<!--#include file="config.asp"-->
<!--#include file="conn.asp"-->
<!--#include file="format.asp"-->
<!--#include file="error.asp"-->
<!--#include file="body/md5.asp"-->
<!--#include file="body/incjs.asp"-->
<!--#include file="body/adminmenu.asp"-->
<!--#include file="body/foot.asp"-->
<!--#include file="body/adminadmin_body.asp"-->
<title><%=webname%>-管理員選項</title>
<script language="javascript">
  if(top.frames.length == 0)
  {
    document.location = "login.asp";
  }
  else
  {
    if(parent.ryan_bar)
    {
    }
    else
    {
      parent.location = "login.asp";
    }
  }
</script>
<%
dim founderr,errmsg
founderr=false
errmsg=""

if session("adminlogin")<>sessionvar then
  founderr=true
  errmsg=errmsg+"<br>"+"<li>你尚未登錄，或者超時了！請<a href='admin.asp'>重新登錄</a>！"
  call diserror()
  response.end
else
if request.form("MM_insert") then

if request.form("action")="modpass" then
dim adminname,oldpwd,adminpwd,confirm
adminname=trim(replace(request.form("adminname"),"'",""))
oldpwd=trim(replace(request.form("oldpwd"),"'",""))
adminpwd=trim(replace(request.form("adminpwd"),"'",""))
confirm=trim(replace(request.form("confirm"),"'",""))
if adminname="" then
  founderr=true
  errmsg=errmsg+"<br>"+"<li>你必須輸入管理員名稱！"
end if
if oldpwd="" then
  founderr=true
  errmsg=errmsg+"<br>"+"<li>你必須輸入舊的管理員密碼！"
end if
if adminpwd="" then
  founderr=true
  errmsg=errmsg+"<br>"+"<li>你必須輸入新的管理員密碼！"
end if
if adminpwd<>confirm then
  founderr=true
  errmsg=errmsg+"<br>"+"<li>你兩次輸入的管理員密碼不相同！"
end if
if founderr then
  call diserror()
  response.end
else

sql="select * from admin where admin_name='"&adminname&"' and admin_password='"&md5(oldpwd)&"'"
set rs=server.createobject("adodb.recordset")
rs.open sql,conn,1,3
if rs.eof then
 errmsg=errmsg+"<br>"+"<li>管理員名稱或密碼錯誤！"
 call diserror()
 response.end
else
rs("admin_password")=md5(adminpwd)
rs.update
rs.close
set rs=nothing
end if
end if
end if
if request.form("action")="newadmin" then
adminname=trim(replace(request.form("adminname"),"'",""))
adminpwd=trim(replace(request.form("adminpwd"),"'",""))
confirm=trim(replace(request.form("confirm"),"'",""))
if adminname="" then
  founderr=true
  errmsg=errmsg+"<br>"+"<li>你必須輸入管理員名稱！"
end if
if adminpwd="" then
  founderr=true
  errmsg=errmsg+"<br>"+"<li>你必須輸入管理員密碼！"
end if
if adminpwd<>confirm then
  founderr=true
  errmsg=errmsg+"<br>"+"<li>你兩次輸入的管理員密碼不相同！"
end if
if founderr then
  call diserror()
  response.end
else

sql="select * from admin"
set rs=server.createobject("adodb.recordset")
rs.open sql,conn,1,3
rs.addnew
rs("admin_name")=adminname
rs("admin_password")=md5(adminpwd)
rs.update
rs.close
set rs=nothing
response.redirect "admin_admin.asp?action=admin"
end if
end if
if request.form("action")="editadmin" then
if request.Form("id")="" then
  founderr=true
  errmsg=errmsg+"<br>"+"<li>你必須指定操作的對象！"
else
  if not isInteger(request.form("id")) then
    founderr=true
    errmsg=errmsg+"<br>"+"<li>非法的管理員id參數(shù)。"
  end if
end if
adminname=trim(replace(request.form("adminname"),"'",""))
adminpwd=trim(replace(request.form("adminpwd"),"'",""))
confirm=trim(replace(request.form("confirm"),"'",""))
if adminname="" then
  founderr=true
  errmsg=errmsg+"<br>"+"<li>你必須輸入管理員名稱！"
end if
if adminpwd="" then
  founderr=true
  errmsg=errmsg+"<br>"+"<li>你必須輸入管理員密碼！"
end if
if adminpwd<>confirm then
  founderr=true
  errmsg=errmsg+"<br>"+"<li>你兩次輸入的管理員密碼不相同！"
end if
if founderr then
  call diserror()
  response.end
else

sql="select * from admin where admin_id="&request.form("id")
set rs=server.createobject("adodb.recordset")
rs.open sql,conn,1,3
rs("admin_name")=adminname
rs("admin_password")=md5(adminpwd)
rs.update
rs.close
set rs=nothing
response.redirect "admin_admin.asp?action=admin"
end if
end if
if request.form("action")="deladmin" then
if request.Form("id")="" then
  founderr=true
  errmsg=errmsg+"<br>"+"<li>你必須指定操作的對象！"
else
  if not isInteger(request.form("id")) then
    founderr=true
    errmsg=errmsg+"<br>"+"<li>非法的管理員id參數(shù)。"
  end if
end if
if founderr then
  call diserror()
  response.end
else

sql="select * from admin where admin_id="&request.form("id")
set rs=server.createobject("adodb.recordset")
rs.open sql,conn,1,3
rs.delete
rs.close
set rs=nothing
response.redirect "admin_admin.asp?action=admin"
end if
end if

end if

call adminadmin_body()
call endpage()
end if
%>