Webshell Akmal archtte id

Directory: C:\MyData\WWW\asc365\ <head> <meta http-equiv="Content-Language" content="zh-cn"> <!--#include file="conn.asp" --> <script type="text/javascript"> function check() { //������ʽ�ж� //var re = /^[0-9]+.?[0-9]*$/;//�ж��ַ����Ƿ�Ϊ���� var re = /^[1-9]+[0-9]*]*$/;//�ж��ַ����Ƿ�Ϊ������ if (!re.test(document.business.TA4.value)) { alert("Please enter a positive integer"); return false; } return true; } </script> </head> <body style="color:#000000" > <table border="0" width="800" style="border-collapse: collapse"> <% Dim SS(1000,6) Dim ASC365_Cart_001 Set fs=Server.CreateObject("Scripting.FileSystemObject") JJ=0 mm=0 dim TT(200) ID=trim(Request.Querystring("ID")) if left(ID,2)="PD" then ProductID=replace(ID,"PD","") '----------------��ȡ��Ʒ�Ƿ��������۸� 'dim pricetemp(10,1) 'sql="select productid,productnumber,price from productprice where use=1 order by sort asc" 'set rs=server.createobject("adodb.recordset") 'rs.open sql,conn,1,1 'IsHaveprice=0 'if rs.eof and rs.bof then 'IsHaveprice=0 'else '---------------------------------------------------------- LL=left(ProductID,3) RR=right(ProductID,3) CPpathh= Server.MapPath("../../Admin/" &LL & "/" & RR &"/0000mainpage.htm") If (fs.FileExists(CPpathh))=true Then set t=fs.OpenTextFile(CPpathh,1,false,0) x=t.ReadAll t.close Set t=Nothing end if '**************************************************************************************** 'for ij= 0 to 200 '�ͻ����add to cart if request.form ("BM")="Add to Cart" then ASC365_Cart_001=request.Cookies("ASC365_Cart_001") '��������� numbercount=request.Form("TA4") if isnumeric(numbercount)<>true then numbercount=1 end if productprice=0 if request.Form("hasvalue")=1 then set rs2=server.createobject("adodb.recordset") sql2="select price from productprice where productid='"&request.Form("TA0")&"' and productnumber1<="&numbercount&" and productnumber2>="&numbercount&" order by sort" rs2.open sql2,conn,1,1 do while not rs2.eof productprice=rs2("price") rs2.movenext loop rs2.close set rs2=nothing if productprice=0 then productprice=request.Form("TA3") end if set rs5=server.createobject("adodb.recordset") sql5="select top 1 productnumber1,productnumber2,price from productprice where productid='"&ProductID&"' order by sort desc" rs5.open sql5,conn,1,1 if not rs5.eof then maxNum=rs5("productnumber2") minPrice=rs5("price") if isnumeric(request.Form("TA4")) then if CDbl(request.Form("TA4"))> maxNum then productprice=minPrice end if end if end if rs5.close set rs5=nothing else productprice=request.Form("TA3") end if for ii= 0 to 6 yy=request.form ("TA"&ii) if ii=4 then end if if ii=1 then '------------- yy=replace(yy,chr(34),"") '��ƷӢ������ 34 39 yy=replace(yy,chr(39),"") '��ƷӢ������ 34 39 '------------- end if if ii=3 then yy=productprice '��Ʒ�۸� end if if ii=4 then yy=numbercount end if ASC365_Cart_001=ASC365_Cart_001 & "|" & yy next 'response.Write(ASC365_Cart_001) Cart_js=0 if len(ASC365_Cart_001)<>0 then temp=split(ASC365_Cart_001,"|") N_js=ubound(temp) for i=1 to N_js step 7 SS(Cart_js,0)=temp(i) '��Ʒ���� SS(Cart_js,1)=temp(i+1) '��Ʒ���� SS(Cart_js,2)=temp(i+2) '��Ʒ���� SS(Cart_js,3)=temp(i+3) '��Ʒ��� SS(Cart_js,4)=temp(i+4) '���� SS(Cart_js,5)=temp(i+5) '��վ���� SS(Cart_js,6)=temp(i+6) '��ע Cart_js=Cart_js+1 next end if '--------------------------- aaa=0 for j=0 to Cart_js-1 '�ϲ�ͬ���� for jj= 0 to Cart_js-1 if j<>jj and SS(j,0)=SS(jj,0) then SS(jj,0)="*" SS(j,4)= (SS(j,4)*1)+(SS(jj,4)*1) set rs3=server.createobject("adodb.recordset") sql3="select price from productprice where productid='"&SS(j,0)&"' and productnumber1<="&SS(j,4)&" and productnumber2>="&SS(j,4)&" order by sort" rs3.open sql3,conn,1,1 if not rs3.eof then SS(j,3)=rs3("price") rs3.close set rs3=nothing end if set rs4=server.createobject("adodb.recordset") sql4="select top 1 productnumber1,productnumber2,price from productprice where productid='"&ProductID&"' order by sort desc" rs4.open sql4,conn,1,1 if not rs4.eof then maxNum=rs4("productnumber2") minPrice=rs4("price") if SS(J,4)> maxNum then SS(J,3)=minPrice end if end if rs4.close set rs4=nothing end if next next '������������Ƿ񳬹������ 'set rs4=server.createobject("adodb.recordset") 'sql4="select top 1 productnumber1,productnumber2,price from productprice where productid='"&ProductID&"' order by sort desc" 'rs4.open sql4,conn,1,3 'if not rs4.eof then 'maxNum=rs4("productnumber2") 'if CDbl(SS(I,4))> maxNum then 'SS(I,4)=maxNum 'Response.Write("<script>alert('The number of this products you filled in is too much. Please contact us to give you more preferential ');location.href='index.asp?ID=PD"&ProductID&"'; 'response.End() 'end if 'end if ASC365_Cart_001="" for i=0 to Cart_js-1 if SS(i,0)<>"*" then ASC365_Cart_001=ASC365_Cart_001&"|"&SS(I,0)&"|"&SS(I,1)&"|"&SS(I,2)&"|"&SS(I,3)&"|"&SS(I,4)&"|"&SS(I,5)&"|"&SS(I,6) end if next response.Cookies("ASC365_Cart_001")=ASC365_Cart_001 response.Cookies("ASC365_Cart_001").Domain="asc365.com" response.Cookies("ASC365_Cart_001").Secure=False end if 'next '**************************************************************************************** for i=0 to 1000 '���������ǰ��������� for j=0 to 6 SS(i,j)="" next next '------------------------------------------ ASC365_Cart_001=request.Cookies("ASC365_Cart_001") '��������� 'response.write ASC365_Cart_001 Cart_js=0 Qty=0 Subp=0 if len(ASC365_Cart_001)<>0 then temp=split(ASC365_Cart_001,"|") N_js=ubound(temp) for i=1 to N_js step 7 SS(Cart_js,0)=temp(i) '��Ʒ���� SS(Cart_js,1)=temp(i+1) '��Ʒ���� SS(Cart_js,2)=temp(i+2) '��Ʒ���� SS(Cart_js,3)=temp(i+3) '��Ʒ��� SS(Cart_js,4)=temp(i+4) '���� SS(Cart_js,5)=temp(i+5) '��վ���� SS(Cart_js,6)=temp(i+6) '��ע Qty=Qty*1+SS(Cart_js,4)*1 Subp=Subp*1+Round((SS(Cart_js,3)*SS(Cart_js,4)),2)*1 Cart_js=Cart_js+1 next inf1= "<font color='#33CCFF'>My shipping cart: Item " & Qty &" "& "Subtotal $" & Subp &"</font>" end if '--------------------------- %> <tr> <td height="2" width="795" style="text-align:left"> <% path="../../Admin/ "&LL& "/" &RR &"/0000mainpage.htm" 'response.Write(path) server.Execute("../../Admin/"&LL&"/"&RR &"/0000mainpage.htm") %> </td> </tr> <%'----------------------�۸���-------------------- JGpathh= Server.MapPath("../../Admin/" &LL& "/" & RR &"/SellFlag.inc") If (fs.FileExists(JGpathh))=true then Set f=fs.OpenTextFile(Server.MapPath("../../Admin/" & LL & "/" & RR &"/Tech.inc"), 1,-1) '��ȡ���ƣ����� for m= 0 to 50 TT(m)=trim(f.ReadLine) next f.Close: Set f=Nothing '---------------------------------------------------- JG=Server.MapPath("../../Admin/" & LL & "/" & RR &"/GGprice.inc") '��ȡ�۸� DJ="" BZ="" If (fs.FileExists(JG))=true then Set f=fs.OpenTextFile(JG, 1) xX0=trim(f.ReadLine)' code xX1=trim(f.ReadLine)' '������ xX2=trim(f.ReadLine)' '��С���� xX3=trim(f.ReadLine)' '���� xX4=trim(f.ReadLine)' '����US$ xX5=trim(f.ReadLine)' '���� xX6=trim(f.ReadLine)' '��� xX7=trim(f.ReadLine)' '��λ xX8=trim(f.ReadLine)' '��վ���� xX9=trim(f.ReadLine)' '����RMB xX10=trim(f.ReadLine)' '����ע xX11=trim(f.ReadLine)' '��ע f.Close: Set f=Nothing DJ=xX6 BZ=xX8 end if %> <% set rs6=server.CreateObject("adodb.recordset") sql6="select useful from productlist where ProductNum='"&productid&"'" rs6.open sql6,conn,1,1 useful=0 if not rs6.eof then useful=rs6("useful") end if rs6.close set rs6=nothing weightnumer=TT(9) if IsNumeric(weightnumer)then %> <tr> <td height="29" width="800"> <table border="0" width="798" height="20" style="border-collapse: collapse" bgcolor="#996633"> <form method="POST" action="" name="business" onSubmit="return check()"> <tr> <td height="18" width="35" align="center"><font face="Verdana"><span style="font-size: 9pt"><font color="#FFFFFF">Item#</font></td> <td height="18" width="288" align="center"><font face="Verdana" color="#FFFFFF"><span style="font-size: 9pt">Description </td> <td height="20" width="78" align="center"><font face="Verdana" color="#FFFFFF"><span style="font-size: 9pt">Weight(kg)</span></font></td> <td height="20" width="176" align="center"><font face="Verdana" color="#FFFFFF"><span style="font-size: 9pt">QTY:Unit Price(US$)</span></font></td> <td height="20" width="50" align="center"><font face="Verdana" color="#FFFFFF"><span style="font-size: 9pt">QTY</span></font></td> <td height="39" width="113" rowspan="2"><p align="center"> <% if useful=1 then %> <input type="submit" value="Add to Cart" name="BM" style="font-size: 10px; font-family: Verdana"> <% else %> <font color="#FF0000">Out of Stock</font> <% end if %> </td> </tr> <tr> <td height="18" width="35" align="center" bgcolor="#FFFFFF"><font face="Verdana"><span style="font-size: 9pt; color:#000000"><b><%=LL&RR%></b></span></font> <input type="hidden" name="<%="TA0"%>"value="<%=LL&RR%>"><%JJ=JJ+1%></td><%'��Ʒ����0%> <td height="18" width="288" align="center" bgcolor="#FFFFFF"><font face="Verdana"><span style="font-size: 9pt; color:#000000"><b><%=TT(2)%></b></span></font> <input type="hidden" name="<%="TA1"%>"value="<%=TT(2)%>"><%JJ=JJ+1%></td><%'��Ʒ����1%> <td height="20" width="78" align="center" bgcolor="#FFFFFF"><font face="Verdana"><span style="font-size: 9pt; color:#000000"><b><%=TT(9)%></b></span></font> <input type="hidden" name="<%="TA2"%>"value="<%=TT(9)%>"><%JJ=JJ+1%></td><%'��Ʒ����2%> <% productid=LL&RR set rs=server.createobject("adodb.recordset") sql="select productnumber1,productnumber2,price from productprice where productid='"&productid&"' order by sort" rs.open sql,conn,1,3 aa=0 if not rs.eof then aa=1 %> <td height="20" width="176" align="center" bgcolor="#FFFFFF"> <select name="select1" id="select1"> <% do while not rs.eof itemlist=rs("productnumber1")&"--"&rs("productnumber2")&":"&rs("price")&"($)" response.write("<option value='" & itemlist & "'>") response.write(itemlist) response.write("</option>") itemlist="" rs.movenext loop rs.close set rs=nothing %> </select> <input type="hidden" name="hasvalue" value="<%=aa%>"> <input type="hidden" name="<%="TA3"%>" value=""><%JJ=JJ+1%> </td> <% else %> <td height="20" width="50" align="center" bgcolor="#FFFFFF"> <% numberlist="1&nbsp;&nbsp;&nbsp;&nbsp;&nbsp"&DJ&"(US$)" %> <font face="Verdana"><span style="font-size: 9pt; color:#000000"><b><%=numberlist%></b></span></font> <input type="hidden" name="<%="TA3"%>"value="<%=DJ%>"><%JJ=JJ+1%></td><%'��Ʒ���%> <input type="hidden" name="hasvalue" value="<%=aa%>"> <% end if %> <td height="20" width="28" bgcolor="#FFFFFF"><p align="center"> <input type="text" name="<%="TA4"%>" size="4" style="font-size: 10px; font-family: Verdana; color:#000000"><%JJ=JJ+1%></td><%'����%> </tr> <tr> <td height="18" align="center" colspan="2" bgcolor="#FFFFCC"> <font face="Verdana"><span style="font-size: 9pt; color:#000000"><%=BZ%></span></font> <input type="hidden" name="<%="TA5"%>" value="<%=BZ%>"><%JJ=JJ+1%></td><%'��վ����%> <td height="18" align="center" colspan="5" bgcolor="#FFFFFF"> <font size="2" face="Verdana">Note:</font> <input type="text" name="<%="TA6"%>" value="" size="60" style="font-size: 10px; font-family: Verdana; color:#000000"><%JJ=JJ+1%></td><%'��ע%> </tr> </form> </table> <%end if%> </td> </tr> <%end if%> <% end if %> </table> <% conn.close set conn=nothing %> </body> </html>