Webshell Akmal archtte id

System: Microsoft Windows NT 10.0.20348.0

Server: Microsoft-IIS/10.0

User: buyyou

Directory: C:\MyData\WWW\asc365\

Name	Size	Type	Actions
ASC365_CANADA	-	Directory	Rename Delete
ASC365_Store01	-	Directory	Rename Delete
aspnet_client	-	Directory	Rename Delete
CompanyImage	-	Directory	Rename Delete
TJGS_USA	-	Directory	Rename Delete
zhijian	-	Directory	Rename Delete
Memo.inc	0 bytes	.inc	Edit Rename Delete
web.config	213 bytes	.config	Edit Rename Delete

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />


<%
	CheckAdmin1
'检测菜单是否存在，并查出所属语言，数据表，菜单名称
%>
<%
set fs=server.CreateObject("Scripting.FileSystemObject")

newproductid=request.QueryString("productid")
newtypeid=request.QueryString("typeid")
%>
<%
if Request("Action")="change" then
	if Request.Form("Hand_ID")="" then
		Response.Write("<script>alert('请填写手工序号');location.href='?menuid="&menuid&"&page="&CMSpage&"';</script>")
		Response.End
	elseif chk_num(Request.Form("Hand_ID"))=0 then 
		Response.Write("<script>alert('手工序号必须是大于0的整数');location.href='?menuid="&menuid&"&page="&CMSpage&"';</script>")
		Response.End
    end if
	Hand_ID=Request.Form("Hand_ID")
	id=request.QueryString("id")
	Time_Update=Now()
	conn.Execute("update productprice set sort="& Hand_ID &" where id="&id&"")
	conn.close
	set conn=nothing
	Response.Write("<script>alert('修改成功');location.href='?id="&id&"&page="&CMSpage&"';</script>")
	Response.End
end if

if request("Action")="Searchdata" then
    newproductid=session("newproductid")
end if

if request.Form("check")="Search" then
   newproductid=request.Form("productid")
   session("newproductid")=newproductid
end if

if request("action")="tuijian" then
id=request.QueryString("id")
set rs=server.createobject("adodb.recordset")
sql = "select * from newproductlist where id="&id&""
rs.open sql,conn,1,3
if not (rs.eof and rs.bof) then
if rs("tuijian")="1" then 
rs("tuijian")="0"
rs("update")=now()
tjian="所选商品已取消推荐，单击“确定”返回商品列表。"
else
rs("tuijian")="1"
rs("update")=now()
tjian="所选商品已列为推荐商品，单击“确定”返回商品列表。"
end if
rs.update
rs.close
end if
end if

if request("action")="tejia" then
id=request.QueryString("id")
set rs=server.createobject("adodb.recordset")
sql = "select * from newproductlist where id="&id&""
rs.open sql,conn,1,3
if not (rs.eof and rs.bof) then
if rs("tejia")="1" or rs("price2")<=0 then 
rs("tejia")="0"
tjia="所选商品已列为非特价商品，或者特价价格为0。"
else
rs("tejia")="1"
tjia="所选商品已列为特价商品，单击“确定”返回商品列表。"
end if
rs.update
rs.close
end if
end if

if request("action")="used" then
id=request.QueryString("id")
newproductid=request.QueryString("productid")
set rs=server.createobject("adodb.recordset")
sql = "select * from newproductlist where id="&id&""

rs.open sql,conn,1,3
if not (rs.eof and rs.bof) then
if rs("usedstate")="1" then 
   rs("usedstate")="0"
else
   if rs("usedprice1")>0 or rs("usedprice2")>0 then
     rs("usedstate")="1"
   end if
end if
rs.update
rs.close
end if
end if

%>
<%call default_css_js()%>
<link href="css/thickbox.css" rel="stylesheet" type="text/css" />
<title></title>
</head>
<body>
  <table width="94%" id="main_content">
    <tr  class="content_title" align="center">
	 <td width="158">编码</td>
      <td width="600">产品名称</td>
      <td width="125">多伦多库存</td>
	   <td width="125">洛杉矶库存</td>
	   <td width="125">旧金山库存</td>
	   <td width="125">坦帕库存</td>
	  <td width="100">美国</td>
	  <td width="100">加拿大</td>
    </tr>
<%

set rs=server.createobject("adodb.recordset")
    sql="select id,productid,productname,useful,causeful from newproductlist where useful=0 or causeful=0 order by productid"
	rs.Open sql,conn ,1,1
	do while not rs.eof 
	dldck=0
	losck=0
	sffck=0
	tpack=0
	
	productid=rs("productid")
	Temp1=server.MapPath("../../../ASC365_CANADA/Admin/"&left(productid,3)&"/"&right(productid,3)&"/Store.inc")

if fs.FileExists(Temp1)=true then
	   set f=fs.OpenTextFile(temp1,1)
	   f.skipline
	   f.skipline
	   daixiu=f.ReadLine
	   all=f.ReadLine
	   f.skipline
	   f.skipline
	   f.skipline
	   f.skipline
	   f.skipline
	   f.skipline
	   ershou=f.ReadLine
	   if Isnumeric(daixiu)=false then daixiu=0
	   if Isnumeric(all)=false then all=0
	   if Isnumeric(ershou)=false then ershou=0
	   dldck=all*1-daixiu*1-ershou*1 
	end if
	Temp1=server.MapPath("../../../ASC365_Los/Admin/"&left(productid,3)&"/"&right(productid,3)&"/Store.inc")
	if fs.FileExists(Temp1)=true then
	   set f=fs.OpenTextFile(temp1,1)
	   f.skipline
	   f.skipline
	   daixiu=f.ReadLine
	   all=f.ReadLine
	   f.skipline
	   f.skipline
	   f.skipline
	   f.skipline
	   f.skipline
	   f.skipline
	   ershou=f.ReadLine
	   if Isnumeric(daixiu)=false then daixiu=0
	   if Isnumeric(all)=false then all=0
	   if Isnumeric(ershou)=false then ershou=0
	   losck=all*1-daixiu*1-ershou*1 
	end if
	Temp1=server.MapPath("../../../ASC365_sff/Admin/"&left(productid,3)&"/"&right(productid,3)&"/Store.inc")
	if fs.FileExists(Temp1)=true then
	   set f=fs.OpenTextFile(temp1,1)
	   f.skipline
	   f.skipline
	   daixiu=f.ReadLine
	   all=f.ReadLine
	   f.skipline
	   f.skipline
	   f.skipline
	   f.skipline
	   f.skipline
	   f.skipline
	   ershou=f.ReadLine
	   if Isnumeric(daixiu)=false then daixiu=0
	   if Isnumeric(all)=false then all=0
	   if Isnumeric(ershou)=false then ershou=0
	   sffck=all*1-daixiu*1-ershou*1 
	end if
	Temp1=server.MapPath("../../../ASC365_tpa/Admin/"&left(productid,3)&"/"&right(productid,3)&"/Store.inc")
	if fs.FileExists(Temp1)=true then
	   set f=fs.OpenTextFile(temp1,1)
	   f.skipline
	   f.skipline
	   daixiu=f.ReadLine
	   all=f.ReadLine
	   f.skipline
	   f.skipline
	   f.skipline
	   f.skipline
	   f.skipline
	   f.skipline
	   ershou=f.ReadLine
	   if Isnumeric(daixiu)=false then daixiu=0
	   if Isnumeric(all)=false then all=0
	   if Isnumeric(ershou)=false then ershou=0
	   tpack=all*1-daixiu*1-ershou*1 
	end if
	
	 if rs("useful")=0 then
       xiaoshou="../image/admin/bukes.gif"
     else
       xiaoshou="../image/admin/keshou.gif"
     end if

if rs("causeful")=0 then
       caxiaoshou="../image/admin/bukes.gif"
    else
       caxiaoshou="../image/admin/keshou.gif"
    end if
	if ( dldck>0 and rs("causeful")=0 ) or ((losck>0 or sffck>0 or tpack>0) and rs("useful")=0 )then
%>
    <tr class="content_list" onMouseOver="this.style.backgroundColor='#D3E1F6'" onMouseOut="this.style.backgroundColor=''">
	 <td style="padding-left:10px">
	 <%=rs("productid")%>
        </td>
      <td align="left"><div align="left"><%=rs("productname")%></div></td>
      <td><%=dldck%></td>
	   <td><%=losck%></td>
	    <td><%=sffck%></td>
	   <td><%=tpack%></td>

<td><img border=0 src="<%=xiaoshou%>"  onClick='javascript:location.href="stock.asp?action=keshou&id=<%=rs("ID")%>";' /></td>
	  <td><img border=0 src="<%=caxiaoshou%>"  onClick='javascript:location.href="stock.asp?action=cakeshou&id=<%=rs("ID")%>";' /></td>
    </tr>

<%
       end if
      rs.movenext
	loop
%>
</table>
<%
rs.close
set rs=nothing
%>

</body>
</html>