<% connect_db() check_admin_login() check_admin_task("用户管理") module = Request("module") Select Case module Case "list_user" list_user() Case "new_user" new_user() Case "add_user" add_user() Case "delete_user" delete_user() Case "modify_user" modify_user() Case "update_user" update_user() Case Else list_user() End Select Function list_user() Dim intCurrentPage, str_color sql = "select id, admin_username, admin_name, description, flag from admins where root = 0 order by id desc" set rs = Server.CreateObject("ADODB.Recordset") rs.Open sql, conn, 3 beginAdminHtml() %> <%beginAdminTitle("系统管理 > 用户管理")%>

<% intCurrentPage = Request("current_page") intCurrentPage = initPage(rs, pagesize_admin, intCurrentPage) i = 0 If Not (rs.BOF And rs.EOF) Then rs.Move(pagesize_admin * (intCurrentPage - 1)) While (Not rs.EOF) And (i < pagesize_admin) If rs("flag") = 0 Then str_color = "#000000" Else str_color = "#FF0000" End If %> <% rs.MoveNext i = i + 1 Wend End If %>

帐号	姓名	描述	操作
<%=formatHtml(rs("admin_username"))%>	<%=formatHtml(rs("admin_name"))%>	<%=formatHtml(rs("description"))%>	"> " onClick="return do_delete('确定要删除用户吗？');">

<% showPageButton rs, intCurrentPage, "current_page", script_name & "?1=1" %>

<% Set rs = Nothing Set conn = Nothing Response.End End Function Function new_user() beginAdminHtml() %> <%beginAdminTitle("系统管理 > 用户管理 > 添加用户")%>

用户信息  帐号:  密码:  重复密码:  姓名:  描述:  当前状态: 冻结

用户权限   <% sql = "select id, task_name from tasks where parent_id <> 0 order by parent_id, order_id desc, id" Set rs = Server.CreateObject("ADODB.Recordset") rs.Open sql, conn, 3 While Not rs.EOF %> "><%=formatHtml(rs("task_name"))%> <% rs.MoveNext Wend %>

<% Set rs = Nothing Set conn = Nothing Response.End End Function Function add_user Dim username, password1, password2, name, description, flag Dim admin_id, task_id, task_ids username = Request("username") password1 = Request("password1") password2 = Request("password2") name = Request("name") description = Request("description") flag = Request("flag") task_id = Request("task_id") If username = "" Then goBack("帐号不能为空，请重新输入！") End If If strLength(username) > 20 Then goBack("帐号不能超过20个字符，请重新输入！") End If If Not checkDigitWord(username) Then goBack("帐号必须由字母和数字组成，请输入输入！") End If sql = "select id from admins where admin_username = '" & replaceSQLString(username) & "'" Set rs = Server.CreateObject("ADODB.Recordset") rs.Open sql, conn, 3 If Not (rs.BOF And rs.EOF) Then goBack("该帐号已存在，请使用其它帐号！") End If If password1 = "" Then goBack("密码不能为空，请重新输入！") End If If password1 <> password2 Then goBack("两次输入的密码不相同，请重新输入！") End If If name = "" Then goBack("姓名不能为空，请重新输入！") End If If strLength(name) > 50 Then goBack("姓名不能超过50个字符，请重新输入！") End If If strLength(description) > 200 Then goBack("描述不能超过200个字符，请重新输入！") End If If flag <> "0" And flag <> "1" Then flag = 0 End If If Not isNumeric(flag) Then flag = 0 End If flag = CLng(flag) sql = "insert into admins (admin_username, admin_password, admin_name, description, root, flag) values ('" &_ replaceSQLString(username) & "', '" & MD5(password1) & "', '" & replaceSQLString(name) & "', '" &_ replaceSQLString(description) & "', 0, " & flag & ")" Set rs = Server.CreateObject("ADODB.Recordset") rs.Open sql, conn, 2, 1 sql = "select id from admins where admin_username = '" & replaceSQLString(username) & "'" Set rs = Server.CreateObject("ADODB.Recordset") rs.Open sql, conn, 3 If Not (rs.BOF And rs.EOF) Then admin_id = rs("id") task_ids = Split(task_id, ", ") For i = 0 To UBound(task_ids) If isNumeric(task_ids(i)) Then sql = "insert into admin_task (admin_id, task_id) values (" & admin_id & ", " & task_ids(i) & ")" Set rs = Server.CreateObject("ADODB.Recordset") rs.Open sql, conn, 2, 1 End If Next End If Set rs = Nothing list_user() End Function Function modify_user Dim id id = Request("id") If Not isNumeric(id) Then goBack("输入错误！") End If id = CLng(id) sql = "select id, admin_username, admin_name, description, flag from admins where id = " & id Set rs = Server.CreateObject("ADODB.Recordset") rs.Open sql, conn, 3 If rs.BOF And rs.EOF Then goBack("该用户不存在！") End If beginAdminHtml() %> <%beginAdminTitle("系统管理 > 用户管理 > 修改用户")%>

">

用户信息  帐号: <%=formatHtml(rs("admin_username"))%>  姓名: ">  描述: " size="40">  当前状态: <% If rs("flag") = 0 Then %> 冻结 <% Else %> 冻结 <% End If %>

用户权限   <% sql = "select id, task_name from tasks where parent_id <> 0 order by parent_id, order_id desc, id" Set rs = Server.CreateObject("ADODB.Recordset") rs.Open sql, conn, 3 While Not rs.EOF sql = "select id from admin_task where admin_id = " & id & " and task_id = " & rs("id") Set rs1 = Server.CreateObject("ADODB.Recordset") rs1.Open sql, conn, 3 If rs1.BOF And rs1.EOF Then %> "><%=formatHtml(rs("task_name"))%> <% Else %> " checked><%=formatHtml(rs("task_name"))%> <% End If rs.MoveNext Wend %>

<% Set rs = Nothing Set rs1 = Nothing Set conn = Nothing Response.End End Function Function update_user Dim name, description, flag Dim task_id, task_ids, id id = Request("id") name = Request("name") description = Request("description") flag = Request("flag") task_id = Request("task_id") If Not isNumeric(id) Then goBack("输入错误！") End If id = CLng(id) If flag <> "0" And flag <> "1" Then flag = 0 End If flag = CLng(flag) If name = "" Then goBack("姓名不能为空，请重新输入！") End If If strLength(name) > 50 Then goBack("姓名不能超过50个字符，请重新输入！") End If If strLength(description) > 200 Then goBack("描述不能超过200个字符，请重新输入！") End If sql = "select id from admins where id = " & id Set rs = Server.CreateObject("ADODB.Recordset") rs.Open sql, conn, 3 If rs.BOF And rs.EOF Then goBack("该用户不存在！") End If sql = "update admins set admin_name = '" & replaceSQLString(name) & "', description = '" & replaceSQLString(description) & "', flag = " & flag & " where id = " & id Set rs = Server.CreateObject("ADODB.Recordset") rs.Open sql, conn, 2, 1 sql = "delete from admin_task where admin_id = " & id Set rs = Server.CreateObject("ADODB.Recordset") rs.Open sql, conn, 2, 1 task_ids = Split(task_id, ", ") For i = 0 To UBound(task_ids) If isNumeric(task_ids(i)) Then sql = "insert into admin_task (admin_id, task_id) values (" & id & ", " & task_ids(i) & ")" Set rs = Server.CreateObject("ADODB.Recordset") rs.Open sql, conn, 2, 1 End If Next Set rs = Nothing list_user() End Function Function delete_user Dim id id = Request("id") If Not isNumeric(id) Then goBack("删除失败，输入错误！") End If id = CLng(id) sql = "select id from admins where id = " & id Set rs = Server.CreateObject("ADODB.Recordset") rs.Open sql, conn, 3 If rs.BOF And rs.EOF Then goBack("删除失败，该用户不存在！") End If sql = "delete from admin_task where admin_id = " & id Set rs = Server.CreateObject("ADODB.Recordset") rs.Open sql, conn, 2, 1 sql = "delete from admins where id = " & id Set rs = Server.CreateObject("ADODB.Recordset") rs.Open sql, conn, 2, 1 Set rs = Nothing list_user() End Function %>