<%@ LANGUAGE=VBScript codepage ="936" %> <% Response.Expires=0 Response.ExpiresAbsolute = Now() - 1 Response.AddHeader "Pragma","No-Cache" Response.AddHeader "Cache-Control","Private" Response.CacheControl = "No-Cache" if session("TWT_ARR_ArgALL")="" then response.end TWT_ArrArg=split(session("TWT_ARR_ArgALL"),"=") name=TWT_ArrArg(0) grade=TWT_ArrArg(2) myid=TWT_ArrArg(1) a=request("a") id=request("id") name2=request.form("name2") if InStr(name2,"=")<>0 or InStr(name2,"`")<>0 or InStr(name2,"'")<>0 or InStr(name2," ")<>0 or InStr(name2,"　")<>0 or InStr(name2,"'")<>0 or InStr(name2,chr(34))<>0 or InStr(name2,"\")<>0 or InStr(name2,",")<>0 or InStr(name2,"<")<>0 or InStr(name2,">")<>0 then Response.Redirect "error.asp?id=120" if InStr(name2,"=")<>0 or InStr(id,"`")<>0 or InStr(id,"'")<>0 or InStr(id," ")<>0 or InStr(id,"　")<>0 or InStr(id,"'")<>0 or InStr(id,chr(34))<>0 or InStr(id,"\")<>0 or InStr(id,",")<>0 or InStr(id,"<")<>0 or InStr(id,">")<>0 then Response.Redirect "error.asp?id=120" if InStr(active,"=")<>0 or InStr(active,"`")<>0 or InStr(active,"'")<>0 or InStr(active," ")<>0 or InStr(active,"　")<>0 or InStr(active,"'")<>0 or InStr(active,chr(34))<>0 or InStr(active,"\")<>0 or InStr(active,",")<>0 or InStr(active,"<")<>0 or InStr(active,">")<>0 then Response.Redirect "error.asp?id=120" userip=Request.ServerVariables("REMOTE_ADDR") n=Year(date()) y=Month(date()) r=Day(date()) s=Hour(time()) f=Minute(time()) m=Second(time()) if len(y)=1 then y="0" & y if len(r)=1 then r="0" & r if len(s)=1 then s="0" & s if len(f)=1 then f="0" & f if len(m)=1 then m="0" & m t=s & ":" & f & ":" & m sj=n & "-" & y & "-" & r & " " & t Set conn=Server.CreateObject("ADODB.CONNECTION") Set rs=Server.CreateObject("ADODB.RecordSet") connstr=Application("hg_connstr") conn.open connstr Function SqlStr(data) SqlStr="'" & Replace(data,"'","''") & "'" End Function sub setlogo(thislogo) sql="INSERT INTO logdata (logtime,name,ip,opertion) VALUES (" sql=sql & SqlStr(sj) & "," sql=sql & SqlStr(name) & "," sql=sql & SqlStr(userip) & "," sql=sql & SqlStr(thislogo) & ")" conn.Execute sql end sub if a="a" then sql="SELECT * FROM 用户 WHERE 姓名='" & name2 & "'" else sql="SELECT * FROM 用户 WHERE ID=" & id end if set rs=conn.execute(sql) if rs.eof or rs.bof then mess=name2 & "不是江湖中人！" else thisname=rs("姓名") thisgrade=rs("grade") sql="select * from 用户 where 姓名='" & name & "'and grade>=9 and 门派='六扇门'" set rs=conn.execute(sql) shefeng=rs("身份") if rs.eof or rs.bof or grade<10 then mess=name & " _ 十级以下无权对官府进行管理" else ' if a="a" then select case a case "a" sql="update 用户 set grade=6, 门派='六扇门' where 姓名='" & name2 & "'" conn.execute sql mess="你成功地把[" & thisname & "]招聘为六扇门的工作人员" case "b" if shefeng<>"掌门" then mess="你做了长老就想排除异已啊？
只有六扇门的掌门才能开除官府人员" else sql="update 用户 set 身份='无', 门派='无',grade=4 where id=" & id conn.execute sql mess="你成功地把[" & thisname & "]从六扇门开除了！" end if case "c" if grade<10 then mess=" - 十级以下无权进行升降级操作。" else sf=request("sf") if int(sf)=10 and shefeng<>"掌门" then sf=9 sql="update 用户 set grade='" & sf & "' where id=" & id conn.execute sql mess="你成功地把[" & thisname & "]的身份从" & thisgrade & "级调动为"&sf&"级了！" end if end select call setlogo(mess) end if end if conn.close set conn=nothing %>

<%=mess%>