Webshell Akmal archtte id

Directory: C:\MyData\WWW\asc365\ <link href="css/thickbox.css" rel="stylesheet" type="text/css" /> <script type="text/javascript" src="scripts/jquery-1.4.4.min.js"></script> <script type="text/javascript" src="scripts/ThickBox/thickbox.js"></script> <!--#include file="conn.asp" --> <!--#include file="Cls_Page.asp"--> <style type="text/css"> body { font-family:Verdana, Arial, Helvetica, sans-serif; font-weight:normal; color:#575757; font-size:12px; } <!-- .STYLE11 { font-family: Verdana; font-size: 18px; } .STYLE12 { font-family: Verdana, Arial, Helvetica, sans-serif; } --> </style> <script language="javascript"> function delete_confirm(e) { if (event.srcElement.outerText == "ɾ��") event.returnValue =confirm("��ȷ��Ҫɾ����"); } document.onclick=delete_confirm; </script> <% UserEmail=session("UserEmail") if len(UserEmail)=0 then UserEmail=Request.Cookies("UserEmail") end if if len(UserEmail)=0 then response.End() end if Set rs3=Server.CreateObject("ADODB.Recordset") sql3="select * from orderlist where useremail='"&UserEmail&"'" rs3.open sql3,conn,1,1 do while not rs3.eof orderid1=rs3("orderid") filespec="payment/"&orderid1&".inc" checkfile=server.MapPath(filespec) Set fso =server.CreateObject("Scripting.FileSystemObject") If (fso.FileExists(checkfile)) and rs3("state")=0 Then sql2="update orderlist set state=1 where orderid='"&orderid1&"'" conn.execute(sql2) sql2="" end if rs3.movenext loop rs3.close set rs3=nothing %> <div class="STYLE11" style="text-align:center; margin-top:10px" id="cms_main"> My Orders </div> <div id="cms_main" style="margin-top:10px;"> <table width="800" border="0" cellpadding="0" cellspacing="0" rules="rows" id="main_content"> <tr height="60" style="background-color:#D5D5D5"> <td width="122" height="38"><div align="center"><strong>Item No. </strong></div></td> <td width="571" style="text-align:center"><strong>Product Name</strong></td> <td width="96"><div align="center"><strong>Weight</strong></div></td> <td width="91"><div align="center"><strong>Price</strong></div></td> <td width="70"><div align="center"><strong>Quantity</strong></div></td> <td width="181" style="background-image:none;">&nbsp;</td> </tr> <tr> <td style="height:10px"> </td> </tr> <% Thispage ="http://" & Request.ServerVariables("SERVER_NAME")& Request.ServerVariables("URL") Dim SS(1000,6) UserEmail=session("UserEmail") if len(UserEmail)=0 then UserEmail=Request.Cookies("UserEmail") end if if len(UserEmail)=0 then Response.Redirect("Register.asp") end if Set Page = new Cls_Page '�������� Set Page.Conn = conn '�õ����ݿ����Ӷ��� With Page .PageSize = 20 'ÿҳ��¼���� .PageParm = "page" 'ҳ���� '.PageIndex = 10 '��ǰҳ����ѡ������һ�������ɾ�̬ʱ��Ҫ .Database = "ac" '���ݿ�����,ACΪaccess,MSSQLΪsqlserver2000�洢���̰�,MYSQLΪmysql,PGSQLΪPostGreSql .Pkey="id" '���� .Field="id,orderid,productdetail,uptime,allprice,state" '�ֶ� .Table="orderlist" '���� .Condition="useremail='"&UserEmail&"' and orderstate=0" '����,����Ҫwhere .OrderBy="uptime desc" '����,����Ҫorder by,��Ҫasc����desc .RecordCount = 0 '�ܼ�¼���������ⲿ��ֵ��0�����棨�ʺ���������-1��Ϊsession��-2��Ϊcookies��-3��Ϊapplacation .NumericJump =5 '��������ҳ��������ѡ������Ĭ��Ϊ3������Ϊ��ת������0Ϊ��ʾ���� .Template = "<div class=""page_list""><div class=""list_info"">{$FirstPage}{$PreviousPage}{$NumericPage}{$NextPage}{$LastPage}</div></div>" '����ģ�壬��ѡ��������Ĭ�� .FirstPage = "&nbsp;&lt;&lt;&nbsp;" '��ѡ��������Ĭ��ֵ '.FirstPage = "��ҳ" .PreviousPage = "&nbsp;&lt;&nbsp;" '��ѡ��������Ĭ��ֵ '.PreviousPage = "��һҳ" .NextPage = "&nbsp;&gt;&nbsp;" '��ѡ��������Ĭ��ֵ '.NextPage = "��һҳ" .LastPage = "&nbsp;&gt;&gt;&nbsp;" '��ѡ��������Ĭ��ֵ '.LastPage = "βҳ" .NumericPage = "{$PageNum}" '���ַ�ҳ����ģ�壬��ѡ��������Ĭ��ֵ End With rs = Page.ResultSet() '��¼�� 'rc = Page.RowCount() '��ѡ������ܼ�¼�� nav = Page.Nav() '��ҳ��ʽ If IsNull(rs) Then %> <% Else For i=0 To Ubound(rs,2) %> <form name="change<%=rs(0,i)%>" method="post" action="?Action=change&id=<%=rs(0,i)%>&page=<%=CMSpage%>" onSubmit="return check<%=rs(0,i)%>()"> <tr> <td colspan="5" style="background-color:#E9E9E9; height:30px"><div align="left">OrderList:<%=rs(1,i)%>&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;Time:<%=rs(3,i)%>&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; <% state=rs(5,i) if state=0 then %> State:Pending <% elseif state=1 then %> State:paid <% elseif state=2 then %> State:payed1 <% elseif state=3 then %> State:payed2 <% end if %> </div></td> <td style="background-color:#EAEAEA"> <a title="Delete" href="myaccount.asp?ID=MyAsc365&orderid=<%=rs(1,i)%>&action=deleteorder" page=<%=CMSpage%> onclick="delete_confirm()"><img src="image/delete.jpg" width="10" height="10" border="0"/><span class="STYLE2">Delete</span></a></td> </tr> <% temp=split(rs(2,i),"|") N_js=ubound(temp) Cart_js=0 for ii=1 to N_js step 7 SS(Cart_js,0)=temp(ii) '��Ʒ���� SS(Cart_js,1)=temp(ii+1) '��Ʒ���� SS(Cart_js,2)=temp(ii+2) '��Ʒ���� SS(Cart_js,3)=temp(ii+3) '��Ʒ��� SS(Cart_js,4)=temp(ii+4) '���� SS(Cart_js,5)=temp(ii+5) ' SS(Cart_js,6)=temp(ii+6) set rs11=server.CreateObject("adodb.recordset") sql11="select * from newproductlist where productid='"&SS(Cart_js,0)&"'" rs11.open sql11,conn,1,1 if not rs11.eof then typeid=rs11("typeid") Imgsrc=rs11("ImgPrev") %> <tr> <td height="43"><img src="<%=Imgsrc%>" width="80" height="80"/></td> <% if SS(Cart_js,6)="u" then %> <td align="left"><a href="newproductdetailused.asp?productid=<%=SS(Cart_js,0)%>&typeid=<%=typeid%>" target="_blank"><font style="color:#e4007e"><%=SS(Cart_js,0)%>:<%=SS(Cart_js,1)%></font></a></td> <% else %> <td align="left"><a href="newproductdetail.asp?productid=<%=SS(Cart_js,0)%>&typeid=<%=typeid%>" target="_blank"><font style="color:#e4007e"><%=SS(Cart_js,0)%>:<%=SS(Cart_js,1)%></font></a></td> <% end if %> <td align="left"><%=SS(Cart_js,2)%></td> <td align="left"><%=SS(Cart_js,3)%>$</td> <td align="left"><%=SS(Cart_js,4)%></td> <td align="left">&nbsp;</td> </tr> <% end if rs11.close Cart_js=Cart_js+1 next %> </form> <% Next End If %> </table> <%Response.Write nav %> </div>