message.Text="<center>新闻更新成功!</center><br><center><a href='newsmanager.aspx'>继续</a></center>"
step1.Visible="false"
End If
Else
Response.Redirect("login.aspx")
End If
End Sub
'显示内容程序
Dim sql, newstitle, part1, part2 As String
Dim newsno As Integer
Dim myconn As OleDbConnection
Dim myCmd, newscmd As OleDbCommand
'获取数据子程序
Function getdatareader(ByVal sql As String) As OleDbDataReader
myCmd=New OleDbCommand(sql, myconn)
myconn.Open()
getdatareader=myCmd.ExecuteReader()
End Function
'替换特殊字符子程序
Function changecode(ByVal str As String)
If Len(str) > 0 Then
str=Replace(str, Chr(32), " ")
str=Replace(str, Chr(9), " ")
str=Replace(str, Chr(34), """)
str=Replace(str, Chr(39), "'")
str=Replace(str, Chr(13), "")
str=Replace(str, Chr(10)&Chr(10), "</P><P>")
str=Replace(str, Chr(10), "<BR> ")
str=Replace(str, "[img]", "<img src='")
str=Replace(str, "[/img]", "'>")
str=Replace(str, "[b]", "<b>")
str=Replace(str, "[/b]", "</b>")
str=Replace(str, "[em]", "<em>")
str=Replace(str, "[/em]", "</em>")
str=Replace(str, "[u]", "<u>")
str=Replace(str, "[/u]", "</u>")
str=Replace(str, "[center]", "<center>")
str=Replace(str, "[/center]", "</center>")
str=Replace(str, "[mail]", "<a href='mailto:")
str=Replace(str, "[url]", "<a href='")
str=Replace(str, "[|mail]", "'>")
str=Replace(str, "[|url]", "'>")
str=Replace(str, "[/hyper]", "</a>")
str=Replace(str, "[upimg]", "<img src=upload/")
str=Replace(str, "[/upimg]", ">")
part1=Left(str, InStr(str, ">"))
part2=Right(str, (Len(str) - InStr(str, ">")))
str=part1 + part2
Return str
End If
End Function
'读取新闻详细信息
Sub Page_Load(sender As Object, e As EventArgs)
Dim strConn As String
strConn="Provider=Microsoft.Jet.OLEDB.4.0;Data Source="&server.MapPath("./")&"DB_51aspx/news.mdb"
myConn=New OledbConnection(strConn)
if not page.ispostback then
newsno=Page.request("newsid")
sql="select Title,Author,UpdateTime,Original,Content from News where NewsID="&newsno
dim reader as OleDbDataReader=getdatareader(sql)
while reader.read()
session("newstitle")=reader.Item(0)
title.text=reader.Item(0)
author.text=reader.Item(1)
updatetime.text=reader.Item(2)
content.text=changecode(reader.Item(4))
original.text=reader.Item(3)
end while
myConn.close()
end if
End Sub
'新闻搜索结果
Dim sql as string
Dim myConn as OleDbConnection
Dim myCmd as OleDbCommand
Function getdataview(ByVal sql As String, ByVal strtable As String) As DataView
Dim myDataAdapter As OleDbDataAdapter
Dim myDataSet As DataSet
myConn.Open()
myDataAdapter=New OleDbDataAdapter(sql, myConn)
myConn.Close()
myDataSet=New DataSet()
myDataAdapter.Fill(myDataSet, strtable)
getdataview=New DataView(myDataSet.Tables(strtable))
End Function
Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs)
Dim strConn As String
strConn="Provider=Microsoft.Jet.OLEDB.4.0;Data Source="&Server.MapPath("./")&"DB_51aspx/news.mdb"
myConn=New OleDbConnection(strConn)
Dim gjc As String
gjc=Page.Request("keyword")
sql="select NewsID,Title,UpdateTime from News where Title like '%"&gjc&"%' or Content like '%"&gjc&"%'
order by NewsID desc"
keyword.Text=gjc
Dim result As DataView=getdataview(sql, "newssearch")
searchresult.DataSource=result
searchresult.DataBind()
End Sub
’新闻评论
Dim sql, email, content As String
Dim newsid As Integer
Dim myConn As OleDbConnection
Dim myCmd As OleDbCommand
'获取数据子程序
Function getdatareader(ByVal sql As String) As OleDbDataReader
myCmd=New OleDbCommand(sql, myConn)
myConn.Open()
getdatareader=myCmd.ExecuteReader()
End Function
'特殊字符替换子程序
Function changecode(ByVal str As String)
If Len(str) > 0 Then
str=Replace(str, Chr(32), " ")
str=Replace(str, Chr(9), " ")
str=Replace(str, Chr(34), """)
str=Replace(str, Chr(39), "'")
str=Replace(str, Chr(13), "")
str=Replace(str, Chr(10)&Chr(10), "</P><P>")
str=Replace(str, Chr(10), "<BR> ")
Return str
End If
End Function
'初始化新闻评价信息子程序
Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs)
Dim strConn As String
strConn="Provider=Microsoft.Jet.OLEDB.4.0;Data Source="&Server.MapPath("./")&"DB_51aspx/news.mdb"
myConn=New OleDbConnection(strConn)
If Not Page.IsPostBack Then
newsid=Page.Request("reviewid")
sql="select ReViewTitle,Content,Author,Email from ReView where ReviewID="&newsid
Dim Reader As OleDbDataReader=getdatareader(sql)
While Reader.Read()
title.Text=Reader.Item(0)
content=changecode(Reader.Item(1))
author.Text=Reader.Item(2)
email=Reader.Item(3)
End While
myConn.Close()
End If
End Sub
‘新闻管理
Dim sql,bianhao as string
Dim myConn as OleDbConnection
Dim myCmd As OleDbCommand
'查询数据
Function getdatareader(ByVal sql As String) As OleDbDataReader
myCmd=New OleDbCommand(sql, myConn)
myConn.Open()
getdatareader=myCmd.ExecuteReader()
End Function
'查询数据
Function getdataview(ByVal sql As String, ByVal strTable As String) As DataView
Dim myDataAdapter As OleDbDataAdapter
Dim myDataSet As DataSet
myConn.Open()
myDataAdapter=New OleDbDataAdapter(sql, myConn)
myConn.Close()
myDataSet=New DataSet()
myDataAdapter.Fill(myDataSet, strTable)
getdataview=New DataView(myDataSet.Tables(strTable))
End Function
'绑定数据控件
Function bindgrid()
sql="select * from News order by NewsID desc"
news.DataSource=getdataview(sql, "special")
news.DataBind()
End Function
'删除新闻中包含的图片子程序
Function deleteimg(ByVal str As String)
Dim result() As String
result=Split(str, "[/upimg]")
Dim i As Integer
i=0
While i < (result.Length - 1)
Dim weizhi As Integer
weizhi=Len(result(i)) - InStr(result(i), "[upimg]") - 6
result(i)=Right(result(i), weizhi)
File.Delete(Server.MapPath(".")&"/upload/"&result(i))
i=i + 1
End While
End Function
'执行字符串查询子程序
Function executesql(ByVal sql As String)
myCmd=New OleDbCommand(sql, myConn)
myConn.Open()
myCmd.ExecuteNonQuery()
myConn.Close()
End Function
'初始判断用户是否能够管理
Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs)
Dim strConn As String
strConn="Provider=Microsoft.Jet.OLEDB.4.0;Data Source="&Server.MapPath("./")&"DB_51aspx/news.mdb"
myConn=New OleDbConnection(strConn)
If Session("user")="administrator" Then
If Not Page.IsPostBack Then
bindgrid()
End If
Else
Response.Redirect("login.aspx")
End If
End Sub
'翻页子程序
Sub changepage(ByVal Sender As Object, ByVal e As DataGridPageChangedEventArgs)
news.CurrentPageIndex=e.NewPageIndex
bindgrid()
End Sub
'删除子程序
Sub news_delete(ByVal Sender As Object, ByVal e As DataGridCommandEventArgs)
Dim neirong As String
bianhao=news.DataKeys(e.Item.ItemIndex)
sql="select Content from News where NewsID="&CInt(bianhao)
Dim Reader As OleDbDataReader=getdatareader(sql)
While Reader.Read()
neirong=Reader.Item(0)
End While
myConn.Close()
deleteimg(neirong)
sql="Delete from News where NewsID="&CInt(bianhao)
executesql(sql)
MsgBox("你确定要删除这条新闻吗!", 0, "提示")
bindgrid()
End Sub
’::::最新新闻::::
Dim sql As String
Dim myconn As OleDbConnection
Dim myCmd, newscmd As OleDbCommand
Dim dtCmd As OleDbDataAdapter
Dim dtSet As DataSet
Dim dv As DataView
Dim strConn As String
strConn="Provider=Microsoft.Jet.OLEDB.4.0;Data Source="&Server.MapPath("./")&"DB_51aspx/news.mdb"
myConn=New OleDbConnection(strConn)
sql="select top 10 * from News order by UpdateTime DESC"
dtCmd=New OleDbDataAdapter(Sql, myconn)
dtSet=New DataSet
dtCmd.Fill(dtSet)
specialnews.DataSource=dtSet
specialnews.DataBind()
‘后台管理
Dim sql As String
Dim myconn As OleDbConnection
Dim myCmd As OleDbCommand
'定义数据查询子程序
Function getdataview(ByVal sql As String, ByVal strtable As String) As DataView
Dim myDataAdapter As OleDbDataAdapter
Dim myDataSet As DataSet
myconn.Open()
myDataAdapter=New OleDbDataAdapter(sql, myconn)
myconn.Close()
myDataSet=New DataSet()
myDataAdapter.Fill(myDataSet, strtable)
getdataview=New DataView(myDataSet.Tables(strtable))
End Function
'调用getdataview子程序,并把所查询的数据绑定到NewsList控件中
Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs)
Dim strConn As String
strConn="Provider=Microsoft.Jet.OLEDB.4.0;Data Source="&Server.MapPath("./")&"DB_51aspx/news.mdb"
myconn=New OleDbConnection(strConn)
If Not Page.IsPostBack Then
sql="select * from Classes"
Dim Classesview As DataView=getdataview(sql, "Classes")
NewsList.DataSource=Classesview
NewsList.DataBind()
End If
End Sub
Sub UpLoadFile(ByVal Sender As Object, ByVal e As EventArgs)
’上传文件
'如果上传的长度为0,表示没有上传成功
If FileUp.PostedFile.ContentLength=0 Then
Response.Write("文件上传失败!")
Exit Sub
End If
'储存上传的文件
Dim FileSplit() As String=Split(FileUp.PostedFile.FileName, "/")
Dim FileName As String=FileSplit(FileSplit.Length - 1)
Dim filext As String=LCase(Right(FileName, 4))
If filext=".asp" Or filext=".aspx" Or filext=".ascx" Or filext=".exe" Then
Response.Write("文件格式不对!")
Else
Dim ranNum As Integer=Int(90000 * Rnd()) + 10000
FileName=Year(Now)&Month(Now)&Day(Now)&Hour(Now)&Minute(Now)&Second(Now)&CStr(ranNum)&filext
step2.Visible="False"
Response.Write("<div style='text-align:center;'><br>文件上传成功!请把以下代码插入到新闻的适当位置:[upimg]"&
FileName&"[/upimg]")
Response.Write("<br><br><a href='upfile.aspx'>继续</a></div>")
FileUp.PostedFile.SaveAs(Server.MapPath(".")&"/upload/"&FileName)
End If
End Sub
sub page_load(sender As Object, E As EventArgs)
'Font_Size'字体大小 intrger
'Char_Number'验证码的位数 intrger
'BackgroundColor'背景颜色
dim My_Stream as MemoryStream=Get_Images(12,50,"#EEEEEE")
'显示内存图像
Show_image(My_Stream)
'关闭打开的流文件
My_Stream.Close()
end sub
'Font_Size'字体大小intrger
'Char_Number'验证码的位数intrger
'BackgroundColor'背景颜色
'把字符转换为图像,并且保存到内存流
function Get_Images(Font_Size as integer,Char_Number as integer,BackgroundColor as string) as MemoryStream
'这个数字在调用页面需要,你要自己算出明确的数值,分别为图片宽度和高度
dim image_w as integer=60
dim image_h as integer=5
'封装GDI+位图
dim Temp_Bitmap as Bitmap
'封装GDI+绘图面
dim Temp_Graphics as Graphics
'背景颜色
dim Color_Back as Color=ColorTranslator.FromHtml(BackgroundColor)
'确定背景大小
Temp_Bitmap=new Bitmap(image_w, 4 * image_h, PixelFormat.Format32bppRgb)
Temp_Graphics=Graphics.FromImage(Temp_Bitmap)
'绘制背景
Temp_Graphics.FillRectangle(new SolidBrush(Color_Back),new Rectangle(0, 0,image_w, 5 * image_h))
'为了进行验证比较
DIM Sesson_Company AS String=""
dim n as integer
for n=0 to 3
'要显示为图像的字符
dim Show_Str as string=getChar()
Sesson_Company=Sesson_Company&Show_Str
'字体随机大小,下波动2
dim Show_Str_Font_Size as integer=Int(3 * Rnd() + (Font_Size - 2))
'字体随机颜色
dim Color_Font as Color=ColorTranslator.FromHtml(getColor())
'字体
dim Show_Font_Name as string=getFont()
'定义文本格式(字体,字号,粗体)
dim Show_Str_Font as Font=new Font(Show_Font_Name,Show_Str_Font_Size,FontStyle.Bold)
'绘出字符,绘字符的Y方向下波动+4
Temp_Graphics.DrawString(Show_Str, Show_Str_Font, new SolidBrush(Color_Font), int(Font_Size / 2) + n * Font_Size, Int(image_h * 0.125 * Rnd() + image_h * 0.08))
next
'保存到session便于调用的页面比较,不区分大小写
session("imagenumber")=LCase(trim(Sesson_Company))
Font_Size=Font_Size * 4
image_h=int(2.5 * Font_Size)
dim Temp_Stream as MemoryStream=new MemoryStream()
Temp_Bitmap.Save(Temp_Stream, ImageFormat.jpeg)
'释放资源
Temp_Graphics.Dispose()
'释放资源
Temp_Bitmap.Dispose()
'关闭打开的流文件
Temp_Stream.Close()
'返回流
return Temp_Stream
end function
'显示内存图像
function Show_image(Show_Stream as MemoryStream)
Response.ClearContent()
Response.ContentType="Image/Jpeg"
Response.BinaryWrite(Show_Stream.ToArray())
Response.End()
end function
'获得随机字符:0-9,a-z,A-Z
function getChar() as string
Dim Char_array(5)
randomize
Char_array(0)=chr(Int(10 * Rnd() + 48))
Char_array(1)=chr(Int(26 * Rnd() + 65))
Char_array(2)=chr(Int(26 * Rnd() + 65))
Char_array(3)=chr(Int(26 * Rnd() + 97))
Char_array(4)=chr(Int(26 * Rnd() + 97))
return Char_array(Int(5 * Rnd()))
end function
'获得随机颜色
function getColor() as string
Dim int_a As integer
Dim int_b As integer
Dim int_c As integer
randomize
int_a=Int(180 * Rnd() + 20)
int_b=Int(180 * Rnd() + 20)
int_c=Int(180 * Rnd() + 20)
if int_a > 150 and int_b > 150 and int_c > 150 then
int_a=Int(150 * Rnd() + 20)
end if
return "#"&Hex(int_a)&Hex(int_b)&Hex(int_c)
end function
'获得随机字体
function getFont() as string
Dim font_array(7)
randomize
font_array(0)="Book Antiqua"
font_array(1)="Microsoft Sans Serif"
font_array(2)="Comic Sans MS"
font_array(3)="Comic Sans MS"
font_array(4)="Comic Sans MS"
font_array(5)="Comic Sans MS"
font_array(6)="Comic Sans MS"
return font_array(Int(7 * Rnd()))
end function
'获得随机字体
function getFont1() as string
Dim font_array(10)
randomize
font_array(0)="华文行楷"
font_array(1)="隶书"
font_array(2)="华文彩云"
font_array(3)="方正舒体"
font_array(4)="华文彩云"
font_array(5)="方正舒体"
font_array(6)="华文彩云"
font_array(7)="方正舒体"
font_array(8)="楷体_GB2312"
font_array(9)="华文行楷"
return font_array(Int(10 * Rnd()))
end function
'后台管理
dim strconn,strsql as string
dim myconn as oledbconnection
dim mydataAdapter as oledbdataAdapter
dim cmd as oledbcommand
dim DS as dataset=new dataset
dim mydataview as dataview=new dataview
'页面加载
sub page_load(sender as object, e as eventargs)
'未登陆则自动跳转到登陆页面
if session("Admin") is nothing then
response.Redirect("login.aspx")
else
'连接数据库
strconn="Provider=Microsoft.Jet.OLEDB.4.0;Data Source="&server.mappath("../"&ConfigurationSettings.AppSettings("databasepath"))
myconn=new oledbconnection(strconn)
if not page.ispostback then
'将排序键值存入session("sort")变量
session("sort")="ID DESC"
'将DataGrid数据绑定单独作为一个过程
Call GetDataSource()
end if
end if
end sub
'响应排序事件
Sub DgMain_SortCommand(Sender As Object,E As DataGridSortCommandEventArgs)
'e.sortexpression为要排序的字段键值,将新的排序字段键值存入session("sort")
session("sort")=e.sortexpression.tostring
'因排序键值改变,datagrid数据需重新绑定
Call GetDataSource()
End Sub
'响应编辑按钮事件
Sub DgMain_EditCommand(Sender As Object,E As DataGridCommandEventArgs)
'e.item.itemindex为要编辑的index
DgMain.EditItemIndex=e.item.itemindex
'edititemindex设置完成后,datagrid数据需重新绑定
Call GetDataSource()
End Sub
'取消编辑
Sub DgMain_CancelCommand(Sender As Object,E As DataGridCommandEventArgs)
'将edititemindex设为-1,会将编辑模式关闭
DgMain.EditItemIndex=-1
'edititemindex设置完成后,datagrid数据需重新绑定
Call GetDataSource()
End Sub
'更新数据
Sub DgMain_UpdateCommand(Sender As Object,E As DataGridCommandEventArgs)
dim intID as integer
intID=ctype(e.item.findcontrol("lblIDe"),label).text
dim strAdminName,strAdminPassword as string
'ctype将object转换为textbox
strAdminName=ctype(e.item.findcontrol("txtAdminName"),textbox).text
strAdminName=Replace(strAdminName, Chr(39), "'")
strAdminPassword=ctype(e.item.findcontrol("txtAdminPassword"),textbox).text
strAdminPassword=Replace(strAdminPassword, Chr(39), "'")
strAdminPassword=FormsAuthentication.HashPasswordForStoringInConfigFile(strAdminPassword, "MD5")
strsql="UPDATE Admin SET AdminName='"&strAdminName&"',AdminPassword='"&strAdminPassword&"' where ID="&intID
cmd=new oledbcommand(strsql,myconn)
Try
myconn.open()
cmd.executenonquery()
myconn.close()
Catch
myconn.close()
response.Redirect("../error.aspx?error=update")
End Try
'数据update完成后,需将编辑模式关闭
DgMain.edititemindex=-1
'datagrid数据需重新绑定
Call GetDataSource()
End Sub
'删除数据
Sub DgMain_DeleteCommand(Sender As Object,E As DataGridCommandEventArgs)
dim intID as integer
intID=ctype(e.item.findcontrol("lblIDi"),label).text
if intID <> 1 then
strsql="DELETE FROM Admin Where ID="&intID
cmd=new oledbcommand(strsql,myconn)
Try
myconn.open()
cmd.executenonquery()
myconn.close()
Catch
myconn.close()
response.Redirect("../error.aspx?error=delete")
End Try
'datagrid数据需重新绑定
Call GetDataSource()
end if
End Sub
'自定义绑定数据过程
Sub GetDataSource()
'clear方法可将DataSet内所有数据清除
DS.clear()
'重新下sql命令,并以排序的字段键值来排序数据表
strsql="SELECT ID,AdminName,AdminPassword FROM Admin ORDER BY "&session("sort").tostring
mydataAdapter=new oledbdataAdapter(strsql,myconn)
mydataAdapter.fill(DS,"Admin")
mydataview=ds.tables("Admin").defaultview
'设置dataview的排序键值
mydataview.sort=session("sort").tostring
DgMain.datasource=mydataview
DgMain.databind()
end sub
'添加管理员
Sub ImgAdminAdd_Click(Sender As Object, E As System.Web.UI.ImageClickEventArgs)
if TxtAdminAdd_N.text <> "" and TxtAdminAdd_PW.text <> "" then
TxtAdminAdd_N.text=Replace(TxtAdminAdd_N.text, Chr(39), "'")
TxtAdminAdd_PW.text=Replace(TxtAdminAdd_PW.text, Chr(39), "'")
TxtAdminAdd_PW.text=FormsAuthentication.HashPasswordForStoringInConfigFile(TxtAdminAdd_PW.text, "MD5")
strsql="SELECT * FROM Admin Where AdminName='"&TxtAdminAdd_N.text&"'"
cmd=new oledbcommand(strsql,myconn)
dim rd as oledbdatareader
myconn.open()
rd=cmd.executereader()
if rd.read() then
myconn.close
AddError.text="<font color=red>用户名已存在</font>,请尝试更换其它的姓名,如:"&TxtAdminAdd_N.text&"_01、"&TxtAdminAdd_N.text&"_02。<br>"
else
myconn.close
strsql="INSERT INTO Admin (AdminName,AdminPassword) values ('"&TxtAdminAdd_N.text&"','"&TxtAdminAdd_PW.text&"')"
cmd=new oledbcommand(strsql,myconn)
Try
myconn.open()
cmd.ExecuteNonQuery()
myconn.close()
Catch
myconn.close()
response.Redirect("../error.aspx?error=post")
End Try
'datagrid数据需重新绑定
Call GetDataSource()
end if
else
AddError.text="<font color=red>请输入管理员姓名。</font><br>"
end if
End Sub
'[删除留言
dim strconn,strsql as string
dim myconn as oledbconnection
dim rd as oledbdatareader
dim cmd as oledbcommand
'页面加载
sub page_load(sender as object, e as eventargs)
'未登录则回到登录页面
if session("Admin") is nothing then
Response.Redirect("login.aspx")
else
'连接数据库
strconn="Provider=Microsoft.Jet.OLEDB.4.0;Data Source="&server.mappath("../"&ConfigurationSettings.AppSettings("databasepath"))
myconn=new oledbconnection(strconn)
strsql="DELETE FROM Message WHERE ID="&Request.QueryString("ID")
cmd=new oledbcommand(strsql,myconn)
Try
myconn.open()
cmd.ExecuteNonQuery()
myconn.close()
Catch
myconn.close()
response.Redirect("../error.aspx?error=delete")
End Try
end if
end sub
'查看留言
Dim strconn,strsql as string
Dim myconn as oledbconnection
Dim cmd as oledbcommand
'页面加载
sub page_load(sender as object, e as eventargs)
if session("Admin") is nothing then
response.Redirect("login.aspx")
else
strconn="Provider=Microsoft.Jet.OLEDB.4.0;Data Source="&server.mappath("../"&ConfigurationSettings.AppSettings("databasepath"))
myconn=new oledbconnection(strconn)
if not page.ispostback then
strsql="SELECT UserName,Title,UserFace,Email,HomePage,UserSex,UserAge,Qicq,MessageBody,AdminReply,TimeInsert FROM Message WHERE ID="&Request.QueryString("ID")
cmd=new oledbcommand(strsql,myconn)
dim dr as oledbdatareader
Try
myconn.open()
dr=cmd.executereader()
Catch
myconn.close()
response.Redirect("../error.aspx?error=post")
End Try
while dr.read()
txtUserName.text=dr.item(0).tostring
txtTitle.text=dr.item(1).tostring
lblUserFace.text="<img src='../image/userface/image"&dr.item(2).tostring&".gif'>"
lblEmail.text="<A href='mailto:"&dr.item(3).tostring&"' target=_blank>"&dr.item(3).tostring&"</A>"
lblHomePage.text="<A href='http://"&dr.item(4).tostring&"' target=_blank>http://"&dr.item(4).tostring&"</A>"
lblInfo.text="性别:"&dr.item(5).tostring&",年龄:"&dr.item(6).tostring
lblQicq.text="<A href='http://wpa.qq.com/msgrd?V=1&Uin="&dr.item(7).tostring&"&Site=By%20Dvbbs&Menu=yes' target=_blank>"&dr.item(7).tostring&"</A>"
txtMessageBody.text=dr.item(8).tostring
txtAdminReply.text=dr.item(9).tostring
lblTimeInsert.text=dr.item(10).tostring
end while
dr.close()
myconn.close()
end if
end if
end sub
'确认编辑
sub editbtn_Click(Sender As Object, e As ImageClickEventArgs)
txtUserName.text=Replace(txtUserName.text, Chr(39), "'")
txtTitle.text=Replace(txtTitle.text, Chr(39), "'")
txtMessageBody.text=Replace(txtMessageBody.text, Chr(39), "'")
txtAdminReply.text=Replace(txtAdminReply.text, Chr(39), "'")
if txtAdminReply.text <> "" then
strsql="UPDATE Message SET UserName='"&txtUserName.text&"',Title='"&txtTitle.text&"',MessageBody='"&txtMessageBody.text&"',AdminReply='"&txtAdminReply.text&"' where ID="&Request.QueryString("ID")
else
strsql="UPDATE Message SET UserName='"&txtUserName.text&"',Title='"&txtTitle.text&"',MessageBody='"&txtMessageBody.text&"' where ID="&Request.QueryString("ID")
end if
cmd=new oledbcommand(strsql,myconn)
Try
myconn.open()
cmd.ExecuteNonQuery()
myconn.close()
Catch
myconn.close()
response.Redirect("../error.aspx?error=post")
End Try
response.Redirect("../message.aspx?page="&Request.QueryString("Page"))
end sub
'登录页面
dim strconn,strsql as string
dim myconn as oledbconnection
dim rd as oledbdatareader
dim cmd as oledbcommand
'页面加载
sub page_load(sender as object, e as eventargs)
'退出管理
if Request.QueryString("act")="logout" then
'未登录则回到登录页面
if session("Admin") is nothing then
response.Redirect("login.aspx")
else
session.contents.remove("Admin")
Response.Write("<script language=javascript>alert('注销成功!');location.href='../message.aspx';</"+"script>")
end if
'已登陆则自动跳转到管理页面
elseif not session("Admin") is nothing then
response.Redirect("msgedit.aspx")
end if
'验证码
dim vnum as string=session("imagenumber")
session.contents.remove("imagenumber")
viewstate("vnum")=vnum
end sub
'登陆
Sub Logbtn_Click(Sender As Object, E As ImageClickEventArgs)
'设置数据库连接
strconn="Provider=Microsoft.Jet.OLEDB.4.0;Data Source="&server.mappath("../"&ConfigurationSettings.AppSettings("databasepath"))
myconn=new oledbconnection(strconn)
'执行sql语句前过滤用户恶意输入的引号
AdminName.text=Replace(AdminName.text, Chr(39), "'")
AdminPassword.text=Replace(AdminPassword.text, Chr(39), "'")
AdminPassword.text=FormsAuthentication.HashPasswordForStoringInConfigFile(AdminPassword.text, "MD5")
strsql="select * from Admin where AdminName='"&AdminName.text&"' and AdminPassword='"&AdminPassword.text&"'"
cmd=new oledbcommand(strsql,myconn)
Try
myconn.open()
rd=cmd.executereader()
Catch
myconn.close()
response.Redirect("../error.aspx?error=post")
End Try
if rd.read() then
myconn.close()
if validate.text=cstr(viewstate("vnum")) then
session("Admin")=AdminName.text
response.Redirect("msgedit.aspx")
else
Response.Write("<script language=javascript>alert('验证码错误');location.href='login.aspx';</"+"script>")
end if
else
myconn.close()
Response.Write("<script language=javascript>alert('错误的用户名或密码');location.href='login.aspx';</"+"script>")
end if
end sub
'后台管理
dim strconn,strsql as string
dim myconn as oledbconnection
dim mydataAdapter as oledbdataAdapter
dim cmd as oledbcommand
dim DS as dataset=new dataset
dim mydataview as dataview=new dataview
'页面加载
sub page_load(sender as object, e as eventargs)
'未登陆则自动跳转到登陆页面
if session("Admin") is nothing then
response.Redirect("login.aspx")
else
'连接数据库
strconn="Provider=Microsoft.Jet.OLEDB.4.0;Data Source="&server.mappath("../"&ConfigurationSettings.AppSettings("databasepath"))
myconn=new oledbconnection(strconn)
if not page.ispostback then
'将排序键值存入session("sort")变量
session("sort")="ID DESC"
'将DataGrid数据绑定单独作为一个过程
Call GetDataSource()
end if
end if
end sub
'响应排序事件
Sub DgMain_SortCommand(Sender As Object,E As DataGridSortCommandEventArgs)
'e.sortexpression为要排序的字段键值,将新的排序字段键值存入session("sort")
session("sort")=e.sortexpression.tostring
'因排序键值改变,datagrid数据需重新绑定
Call GetDataSource()
End Sub
'响应翻页事件
Sub DgMain_PageChanged(Sender As Object,E As DataGridPageChangedEventArgs)
'当allowpaging="true",datagrid才可以换页。currentpageindex为目前页面index ,newpageindex为要改变页面的index。
DgMain.CurrentPageIndex=e.newpageindex
'页面index调整完成后,datagrid数据需重新绑定
Call GetDataSource()
End Sub
'响应编辑按钮事件
Sub DgMain_EditCommand(Sender As Object,E As DataGridCommandEventArgs)
'e.item.itemindex为要编辑的index
DgMain.EditItemIndex=e.item.itemindex
'edititemindex设置完成后,datagrid数据需重新绑定
Call GetDataSource()
End Sub
'取消编辑
Sub DgMain_CancelCommand(Sender As Object,E As DataGridCommandEventArgs)
'将edititemindex设为-1,会将编辑模式关闭
DgMain.EditItemIndex=-1
'edititemindex设置完成后,datagrid数据需重新绑定
Call GetDataSource()
End Sub
'更新数据
Sub DgMain_UpdateCommand(Sender As Object,E As DataGridCommandEventArgs)
dim intID as integer
dim strUserName,strTitle,strMessageBody,strAdminReply as string
'字段index从0开始,故e.item.cells(0)代表ID字段
'ctype将object转换为textbox
intID=ctype(e.item.findcontrol("lblID"),label).text
strUserName=ctype(e.item.findcontrol("txtUserName"),textbox).text
strUserName=Replace(strUserName, Chr(39), "'")
strTitle=ctype(e.item.findcontrol("txtTitle"),textbox).text
strTitle=Replace(strTitle, Chr(39), "'")
strMessageBody=ctype(e.item.findcontrol("txtMessageBody"),textbox).text
strMessageBody=Replace(strMessageBody, Chr(39), "'")
strAdminReply=ctype(e.item.findcontrol("txtAdminReply"),textbox).text
strAdminReply=Replace(strAdminReply, Chr(39), "'")
if strAdminReply <> "" then
strsql="UPDATE Message SET UserName='"&strUserName&"',Title='"&strTitle&"',MessageBody='"&strMessageBody&"',AdminReply='"&strAdminReply&"' where ID="&intID
else
strsql="UPDATE Message SET UserName='"&strUserName&"',Title='"&strTitle&"',MessageBody='"&strMessageBody&"' where ID="&intID
end if
cmd=new oledbcommand(strsql,myconn)
Try
myconn.open()
cmd.executenonquery()
myconn.close()
Catch
myconn.close()
response.redirect("../error.aspx?error=update")
End Try
'数据update完成后,需将编辑模式关闭
DgMain.edititemindex=-1
'datagrid数据需重新绑定
Call GetDataSource()
End Sub
'自定义绑定数据过程
Sub GetDataSource()
'clear方法可将DataSet内所有数据清除
DS.clear()
'重新下sql命令,并以排序的字段键值来排序数据表
strsql="SELECT ID,UserName,Title,MessageBody,AdminReply FROM Message ORDER BY "&session("sort").tostring
mydataAdapter=new oledbdataAdapter(strsql,myconn)
mydataAdapter.fill(DS,"Message")
mydataview=ds.tables("Message").defaultview
'设置dataview的排序键值
mydataview.sort=session("sort").tostring
DgMain.datasource=mydataview
DgMain.databind()
end sub
'管理员回复
function AdminRel(relmessage)
if not relmessage is dbnull.value then
AdminRel=relmessage
end if
end function
'批量删除
sub ImgDelete_Click(Sender As Object, e As ImageClickEventArgs)
if TxtDelete.text <> "" then
strsql="DELETE FROM Message Where Datediff('D',TimeInsert,now()) > "&TxtDelete.text
cmd=new oledbcommand(strsql,myconn)
Try
myconn.open()
cmd.ExecuteNonQuery()
myconn.close()
Call GetDataSource()
Catch
myconn.close()
response.redirect("../error.aspx?error=delete")
End Try
end if
end sub