From 1d207e88ee04c1fa7d6b5d0cf916d6fc68542e97 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=8E=8B=E9=A6=A8=E8=8B=91?= <1234567@qq.com>
Date: Fri, 22 Dec 2023 20:12:45 +0800
Subject: [PATCH] =?UTF-8?q?=E7=8E=8B=E9=A6=A8=E8=8B=91=E7=AC=AC=E4=B8=80?=
 =?UTF-8?q?=E6=AC=A1=E4=B8=8A=E4=BC=A0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 com/action/AdminAction.java              | 249 +++++++
 com/action/AfficheAction.java            | 160 ++++
 com/action/CommonAction.java             | 172 +++++
 com/action/GuestBookAction.java          | 193 +++++
 com/action/HzpAction.java                | 157 ++++
 com/action/LoginAction.java              | 163 ++++
 com/action/MemberAction.java             | 258 +++++++
 com/action/MemberManageAction.java       | 178 +++++
 com/action/NewsAction.java               | 269 +++++++
 com/action/NewsServlet.java              | 268 +++++++
 com/bean/AdminBean.java                  | 284 +++++++
 com/bean/AfficheBean.java                | 489 ++++++++++++
 com/bean/FriendLinkBean.java             | 115 +++
 com/bean/GuestBookBean.java              | 356 +++++++++
 com/bean/HzpBean.java                    | 432 +++++++++++
 com/bean/MemberBean.java                 | 485 ++++++++++++
 com/bean/MemberManageBean.java           | 543 ++++++++++++++
 com/bean/NewsBean.java                   | 491 ++++++++++++
 com/bean/SystemBean.java                 |  96 +++
 com/csgw/ApplicationResources.properties |   2 +
 com/csgw/action/HzpsAction.java          | 129 ++++
 com/util/CheckCode.java                  |  18 +
 com/util/Common.java                     |  81 ++
 com/util/Constant.java                   |  18 +
 com/util/DBO.class                       | Bin 0 -> 2482 bytes
 com/util/DBO.java                        | 137 ++++
 com/util/DBO.java.bak                    | 137 ++++
 com/util/Filter.java                     |  38 +
 com/util/Log.java                        |  35 +
 com/util/MD5.java                        |  35 +
 com/util/SmartFile.java                  | 268 +++++++
 com/util/SmartFiles.java                 |  74 ++
 com/util/SmartRequest.java               |  76 ++
 com/util/SmartUpload.java                | 910 +++++++++++++++++++++++
 com/util/SmartUploadException.java       |   8 +
 35 files changed, 7324 insertions(+)
 create mode 100644 com/action/AdminAction.java
 create mode 100644 com/action/AfficheAction.java
 create mode 100644 com/action/CommonAction.java
 create mode 100644 com/action/GuestBookAction.java
 create mode 100644 com/action/HzpAction.java
 create mode 100644 com/action/LoginAction.java
 create mode 100644 com/action/MemberAction.java
 create mode 100644 com/action/MemberManageAction.java
 create mode 100644 com/action/NewsAction.java
 create mode 100644 com/action/NewsServlet.java
 create mode 100644 com/bean/AdminBean.java
 create mode 100644 com/bean/AfficheBean.java
 create mode 100644 com/bean/FriendLinkBean.java
 create mode 100644 com/bean/GuestBookBean.java
 create mode 100644 com/bean/HzpBean.java
 create mode 100644 com/bean/MemberBean.java
 create mode 100644 com/bean/MemberManageBean.java
 create mode 100644 com/bean/NewsBean.java
 create mode 100644 com/bean/SystemBean.java
 create mode 100644 com/csgw/ApplicationResources.properties
 create mode 100644 com/csgw/action/HzpsAction.java
 create mode 100644 com/util/CheckCode.java
 create mode 100644 com/util/Common.java
 create mode 100644 com/util/Constant.java
 create mode 100644 com/util/DBO.class
 create mode 100644 com/util/DBO.java
 create mode 100644 com/util/DBO.java.bak
 create mode 100644 com/util/Filter.java
 create mode 100644 com/util/Log.java
 create mode 100644 com/util/MD5.java
 create mode 100644 com/util/SmartFile.java
 create mode 100644 com/util/SmartFiles.java
 create mode 100644 com/util/SmartRequest.java
 create mode 100644 com/util/SmartUpload.java
 create mode 100644 com/util/SmartUploadException.java

diff --git a/com/action/AdminAction.java b/com/action/AdminAction.java
new file mode 100644
index 0000000..e51d842
--- /dev/null
+++ b/com/action/AdminAction.java
@@ -0,0 +1,249 @@
+package com.action;
+/**
+ * 管理员登陆 增加 修改 删除 删除登陆日志
+ */
+import java.io.IOException;
+import java.util.List;
+import java.util.StringTokenizer;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import com.bean.AdminBean;
+import com.bean.SystemBean;
+import com.util.Constant;
+import com.util.MD5;
+
+public class AdminAction extends HttpServlet {
+
+	/**
+	 * Constructor of the object.
+	 */
+	public AdminAction() {
+		super();
+	}
+
+	/**
+	 * Destruction of the servlet. <br>
+	 */
+	public void destroy() {
+		super.destroy(); // Just puts "destroy" string in log
+		// Put your code here
+	}
+
+	/**
+	 * The doGet method of the servlet. <br>
+	 *
+	 * This method is called when a form has its tag value method equals to get.
+	 * 
+	 * @param request the request send by the client to the server
+	 * @param response the response send by the server to the client
+	 * @throws ServletException if an error occurred
+	 * @throws IOException if an error occurred
+	 */
+	public void doGet(HttpServletRequest request, HttpServletResponse response)
+			throws ServletException, IOException {
+
+		doPost(request,response);
+	}
+
+	/**
+	 * The doPost method of the servlet. <br>
+	 *
+	 * This method is called when a form has its tag value method equals to post.
+	 * 
+	 * @param request the request send by the client to the server
+	 * @param response the response send by the server to the client
+	 * @throws ServletException if an error occurred
+	 * @throws IOException if an error occurred
+	 */
+	public void doPost(HttpServletRequest request, HttpServletResponse response)
+			throws ServletException, IOException {
+
+		response.setContentType(Constant.CONTENTTYPE);
+		request.setCharacterEncoding(Constant.CHARACTERENCODING);
+		try{
+			String method=request.getParameter("method").trim();
+			AdminBean loginbean = new AdminBean();
+			HttpSession session = request.getSession();
+			session.setMaxInactiveInterval(1200);
+			SystemBean systembean = new SystemBean();
+			String sysdir = systembean.getDir();
+			if(method.equals("one")){//admin登录
+				String username = request.getParameter("username");
+				String password = request.getParameter("password");
+				if(username == null||username.trim().equals("")){
+					request.setAttribute("message", "请正确输入用户名！");
+					request.getRequestDispatcher(sysdir+"/login.jsp").forward(request, response);
+				}
+				else if(password == null||password.trim().equals("")){
+					request.setAttribute("message", "请输入密码！");
+					request.getRequestDispatcher(sysdir+"/login.jsp").forward(request, response);
+				}
+				else{
+					String md5password = MD5.MD5(password);
+					String agent = request.getHeader("user-agent"); 
+					StringTokenizer st = new StringTokenizer(agent,";"); 
+					String useros=st.nextToken();
+					String loginip = request.getRemoteAddr();			
+					int flag = loginbean.adminLogin(username,md5password, password,useros,loginip);
+					switch (flag){
+						case Constant.SUCCESS:
+							List list = loginbean.getAdminInfo(username);
+							session.setAttribute("user", username);
+							session.setAttribute("list", list);
+							request.getRequestDispatcher(sysdir+"/").forward(request, response);
+							break;
+						case Constant.NAME_ERROR:
+							request.setAttribute("message", "用户名错误！请确认管理权限！");
+							request.getRequestDispatcher(sysdir+"/login.jsp").forward(request, response);
+							break;
+						case Constant.PASSWORD_ERROR:
+							request.setAttribute("message", "密码错误，请确认管理权限！");
+							request.getRequestDispatcher(sysdir+"/login.jsp").forward(request, response);
+							break;
+					}
+				}
+			}
+			else if(method.equals("editpwd")){//admin edit password
+				String username2 = (String)session.getAttribute("user");
+				if(username2 == null){
+					request.getRequestDispatcher("error.jsp").forward(request, response);
+				}
+				else{
+					String oldpwd = MD5.MD5(request.getParameter("oldpwd").trim());
+					String newpwd = MD5.MD5(request.getParameter("newpwd").trim());
+					String username = (String)session.getAttribute("user");
+					int flag = loginbean.editPassword(username, oldpwd, newpwd);
+					switch (flag){
+						case Constant.SUCCESS:
+							request.setAttribute("message", "密码修改成功！");
+							request.getRequestDispatcher(sysdir+"/system/editpwd.jsp").forward(request, response);
+							break;
+						case Constant.PASSWORD_ERROR:
+							request.setAttribute("message", "原始密码错误，请确认权限！");
+							request.getRequestDispatcher(sysdir+"/system/editpwd.jsp").forward(request, response);
+							break;
+						case Constant.SYSTEM_ERROR:
+							request.setAttribute("message", "系统维护中，请稍后再试！");
+							request.getRequestDispatcher(sysdir+"/system/editpwd.jsp").forward(request, response);
+							break;
+					}
+				}		
+			}
+			else if(method.equals("exit")){//admin exit
+				String username2 = (String)session.getAttribute("user");
+				if(username2 == null){
+					request.getRequestDispatcher("error.jsp").forward(request, response);
+				}
+				else{
+					session.removeAttribute("user");
+					session.removeAttribute("list");
+					System.gc();
+					request.getRequestDispatcher(sysdir+"/login.jsp").forward(request, response);
+				}			
+			}
+			else if(method.equals("manager")){//add,update manager
+				String username2 = (String)session.getAttribute("user");
+				if(username2 == null){
+					request.getRequestDispatcher("error.jsp").forward(request, response);
+				}
+				else{
+					
+						String username = request.getParameter("username").trim();
+						String password = MD5.MD5(request.getParameter("password").trim());
+						
+						
+						int flag = loginbean.addManager(username, password, "2", "1");
+						if(flag == Constant.SUCCESS){
+							request.setAttribute("message", "增加管理员成功！");
+							request.getRequestDispatcher(sysdir+"/system/user.jsp").forward(request, response);
+						}
+						else if(flag == Constant.SAME_NAME){
+							request.setAttribute("username", username);
+							request.setAttribute("message", "该用户名已经存在！");
+							request.getRequestDispatcher(sysdir+"/system/user.jsp").forward(request, response);
+						}
+						else{
+							request.setAttribute("message", "系统维护中，请稍后再试！");
+							request.getRequestDispatcher(sysdir+"/system/user.jsp").forward(request, response);
+						}		
+					
+				}
+			}
+			else if(method.equals("delm")){//delete manager
+				String username2 = (String)session.getAttribute("user");
+				if(username2 == null){
+					request.getRequestDispatcher("error.jsp").forward(request, response);
+				}
+				else{
+					int id = Integer.parseInt(request.getParameter("id").trim());
+					if(id == 1){
+						request.setAttribute("message", "不能删除原始帐号！");
+						request.getRequestDispatcher(sysdir+"/system/user.jsp").forward(request, response);
+					}
+					else{
+						int flag = loginbean.delManager(id);
+						if(flag == Constant.SUCCESS){
+							request.setAttribute("message", "删除成功！");
+							request.getRequestDispatcher(sysdir+"/system/user.jsp").forward(request, response);
+						}	
+						else{
+							request.setAttribute("message", "系统维护中，请稍后再试！");
+							request.getRequestDispatcher(sysdir+"/system/user.jsp").forward(request, response);
+						}	
+					}
+				}			
+			}
+			else if(method.equals("dellog")){//delete login note
+				String username2 = (String)session.getAttribute("user");
+				if(username2 == null){
+					request.getRequestDispatcher("error.jsp").forward(request, response);
+				}
+				else{
+					String check[] = request.getParameterValues("checkit");
+					if(check == null){
+						request.setAttribute("message", "请选择要删除的记录！");
+						request.getRequestDispatcher(sysdir+"/system/log.jsp").forward(request, response);
+					}
+					else{
+						int id[]= new int[check.length];
+						for(int i = 0;i<check.length;i++){
+							int s = Integer.parseInt(check[i]);				
+							id[i] = s;
+						}
+						int flag = loginbean.delLog(id);
+						if(flag == Constant.SUCCESS){
+							request.setAttribute("message", "删除记录成功！");
+							request.getRequestDispatcher(sysdir+"/system/log.jsp").forward(request, response);
+						}
+						else{
+							request.setAttribute("message", "系统维护中，请稍后再试！");
+							request.getRequestDispatcher(sysdir+"/system/log.jsp").forward(request, response);
+						}
+					}
+				}			
+			}
+			else{//无参数传入转到错误页面
+				request.getRequestDispatcher("error.jsp").forward(request, response);
+			}
+		}catch(Exception e){
+			e.printStackTrace();
+			request.getRequestDispatcher("error.jsp").forward(request, response);
+		}
+		
+	}
+
+	/**
+	 * Initialization of the servlet. <br>
+	 *
+	 * @throws ServletException if an error occure
+	 */
+	public void init() throws ServletException {
+		// Put your code here
+	}
+
+}
diff --git a/com/action/AfficheAction.java b/com/action/AfficheAction.java
new file mode 100644
index 0000000..dfbdaf7
--- /dev/null
+++ b/com/action/AfficheAction.java
@@ -0,0 +1,160 @@
+package com.action;
+
+/**
+ * 网站公告
+ * @author Administrator
+ *
+ */
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import com.bean.AfficheBean;
+import com.bean.SystemBean;
+import com.util.Constant;
+import com.util.Filter;
+
+public class AfficheAction extends HttpServlet {
+
+	/**
+	 * Constructor of the object.
+	 */
+	public AfficheAction() {
+		super();
+	}
+
+	/**
+	 * Destruction of the servlet. <br>
+	 */
+	public void destroy() {
+		super.destroy(); // Just puts "destroy" string in log
+		// Put your code here
+	}
+
+	/**
+	 * The doGet method of the servlet. <br>
+	 *
+	 * This method is called when a form has its tag value method equals to get.
+	 * 
+	 * @param request the request send by the client to the server
+	 * @param response the response send by the server to the client
+	 * @throws ServletException if an error occurred
+	 * @throws IOException if an error occurred
+	 */
+	public void doGet(HttpServletRequest request, HttpServletResponse response)
+			throws ServletException, IOException {
+
+		doPost(request,response);
+	}
+
+	/**
+	 * The doPost method of the servlet. <br>
+	 *
+	 * This method is called when a form has its tag value method equals to post.
+	 * 
+	 * @param request the request send by the client to the server
+	 * @param response the response send by the server to the client
+	 * @throws ServletException if an error occurred
+	 * @throws IOException if an error occurred
+	 */
+	public void doPost(HttpServletRequest request, HttpServletResponse response)
+			throws ServletException, IOException {
+
+		response.setContentType(Constant.CONTENTTYPE);
+		request.setCharacterEncoding(Constant.CHARACTERENCODING);
+		String sysdir = new SystemBean().getDir();
+		HttpSession session = request.getSession();
+		try{
+			String username2 = (String)session.getAttribute("user");
+			if(username2 == null){
+				request.getRequestDispatcher("error.jsp").forward(request, response);
+			}
+			else{
+				AfficheBean afficheBean = new AfficheBean();
+				String method = request.getParameter("method").trim();
+				if(method.equals("addAffiche")){//增加公告
+					String title = Filter.escapeHTMLTags(request.getParameter("title").trim());
+					String content = Filter.escapeHTMLTags(request.getParameter("content").trim());
+					String adder = username2;
+					String ifhide = Filter.escapeHTMLTags(request.getParameter("ifhide").trim());
+					int flag = afficheBean.addAffiche(title, content, adder, ifhide);
+					if(flag == Constant.SUCCESS){
+						request.setAttribute("message", "操作成功！");
+						request.getRequestDispatcher(sysdir+"/affiche/index.jsp").forward(request, response);
+					}
+					else{
+						request.setAttribute("message", "系统维护中请稍后再试！");
+						request.getRequestDispatcher(sysdir+"/affiche/index.jsp").forward(request, response);
+					}
+				}
+				else if(method.equals("editAffiche")){//修改公告
+					String id=Filter.escapeHTMLTags(request.getParameter("id").trim());
+					String title = Filter.escapeHTMLTags(request.getParameter("title").trim());
+					String content = Filter.escapeHTMLTags(request.getParameter("content").trim());
+					String adder = username2;
+					String ifhide = Filter.escapeHTMLTags(request.getParameter("ifhide").trim());
+					int flag = afficheBean.updateAffiche(Integer.parseInt(id), title, content, adder, ifhide);
+					if(flag == Constant.SUCCESS){
+						request.setAttribute("message", "操作成功！");
+						request.getRequestDispatcher(sysdir+"/affiche/index.jsp").forward(request, response);
+					}
+					else{
+						request.setAttribute("message", "系统维护中请稍后再试！");
+						request.getRequestDispatcher(sysdir+"/affiche/index.jsp").forward(request, response);
+					}
+				}
+				else if(method.equals("hideAffiche")){
+					String id = Filter.escapeHTMLTags(request.getParameter("id").trim());
+					int flag = afficheBean.hideAffiche(Integer.parseInt(id));
+					if(flag == Constant.SUCCESS){
+						request.getRequestDispatcher(sysdir+"/affiche/index.jsp").forward(request, response);
+					}
+					else{
+						request.setAttribute("message", "系统维护中，请稍后再试！");
+						request.getRequestDispatcher(sysdir+"/affiche/index.jsp").forward(request, response);
+					}
+				}
+				else if(method.equals("delaffiche")){//删除公告
+					String check[] = request.getParameterValues("checkit");
+					if(check == null){
+						request.setAttribute("message", "请选择要删除的记录！");
+						request.getRequestDispatcher(sysdir+"/affiche/index.jsp").forward(request, response);
+					}
+					else{
+						int id[]= new int[check.length];
+						for(int i = 0;i<check.length;i++){
+							int s = Integer.parseInt(check[i]);				
+							id[i] = s;
+						}
+						int flag = afficheBean.delAffiche(id);
+						if(flag == Constant.SUCCESS){
+							request.getRequestDispatcher(sysdir+"/affiche/index.jsp").forward(request, response);
+						}
+						else{
+							request.setAttribute("message", "系统维护中，请稍后再试！");
+							request.getRequestDispatcher(sysdir+"/affiche/index.jsp").forward(request, response);
+						}
+					}
+				}
+			}
+		}catch(Exception e){
+			e.printStackTrace();
+			request.getRequestDispatcher("error.jsp").forward(request, response);
+		}
+	}
+
+	/**
+	 * Initialization of the servlet. <br>
+	 *
+	 * @throws ServletException if an error occure
+	 */
+	public void init() throws ServletException {
+		// Put your code here
+	}
+
+}
diff --git a/com/action/CommonAction.java b/com/action/CommonAction.java
new file mode 100644
index 0000000..0e302b8
--- /dev/null
+++ b/com/action/CommonAction.java
@@ -0,0 +1,172 @@
+package com.action;
+
+/**
+ * 上传控制servlet中无法实现的功能由此操作 
+ * 
+ * 通用操作控制
+ * 
+ */
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+
+import com.bean.NewsBean;
+import com.bean.SystemBean;
+import com.util.Constant;
+import com.util.Filter;
+
+public class CommonAction extends HttpServlet {
+
+	/**
+	 * Constructor of the object.
+	 */
+	public CommonAction() {
+		super();
+	}
+
+	/**
+	 * Destruction of the servlet. <br>
+	 */
+	public void destroy() {
+		super.destroy(); // Just puts "destroy" string in log
+		// Put your code here
+	}
+
+	/**
+	 * The doGet method of the servlet. <br>
+	 *
+	 * This method is called when a form has its tag value method equals to get.
+	 * 
+	 * @param request the request send by the client to the server
+	 * @param response the response send by the server to the client
+	 * @throws ServletException if an error occurred
+	 * @throws IOException if an error occurred
+	 */
+	public void doGet(HttpServletRequest request, HttpServletResponse response)
+			throws ServletException, IOException {
+
+		doPost(request,response);
+	}
+
+	/**
+	 * The doPost method of the servlet. <br>
+	 *
+	 * This method is called when a form has its tag value method equals to post.
+	 * 
+	 * @param request the request send by the client to the server
+	 * @param response the response send by the server to the client
+	 * @throws ServletException if an error occurred
+	 * @throws IOException if an error occurred
+	 */
+	public void doPost(HttpServletRequest request, HttpServletResponse response)
+			throws ServletException, IOException {
+
+		response.setContentType(Constant.CONTENTTYPE);
+		request.setCharacterEncoding(Constant.CHARACTERENCODING);
+		String sysdir = new SystemBean().getDir();
+		HttpSession session = request.getSession();
+		try{
+			String username2 = (String)session.getAttribute("user");
+			if(username2 == null){
+				request.getRequestDispatcher("error.jsp").forward(request, response);
+			}
+			else{
+				String method = request.getParameter("method").trim();
+				
+				/**********************************************
+				 * 新闻
+				 ************************************************/
+				if(method.equals("DELNEWS")){//删除新闻 来自普通新闻页面index.jsp
+					String strDirPath = request.getSession().getServletContext().getRealPath("/");
+					String check[] = request.getParameterValues("checkit");
+        			if(check == null){
+						request.setAttribute("message", "请选择要删除的记录！");
+						request.getRequestDispatcher(sysdir+"/news/index.jsp").forward(request, response);
+					}
+					else{
+						int id2[]= new int[check.length];
+						for(int i = 0;i<check.length;i++){
+							int s = Integer.parseInt(check[i]);				
+							id2[i] = s;
+						}
+						int flag = new NewsBean().delNews(id2); 
+						if(flag == Constant.SUCCESS){
+							request.getRequestDispatcher(sysdir+"/news/index.jsp").forward(request, response);
+						}
+						else{
+							request.setAttribute("message", "系统维护中，请稍后再试！");
+							request.getRequestDispatcher(sysdir+"/news/index.jsp").forward(request, response);
+						}
+					}
+				}
+				else if(method.equals("HIDENEWS")){//隐藏、显示新闻 来自普通新闻页面index.jsp
+					String id = Filter.escapeHTMLTags(request.getParameter("id").trim());
+					int flag = new NewsBean().hideNews(Integer.parseInt(id));
+					if(flag == Constant.SUCCESS){
+						request.getRequestDispatcher(sysdir+"/news/index.jsp").forward(request, response);
+					}
+					else{
+						request.setAttribute("message", "系统维护中，请稍后再试！");
+						request.getRequestDispatcher(sysdir+"/news/index.jsp").forward(request, response);
+					}
+				}
+				else if(method.equals("UPNEWS")){//置顶 新闻 来自普通新闻页面index.jsp
+					String id = Filter.escapeHTMLTags(request.getParameter("id").trim());
+					int flag = new NewsBean().upNews(Integer.parseInt(id));
+					if(flag == Constant.SUCCESS){
+						request.getRequestDispatcher(sysdir+"/news/index.jsp").forward(request, response);
+					}
+					else{
+						request.setAttribute("message", "系统维护中，请稍后再试！");
+						request.getRequestDispatcher(sysdir+"/news/index.jsp").forward(request, response);
+					}
+				}
+//				if(method.equals("DELUPNEWS")){//删除新闻 来自置顶新闻页面up.jsp
+//					String strDirPath = request.getSession().getServletContext().getRealPath("/");
+//					String check[] = request.getParameterValues("checkit");
+//        			if(check == null){
+//						request.setAttribute("message", "请选择要删除的记录！");
+//						request.getRequestDispatcher(sysdir+"/news/up.jsp").forward(request, response);
+//					}
+//					else{
+//						int id2[]= new int[check.length];
+//						for(int i = 0;i<check.length;i++){
+//							int s = Integer.parseInt(check[i]);				
+//							id2[i] = s;
+//						}
+//						int flag = new NewsBean().delNews(id2,strDirPath); 
+//						if(flag == Constant.SUCCESS){
+//							request.getRequestDispatcher(sysdir+"/news/up.jsp").forward(request, response);
+//						}
+//						else{
+//							request.setAttribute("message", "系统维护中，请稍后再试！");
+//							request.getRequestDispatcher(sysdir+"/news/up.jsp").forward(request, response);
+//						}
+//					}
+//				}
+				
+				
+				else{
+	            	request.getRequestDispatcher("error.jsp").forward(request, response);
+	            }
+			}
+		}catch(Exception e){
+			
+		}
+	}
+
+	/**
+	 * Initialization of the servlet. <br>
+	 *
+	 * @throws ServletException if an error occure
+	 */
+	public void init() throws ServletException {
+		// Put your code here
+	}
+
+}
diff --git a/com/action/GuestBookAction.java b/com/action/GuestBookAction.java
new file mode 100644
index 0000000..ff629b9
--- /dev/null
+++ b/com/action/GuestBookAction.java
@@ -0,0 +1,193 @@
+package com.action;
+
+/**
+ * 
+ * 留言本
+ */
+
+import java.io.IOException;
+import java.util.List;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import com.bean.GuestBookBean;
+import com.bean.SystemBean;
+import com.util.Constant;
+import com.util.Filter;
+
+public class GuestBookAction extends HttpServlet {
+
+	/**
+	 * Constructor of the object.
+	 */
+	public GuestBookAction() {
+		super();
+	}
+
+	/**
+	 * Destruction of the servlet. <br>
+	 */
+	public void destroy() {
+		super.destroy(); // Just puts "destroy" string in log
+		// Put your code here
+	}
+
+	/**
+	 * The doGet method of the servlet. <br>
+	 *
+	 * This method is called when a form has its tag value method equals to get.
+	 * 
+	 * @param request the request send by the client to the server
+	 * @param response the response send by the server to the client
+	 * @throws ServletException if an error occurred
+	 * @throws IOException if an error occurred
+	 */
+	public void doGet(HttpServletRequest request, HttpServletResponse response)
+			throws ServletException, IOException {
+		
+			doPost(request,response);
+	}
+
+	/**
+	 * The doPost method of the servlet. <br>
+	 *
+	 * This method is called when a form has its tag value method equals to post.
+	 * 
+	 * @param request the request send by the client to the server
+	 * @param response the response send by the server to the client
+	 * @throws ServletException if an error occurred
+	 * @throws IOException if an error occurred
+	 */
+	public void doPost(HttpServletRequest request, HttpServletResponse response)
+			throws ServletException, IOException {
+	
+		request.setCharacterEncoding(Constant.CHARACTERENCODING);
+		response.setContentType(Constant.CONTENTTYPE);
+		//nikename, pic, email, qq, weburl, blogurl, expressions, content
+		String sysdir = new SystemBean().getDir();
+		HttpSession session = request.getSession();
+		String method = request.getParameter("method").trim();
+			GuestBookBean guestBookBean = new GuestBookBean();
+			if(method.equals("add")){//发表留言
+				String member=(String)session.getAttribute("member");
+				String nikename = Filter.escapeHTMLTags(request.getParameter("nikename").trim());
+				String face ="images/nobody.gif";
+				String email = Filter.escapeHTMLTags(request.getParameter("email").trim());
+				String qq = Filter.escapeHTMLTags(request.getParameter("qq").trim());
+				String weburl = Filter.escapeHTMLTags(request.getParameter("weburl").trim());
+				String blogurl = Filter.escapeHTMLTags(request.getParameter("blogurl").trim());
+				String expressions = "images/face/"+Filter.escapeHTMLTags(request.getParameter("face").trim())+".gif";
+				String content = Filter.escapeHTMLTags(request.getParameter("content").trim());
+				String ip = request.getRemoteAddr();
+				 
+				int guestbook=1;
+				int flag = guestBookBean.addGuestBook(nikename, face, email, qq, weburl, blogurl, expressions, content, ip,guestbook);
+				if(flag == 1){
+					
+						request.setAttribute("message", "谢谢您的留言，请等候管理员回复！");
+						request.getRequestDispatcher("guestbook.jsp").forward(request, response);
+					
+				}
+				else{
+					request.setAttribute("message", "系统维护中，请稍后再试！");
+					request.getRequestDispatcher("guestbook.jsp").forward(request, response);
+				}
+			}
+			else if(method.equals("delguestbook")){//删除留言
+				try{
+					String username2 = (String)session.getAttribute("user");
+					if(username2 == null){
+						request.getRequestDispatcher("error.jsp").forward(request, response);
+					}
+					else{
+						String check[] = request.getParameterValues("checkit");
+						if(check == null){
+							request.setAttribute("message", "请选择要删除的记录！");
+							request.getRequestDispatcher(sysdir+"/guestbook/index.jsp").forward(request, response);
+						}
+						else{
+							int id[]= new int[check.length];
+							for(int i = 0;i<check.length;i++){
+								int s = Integer.parseInt(check[i]);				
+								id[i] = s;
+							}
+							int flag = guestBookBean.delGuestBook(id);
+							if(flag == Constant.SUCCESS){
+								request.getRequestDispatcher(sysdir+"/guestbook/index.jsp").forward(request, response);
+							}
+							else{
+								request.setAttribute("message", "系统维护中，请稍后再试！");
+								request.getRequestDispatcher(sysdir+"/guestbook/index.jsp").forward(request, response);
+							}
+						}
+					}
+				}catch(Exception e){
+					request.getRequestDispatcher("error.jsp").forward(request, response);
+				}
+			}
+			
+			else if(method.equals("replay")){//回复留言
+				try{
+					String username2 = (String)session.getAttribute("user");
+					if(username2 == null){
+						request.getRequestDispatcher("error.jsp").forward(request, response);
+					}
+					else{
+						String messageid = Filter.escapeHTMLTags(request.getParameter("id").trim());
+						String replay = Filter.escapeHTMLTags(request.getParameter("replay").trim());
+						int flag = guestBookBean.reGuestBook(Integer.parseInt(messageid), replay, username2);
+						if(flag == Constant.SUCCESS){
+							request.setAttribute("message", "回复成功！");
+							request.getRequestDispatcher(sysdir+"/guestbook/index.jsp").forward(request, response);
+						}
+						else{
+							request.setAttribute("message", "系统维护中，请稍后再试！");
+							request.getRequestDispatcher(sysdir+"/guestbook/index.jsp").forward(request, response);
+						}
+					}
+				}catch(Exception e){
+					request.getRequestDispatcher("error.jsp").forward(request, response);
+				}
+			}
+			else if(method.equals("upreplay")){
+				try{
+					String username2 = (String)session.getAttribute("user");
+					if(username2 == null){
+						request.getRequestDispatcher("error.jsp").forward(request, response);
+					}
+					else{
+						String messageid = Filter.escapeHTMLTags(request.getParameter("id").trim());
+						String replay = Filter.escapeHTMLTags(request.getParameter("replay").trim());
+						int flag = guestBookBean.upReplay(Integer.parseInt(messageid), replay);
+						if(flag == Constant.SUCCESS){
+							request.setAttribute("message", "修改成功！");
+							request.getRequestDispatcher(sysdir+"/guestbook/index.jsp").forward(request, response);
+						}
+						else{
+							request.setAttribute("message", "系统维护中，请稍后再试！");
+							request.getRequestDispatcher(sysdir+"/guestbook/index.jsp").forward(request, response);
+						}
+					}
+				}catch(Exception e){
+					request.getRequestDispatcher("error.jsp").forward(request, response);
+				}
+			}
+			else{
+				request.getRequestDispatcher("error.jsp").forward(request, response);
+			}
+			
+	}
+	
+	/**
+	 * Initialization of the servlet. <br>
+	 *
+	 * @throws ServletException if an error occure
+	 */
+	public void init() throws ServletException {
+		// Put your code here
+	}
+}
diff --git a/com/action/HzpAction.java b/com/action/HzpAction.java
new file mode 100644
index 0000000..01e24c8
--- /dev/null
+++ b/com/action/HzpAction.java
@@ -0,0 +1,157 @@
+package com.action;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import com.bean.HzpBean;
+import com.bean.NewsBean;
+import com.util.Constant;
+
+public class HzpAction extends HttpServlet {
+
+	/**
+	 * Constructor of the object.
+	 */
+	public HzpAction() {
+		super();
+	}
+
+	/**
+	 * Destruction of the servlet. <br>
+	 */
+	public void destroy() {
+		super.destroy(); // Just puts "destroy" string in log
+		// Put your code here
+	}
+
+	/**
+	 * The doGet method of the servlet. <br>
+	 *
+	 * This method is called when a form has its tag value method equals to get.
+	 * 
+	 * @param request the request send by the client to the server
+	 * @param response the response send by the server to the client
+	 * @throws ServletException if an error occurred
+	 * @throws IOException if an error occurred
+	 */
+	public void doGet(HttpServletRequest request, HttpServletResponse response)
+			throws ServletException, IOException {
+
+		doPost(request,response);
+	}
+
+	/**
+	 * The doPost method of the servlet. <br>
+	 *
+	 * This method is called when a form has its tag value method equals to post.
+	 * 
+	 * @param request the request send by the client to the server
+	 * @param response the response send by the server to the client
+	 * @throws ServletException if an error occurred
+	 * @throws IOException if an error occurred
+	 */
+	public void doPost(HttpServletRequest request, HttpServletResponse response)
+			throws ServletException, IOException {
+
+		request.setCharacterEncoding(Constant.CHARACTERENCODING);
+		response.setContentType(Constant.CONTENTTYPE);
+		HttpSession session=request.getSession();
+		HzpBean tb=new HzpBean();
+		String method=request.getParameter("method").trim();
+		///////////////////////////////////////////////////////////////////// 
+		if(method.equals("deltrave")){
+			String id=request.getParameter("id").trim();
+			int flag = tb.delTrave(id);
+			if(flag == Constant.SUCCESS){
+				request.setAttribute("message", "操作成功！");
+				request.getRequestDispatcher("admin/hzp/index.jsp").forward(request, response);
+			}
+			else{
+				request.setAttribute("message", "系统维护中，请稍后再试！");
+				request.getRequestDispatcher("admin/hzp/index.jsp").forward(request, response);
+			}
+		}
+		else if(method.equals("hotdeltrave")){
+			String id=request.getParameter("id").trim();
+			int flag = tb.delTrave(id);
+			if(flag == Constant.SUCCESS){
+				request.setAttribute("message", "操作成功！");
+				request.getRequestDispatcher("admin/hzp/hot.jsp").forward(request, response);
+			}
+			else{
+				request.setAttribute("message", "系统维护中，请稍后再试！");
+				request.getRequestDispatcher("admin/hzp/hot.jsp").forward(request, response);
+			}
+		}
+		else if(method.equals("tejiadeltrave")){
+			String id=request.getParameter("id").trim();
+			int flag = tb.delTrave(id);
+			if(flag == Constant.SUCCESS){
+				request.setAttribute("message", "操作成功！");
+				request.getRequestDispatcher("admin/hzp/tejia.jsp").forward(request, response);
+			}
+			else{
+				request.setAttribute("message", "系统维护中，请稍后再试！");
+				request.getRequestDispatcher("admin/hzp/tejia.jsp").forward(request, response);
+			}
+		}
+		else if(method.equals("tuijiandeltrave")){
+			String id=request.getParameter("id").trim();
+			int flag = tb.delTrave(id);
+			if(flag == Constant.SUCCESS){
+				request.setAttribute("message", "操作成功！");
+				request.getRequestDispatcher("admin/hzp/tuijian.jsp").forward(request, response);
+			}
+			else{
+				request.setAttribute("message", "系统维护中，请稍后再试！");
+				request.getRequestDispatcher("admin/hzp/tuijian.jsp").forward(request, response);
+			}
+		}
+		 
+		else if(method.equals("addType")){
+			String type=request.getParameter("type").trim();
+			int flag=tb.addType(type);
+			if(flag == Constant.SUCCESS){
+				request.setAttribute("message", "操作成功！");
+				request.getRequestDispatcher("admin/hzp/type.jsp").forward(request, response);
+			}
+			else if(flag==Constant.DEFAULT_ERROR){
+				request.setAttribute("message", "该分类已存在！");
+				request.getRequestDispatcher("admin/hzp/type.jsp").forward(request, response);
+			}
+			else{
+				request.setAttribute("message", "系统维护中，请稍后再试！");
+				request.getRequestDispatcher("admin/hzp/type.jsp").forward(request, response);
+			}
+		}
+		else if(method.equals("delType")){
+			String id=request.getParameter("id").trim();
+			int flag=tb.delType(id);
+			if(flag == Constant.SUCCESS){
+				request.setAttribute("message", "操作成功！");
+				request.getRequestDispatcher("admin/hzp/type.jsp").forward(request, response);
+			}
+			
+			else{
+				request.setAttribute("message", "系统维护中，请稍后再试！");
+				request.getRequestDispatcher("admin/hzp/type.jsp").forward(request, response);
+			}
+		}
+		  
+	}
+
+	/**
+	 * Initialization of the servlet. <br>
+	 *
+	 * @throws ServletException if an error occure
+	 */
+	public void init() throws ServletException {
+		// Put your code here
+	}
+
+}
diff --git a/com/action/LoginAction.java b/com/action/LoginAction.java
new file mode 100644
index 0000000..4765477
--- /dev/null
+++ b/com/action/LoginAction.java
@@ -0,0 +1,163 @@
+package com.action;
+
+/**
+ * 前台会员登陆 退出
+ * 
+ */
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import com.bean.MemberBean;
+import com.util.Constant;
+import com.util.Filter;
+
+public class LoginAction extends HttpServlet {
+
+	/**
+	 * Constructor of the object.
+	 */
+	public LoginAction() {
+		super();
+	}
+
+	/**
+	 * Destruction of the servlet. <br>
+	 */
+	public void destroy() {
+		super.destroy(); // Just puts "destroy" string in log
+		// Put your code here
+	}
+
+	/**
+	 * The doGet method of the servlet. <br>
+	 *
+	 * This method is called when a form has its tag value method equals to get.
+	 * 
+	 * @param request the request send by the client to the server
+	 * @param response the response send by the server to the client
+	 * @throws ServletException if an error occurred
+	 * @throws IOException if an error occurred
+	 */
+	public void doGet(HttpServletRequest request, HttpServletResponse response)
+			throws ServletException, IOException {
+
+		doPost(request,response);
+	}
+
+	/**
+	 * The doPost method of the servlet. <br>
+	 *
+	 * This method is called when a form has its tag value method equals to post.
+	 * 
+	 * @param request the request send by the client to the server
+	 * @param response the response send by the server to the client
+	 * @throws ServletException if an error occurred
+	 * @throws IOException if an error occurred
+	 */
+	public void doPost(HttpServletRequest request, HttpServletResponse response)
+			throws ServletException, IOException {
+
+		response.setContentType(Constant.CONTENTTYPE);
+		request.setCharacterEncoding(Constant.CHARACTERENCODING);
+		HttpSession session = request.getSession();
+		MemberBean memberBean = new MemberBean();
+		String method = Filter.escapeHTMLTags(request.getParameter("method").trim());
+		if(method.equals("HEADUSERLOGIN")){//网页头部会员登陆
+			String reg_user = Filter.escapeHTMLTags(request.getParameter("reg_user").trim());
+			String reg_pwd = Filter.escapeHTMLTags(request.getParameter("reg_pwd").trim());
+			String reg_type = Filter.escapeHTMLTags(request.getParameter("reg_type").trim());
+			String lastip = request.getRemoteAddr();
+			int flag = memberBean.memberLogin(reg_user, reg_pwd, reg_type);
+			if(flag == Constant.SUCCESS){//登陆成功
+				String info = memberBean.getLastTimeIP(reg_user);
+				int flag2 = memberBean.upmemberLogin(reg_user, lastip);
+				if(flag2 == Constant.SUCCESS){
+					session.setAttribute("member", reg_user);
+					session.setAttribute("type", reg_type);
+					session.setAttribute("info", info);
+					request.getRequestDispatcher("login1.jsp").forward(request, response);
+				}
+				else{
+					session.setAttribute("member", reg_user);
+					session.setAttribute("type", reg_type);
+					session.setAttribute("info", info);
+					session.setAttribute("message", "登陆成功，登陆信息更新失败！");
+					request.getRequestDispatcher("login1.jsp").forward(request, response);
+				}
+			}
+			else if(flag == Constant.NAME_ERROR){//用户名错误
+				request.setAttribute("reg_user", reg_user);
+				request.setAttribute("message", "该用户名不存在或者已被管理员冻结！");
+				request.getRequestDispatcher("login1.jsp").forward(request, response);
+			}
+			else if(flag == Constant.PASSWORD_ERROR){//密码错误
+				request.setAttribute("reg_user", reg_user);
+				request.setAttribute("message", "密码错误！");
+				request.getRequestDispatcher("login1.jsp").forward(request, response);
+			}
+		}
+		else if(method.equals("PAGEUSERLOGIN")){//登陆页面会员登陆
+			String username = Filter.escapeHTMLTags(request.getParameter("username").trim());
+			String password = Filter.escapeHTMLTags(request.getParameter("password").trim());
+			String reg_type = Filter.escapeHTMLTags(request.getParameter("reg_type").trim());
+			String lastip = request.getRemoteAddr();
+			int flag = memberBean.memberLogin(username, password, reg_type);
+			if(flag == Constant.SUCCESS){//登陆成功
+				String info = memberBean.getLastTimeIP(username);
+				int flag2 = memberBean.upmemberLogin(username, lastip);
+				if(flag2 == Constant.SUCCESS){
+					session.setAttribute("member", username);
+					session.setAttribute("type", reg_type);
+					session.setAttribute("info", info);
+					request.getRequestDispatcher("member/index.jsp").forward(request, response);
+				}
+				else{
+					session.setAttribute("member", username);
+					session.setAttribute("type", reg_type);
+					session.setAttribute("info", info);
+					session.setAttribute("message", "登陆成功，登陆信息更新失败！");
+					request.getRequestDispatcher("member/index.jsp").forward(request, response);
+				}
+			}
+			else if(flag == Constant.NAME_ERROR){//用户名错误
+				request.setAttribute("reg_user", username);
+				request.setAttribute("message", "该用户名不存在！");
+				request.getRequestDispatcher("login.jsp").forward(request, response);
+			}
+			else if(flag == Constant.PASSWORD_ERROR){//密码错误
+				request.setAttribute("reg_user", username);
+				request.setAttribute("message", "密码错误！");
+				request.getRequestDispatcher("login.jsp").forward(request, response);
+			}
+		}
+		else if(method.equals("logout")){//从iframe页面退出登陆
+			session.removeAttribute("member");
+			session.removeAttribute("type");
+			request.getRequestDispatcher("login1.jsp").forward(request, response);
+		}
+		else if(method.equals("pagelogout")||method.equals("memberexit")){//从网页退出登陆
+			session.removeAttribute("member");
+			session.removeAttribute("type");
+			request.getRequestDispatcher("index.jsp").forward(request, response);
+		}
+		else{
+			request.getRequestDispatcher("error.jsp").forward(request, response);
+		}
+	}
+
+	/**
+	 * Initialization of the servlet. <br>
+	 *
+	 * @throws ServletException if an error occure
+	 */
+	public void init() throws ServletException {
+		// Put your code here
+	}
+
+}
diff --git a/com/action/MemberAction.java b/com/action/MemberAction.java
new file mode 100644
index 0000000..b6c7fa8
--- /dev/null
+++ b/com/action/MemberAction.java
@@ -0,0 +1,258 @@
+package com.action;
+
+/**
+ * 会员注册、修改资料等
+ * @author Administrator
+ *
+ */
+
+
+import java.io.IOException;
+import java.util.List;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import com.bean.MemberBean;
+import com.bean.SystemBean;
+import com.util.Constant;
+import com.util.Filter;
+import com.util.MD5;
+
+public class MemberAction extends HttpServlet {
+
+	/**
+	 * Constructor of the object.
+	 */
+	public MemberAction() {
+		super();
+	}
+
+	/**
+	 * Destruction of the servlet. <br>
+	 */
+	public void destroy() {
+		super.destroy(); // Just puts "destroy" string in log
+		// Put your code here
+	}
+
+	/**
+	 * The doGet method of the servlet. <br>
+	 *
+	 * This method is called when a form has its tag value method equals to get.
+	 * 
+	 * @param request the request send by the client to the server
+	 * @param response the response send by the server to the client
+	 * @throws ServletException if an error occurred
+	 * @throws IOException if an error occurred
+	 */
+	public void doGet(HttpServletRequest request, HttpServletResponse response)
+			throws ServletException, IOException {
+
+		doPost(request,response);
+	}
+
+	/**
+	 * The doPost method of the servlet. <br>
+	 *
+	 * This method is called when a form has its tag value method equals to post.
+	 * 
+	 * @param request the request send by the client to the server
+	 * @param response the response send by the server to the client
+	 * @throws ServletException if an error occurred
+	 * @throws IOException if an error occurred
+	 */
+	public void doPost(HttpServletRequest request, HttpServletResponse response)
+			throws ServletException, IOException {
+
+		response.setContentType(Constant.CONTENTTYPE);
+		request.setCharacterEncoding(Constant.CHARACTERENCODING);
+		HttpSession session = request.getSession();
+		MemberBean memberBean = new MemberBean();
+		String method = Filter.escapeHTMLTags(request.getParameter("method").trim());
+		/*********************************************
+		 * 会员注册通用（检查用户名 修改密码 reg2.jsp页面跳转）
+		 *********************************************/
+		if(method.equals("reg2")){//会员注册 reg2.jsp
+			String username = Filter.escapeHTMLTags(request.getParameter("username").trim());
+			String password = Filter.escapeHTMLTags(request.getParameter("password").trim());
+			String reg_type = Filter.escapeHTMLTags(request.getParameter("reg_type").trim());
+			request.setAttribute("username", username);
+			request.setAttribute("password", password);
+			request.setAttribute("reg_type", reg_type);
+			if(username.trim().equals("admin")){
+				request.setAttribute("username", username);
+				request.setAttribute("message", "非法的用户名，请重新选择！");
+				request.getRequestDispatcher("reg2.jsp").forward(request, response);
+			}
+			else{
+				int flag = memberBean.checkRegName(username);
+				if(flag == Constant.SUCCESS){
+					if(reg_type.equals("person")){//如果是个人会员
+						request.getRequestDispatcher("personreg.jsp").forward(request, response);
+					}
+					else if(reg_type.equals("co")){//如果是企业会员
+						request.getRequestDispatcher("coreg.jsp").forward(request, response);
+					}
+					else{
+						request.getRequestDispatcher("index.jsp").forward(request, response);
+					}
+				}
+				else if(flag == Constant.SAME_NAME){
+					request.setAttribute("username", username);
+					request.setAttribute("message", "对不起，该用户名已存在，请重新选择！");
+					request.getRequestDispatcher("reg2.jsp").forward(request, response);
+				}
+				else{
+					request.setAttribute("message", "系统维护中，请稍后再试！");
+					request.getRequestDispatcher("reg2.jsp").forward(request, response);
+				}
+			}
+			
+			
+		}
+		else if(method.equals("checksame")){//检查注册名是否可用
+			String username = Filter.escapeHTMLTags(request.getParameter("username").trim());
+			if(username.trim().equals("admin")){
+				request.setAttribute("username", username);
+				request.setAttribute("message", "非法的用户名，请重新选择！");
+				request.getRequestDispatcher("reg2.jsp").forward(request, response);
+			}
+			else{
+				int flag = memberBean.checkRegName(username);
+				if(flag == Constant.SUCCESS){
+					request.setAttribute("username", username);
+					request.setAttribute("message", "恭喜您，这个名字可以使用！");
+					request.getRequestDispatcher("reg2.jsp").forward(request, response);
+				}
+				else if(flag == Constant.SAME_NAME){
+					request.setAttribute("username", username);
+					request.setAttribute("message", "对不起，该用户名已存在，请重新选择！");
+					request.getRequestDispatcher("reg2.jsp").forward(request, response);
+				}
+				else{
+					request.setAttribute("message", "系统维护中，请稍后再试！");
+					request.getRequestDispatcher("reg2.jsp").forward(request, response);
+				}
+			}
+		}
+		else if(method.equals("Editpwd")){//会员修改登陆密码
+			String member=(String)session.getAttribute("member");
+			String type=(String)session.getAttribute("type");
+			if(member==null||type==null){
+				response.sendRedirect("error.jsp");
+			}
+			else{
+				String oldpwd = MD5.MD5(request.getParameter("oldpwd").trim());
+				String newpwd = MD5.MD5(request.getParameter("newpwd").trim());
+				int flag = memberBean.editPassword(member, oldpwd, newpwd);
+				switch (flag){
+					case Constant.SUCCESS:
+						request.setAttribute("message", "密码修改成功！");
+						request.getRequestDispatcher("member/info/editpwd.jsp").forward(request, response);
+						break;
+					case Constant.PASSWORD_ERROR:
+						request.setAttribute("message", "原始密码错误，请确认权限！");
+						request.getRequestDispatcher("member/info/editpwd.jsp").forward(request, response);
+						break;
+					case Constant.SYSTEM_ERROR:
+						request.setAttribute("message", "系统维护中，请稍后再试！");
+						request.getRequestDispatcher("member/info/editpwd.jsp").forward(request, response);
+						break;
+				}
+			}
+		}
+		/*********************************************
+		 * 个人会员注册、修改资料 
+		 *********************************************/
+		else if(method.equals("PREG")){//个人会员详细资料
+			String username = Filter.escapeHTMLTags(request.getParameter("username").trim());
+			String password = Filter.escapeHTMLTags(request.getParameter("password").trim());
+			String type = "person";
+			String realname = Filter.escapeHTMLTags(request.getParameter("realname").trim());
+			String sex = Filter.escapeHTMLTags(request.getParameter("sex").trim());
+			String sheng = Filter.escapeHTMLTags(request.getParameter("sheng").trim());
+			String city = Filter.escapeHTMLTags(request.getParameter("city").trim());
+			String bir = Filter.escapeHTMLTags(request.getParameter("bir").trim());
+			String telphone = Filter.escapeHTMLTags(request.getParameter("telphone").trim());
+			String email = Filter.escapeHTMLTags(request.getParameter("email").trim());
+			String question = Filter.escapeHTMLTags(request.getParameter("question").trim());
+			String answer = Filter.escapeHTMLTags(request.getParameter("answer").trim());
+			String address = Filter.escapeHTMLTags(request.getParameter("address").trim());
+			String lastip = request.getRemoteAddr();
+			int off = 1;
+			int flag = memberBean.personReg(username, password, type, realname, sex, bir,sheng,city, telphone, email, question, answer, lastip, off,address);
+			if(flag == Constant.SUCCESS){
+					List siteList = new SystemBean().getSiteInfo();
+					String sitename = siteList.get(0).toString();
+					request.setAttribute("message", "注册成功！恭喜您成为"+sitename+"的注册会员！");
+					request.getRequestDispatcher("login.jsp").forward(request, response);
+				
+			}
+			else{
+				request.setAttribute("message", "系统维护中，请稍后再试！");
+				request.getRequestDispatcher("personreg.jsp").forward(request, response);
+			}
+		}
+		else if(method.equals("UPREGINFO")){//个人会员修改资料
+			String member=(String)session.getAttribute("member");
+			String type=(String)session.getAttribute("type");
+			if(member==null||type==null){
+				response.sendRedirect("error.jsp");
+			}
+			else{
+				String realname = Filter.escapeHTMLTags(request.getParameter("realname").trim());
+				String sex = Filter.escapeHTMLTags(request.getParameter("sex").trim());
+				String sheng = Filter.escapeHTMLTags(request.getParameter("sheng").trim());
+				String city = Filter.escapeHTMLTags(request.getParameter("city").trim());
+				String bir = Filter.escapeHTMLTags(request.getParameter("bir").trim());
+				String telphone = Filter.escapeHTMLTags(request.getParameter("telphone").trim());
+				String email = Filter.escapeHTMLTags(request.getParameter("email").trim());
+				String question = Filter.escapeHTMLTags(request.getParameter("question").trim());
+				String answer = Filter.escapeHTMLTags(request.getParameter("answer").trim());
+				String address = Filter.escapeHTMLTags(request.getParameter("address").trim());
+				int flag = memberBean.uppersonReg(member, realname, sex, bir, sheng, city, telphone, email, question, answer,address);
+				if(flag == Constant.SUCCESS){					
+					request.setAttribute("message", "操作成功！");
+					request.getRequestDispatcher("member/info/info.jsp").forward(request, response);
+				}
+				else{
+					request.setAttribute("message", "系统维护中，请稍后再试！");
+					request.getRequestDispatcher("member/info/info.jsp").forward(request, response);
+				}
+			}
+		}
+		
+		else if(method.equals("lostpwd")){
+			String username=request.getParameter("username");
+			String question=request.getParameter("question");
+			String answer=request.getParameter("answer");
+			String reg_type=request.getParameter("reg_type");
+			String info=memberBean.returnPwd(username, question, answer, reg_type);
+			if(info.trim().equals("error")){
+				request.setAttribute("message", "信息错误！");
+				request.getRequestDispatcher("login.jsp").forward(request, response);
+			}
+			else{
+				request.setAttribute("message", "您的新密码为"+info+"，请登录后修改！");
+				request.getRequestDispatcher("login.jsp").forward(request, response);
+			}
+		}
+		else{
+			request.getRequestDispatcher("index.jsp").forward(request, response);
+		}
+	}
+
+	/**
+	 * Initialization of the servlet. <br>
+	 *
+	 * @throws ServletException if an error occure
+	 */
+	public void init() throws ServletException {
+		// Put your code here
+	}
+
+}
diff --git a/com/action/MemberManageAction.java b/com/action/MemberManageAction.java
new file mode 100644
index 0000000..344fc51
--- /dev/null
+++ b/com/action/MemberManageAction.java
@@ -0,0 +1,178 @@
+package com.action;
+
+/**
+ * 
+ * 网站后台管理注册会员 查询 冻结 删除会员
+ */		
+
+
+import java.io.IOException;
+import java.util.List;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import com.bean.MemberManageBean;
+import com.bean.SystemBean;
+import com.util.Constant;
+import com.util.Filter;
+public class MemberManageAction extends HttpServlet {
+
+	/**
+	 * Constructor of the object.
+	 */
+	public MemberManageAction() {
+		super();
+	}
+
+	/**
+	 * Destruction of the servlet. <br>
+	 */
+	public void destroy() {
+		super.destroy(); // Just puts "destroy" string in log
+		// Put your code here
+	}
+
+	/**
+	 * The doGet method of the servlet. <br>
+	 *
+	 * This method is called when a form has its tag value method equals to get.
+	 * 
+	 * @param request the request send by the client to the server
+	 * @param response the response send by the server to the client
+	 * @throws ServletException if an error occurred
+	 * @throws IOException if an error occurred
+	 */
+	public void doGet(HttpServletRequest request, HttpServletResponse response)
+			throws ServletException, IOException {
+
+		doPost(request,response);
+	}
+
+	/**
+	 * The doPost method of the servlet. <br>
+	 *
+	 * This method is called when a form has its tag value method equals to post.
+	 * 
+	 * @param request the request send by the client to the server
+	 * @param response the response send by the server to the client
+	 * @throws ServletException if an error occurred
+	 * @throws IOException if an error occurred
+	 */
+	public void doPost(HttpServletRequest request, HttpServletResponse response)
+			throws ServletException, IOException {
+
+		response.setContentType(Constant.CONTENTTYPE);
+		request.setCharacterEncoding(Constant.CHARACTERENCODING);
+		String sysdir = new SystemBean().getDir();
+		HttpSession session = request.getSession();
+		try{
+			String username2 = (String)session.getAttribute("user");
+			if(username2 == null){
+				request.getRequestDispatcher("error.jsp").forward(request, response);
+			}
+			else{
+				String method = Filter.escapeHTMLTags(request.getParameter("method").trim());
+				MemberManageBean mmBean = new MemberManageBean();
+				if(method.equals("DELMEMBER")||method.equals("DELCO")||method.equals("DELTODAY")
+						||method.equals("DELALLCLOSE")||method.equals("DELALLUSE")){//删除来自后台各个页面的会员
+					String check[] = request.getParameterValues("checkit");
+					if(check == null){
+						if(method.equals("DELMEMBER")){//来自所有个人会员页面
+							request.setAttribute("message", "请选择要删除的记录！");
+							request.getRequestDispatcher(sysdir+"/member/person.jsp").forward(request, response);
+						}
+						else if(method.equals("DELCO")){//来自所有企业会员页面
+							request.setAttribute("message", "请选择要删除的记录！");
+							request.getRequestDispatcher(sysdir+"/member/co.jsp").forward(request, response);
+						}
+						else if(method.equals("DELTODAY")){//来自今日注册会员页面
+							request.setAttribute("message", "请选择要删除的记录！");
+							request.getRequestDispatcher(sysdir+"/member/today.jsp").forward(request, response);
+						}
+						else if(method.equals("DELALLCLOSE")){//来自所有冻结会员页面
+							request.setAttribute("message", "请选择要删除的记录！");
+							request.getRequestDispatcher(sysdir+"/member/close.jsp").forward(request, response);
+						}
+						else if(method.equals("DELALLUSE")){//来自所有在用会员页面
+							request.setAttribute("message", "请选择要删除的记录！");
+							request.getRequestDispatcher(sysdir+"/member/using.jsp").forward(request, response);
+						}
+					}
+					else{
+						int id[]= new int[check.length];
+						for(int i = 0;i<check.length;i++){
+							int s = Integer.parseInt(check[i]);				
+							id[i] = s;
+						}
+						int flag = mmBean.delMember(id);
+						if(flag == Constant.SUCCESS){
+							if(method.equals("DELMEMBER")){//来自所有个人会员页面
+								request.getRequestDispatcher(sysdir+"/member/person.jsp").forward(request, response);
+							}
+							else if(method.equals("DELCO")){//来自所有企业会员页面
+								request.getRequestDispatcher(sysdir+"/member/co.jsp").forward(request, response);
+							}
+							else if(method.equals("DELTODAY")){//来自今日注册会员页面
+								request.getRequestDispatcher(sysdir+"/member/today.jsp").forward(request, response);
+							}
+							else if(method.equals("DELALLCLOSE")){//来自所有冻结会员页面
+								request.getRequestDispatcher(sysdir+"/member/close.jsp").forward(request, response);
+							}
+							else if(method.equals("DELALLUSE")){//来自所有在用会员页面
+								request.getRequestDispatcher(sysdir+"/member/using.jsp").forward(request, response);
+							}
+						}
+						else{
+							if(method.equals("DELMEMBER")){//来自所有个人会员页面
+								 request.getRequestDispatcher(sysdir+"/member/person.jsp").forward(request, response);
+							}
+							else if(method.equals("DELCO")){//来自所有企业会员页面
+								 request.getRequestDispatcher(sysdir+"/member/co.jsp").forward(request, response);
+							}
+							else if(method.equals("DELTODAY")){//来自今日注册会员页面
+								 request.getRequestDispatcher(sysdir+"/member/today.jsp").forward(request, response);
+							}
+							else if(method.equals("DELALLCLOSE")){//来自所有冻结会员页面
+								 request.getRequestDispatcher(sysdir+"/member/close.jsp").forward(request, response);
+							}
+							else if(method.equals("DELALLUSE")){//来自所有在用会员页面
+								 request.getRequestDispatcher(sysdir+"/member/using.jsp").forward(request, response);
+							}
+						}
+					}
+				}
+				else if(method.equals("CLOSE")){
+					String id=request.getParameter("id").trim();
+					int flag=mmBean.closeMember(Integer.parseInt(id));
+					if(flag==Constant.SUCCESS){
+						request.setAttribute("message", "操作成功！");
+						request.getRequestDispatcher("admin/member/person.jsp").forward(request, response);
+					}
+					else{
+						request.setAttribute("message", "系统维护中，请稍后再试！");
+						request.getRequestDispatcher("admin/member/person.jsp").forward(request, response);
+					}
+				}
+				else{
+					request.getRequestDispatcher("error.jsp").forward(request, response);
+				}
+			}
+		}catch(Exception e){
+			request.getRequestDispatcher("error.jsp").forward(request, response);
+		}
+	}
+
+	/**
+	 * Initialization of the servlet. <br>
+	 *
+	 * @throws ServletException if an error occure
+	 */
+	public void init() throws ServletException {
+		// Put your code here
+	}
+
+}
diff --git a/com/action/NewsAction.java b/com/action/NewsAction.java
new file mode 100644
index 0000000..364d5b7
--- /dev/null
+++ b/com/action/NewsAction.java
@@ -0,0 +1,269 @@
+package com.action;
+
+/**
+ * 新闻管理-上传缩略图
+ * 
+ */
+import java.io.IOException;
+import java.text.SimpleDateFormat;
+import java.util.Calendar;
+
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import com.bean.NewsBean;
+import com.bean.SystemBean;
+import com.bean.HzpBean;
+import com.util.Constant;
+import com.util.Filter;
+import com.util.SmartFile;
+import com.util.SmartUpload;
+
+public class NewsAction extends HttpServlet {
+
+	private ServletConfig config;
+	/**
+	 * Constructor of the object.
+	 */
+	public NewsAction() {
+		super();
+	}
+
+	final public void init(ServletConfig config) throws ServletException
+    {
+        this.config = config;  
+    }
+
+    final public ServletConfig getServletConfig()
+    {
+        return config;
+    }
+	/**
+	 * Destruction of the servlet. <br>
+	 */
+	public void destroy() {
+		super.destroy(); // Just puts "destroy" string in log
+		// Put your code here
+	}
+
+	/**
+	 * The doGet method of the servlet. <br>
+	 *
+	 * This method is called when a form has its tag value method equals to get.
+	 * 
+	 * @param request the request send by the client to the server
+	 * @param response the response send by the server to the client
+	 * @throws ServletException if an error occurred
+	 * @throws IOException if an error occurred
+	 */
+	public void doGet(HttpServletRequest request, HttpServletResponse response)
+			throws ServletException, IOException {
+
+		doPost(request,response);
+	}
+
+	/**
+	 * The doPost method of the servlet. <br>
+	 *
+	 * This method is called when a form has its tag value method equals to post.
+	 * 
+	 * @param request the request send by the client to the server
+	 * @param response the response send by the server to the client
+	 * @throws ServletException if an error occurred
+	 * @throws IOException if an error occurred
+	 */
+	public void doPost(HttpServletRequest request, HttpServletResponse response)
+			throws ServletException, IOException {
+
+		request.setCharacterEncoding(Constant.CHARACTERENCODING);
+		response.setContentType(Constant.CONTENTTYPE);
+		String sysdir = new SystemBean().getDir();
+		HttpSession session = request.getSession();
+		String date=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(Calendar.getInstance().getTime());
+		try{
+			String username2 = (String)session.getAttribute("user");
+			if(username2 == null){
+				request.getRequestDispatcher("error.jsp").forward(request, response);
+			}
+			else{
+				 String method = null;
+				 NewsBean newsBean = new NewsBean();
+				 HzpBean tb=new HzpBean();
+				 SmartUpload mySmartUpload = new SmartUpload();//init
+				 int count = 0;
+				 try{
+					 mySmartUpload.initialize(config,request,response);
+		             mySmartUpload.upload(); 
+		             method = mySmartUpload.getRequest().getParameter("method").trim();
+		            if(method.equals("ADDNEWS")){//增加新闻
+		            	String title = Filter.escapeHTMLTags(mySmartUpload.getRequest().getParameter("title").trim());
+						String ifhide = Filter.escapeHTMLTags(mySmartUpload.getRequest().getParameter("ifhide").trim());
+						String content = mySmartUpload.getRequest().getParameter("infoContent");
+						if(content.length()>8000){
+						request.setAttribute("message", "对不起，新闻内容不能超过8000个字符！");
+						request.setAttribute("method", method);
+						request.getRequestDispatcher(sysdir+"/news/edit.jsp").forward(request, response);
+						}
+						else{
+							SmartFile file = mySmartUpload.getFiles().getFile(0);
+			            	String fileExt=file.getFileExt();	            
+			            	String path="/upload_file/news";
+		                    count = mySmartUpload.save(path);
+		                    if(file.getFilePathName().trim().equals("")){//如果无缩略图
+		                    	int flag = newsBean.addNews(title, "无",content, username2, ifhide);
+								if(flag == Constant.SUCCESS){
+									request.setAttribute("message", "增加新闻成功！");
+									request.getRequestDispatcher(sysdir+"/news/index.jsp").forward(request, response);
+								}
+								else{
+									request.setAttribute("message", "系统维护中，请稍后再试！");
+									request.getRequestDispatcher(sysdir+"/news/index.jsp").forward(request, response);
+								}
+		                    }
+		                    else{
+		                    	int flag = newsBean.addNews(title, path+"/"+file.getFileName(),content, username2, ifhide);
+								if(flag == Constant.SUCCESS){
+									request.setAttribute("message", "增加新闻成功！");
+									request.getRequestDispatcher(sysdir+"/news/index.jsp").forward(request, response);
+								}
+								else{
+									request.setAttribute("message", "系统维护中，请稍后再试！");
+									request.getRequestDispatcher(sysdir+"/news/index.jsp").forward(request, response);
+								}
+		                    }
+						}							
+		            }
+		            else if(method.equals("editnews")){//修改新闻
+		            	String id = Filter.escapeHTMLTags(mySmartUpload.getRequest().getParameter("id").trim());
+		            	String title = Filter.escapeHTMLTags(mySmartUpload.getRequest().getParameter("title").trim());
+						String ifhide = Filter.escapeHTMLTags(mySmartUpload.getRequest().getParameter("ifhide").trim());
+						String content = mySmartUpload.getRequest().getParameter("infoContent");
+						SmartFile file = mySmartUpload.getFiles().getFile(0);
+		            	String fileExt=file.getFileExt();	            
+		            	String path="/upload_file/news";
+	                    count = mySmartUpload.save(path);
+	                    if(file.getFilePathName().trim().equals("")){//如果不修改缩略图
+	                    	int flag = newsBean.updateNews(Integer.parseInt(id), title, content, username2, ifhide);
+							if(flag == Constant.SUCCESS){
+								request.setAttribute("message", "修改新闻成功！");
+								request.getRequestDispatcher(sysdir+"/news/index.jsp").forward(request, response);
+							}
+							else{
+								request.setAttribute("message", "系统维护中，请稍后再试！");
+								request.getRequestDispatcher(sysdir+"/news/index.jsp").forward(request, response);
+							}
+	                    }
+	                    else{//如果修改缩略图
+	                    	int flag = newsBean.updateNewsWithPic(Integer.parseInt(id), title, path+"/"+file.getFileName(), content, username2, ifhide);
+							if(flag == Constant.SUCCESS){
+								request.setAttribute("message", "修改新闻成功！");
+								request.getRequestDispatcher(sysdir+"/news/index.jsp").forward(request, response);
+							}
+							else{
+								request.setAttribute("message", "系统维护中，请稍后再试！");
+								request.getRequestDispatcher(sysdir+"/news/index.jsp").forward(request, response);
+							}
+	                    }
+		            }
+		            ////////////////////////////////////////////////////////////////////////////宾馆
+		            else if(method.equals("addlvyou")){//增加
+		            	/**
+		            	 * String title = "";	
+		String dz="";
+		String yb="";
+		String dh="";
+		String jd="";
+		String content="";
+		            	 */
+		            	String title = mySmartUpload.getRequest().getParameter("title");
+						String dz = mySmartUpload.getRequest().getParameter("dz");
+						String yb = mySmartUpload.getRequest().getParameter("yb");
+						String dh = mySmartUpload.getRequest().getParameter("dh");
+						String jd = mySmartUpload.getRequest().getParameter("jd");
+						String content = mySmartUpload.getRequest().getParameter("infoContent");
+						String flag11 = mySmartUpload.getRequest().getParameter("flag");
+						if(content.length()>8000){
+						request.setAttribute("message", "对不起，内容不能超过8000个字符！");
+						request.setAttribute("method", method);
+						request.getRequestDispatcher(sysdir+"/hzp/add.jsp").forward(request, response);
+						}
+						else{
+							SmartFile file = mySmartUpload.getFiles().getFile(0);
+			            	String fileExt=file.getFileExt();	            
+			            	String path="/upload_file/sale";
+		                    count = mySmartUpload.save(path);
+		                    String sql="insert into sale(title,url,dz,yb,dh,jd,content,addtime) " +
+		                    		"values('"+title+"','"+path+"/"+file.getFileName()+"','"+dz+"','"+yb+"','"+dh+"','"+jd+"','"+content+"','"+date+"')";
+		                   int flag = new NewsBean().exeUp(sql);
+							if(flag == Constant.SUCCESS){
+								request.setAttribute("message", "操作成功！");
+								request.getRequestDispatcher(sysdir+"/hzp/index.jsp").forward(request, response);
+							}
+							else{
+								request.setAttribute("message", "系统维护中，请稍后再试！");
+								request.getRequestDispatcher(sysdir+"/hzp/index.jsp").forward(request, response);
+							}
+						}
+		            }
+		            //update
+		            else if(method.equals("uplvyou")){
+		            	String id = mySmartUpload.getRequest().getParameter("id");
+		            	String title = mySmartUpload.getRequest().getParameter("title");
+						String dz = mySmartUpload.getRequest().getParameter("dz");
+						String yb = mySmartUpload.getRequest().getParameter("yb");
+						String dh = mySmartUpload.getRequest().getParameter("dh");
+						String jd = mySmartUpload.getRequest().getParameter("jd");
+						String content = mySmartUpload.getRequest().getParameter("infoContent");
+						String flag11 = mySmartUpload.getRequest().getParameter("flag");
+						if(content.length()>8000){
+						request.setAttribute("message", "对不起，内容不能超过8000个字符！");
+						request.setAttribute("method", method);
+						request.getRequestDispatcher(sysdir+"/hzp/add.jsp").forward(request, response);
+						}
+						else{
+							SmartFile file = mySmartUpload.getFiles().getFile(0);
+			            	String fileExt=file.getFileExt();	            
+			            	String path="/upload_file/sale";
+		                    count = mySmartUpload.save(path);
+		                    String sql="update sale set title='"+title+"',url='"+path+"/"+file.getFileName()+"',dz='"+dz+"'," +
+		                    		"yb='"+yb+"',dh='"+dh+"',jd='"+jd+"',content='"+content+"' where id='"+id+"'";
+		                    int flag = new NewsBean().exeUp(sql);
+							if(flag == Constant.SUCCESS){
+								request.setAttribute("message", "操作成功！");
+								request.getRequestDispatcher(sysdir+"/hzp/index.jsp").forward(request, response);
+							}
+							else{
+								request.setAttribute("message", "系统维护中，请稍后再试！");
+								request.getRequestDispatcher(sysdir+"/hzp/index.jsp").forward(request, response);
+							}
+						}
+		            }
+		             
+		            else{
+		            	request.getRequestDispatcher("error.jsp").forward(request, response);
+		            }
+		        }catch(Exception ex){
+		        	ex.printStackTrace();
+		        	//request.getRequestDispatcher("error.jsp").forward(request, response);
+		        }
+			}
+		}catch(Exception e){
+			e.printStackTrace();
+			request.getRequestDispatcher("error.jsp").forward(request, response);
+		}
+	}
+
+	/**
+	 * Initialization of the servlet. <br>
+	 *
+	 * @throws ServletException if an error occure
+	 */
+	public void init() throws ServletException {
+		// Put your code here
+	}
+
+}
diff --git a/com/action/NewsServlet.java b/com/action/NewsServlet.java
new file mode 100644
index 0000000..766051d
--- /dev/null
+++ b/com/action/NewsServlet.java
@@ -0,0 +1,268 @@
+package com.action;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.text.SimpleDateFormat;
+import java.util.Calendar;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import com.bean.NewsBean;
+import com.bean.SystemBean;
+import com.util.Constant;
+import com.util.Filter;
+
+public class NewsServlet extends HttpServlet {
+
+	/**
+	 * Constructor of the object.
+	 */
+	public NewsServlet() {
+		super();
+	}
+
+	/**
+	 * Destruction of the servlet. <br>
+	 */
+	public void destroy() {
+		super.destroy(); // Just puts "destroy" string in log
+		// Put your code here
+	}
+
+	/**
+	 * The doGet method of the servlet. <br>
+	 *
+	 * This method is called when a form has its tag value method equals to get.
+	 * 
+	 * @param request the request send by the client to the server
+	 * @param response the response send by the server to the client
+	 * @throws ServletException if an error occurred
+	 * @throws IOException if an error occurred
+	 */
+	public void doGet(HttpServletRequest request, HttpServletResponse response)
+			throws ServletException, IOException {
+
+		doPost(request,response);
+	}
+
+	/**
+	 * The doPost method of the servlet. <br>
+	 *
+	 * This method is called when a form has its tag value method equals to post.
+	 * 
+	 * @param request the request send by the client to the server
+	 * @param response the response send by the server to the client
+	 * @throws ServletException if an error occurred
+	 * @throws IOException if an error occurred
+	 */
+	public void doPost(HttpServletRequest request, HttpServletResponse response)
+			throws ServletException, IOException {
+
+		response.setContentType(Constant.CONTENTTYPE);
+		request.setCharacterEncoding(Constant.CHARACTERENCODING);
+		String sysdir = new SystemBean().getDir();
+		HttpSession session = request.getSession();
+		String date=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(Calendar.getInstance().getTime());
+		try{
+			String username2 = (String)session.getAttribute("user");
+			 
+				String method = request.getParameter("method").trim();
+				if(method.equals("addNews")){
+					String title = request.getParameter("title");
+					String fenlei = request.getParameter("fenlei");
+					String infoContent = request.getParameter("infoContent");
+					int flag = new NewsBean().exeUp("insert into news(title,fenlei,content,addtime,adder,visit) " +
+							"values('"+title+"','"+fenlei+"','"+infoContent+"','"+date+"','"+username2+"','0')");
+					if(flag == Constant.SUCCESS){
+						request.getRequestDispatcher(sysdir+"/news/index.jsp").forward(request, response);
+					}
+					else{
+						request.setAttribute("message", "系统维护中，请稍后再试！");
+						request.getRequestDispatcher(sysdir+"/news/index.jsp").forward(request, response);
+					}
+				}
+				else if(method.equals("upNews")){
+					String id = request.getParameter("id");
+					String title = request.getParameter("title");
+					String fenlei = request.getParameter("fenlei");
+					String infoContent = request.getParameter("infoContent");
+					int flag = new NewsBean().exeUp("update news set title='"+title+"',fenlei='"+fenlei+"',content='"+infoContent+"' where id='"+id+"'");
+					if(flag == Constant.SUCCESS){
+						request.getRequestDispatcher(sysdir+"/news/index.jsp").forward(request, response);
+					}
+					else{
+						request.setAttribute("message", "系统维护中，请稍后再试！");
+						request.getRequestDispatcher(sysdir+"/news/index.jsp").forward(request, response);
+					}
+				}
+				else if(method.equals("delNews")){
+					String id = request.getParameter("id");
+					int flag = new NewsBean().exeUp("delete from news  where id='"+id+"'");
+					if(flag == Constant.SUCCESS){
+						request.getRequestDispatcher(sysdir+"/news/index.jsp").forward(request, response);
+					}
+					else{
+						request.setAttribute("message", "系统维护中，请稍后再试！");
+						request.getRequestDispatcher(sysdir+"/news/index.jsp").forward(request, response);
+					}
+				}
+				else if(method.equals("addPrep")){
+					String member=(String)session.getAttribute("member");
+					String sid = request.getParameter("sid");
+					String title = request.getParameter("title");
+					String rs = request.getParameter("rs");
+					String sj = request.getParameter("sj");
+					String ts = request.getParameter("ts");
+					String lxr = request.getParameter("lxr");
+					String lxfs = request.getParameter("lxfs");
+					int flag = new NewsBean().exeUp("insert into prep(title,rs,sj,ts,lxr,lxfs,addtime,member,zt,ddid) " +
+							"values('"+title+"','"+rs+"','"+sj+"','"+ts+"','"+lxr+"','"+lxfs+"','"+date+"','"+member+"','未提交','0')");
+					if(flag == Constant.SUCCESS){
+						request.setAttribute("message", "预订成功，稍后本站客服人员会与您取得联系。您可以在会员中心查看您的预订记录！");
+						request.getRequestDispatcher("index.jsp").forward(request, response);
+					}
+					else{
+						request.setAttribute("message", "系统维护中，请稍后再试！");
+						request.getRequestDispatcher("index.jsp").forward(request, response);
+					}
+				}
+				else if(method.equals("upPrep")){
+					String member=(String)session.getAttribute("member");
+					String id = request.getParameter("id"); 
+					String rs = request.getParameter("rs");
+					String sj = request.getParameter("sj");
+					String ts = request.getParameter("ts");
+					String lxr = request.getParameter("lxr");
+					String lxfs = request.getParameter("lxfs");
+					int flag = new NewsBean().exeUp("update prep set rs='"+rs+"',sj='"+sj+"',ts='"+ts+"',lxr='"+lxr+"'," +
+							"lxfs='"+lxfs+"' where id='"+id+"'");
+					if(flag == Constant.SUCCESS){
+						request.setAttribute("message", "操作成功！");
+						request.getRequestDispatcher("member/prep/index.jsp").forward(request, response);
+					}
+					else{
+						request.setAttribute("message", "系统维护中，请稍后再试！");
+						request.getRequestDispatcher("member/prep/index.jsp").forward(request, response);
+					}
+				}
+				else if(method.equals("delPrep")){
+					String member=(String)session.getAttribute("member");
+					String id = request.getParameter("id");
+					int flag = new NewsBean().exeUp("delete from prep where id='"+id+"'");
+					if(flag == Constant.SUCCESS){
+						request.setAttribute("message", "操作成功！");
+						request.getRequestDispatcher("member/prep/index.jsp").forward(request, response);
+					}
+					else{
+						request.setAttribute("message", "系统维护中，请稍后再试！");
+						request.getRequestDispatcher("member/prep/index.jsp").forward(request, response);
+					}
+				}
+				 
+				
+				else if(method.equals("addDD")){
+					String member=(String)session.getAttribute("member");
+					String fkfs = request.getParameter("fkfs");
+					String ddid=String.valueOf(System.currentTimeMillis());
+					String sql="update prep set zt='已提交',ddid='"+ddid+"' where member='"+member+"' and ddid='0'";
+					//System.out.println(sql);
+					NewsBean nb=new NewsBean();nb.exeUp(sql);
+					int flag = nb.exeUp("insert into dd(ddid,member,zt,fkfs,addtime) values('"+ddid+"','"+member+"','未发货','"+fkfs+"','"+date+"')");
+					if(flag == Constant.SUCCESS){
+						request.setAttribute("message", "操作成功！");
+						request.getRequestDispatcher("member/prep/index.jsp").forward(request, response);
+					}
+					else{
+						request.setAttribute("message", "系统维护中，请稍后再试！");
+						request.getRequestDispatcher("member/prep/index.jsp").forward(request, response);
+					}
+				}
+				
+				else if(method.equals("fDD")){
+					String ddid = request.getParameter("ddid");
+					NewsBean nb=new NewsBean(); 
+					int flag = nb.exeUp("update dd set zt='已发货' where ddid='"+ddid+"'");
+					if(flag == Constant.SUCCESS){
+						request.setAttribute("message", "操作成功！");
+						request.getRequestDispatcher("admin/prep/prep.jsp").forward(request, response);
+					}
+					else{
+						request.setAttribute("message", "系统维护中，请稍后再试！");
+						request.getRequestDispatcher("admin/prep/prep.jsp").forward(request, response);
+					}
+				}
+				else if(method.equals("dDD")){
+					String ddid = request.getParameter("ddid");
+					NewsBean nb=new NewsBean(); 
+					int flag = nb.exeUp("delete from dd where ddid='"+ddid+"'");
+					if(flag == Constant.SUCCESS){
+						request.setAttribute("message", "操作成功！");
+						request.getRequestDispatcher("admin/prep/prep.jsp").forward(request, response);
+					}
+					else{
+						request.setAttribute("message", "系统维护中，请稍后再试！");
+						request.getRequestDispatcher("admin/prep/prep.jsp").forward(request, response);
+					}
+				}
+				else if(method.equals("dDD2")){
+					String ddid = request.getParameter("ddid");
+					NewsBean nb=new NewsBean(); 
+					int flag = nb.exeUp("delete from dd where ddid='"+ddid+"'");
+					if(flag == Constant.SUCCESS){
+						request.setAttribute("message", "操作成功！");
+						request.getRequestDispatcher("admin/prep/fh.jsp").forward(request, response);
+					}
+					else{
+						request.setAttribute("message", "系统维护中，请稍后再试！");
+						request.getRequestDispatcher("admin/prep/fh.jsp").forward(request, response);
+					}
+				}
+				////////////////////////////////////////////////////////////////////////////////查询统计
+				else if(method.equals("sDDrq")){
+					String year=request.getParameter("year");
+					 String month=request.getParameter("month");
+					 String day=request.getParameter("day");
+					 String str=year+"-"+month+"-"+day;
+					 String sql="select * from dd where addtime like '%"+str+"%'  ";
+					 request.setAttribute("sql", sql);
+					 request.getRequestDispatcher("admin/prep/s1.jsp").forward(request, response);
+				}
+				else if(method.equals("sDDid")){
+					String ddid=request.getParameter("ddid"); 
+					 request.setAttribute("ddid", ddid);
+					 request.getRequestDispatcher("admin/prep/s2.jsp").forward(request, response);
+				}
+				else if(method.equals("sYye")){
+					String year=request.getParameter("year");
+					 String month=request.getParameter("month");
+					 String day=request.getParameter("day");
+					 
+					 String year2=request.getParameter("year2");
+					 String month2=request.getParameter("month2");
+					 String day2=request.getParameter("day2");
+					 String str=year+"-"+month+"-"+day+" "+"00:00:00";
+					 String str2=year2+"-"+month2+"-"+day2+" "+"23:59:59";
+					 String sql="select sale.dz,prep.* from sale,prep where prep.title=sale.title and prep.addtime>'"+str+"' and prep.addtime<'"+str2+"' order by prep.id desc";
+					 //String sql="select * from prep where addtime>'"+str+"' and addtime<'"+str2+"'  ";
+					 request.setAttribute("sql", sql);
+					 request.getRequestDispatcher("admin/prep/s3.jsp").forward(request, response);
+				}
+		}catch(Exception e){
+			e.printStackTrace();
+		}
+	}
+
+	/**
+	 * Initialization of the servlet. <br>
+	 *
+	 * @throws ServletException if an error occure
+	 */
+	public void init() throws ServletException {
+		// Put your code here
+	}
+
+}
diff --git a/com/bean/AdminBean.java b/com/bean/AdminBean.java
new file mode 100644
index 0000000..ae25288
--- /dev/null
+++ b/com/bean/AdminBean.java
@@ -0,0 +1,284 @@
+package com.bean;
+
+/**
+ * 
+ * 管理员登陆 修改密码 登陆记录查询 通用类文件
+ * 
+ */
+
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Calendar;
+import java.util.List;
+
+import com.util.Constant;
+import com.util.DBO;
+
+public class AdminBean {
+
+	private List list;
+	private ResultSet rs = null;
+	private int EVERYPAGENUM = 2;
+	private int count = -1;
+	private int qq = 0;
+	private String sql="select count(*) from adminlog";
+	private String sql2="select * from adminlog order by id desc ";
+	//声明时间变量
+	String date=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(Calendar.getInstance().getTime());
+	
+	//分页查询登陆日志
+	public void setEVERYPAGENUM(int EVERYPAGENUM){
+    	this.EVERYPAGENUM=EVERYPAGENUM;
+    }
+    public int getMessageCount() { //得到信息总数
+       DBO dbo=new DBO();
+       dbo.open();
+        try { 
+            rs = dbo.executeQuery(sql);
+            rs.next();
+            count = rs.getInt(1);
+            return count;
+        } catch (SQLException ex) {
+            ex.printStackTrace();
+            return -1;
+        } finally {
+            dbo.close();
+        }
+    }
+    public int getPageCount() { //得到共多少页（根据每页要显示几条信息）
+        if (count % EVERYPAGENUM == 0) {
+            return count / EVERYPAGENUM;
+        } else {
+            return count / EVERYPAGENUM + 1;
+        }
+    }
+    public List getMessage(int page) { //得到每页要显示的信息
+        DBO dbo=new DBO();
+        dbo.open();
+        List list = new ArrayList();
+        try {
+            rs = dbo.executeQuery(sql2);
+            for (int i = 0; i < (page - 1) * EVERYPAGENUM; i++) {
+                rs.next();
+            }
+            for (int t = 0; t < EVERYPAGENUM; t++) {
+                if (rs.next()) {
+                    qq++;
+                    List list2=new ArrayList();
+                    list2.add(rs.getInt("id"));
+    				list2.add(rs.getString("username"));
+    				list2.add(rs.getString("password"));
+    				list2.add(rs.getString("logintime"));
+    				list2.add(rs.getString("loginip"));
+    				list2.add(rs.getString("useros"));
+    				list2.add(rs.getString("ok"));
+    				list.add(list2);
+                } else {
+                    break; //减少空循环的时间
+                }
+            }
+            return list;
+        } catch (SQLException ex) {
+            ex.printStackTrace();
+            return null;
+        } finally {
+            dbo.close();
+        }
+    }
+	//管理员登录 更新登录次数 写登录日志
+	public int adminLogin(String username,String md5password,String password,String useros,String loginip){
+		String sql = "select * from admin where username = '"+username+"' and isuse='1'";
+		String sql2 = "insert into adminlog(username,password,logintime,loginip,useros,ok) values('"+username+"','"+md5password+"','"+date+"','"+loginip+"','"+useros+"','true')";
+		String sql3 = "insert into adminlog(username,password,logintime,loginip,useros,ok) values('"+username+"','"+password+"','"+date+"','"+loginip+"','"+useros+"','false')";
+		String sql4 = "update admin set logintimes = logintimes+1 where username = '"+username+"' ";
+		DBO dbo = new DBO();
+		String pwd;
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			if(rs.next()){
+				pwd = rs.getString("password");
+				if(pwd.trim().equals(md5password)){
+					dbo.executeUpdate(sql2);
+					dbo.executeUpdate(sql4);
+					return Constant.SUCCESS;
+				}
+				else{
+					dbo.executeUpdate(sql3);
+					return Constant.PASSWORD_ERROR;
+				}
+			}
+			else{
+				dbo.executeUpdate(sql3);
+				return Constant.NAME_ERROR;
+			}			
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}	
+	}
+	
+	//查询管理员信息
+	public List getAdminInfo(String username){
+		String sql = "select * from admin where username='"+username+"' ";
+		DBO dbo = new DBO();
+		dbo.open();
+		list = new ArrayList();
+		try{
+			rs = dbo.executeQuery(sql);
+			rs.next();
+			list.add(rs.getString("username"));
+			list.add(rs.getInt("flag"));
+			list.add(rs.getInt("logintimes"));
+			list.add(date);
+			list.add(rs.getString("quanxian"));
+			return list;
+		}catch(Exception e){
+			e.printStackTrace();
+			return list;
+		}finally{
+			dbo.close();
+		}
+	}
+	
+	//admin edit password
+	public int editPassword(String username,String oldpwd,String newpwd){
+		String sql="select * from admin where username = '"+username+"' and password = '"+oldpwd+"'";
+		String sql2="update admin set password = '"+newpwd+"' where username = '"+username+"'";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			if(rs.next()){
+				int i = dbo.executeUpdate(sql2);
+				if(i == 1){
+					return Constant.SUCCESS;
+				}
+				else{
+					return Constant.SYSTEM_ERROR;
+				}
+			}
+			else{
+				return Constant.PASSWORD_ERROR;
+			}
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+	}
+	
+	//add manager
+	public int addManager(String username,String password,String type,String isuse){
+		String sql = "insert into admin(username,password,creattime,flag,isuse,logintimes,quanxian) values('"+username+"','"+password+"','"+date+"','"+type+"','"+isuse+"','0','111')";
+		String sql2 = "select * from admin where username = '"+username+"'";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql2);
+			if(rs.next()){
+				return Constant.SAME_NAME;
+			}
+			else{
+				int i = dbo.executeUpdate(sql);
+				if(i == 1)return Constant.SUCCESS;
+				else return Constant.SYSTEM_ERROR;
+			}
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+	}
+	
+	//update manager
+	public int updateManager(String username,String password,String type,String isuse){
+		String sql;
+		if(password.equals("")){
+			sql = "update admin set flag = '"+type+"' ,isuse = '"+isuse+"' where username = '"+username+"'";
+		}
+		else{
+			sql = "update admin set password = '"+password+"' ,flag = '"+type+"' ,isuse = '"+isuse+"' where username = '"+username+"'";
+		}
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			int i = dbo.executeUpdate(sql);
+			if(i == 1)return Constant.SUCCESS;
+			else return Constant.SYSTEM_ERROR;
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+	}
+	
+	//get all manager
+	public List getAllManager(){
+		String sql = "select * from admin where flag !='1' order by id asc";
+		DBO dbo = new DBO();
+		list = new ArrayList();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			while(rs.next()){
+				List list2 = new ArrayList();
+				list2.add(rs.getInt(1));
+				list2.add(rs.getString(2));
+				list2.add(rs.getString(4));
+				list2.add(rs.getInt(5));
+				list2.add(rs.getInt(6));
+				list2.add(rs.getInt(7));
+				list.add(list2);
+			}
+			return list;
+		}catch(Exception e){
+			e.printStackTrace();
+			return list;
+		}finally{
+			dbo.close();
+		}
+	}
+	
+	//delete manager
+	public int delManager(int id){
+		String sql = "delete from admin where id = '"+id+"'";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			int i = dbo.executeUpdate(sql);
+			if(i == 1)return Constant.SUCCESS;
+			else return Constant.SYSTEM_ERROR;
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+	}
+	
+	//delete login note
+	public int delLog(int id[]){
+		DBO dbo=new DBO();
+		dbo.open();
+		try{
+			for(int i = 0;i<id.length;i++){
+				dbo.executeUpdate("delete from  adminlog  where  id = '"+id[i]+"'");			
+			}
+			return Constant.SUCCESS;
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+	}
+} 
+
diff --git a/com/bean/AfficheBean.java b/com/bean/AfficheBean.java
new file mode 100644
index 0000000..df21478
--- /dev/null
+++ b/com/bean/AfficheBean.java
@@ -0,0 +1,489 @@
+package com.bean;
+
+import java.sql.ResultSet;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Calendar;
+import java.util.List;
+
+import com.util.Constant;
+import com.util.DBO;
+
+/**
+ * 网站公告、站内调查bean  会员中心公告
+ * @author Administrator
+ *
+ */
+public class AfficheBean {
+
+	private ResultSet rs;
+	private List list;
+	private String date=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(Calendar.getInstance().getTime());
+	
+	//增加公告
+	public int addAffiche(String title,String content,String adder,String ifhide){
+		String sql = "insert into affiche (title,content,addtime,adder,ifhide) " +
+				"values ('"+title+"','"+content+"','"+date+"','"+adder+"','"+ifhide+"')";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			int i = dbo.executeUpdate(sql);
+			if(i == 1){
+				return Constant.SUCCESS;
+			}
+			else{
+				return Constant.SYSTEM_ERROR;
+			}
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+	}
+//	update affiche
+	public int updateAffiche(int id,String title,String content,String adder,String ifhide){
+		String sql = "update affiche set title = '"+title+"',content='"+content+"',addtime='"+date+"'," +
+				"adder='"+adder+"',ifhide='"+ifhide+"' where id = '"+id+"' ";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			int i = dbo.executeUpdate(sql);
+			if(i == 1){
+				return Constant.SUCCESS;
+			}
+			else{
+				return Constant.SYSTEM_ERROR;
+			}
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+	}
+	
+	//delete affiche
+	public int delAffiche(int id[]){
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			for(int i = 0;i<id.length;i++){
+				dbo.executeUpdate("delete from  affiche  where  id = '"+id[i]+"'");			
+			}
+			return Constant.SUCCESS;
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+	}
+	
+	//open.close affiche
+	public int hideAffiche(int id){
+		String sql = "update affiche set ifhide='1' where id='"+id+"'";
+		String sql2 = "update affiche set ifhide='0' where id='"+id+"'";
+		String sql3 = "select ifhide from affiche where id='"+id+"'";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql3);
+			rs.next();
+			int i = rs.getInt(1);
+			if(i == 1){
+				int flag = dbo.executeUpdate(sql2);
+				if(flag == 1)
+					return Constant.SUCCESS;
+				else
+					return Constant.SYSTEM_ERROR;
+			}
+			else{
+				int flag = dbo.executeUpdate(sql);
+				if(flag == 1)
+					return Constant.SUCCESS;
+				else
+					return Constant.SYSTEM_ERROR;
+			}
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+	}
+	//	get one affiche to update
+	public List getOneAffiche(int id){
+		String sql = "select * from affiche where id = '"+id+"'";
+		DBO dbo = new DBO();
+		list = new ArrayList();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			while(rs.next()){
+				list.add(rs.getInt(1));
+				list.add(rs.getString(2));
+				list.add(rs.getString(3));
+				list.add(rs.getString(4));
+				list.add(rs.getString(5));
+				list.add(rs.getString(6));
+			}
+			return list;
+		}catch(Exception e){
+			e.printStackTrace();
+			return list;
+		}finally{
+			dbo.close();
+		}
+	}
+	//首页显示所有公告
+	public List getAllAffiche(){
+		String sql = "select id,content,addtime from affiche where ifhide='1' order by addtime desc ";
+		DBO dbo = new DBO();
+		list = new ArrayList();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			while(rs.next()){
+				List list2=new ArrayList();
+				list2.add(rs.getInt(1));
+				list2.add(rs.getString(2));
+				list2.add(rs.getString(3));
+				list.add(list2);
+			}
+			return list;
+		}catch(Exception e){
+			e.printStackTrace();
+			return list;
+		}finally{
+			dbo.close();
+		}
+	}
+//	后台显示所有公告
+	public List getAllAfficheManage(){
+		String sql = "select id,title,addtime,adder,ifhide from affiche order by addtime desc ";
+		DBO dbo = new DBO();
+		list = new ArrayList();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			while(rs.next()){
+				List list2=new ArrayList();
+				list2.add(rs.getInt("id"));
+				list2.add(rs.getString("title"));
+				list2.add(rs.getString("addtime"));
+				list2.add(rs.getString("adder"));
+				list2.add(rs.getInt("ifhide"));
+				list.add(list2);
+			}
+			return list;
+		}catch(Exception e){
+			e.printStackTrace();
+			return list;
+		}finally{
+			dbo.close();
+		}
+	}
+//	增加投票
+	public int addVote(String title,String ifhide ,String item1,String item2,String item3,String item4,String item5,String item6,
+			String tick1,String tick2 ,String tick3 ,String tick4,String tick5,String tick6 ){
+		String sql = "insert into vote ( title, ifhide , item1, item2, item3, item4,item5,item6,tick1, tick2 , tick3 , tick4,tick5,tick6,addtime ) " +
+				"values( '"+title+"', '"+ifhide+"' , '"+item1+"', '"+item2+"', '"+item3+"', '"+item4+"','"+item5+"','"+item6+"','"+tick1+"', '"+tick2+"' ," +
+						" '"+tick3+"' , '"+tick4+"' , '"+tick5+"' , '"+tick6+"' , '"+date+"' )";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			if(ifhide.equals("1")){
+				dbo.executeUpdate("update  vote set ifhide='0' ");
+			}
+			int flag = dbo.executeUpdate(sql);
+				if(flag == 1)
+					return Constant.SUCCESS;
+				else
+					return Constant.SYSTEM_ERROR;
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+	}
+	//	修改投票
+	public int updateVote(int id,String title,String ifhide ,String item1,String item2,String item3,String item4,String item5,String item6,
+			String tick1,String tick2 ,String tick3 ,String tick4,String tick5,String tick6 ){
+		String sql = "update  vote set title='"+title+"', ifhide='"+ifhide+"' , item1='"+item1+"', item2='"+item2+"'," +
+				" item3='"+item3+"', item4='"+item4+"',item5='"+item5+"',item6='"+item6+"',tick1='"+tick1+"', tick2='"+tick2+"' ,tick3='"+tick3+"' , " +
+						"tick4='"+tick4+"',tick5='"+tick5+"',tick6='"+tick6+"' where id='"+id+"'";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			if(ifhide.equals("1")){
+				dbo.executeUpdate("update  vote set ifhide='0' ");
+			}
+			int flag = dbo.executeUpdate(sql);
+				if(flag == 1)
+					return Constant.SUCCESS;
+				else
+					return Constant.SYSTEM_ERROR;
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+	}
+	//	删除投票
+	public int delVote(int id){
+		String sql = "delete from vote where id='"+id+"'";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			int flag = dbo.executeUpdate(sql);
+				if(flag == 1)
+					return Constant.SUCCESS;
+				else
+					return Constant.SYSTEM_ERROR;
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+	}
+	//查询某个投票修改
+	public List getVote(int id){
+		String sql = "select * from vote where id='"+id+"'  ";
+		DBO dbo = new DBO();
+		list = new ArrayList();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			while(rs.next()){
+				list.add(rs.getInt(1));
+				list.add(rs.getString(2));
+				list.add(rs.getString(3));
+				list.add(rs.getString(4));
+				list.add(rs.getString(5));
+				list.add(rs.getString(6));
+				list.add(rs.getString(7));
+				list.add(rs.getString(8));
+				list.add(rs.getString(9));
+				list.add(rs.getString(10));
+				list.add(rs.getString(11));
+				list.add(rs.getString(12));
+				list.add(rs.getString(13));
+				list.add(rs.getString(14));
+				list.add(rs.getString(15));
+				list.add(rs.getString(16));
+			}
+			return list;
+		}catch(Exception e){
+			e.printStackTrace();
+			return list;
+		}finally{
+			dbo.close();
+		}
+	}
+//	查询所有投票
+	public List getAllVote(){
+		String sql = "select * from vote order by id desc  ";
+		DBO dbo = new DBO();
+		list = new ArrayList();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			while(rs.next()){
+				List list2 = new ArrayList();
+				list2.add(rs.getInt(1));
+				list2.add(rs.getString(2));
+				list2.add(rs.getString(3));
+				list2.add(rs.getString(4));
+				list2.add(rs.getString(5));
+				list2.add(rs.getString(6));
+				list2.add(rs.getString(7));
+				list2.add(rs.getString(8));
+				list2.add(rs.getString(9));
+				list2.add(rs.getString(10));
+				list2.add(rs.getString(11));
+				list2.add(rs.getString(12));
+				list2.add(rs.getString(13));
+				list2.add(rs.getString(14));
+				list2.add(rs.getString(15));
+				list2.add(rs.getString(16));
+				list.add(list2);
+			}
+			return list;
+		}catch(Exception e){
+			e.printStackTrace();
+			return list;
+		}finally{
+			dbo.close();
+		}
+	}
+//	查询前台显示投票
+	public List getVote(){
+		String sql = "select * from vote where ifhide='1'  ";
+		DBO dbo = new DBO();
+		list = new ArrayList();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			while(rs.next()){
+				list.add(rs.getInt(1));
+				list.add(rs.getString(2));
+				list.add(rs.getString(3));
+				list.add(rs.getString(4));
+				list.add(rs.getString(5));
+				list.add(rs.getString(6));
+				list.add(rs.getString(7));
+				list.add(rs.getString(8));
+				list.add(rs.getString(9));
+				list.add(rs.getString(10));
+				list.add(rs.getString(11));
+				list.add(rs.getString(12));
+				list.add(rs.getString(13));
+				list.add(rs.getString(14));
+				list.add(rs.getString(15));
+				list.add(rs.getString(16));
+			}
+			return list;
+		}catch(Exception e){
+			e.printStackTrace();
+			return list;
+		}finally{
+			dbo.close();
+		}
+	}
+//	open.close vote
+	public int hideSurvey(int id){
+		String sql = "update vote set ifhide='1' where id='"+id+"'";
+		String sql2 = "update vote set ifhide='0' where id='"+id+"'";
+		String sql3 = "select ifhide from vote where id='"+id+"'";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql3);
+			rs.next();
+			int i = rs.getInt(1);
+			if(i == 1){
+				int flag = dbo.executeUpdate(sql2);
+				if(flag == 1)
+					return Constant.SUCCESS;
+				else
+					return Constant.SYSTEM_ERROR;
+			}
+			else{
+				int flag = dbo.executeUpdate(sql);
+				if(flag == 1)
+					return Constant.SUCCESS;
+				else
+					return Constant.SYSTEM_ERROR;
+			}
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+	}
+	//投票
+	public int addVote(int id,String item){
+		String sql = "update vote set "+item+"="+item+"+1  where id='"+id+"'";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			int flag = dbo.executeUpdate(sql);
+			if(flag == 1)
+				return Constant.SUCCESS;
+			else
+				return Constant.SYSTEM_ERROR;
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+	}
+	///会员中心公告（滚动无弹出内容，分个人会员公告和企业会员公告）
+	public int addMemAff(String content,String type){
+		String sql = "insert into memaff(content,type,addtime) values('"+content+"','"+type+"','"+date+"')";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			int flag = dbo.executeUpdate(sql);
+			if(flag == 1)
+				return Constant.SUCCESS;
+			else
+				return Constant.SYSTEM_ERROR;
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+	}
+//	查询所有会员中心公告
+	public List getAllMemAff(){
+		String sql = "select * from memaff order by id desc  ";
+		DBO dbo = new DBO();
+		list = new ArrayList();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			while(rs.next()){
+				List list2 = new ArrayList();
+				list2.add(rs.getInt(1));
+				list2.add(rs.getString(2));
+				list2.add(rs.getString(3));
+				list2.add(rs.getString(4));
+				list.add(list2);
+			}
+			return list;
+		}catch(Exception e){
+			e.printStackTrace();
+			return list;
+		}finally{
+			dbo.close();
+		}
+	}
+	///删除会员中心公告
+	public int delMemAff(int id){
+		String sql = "delete from memaff where id='"+id+"'";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			int flag = dbo.executeUpdate(sql);
+			if(flag == 1)
+				return Constant.SUCCESS;
+			else
+				return Constant.SYSTEM_ERROR;
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+	}
+//	查询所有会员中心公告 前台
+	public List getAllMemAff(String type){
+		String sql = "select content,addtime from memaff where type='"+type+"' order by id desc  ";
+		DBO dbo = new DBO();
+		list = new ArrayList();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			while(rs.next()){
+				List list2 = new ArrayList();
+				list2.add(rs.getString(1));
+				list2.add(rs.getString(2));
+				list.add(list2);
+			}
+			return list;
+		}catch(Exception e){
+			e.printStackTrace();
+			return list;
+		}finally{
+			dbo.close();
+		}
+	}
+}
diff --git a/com/bean/FriendLinkBean.java b/com/bean/FriendLinkBean.java
new file mode 100644
index 0000000..e786427
--- /dev/null
+++ b/com/bean/FriendLinkBean.java
@@ -0,0 +1,115 @@
+package com.bean;
+
+/**
+ *
+ * @author Administrator
+ *
+ */
+
+import java.io.File;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Calendar;
+import java.util.List;
+
+import com.util.Constant;
+import com.util.DBO;
+
+public class FriendLinkBean {
+
+	private List list;
+	private ResultSet rs;
+	private String date=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(Calendar.getInstance().getTime());
+	
+	//友情链接分页
+	private int EVERYPAGENUM = 2;
+	private int count = -1;
+	private int qq = 0;
+	private String sql="select count(*) from friendlink where ifhide!='2'";
+	private String sql2="select * from friendlink where ifhide!='2' order by ordervalue desc ";
+    public void setEVERYPAGENUM(int EVERYPAGENUM){
+    	this.EVERYPAGENUM=EVERYPAGENUM;
+    }
+    public int getMessageCount() { //得到信息总数
+       DBO dbo=new DBO();
+       dbo.open();
+        try { 
+            rs = dbo.executeQuery(sql);
+            rs.next();
+            count = rs.getInt(1);
+            return count;
+        } catch (SQLException ex) {
+            ex.printStackTrace();
+            return -1;
+        } finally {
+            dbo.close();
+        }
+    }
+    public int getPageCount() { //得到共多少页（根据每页要显示几条信息）
+        if (count % EVERYPAGENUM == 0) {
+            return count / EVERYPAGENUM;
+        } else {
+            return count / EVERYPAGENUM + 1;
+        }
+    }
+    public List getMessage(int page) { //得到每页要显示的信息
+        DBO dbo=new DBO();
+        dbo.open();
+        List list = new ArrayList();
+        try {
+            rs = dbo.executeQuery(sql2);
+            for (int i = 0; i < (page - 1) * EVERYPAGENUM; i++) {
+                rs.next();
+            }
+            for (int t = 0; t < EVERYPAGENUM; t++) {
+                if (rs.next()) {
+                    qq++;
+                    List list2=new ArrayList();
+                    list2.add(rs.getInt(1));
+    				list2.add(rs.getString(2));
+    				list2.add(rs.getString(3));
+    				list2.add(rs.getString(4));
+    				list2.add(rs.getString(5));
+    				list2.add(rs.getInt(6));
+    				list2.add(rs.getInt(7));
+    				list2.add(rs.getString(8));
+    				list.add(list2);
+                } else {
+                    break; //减少空循环的时间
+                }
+            }
+            return list;
+        } catch (SQLException ex) {
+            ex.printStackTrace();
+            return list;
+        } finally {
+            dbo.close();
+        }
+    }
+	
+	public List getAllShowFriendLink(){
+		String sql = "select linkname,linkurl,linkpic,intero from friendlink where ifhide='1' order by ordervalue desc";
+		DBO dbo = new DBO();
+		list = new ArrayList();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			while(rs.next()){
+				List list2 = new ArrayList();
+				list2.add(rs.getString(1));
+				list2.add(rs.getString(2));
+				list2.add(rs.getString(3));
+				list2.add(rs.getString(4));
+				list.add(list2);
+			}
+			return list;
+		}catch(Exception e){
+			e.printStackTrace();
+			return list;
+		}finally{
+			dbo.close();
+		}
+	}
+}
\ No newline at end of file
diff --git a/com/bean/GuestBookBean.java b/com/bean/GuestBookBean.java
new file mode 100644
index 0000000..9220c22
--- /dev/null
+++ b/com/bean/GuestBookBean.java
@@ -0,0 +1,356 @@
+package com.bean;
+
+
+/**
+ * 留言本
+ * @author Administrator
+ *
+ */
+
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Calendar;
+import java.util.List;
+
+import com.util.Constant;
+import com.util.DBO;
+
+public class GuestBookBean {
+
+	private List list;
+	private ResultSet rs;
+	private String date=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(Calendar.getInstance().getTime());
+	private int EVERYPAGENUM = 2;
+	private int count = -1;
+	private int qq = 0;
+	private String sql="select count(*) from guestbook where ifhide='1'";
+	private String sql2="select * from guestbook where ifhide='1' order by addtime desc ";
+    public void setEVERYPAGENUM(int EVERYPAGENUM){
+    	this.EVERYPAGENUM=EVERYPAGENUM;
+    }
+    public int getMessageCount() { //得到信息总数
+       DBO dbo=new DBO();
+       dbo.open();
+        try { 
+            rs = dbo.executeQuery(sql);
+            rs.next();
+            count = rs.getInt(1);
+            return count;
+        } catch (SQLException ex) {
+            ex.printStackTrace();
+            return -1;
+        } finally {
+            dbo.close();
+        }
+    }
+    public int getPageCount() { //得到共多少页（根据每页要显示几条信息）
+        if (count % EVERYPAGENUM == 0) {
+            return count / EVERYPAGENUM;
+        } else {
+            return count / EVERYPAGENUM + 1;
+        }
+    }
+    public List getMessage(int page) { //得到每页要显示的信息
+        DBO dbo=new DBO();
+        dbo.open();
+        List list = new ArrayList();
+        try {
+            rs = dbo.executeQuery(sql2);
+            for (int i = 0; i < (page - 1) * EVERYPAGENUM; i++) {
+                rs.next();
+            }
+            for (int t = 0; t < EVERYPAGENUM; t++) {
+                if (rs.next()) {
+                    qq++;
+                    List list2=new ArrayList();
+                    list2.add(rs.getInt("id"));//0
+    				list2.add(rs.getString("nickname"));//1
+    				list2.add(rs.getString("pic"));//2
+    				list2.add(rs.getString("email"));//3
+    				list2.add(rs.getString("qq"));//4
+    				list2.add(rs.getString("weburl"));//5
+    				list2.add(rs.getString("blogurl"));//6
+    				list2.add(rs.getString("expressions"));//7
+    				list2.add(rs.getString("content"));//8
+    				list2.add(rs.getString("addtime"));//9
+    				list2.add(rs.getString("ip"));//10
+    				list2.add(rs.getString("replay"));//11
+    				list.add(list2);
+                } else {
+                    break; //减少空循环的时间
+                }
+            }
+            return list;
+        } catch (SQLException ex) {
+            ex.printStackTrace();
+            return null;
+        } finally {
+            dbo.close();
+        }
+    }
+    
+    //后台管理留言分页
+    
+	//private String sql4="select * from guestbook order by addtime desc ";
+    public int getMessageCountM(String stime,String etime) { //得到信息总数
+    	String sql3=null;
+       if(stime.equals("0")){//屏蔽的
+    	   sql3="select count(*) from guestbook where ifhide='0'";
+       }   
+       else if(stime.equals("1")){//显示的
+    	   sql3="select count(*) from guestbook where ifhide='1'";
+       }
+       else if(stime.equals("2")){//所有的
+    	   sql3="select count(*) from guestbook ";
+       }
+       else{
+    	   sql3="select count(*) from guestbook where addtime between '"+stime+"' and '"+etime+" 23:59:59'";
+       }
+       DBO dbo=new DBO();
+       dbo.open();
+        try { 
+            rs = dbo.executeQuery(sql3);
+            rs.next();
+            count = rs.getInt(1);
+            return count;
+        } catch (SQLException ex) {
+            ex.printStackTrace();
+            return -1;
+        } finally {
+            dbo.close();
+        }
+    }
+    public List getMessageM(int page,String stime,String etime) { //得到每页要显示的信息
+    	String sql4=null;
+        if(stime.equals("0")){//屏蔽的
+        	sql4="select * from guestbook where ifhide='0'";
+        }   
+        else if(stime.equals("1")){//显示的
+        	sql4="select * from guestbook where ifhide='1'";
+        }
+        else if(stime.equals("2")){//所有的
+        	sql4="select * from guestbook order by addtime desc ";
+        }
+        else{
+        	sql4="select * from guestbook where addtime between '"+stime+"' and '"+etime+" 23:59:59'";
+        }
+        DBO dbo=new DBO();
+        dbo.open();
+        List list = new ArrayList();
+        try {
+            rs = dbo.executeQuery(sql4);
+            for (int i = 0; i < (page - 1) * EVERYPAGENUM; i++) {
+                rs.next();
+            }
+            for (int t = 0; t < EVERYPAGENUM; t++) {
+                if (rs.next()) {
+                    qq++;
+                    List list2=new ArrayList();
+                    list2.add(rs.getInt("id"));//0
+    				list2.add(rs.getString("nickname"));//1
+    				list2.add(rs.getString("pic"));//2
+    				list2.add(rs.getString("email"));//3
+    				list2.add(rs.getString("qq"));//4
+    				list2.add(rs.getString("weburl"));//5
+    				list2.add(rs.getString("blogurl"));//6
+    				list2.add(rs.getString("expressions"));//7
+    				list2.add(rs.getString("content"));//8
+    				list2.add(rs.getString("addtime"));//9
+    				list2.add(rs.getString("ip"));//10
+    				list2.add(rs.getString("replay"));//11
+    				list2.add(rs.getString("ifhide"));//12
+    				list.add(list2);
+                } else {
+                    break; //减少空循环的时间
+                }
+            }
+            return list;
+        } catch (SQLException ex) {
+            ex.printStackTrace();
+            return null;
+        } finally {
+            dbo.close();
+        }
+    }
+    //显示、隐藏留言
+    public int hideGuestBook(int id){
+    	String sql = "select ifhide from guestbook where id='"+id+"'  ";
+    	String sql2 = "update guestbook set ifhide='0' where id ='"+id+"'";
+    	String sql3 = "update guestbook set ifhide='1' where id ='"+id+"'";
+    	DBO dbo = new DBO();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			rs.next();
+			if(rs.getInt(1) == 1){
+				int i = dbo.executeUpdate(sql2);
+				if(i == 1)
+					return Constant.SUCCESS;
+				else
+					return Constant.SYSTEM_ERROR;
+			}
+			else{
+				int i = dbo.executeUpdate(sql3);
+				if(i == 1)
+					return Constant.SUCCESS;
+				else
+					return Constant.SYSTEM_ERROR;
+			}
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+    }
+	//发表留言
+	public int addGuestBook(String nickname,String pic,String email,String qq,String weburl,String blogurl,String expressions,String content,String ip,int ifhide){
+		String sql = "insert into guestbook ( nickname, pic, email, qq, weburl, blogurl, expressions, content,addtime,ip,replay,ifhide)" +
+				" values('"+nickname+"','"+pic+"','"+email+"','"+qq+"','"+weburl+"','"+blogurl+"','"+expressions+"','"+content+"','"+date+"','"+ip+"','0','"+ifhide+"') ";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			int i = dbo.executeUpdate(sql);
+			if(i == 1)
+				return Constant.SUCCESS;
+			else
+				return Constant.SYSTEM_ERROR;
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+	}
+	//查询留言内容
+	public String getGuestBook(int id){
+		String sql = "select content from guestbook where id='"+id+"' ";
+		DBO dbo=new DBO();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			rs.next();
+			return rs.getString(1);
+		}catch(Exception e){
+			e.printStackTrace();
+			return null;
+		}finally{
+			dbo.close();
+		}
+	}
+	//	查询回复内容
+	public String getReplay(int id){
+		String sql = "select replay from replay where mid='"+id+"' ";
+		DBO dbo=new DBO();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			rs.next();
+			return rs.getString(1);
+		}catch(Exception e){
+			e.printStackTrace();
+			return null;
+		}finally{
+			dbo.close();
+		}
+	}
+//	查询回复内容
+	public List getReplayInfo(int id){ 
+		String sql = "select * from replay where mid='"+id+"' ";
+		DBO dbo=new DBO();
+		list = new ArrayList();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			while(rs.next()){
+				list.add(rs.getString(3));
+				list.add(rs.getString(4));
+				list.add(rs.getString(5));
+			}
+			return list;
+		}catch(Exception e){
+			e.printStackTrace();
+			return null;
+		}finally{
+			dbo.close();
+		}
+	}
+	//删除留言
+	public int delGuestBook(int id[]){
+		DBO dbo=new DBO();
+		dbo.open();
+		try{
+			for(int i = 0;i<id.length;i++){
+				dbo.executeUpdate("delete from  guestbook  where  id = '"+id[i]+"'");	
+				dbo.executeUpdate("delete from  replay  where  mid = '"+id[i]+"'");	
+			}
+			return Constant.SUCCESS;
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+	}
+	
+	//回复留言
+	public int reGuestBook(int mid ,String replay,String replayer){
+		String sql = "insert into replay (mid,replay,replayer,replaytime)" +
+				" values ('"+mid+"','"+replay+"','"+replayer+"','"+date+"') ";
+		String sql2 = "update guestbook set replay='1' where id='"+mid+"' ";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			int i = dbo.executeUpdate(sql);
+			int j = dbo.executeUpdate(sql2);
+			if(i == j && i== 1)
+				return Constant.SUCCESS;
+			else
+				return Constant.SYSTEM_ERROR;
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+	}
+	//	修改回复
+	public int upReplay(int mid ,String replay){
+		String sql = "update replay set replay='"+replay+"',replaytime='"+date+"' where mid='"+mid+"' ";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			int i = dbo.executeUpdate(sql);
+			if(i == 1)
+				return Constant.SUCCESS;
+			else
+				return Constant.SYSTEM_ERROR;
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+	}
+	//	查询会员性别
+	public String getSex(String username){
+		String sql = "select sex from member where username='"+username+"' ";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			if(rs.next())
+				return rs.getString(1);
+			else
+				return null;
+		}catch(Exception e){
+			e.printStackTrace();
+			return null;
+		}finally{
+			dbo.close();
+		}
+	}
+}
+
diff --git a/com/bean/HzpBean.java b/com/bean/HzpBean.java
new file mode 100644
index 0000000..2d79e58
--- /dev/null
+++ b/com/bean/HzpBean.java
@@ -0,0 +1,432 @@
+package com.bean;
+
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Calendar;
+import java.util.List;
+
+import com.util.Constant;
+import com.util.DBO;
+
+public class HzpBean {
+
+	private String date=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(Calendar.getInstance().getTime());
+	private List list;
+	private ResultSet rs = null;
+	
+	
+	
+	
+	private int EVERYPAGENUM = 2;
+	private int count = -1;
+	private int qq = 0;
+	private String sql="select count(*) from sale ";
+	private String sql2="select * from sale order by id desc "; 
+    public void setEVERYPAGENUM(int EVERYPAGENUM){
+    	this.EVERYPAGENUM=EVERYPAGENUM;
+    }
+    public int getMessageCount() { //得到信息总数
+       DBO dbo=new DBO();
+       dbo.open();
+        try { 
+            rs = dbo.executeQuery(sql);
+            rs.next();
+            count = rs.getInt(1);
+            return count;
+        } catch (SQLException ex) {
+            ex.printStackTrace();
+            return -1;
+        } finally {
+            dbo.close();
+        }
+    }
+    public int getPageCount() { //得到共多少页（根据每页要显示几条信息）
+        if (count % EVERYPAGENUM == 0) {
+            return count / EVERYPAGENUM;
+        } else {
+            return count / EVERYPAGENUM + 1;
+        }
+    }
+    public List getMessage(int page) { //得到每页要显示的信息
+        DBO dbo=new DBO();
+        dbo.open();
+        List list = new ArrayList();
+        try {
+            rs = dbo.executeQuery(sql2);
+            for (int i = 0; i < (page - 1) * EVERYPAGENUM; i++) {
+                rs.next();
+            }
+            for (int t = 0; t < EVERYPAGENUM; t++) {
+                if (rs.next()) {
+                    qq++;
+                    List list2=new ArrayList();
+                    list2.add(rs.getString(1));
+    				list2.add(rs.getString(2));
+    				list2.add(rs.getString(3));
+    				list2.add(rs.getString(4));
+    				list2.add(rs.getString(5));
+    				list2.add(rs.getString(6));
+    				list2.add(rs.getString(7));
+    				list2.add(rs.getString(8));
+    				list2.add(rs.getString(9));
+    				list.add(list2);
+                } else {
+                    break; //减少空循环的时间
+                }
+            }
+            return list;
+        } catch (SQLException ex) {
+            ex.printStackTrace();
+            return list;
+        } finally {
+            dbo.close();
+        }
+    }
+	
+	//////////////////////////////////////////////////// 
+	public int addType(String title){
+		String sql = "insert into type (title,addtime) values ('"+title+"','"+date+"')";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			rs=dbo.executeQuery("select * from type where title ='"+title+"'");
+			if(rs.next())return Constant.SAME_NAME;
+			else{
+				int i = dbo.executeUpdate(sql);
+				if(i == 1){
+					return Constant.SUCCESS;
+				}
+				else{
+					return Constant.SYSTEM_ERROR;
+				}
+			}
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+	}
+	public List getType(){
+		String sql = "select * from type order by id desc";
+		DBO dbo = new DBO();
+		list = new ArrayList();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			while(rs.next()){
+				List list2=new ArrayList();
+				list2.add(rs.getString(1));
+				list2.add(rs.getString(2));
+				list2.add(rs.getString(3));
+				list.add(list2);
+			}
+			return list;
+		}catch(Exception e){
+			e.printStackTrace();
+			return list;
+		}finally{
+			dbo.close();
+		}
+	}
+	 
+	public int delType(String id){
+		String sql="delete from type where id='"+id+"'";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			int i = dbo.executeUpdate(sql);
+			if(i == 1){
+				return Constant.SUCCESS;
+			}
+			else{
+				return Constant.SYSTEM_ERROR;
+			}
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+	}
+	//add ------------------------------------------------------- 
+	/*
+	 * String title = "";	
+		String type="请选择";
+		String co="";
+		String time="";
+		String price="";
+		String vipprice="";
+	 */
+	public int addTrave(String title,String type,String url,String co,String time,String price,String vipprice,String content,String flag,String num,String sl){
+		String sql = "insert into sale (title,type,url,co,time,price,vipprice,content,addtime,flag,num,sl) " +
+				"values ('"+title+"','"+type+"','"+url+"','"+co+"','"+time+"','"+price+"','"+vipprice+"','"+content+"','"+date+"','"+flag+"','"+num+"','"+sl+"')";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			int i = dbo.executeUpdate(sql);
+			if(i == 1){
+				return Constant.SUCCESS;
+			}
+			else{
+				return Constant.SYSTEM_ERROR;
+			}
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+	}
+	
+	//update 
+	public int updateTrave(String id,String title,String type,String url,String co,String time,String price,String vipprice,String content,String flag,String num,String sl){
+		String sql = "update sale set title = '"+title+"',type='"+type+"',url='"+url+"'," +
+				"co='"+co+"',time='"+time+"',price='"+price+"',vipprice='"+vipprice+"',content='"+content+"',flag='"+flag+"',num='"+num+"',sl='"+sl+"' where id = '"+id+"' ";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			int i = dbo.executeUpdate(sql);
+			if(i == 1){
+				return Constant.SUCCESS;
+			}
+			else{
+				return Constant.SYSTEM_ERROR;
+			}
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+	} 
+	public int delTrave(String id){
+		String sql="delete from sale where id='"+id+"'";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			int i = dbo.executeUpdate(sql);
+			if(i == 1){
+				return Constant.SUCCESS;
+			}
+			else{
+				return Constant.SYSTEM_ERROR;
+			}
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+	}
+	 
+	public List getOneTrave(int id){
+		String sql = "select * from sale where id = '"+id+"'";
+		DBO dbo = new DBO();
+		list = new ArrayList();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			while(rs.next()){
+				list.add(rs.getString(1));
+				list.add(rs.getString(2));
+				list.add(rs.getString(3));
+				list.add(rs.getString(4));
+				list.add(rs.getString(5));
+				list.add(rs.getString(6));
+				list.add(rs.getString(7));
+				list.add(rs.getString(8));
+				list.add(rs.getString(9)); 
+			}
+			return list;
+		}catch(Exception e){
+			e.printStackTrace();
+			return list;
+		}finally{
+			dbo.close();
+		}
+	}
+	public List getAllPTrave(){
+		String sql = "select * from sale order by id desc";
+		DBO dbo = new DBO();
+		list = new ArrayList();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			while(rs.next()){
+				List list2=new ArrayList();
+				list2.add(rs.getString(1));
+				list2.add(rs.getString(2));
+				list2.add(rs.getString(3));
+				list2.add(rs.getString(4));
+				list2.add(rs.getString(5));
+				list2.add(rs.getString(6));
+				list2.add(rs.getString(7));
+				list2.add(rs.getString(8));
+				list2.add(rs.getString(9)); 
+				list.add(list2);
+			}
+			return list;
+		}catch(Exception e){
+			e.printStackTrace();
+			return list;
+		}finally{
+			dbo.close();
+		}
+	}
+	public List getAllPTrave(String sql){
+		DBO dbo = new DBO();
+		list = new ArrayList();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			while(rs.next()){
+				List list2=new ArrayList();
+				list2.add(rs.getString(1));
+				list2.add(rs.getString(2));
+				list2.add(rs.getString(3));
+				list2.add(rs.getString(4));
+				list2.add(rs.getString(5));
+				list2.add(rs.getString(6));
+				list2.add(rs.getString(7));
+				list2.add(rs.getString(8));
+				list2.add(rs.getString(9)); 
+				list.add(list2);
+			}
+			return list;
+		}catch(Exception e){
+			e.printStackTrace();
+			return list;
+		}finally{
+			dbo.close();
+		}
+	}
+	 
+	public List get10PTrave(){
+		String sql = "select   * from sale order by id desc  limit 0,5 ";
+		DBO dbo = new DBO();
+		list = new ArrayList();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			while(rs.next()){
+				List list2=new ArrayList();
+				list2.add(rs.getString(1));
+				list2.add(rs.getString(2));
+				list2.add(rs.getString(3));
+				list2.add(rs.getString(4));
+				list2.add(rs.getString(5));
+				list2.add(rs.getString(6));
+				list2.add(rs.getString(7));
+				list2.add(rs.getString(8));
+				list2.add(rs.getString(9)); 
+				list.add(list2);
+			}
+			return list;
+		}catch(Exception e){
+			e.printStackTrace();
+			return list;
+		}finally{
+			dbo.close();
+		}
+	}
+	
+	
+	
+	
+	public List getMyPrep(String sql){
+		DBO dbo = new DBO();
+		list = new ArrayList();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			while(rs.next()){
+				List list2=new ArrayList();
+				list2.add(rs.getString(1));
+				list2.add(rs.getString(2));
+				list2.add(rs.getString(3));
+				list2.add(rs.getString(4));
+				list2.add(rs.getString(5));
+				list2.add(rs.getString(6));
+				list2.add(rs.getString(7));
+				list2.add(rs.getString(8));
+				list2.add(rs.getString(9)); 
+				list.add(list2);
+			}
+			return list;
+		}catch(Exception e){
+			e.printStackTrace();
+			return list;
+		}finally{
+			dbo.close();
+		}
+	}
+	public List getMy11Prep(String sql){
+		DBO dbo = new DBO();
+		list = new ArrayList();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			rs.next();
+				list.add(rs.getString(1));
+				list.add(rs.getString(2));
+				list.add(rs.getString(3));
+				list.add(rs.getString(4));
+				list.add(rs.getString(5));
+				list.add(rs.getString(6));
+				list.add(rs.getString(7));
+				list.add(rs.getString(8));
+				list.add(rs.getString(9)); 
+				 
+			return list;
+		}catch(Exception e){
+			e.printStackTrace();
+			return list;
+		}finally{
+			dbo.close();
+		}
+	}
+	
+	
+	
+	public List gegComMethod(String sql,int row){
+		DBO dbo = new DBO();
+		list = new ArrayList();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			while(rs.next()){
+				List list2=new ArrayList();
+				for(int i=1;i<=row;i++){
+					list2.add(rs.getString(i));
+				}
+				
+				list.add(list2);
+			}
+			return list;
+		}catch(Exception e){
+			e.printStackTrace();
+			return list;
+		}finally{
+			dbo.close();
+		}
+	}
+	public int gegXsl(String title){
+		String sql="select sum(rs) from prep where zt='已提交' and title='"+title+"'";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			rs.next();
+			return rs.getInt(1);
+		}catch(Exception e){
+			e.printStackTrace();
+			return 0;
+		}finally{
+			dbo.close();
+		}
+	}
+	 
+}
diff --git a/com/bean/MemberBean.java b/com/bean/MemberBean.java
new file mode 100644
index 0000000..5a01ea7
--- /dev/null
+++ b/com/bean/MemberBean.java
@@ -0,0 +1,485 @@
+package com.bean;
+
+import java.sql.ResultSet;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Calendar;
+import java.util.List;
+
+import com.util.CheckCode;
+import com.util.Constant;
+import com.util.DBO;
+import com.util.MD5;
+
+/**
+ * 前台会员登陆 注册 修改资料 找回密码
+ * @author Administrator
+ *
+ */
+
+public class MemberBean {
+
+	private List list;
+	private ResultSet rs;
+	private String date=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(Calendar.getInstance().getTime());
+	
+	
+	/****************************************************************
+	 * 会员注册 验证个人 企业会员通用部分
+	 * 
+	 * @return
+	 ********************************************************************/
+
+//  检查是否重名
+    public int checkRegName(String username){
+    	String sql = "select * from member where username='"+username+"'";
+    	DBO dbo = new DBO();
+		dbo.open();
+		try{
+			
+				rs = dbo.executeQuery(sql);
+				if(rs.next()){
+					return Constant.SAME_NAME;
+				}
+				else{
+					return Constant.SUCCESS;
+				}	
+							
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+    }
+
+	/****************************************************************
+	 * 会员密码修改 登陆 登陆信息修改通用部分
+	 * 
+	 * @return
+	 ********************************************************************/
+//	会员修改密码
+	public int editPassword(String username,String oldpwd,String newpwd){
+		String sql="select * from member where username = '"+username+"' and password = '"+oldpwd+"'";
+		String sql2="update member set password = '"+newpwd+"' where username = '"+username+"'";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			if(rs.next()){
+				int i = dbo.executeUpdate(sql2);
+				if(i == 1){
+					return Constant.SUCCESS;
+				}
+				else{
+					return Constant.SYSTEM_ERROR;
+				}
+			}
+			else{
+				return Constant.PASSWORD_ERROR;
+			}
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+	}
+//	会员登陆
+	public int memberLogin(String username,String password,String type){
+		password=MD5.MD5(password);
+		String sql = "select password from member where username='"+username+"' and type='"+type+"' and ifuse='1' ";
+		//String sql2 = "update member set logintimes=logintimes+1,lasttime='"+date+"',lastip='"+lastip+"' where username='"+username+"' ";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			if(rs.next()){//如果有该用户名
+				String str = rs.getString("password");
+				if(str.trim().equals(password)){
+					//dbo.executeUpdate(sql2);
+					return Constant.SUCCESS;
+				}
+				else{
+					return Constant.PASSWORD_ERROR;
+				}
+			}
+			else{//如果没有
+				return Constant.NAME_ERROR;
+			}
+		}catch(Exception e){
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}		
+	}
+//	登陆信息
+	public String getLastTimeIP(String username){
+		String sql = "select lasttime,lastip from member where username='"+username+"'";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			rs.next();
+			String str=rs.getString(1)+"/"+rs.getString(2);
+			return str;
+		}catch(Exception e){
+			return null;
+		}finally{
+			dbo.close();
+		}	
+	}
+	//更新登陆信息
+	public int upmemberLogin(String username,String lastip ){
+		String sql = "update member set logintimes=logintimes+1,lasttime='"+date+"',lastip='"+lastip+"' where username='"+username+"' ";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			int i = dbo.executeUpdate(sql);
+			if(i == 1)
+				return Constant.SUCCESS;
+			else
+				return Constant.SYSTEM_ERROR;
+		}catch(Exception e){
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}		
+	}
+	//登陆次数 本次登陆时间
+	public String getLogintimes(String username){
+		String sql = "select lasttime,logintimes from member where username='"+username+"'";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			rs.next();
+			String str=rs.getString(1)+"/"+rs.getString(2);
+			return str;
+		}catch(Exception e){
+			return null;
+		}finally{
+			dbo.close();
+		}	
+	}
+	/****************************************************************
+	 * 个人会员注册 修改资料 登陆 找回密码
+	 * 
+	 * @return
+	 ********************************************************************/
+	//个人会员注册
+	public int personReg(String username,String password,String type,String realname,String sex,String bir,
+			String sheng,String city,String telphone,String email,String question,String answer,String lastip,int off,String address){
+		password=MD5.MD5(password);
+		String sql = "insert into member(username,password,type,regtime,ifuse,logintimes,lasttime,lastip)" +
+		" values('"+username+"','"+password+"','"+type+"','"+date+"','"+off+"','0','"+date+"','"+lastip+"') ";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			int i = dbo.executeUpdate(sql);
+			if(i == 1){
+				rs = dbo.executeQuery("select id from member where username='"+username+"'");
+				rs.next();
+				int mid = rs.getInt(1);
+				String sql2 = "insert into pmember(mid,realname,sex,bir,sheng,city,telphone,email,question,answer,address)" +
+								"values('"+mid+"','"+realname+"','"+sex+"','"+bir+"','"+sheng+"','"+city+"','"+telphone+"','"+email+"','"+question+"','"+answer+"','"+address+"') ";
+				int j = dbo.executeUpdate(sql2);
+				if(j == 1)
+					return Constant.SUCCESS;
+				else
+					return Constant.SYSTEM_ERROR;
+			}
+			else{
+				return Constant.SYSTEM_ERROR;
+			}
+		}catch(Exception e){
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}		
+	}
+	
+	//某个人会员资料
+	public List getRegInfo(String username){
+		String sql = "select * from pmember where mid=(select id from member where username='"+username+"') ";
+		DBO dbo = new DBO();
+		list = new ArrayList();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			rs.next();
+			list.add(rs.getInt("mid"));//0
+			list.add(rs.getString("realname"));//1
+			list.add(rs.getString("sex"));//2
+			list.add(rs.getString("bir"));//3
+			list.add(rs.getString("sheng"));//4
+			list.add(rs.getString("city"));//5
+			list.add(rs.getString("telphone"));//6
+			list.add(rs.getString("email"));//7
+			list.add(rs.getString("question"));//8
+			list.add(rs.getString("answer"));//9
+			list.add(rs.getString("address"));//9
+			return list;
+		}catch(Exception e){
+			e.printStackTrace();
+			return list;
+		}finally{
+			dbo.close();
+		}	
+	}
+	//个人会员修改资料
+	public int uppersonReg(String username,String realname,String sex,String bir,String sheng,String city,String telphone,String email,String question,String answer,String address){		
+		String sql = "select id from member where username='"+username+"'";
+		DBO dbo = new DBO(); 
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			if(rs.next()){
+				int mid = rs.getInt(1);
+				String sql2 = "update pmember set realname='"+realname+"',sex='"+sex+"',bir='"+bir+"',sheng='"+sheng+"',city='"+city+"',telphone='"+telphone+"'," +
+						"email='"+email+"',question='"+question+"',answer='"+answer+"',address='"+address+"' where mid='"+mid+"' ";
+				int i = dbo.executeUpdate(sql2);
+				if(i == 1)
+					return Constant.SUCCESS;
+				else
+					return Constant.SYSTEM_ERROR;
+			}
+			else{
+				return Constant.SYSTEM_ERROR;
+			}
+		}catch(Exception e){
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}		
+	}
+	
+	/****************************************************************
+	 * 企业会员注册 修改资料 登陆 找回密码
+	 * 
+	 * @return
+	 ********************************************************************/
+	//企业会员注册
+	public int coReg(String username,String password,String type,String coname,String address,String postnum,
+			String tel,String email,String question,String answer,String intro,String lastip,int off){
+		password=MD5.MD5(password);
+		String sql = "insert into member(username,password,type,regtime,ifuse,logintimes,lasttime,lastip)" +
+		" values('"+username+"','"+password+"','"+type+"','"+date+"','"+off+"','0','"+date+"','"+lastip+"') ";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			int i = dbo.executeUpdate(sql);
+			if(i == 1){
+				rs = dbo.executeQuery("select id from member where username='"+username+"'");
+				rs.next();
+				int mid = rs.getInt(1);
+				String sql2 = "insert into cmember(mid,coname,address,postnum,tel,email,question,answer,intro)" +
+								"values('"+mid+"','"+coname+"','"+address+"','"+postnum+"','"+tel+"','"+email+"','"+question+"','"+answer+"','"+intro+"') ";
+				int j = dbo.executeUpdate(sql2);
+				if(j == 1)
+					return Constant.SUCCESS;
+				else
+					return Constant.SYSTEM_ERROR;
+			}
+			else{
+				return Constant.SYSTEM_ERROR;
+			}
+		}catch(Exception e){
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}		
+	}
+	//	某企业会员资料
+	public List getCoRegInfo(String username){
+		String sql = "select * from cmember where mid=(select id from member where username='"+username+"') ";
+		DBO dbo = new DBO();
+		list = new ArrayList();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			rs.next();
+			list.add(rs.getInt("mid"));//0
+			list.add(rs.getString("coname"));//1
+			list.add(rs.getString("address"));//2
+			list.add(rs.getString("postnum"));//3
+			list.add(rs.getString("tel"));//4
+			list.add(rs.getString("email"));//5
+			list.add(rs.getString("question"));//6
+			list.add(rs.getString("answer"));//7
+			list.add(rs.getString("intro"));//8
+			return list;
+		}catch(Exception e){
+			e.printStackTrace();
+			return list;
+		}finally{
+			dbo.close();
+		}	
+	}
+	//企业会员修改资料
+	public int upCoReg(String username,String coname,String address,String postnum,String tel,String email,String question,String answer,String intro){		
+		String sql = "select id from member where username='"+username+"'";
+		DBO dbo = new DBO(); 
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			if(rs.next()){
+				int mid = rs.getInt(1);
+				String sql2 = "update cmember set coname='"+coname+"',address='"+address+"',postnum='"+postnum+"',tel='"+tel+"',email='"+email+"'," +
+						"question='"+question+"',answer='"+answer+"',intro='"+intro+"' where mid='"+mid+"' ";
+				int i = dbo.executeUpdate(sql2);
+				if(i == 1)
+					return Constant.SUCCESS;
+				else
+					return Constant.SYSTEM_ERROR;
+			}
+			else{
+				return Constant.SYSTEM_ERROR;
+			}
+		}catch(Exception e){
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}		
+	}
+	public int findPwd(String username){
+		String sql="select id from member where username='"+username+"'";
+		DBO dbo=new DBO();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			if(rs.next()){
+				return rs.getInt(1);
+			}
+			else{
+				return 0;
+			}
+		}catch(Exception e){
+			e.printStackTrace();
+			return 0;
+		}finally{
+			dbo.close();
+		}		
+	}
+	public String returnPwd(String username,String question,String answer,String type){
+		int i=this.findPwd(username);
+		if(i!=0){
+			if(type.equals("person")){
+				type="pmember";
+			}
+			else{
+				type="cmember";
+			}
+			String sql ="select * from "+type+" where mid='"+i+"' and question='"+question+"' and answer='"+answer+"'";
+			DBO dbo=new DBO();
+			dbo.open();
+			try{
+				rs = dbo.executeQuery(sql);
+				if(rs.next()){
+					String yzm=new CheckCode().getCheckCode()+"123";
+					String pwd=MD5.MD5(yzm);
+					int k=dbo.executeUpdate("update member set password='"+pwd+"' where username='"+username+"'");
+					if(k==1){
+						return yzm;
+					}
+					else{System.out.print("aaaaaaaaaaaaaa");
+						return "error";
+					}
+				}
+				else{
+					return "error";
+				}
+			}catch(Exception e){
+				e.printStackTrace();
+				return "error";
+			}finally{
+				dbo.close();
+			}		
+		}
+		else{
+			return "nameerror";
+		}
+	}
+	//个人会员简历管理
+	public int upJianLi(String member,String picurl,String mname,String sex,String age,String school,String bir,String address,String linkman,String tel,String email,String intro){
+		String sql = "select * from resume where member='"+member+"'";
+		String upsql = "update resume set picurl='"+picurl+"',mname='"+mname+"',sex='"+sex+"',age='"+age+"',school='"+school+"',bir='"+bir+"',address='"+address+"',linkman='"+linkman+"',tel='"+tel+"',email='"+email+"',intro='"+intro+"' where member='"+member+"'";
+		String addsql = "insert into resume(member,picurl,mname,sex,age,school,bir,address,linkman,tel,email,intro,addtime) " +
+				"values('"+member+"','"+picurl+"','"+mname+"','"+sex+"','"+age+"','"+school+"','"+bir+"','"+address+"','"+linkman+"','"+tel+"','"+email+"','"+intro+"','"+date+"')";
+		DBO dbo=new DBO();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			if(rs.next()){
+				int i = dbo.executeUpdate(upsql);
+				if(i == 1)
+					return Constant.SUCCESS;
+				else
+					return Constant.SYSTEM_ERROR;
+			}
+			else{
+				int i = dbo.executeUpdate(addsql);
+				if(i == 1)
+					return Constant.SUCCESS;
+				else
+					return Constant.SYSTEM_ERROR;
+			}
+		}catch(Exception e){
+			e.printStackTrace();
+			return 0;
+		}finally{
+			dbo.close();
+		}		
+	}
+	//查询个人简历
+	public List getResume(String member){
+		String sql = "select * from resume where member='"+member+"'";
+		DBO dbo = new DBO();
+		list = new ArrayList();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			rs.next();
+			list.add(rs.getString(2));//0
+			list.add(rs.getString(3));//1
+			list.add(rs.getString(4));//2
+			list.add(rs.getString(5));//3
+			list.add(rs.getString(6));//4
+			list.add(rs.getString(7));//5
+			list.add(rs.getString(8));//6
+			list.add(rs.getString(9));//7
+			list.add(rs.getString(10));//8
+			list.add(rs.getString(11));//9
+			list.add(rs.getString(12));//10
+			list.add(rs.getString(13));//11
+			return list;
+		}catch(Exception e){
+			e.printStackTrace();
+			return list;
+		}finally{
+			dbo.close();
+		}	
+	}
+	//首页7个最新注册会员照片
+	public List getTop7(){
+		String sql = "select top 7 picurl,member from resume";
+		DBO dbo = new DBO();
+		list = new ArrayList();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			while(rs.next()){
+				List list2=new ArrayList();
+				list2.add(rs.getString(1));//0
+				list2.add(rs.getString(2));//1
+				list.add(list2);
+			}
+			return list;
+		}catch(Exception e){
+			e.printStackTrace();
+			return list;
+		}finally{
+			dbo.close();
+		}	
+	}
+}
diff --git a/com/bean/MemberManageBean.java b/com/bean/MemberManageBean.java
new file mode 100644
index 0000000..dfd84d7
--- /dev/null
+++ b/com/bean/MemberManageBean.java
@@ -0,0 +1,543 @@
+package com.bean;
+
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Calendar;
+import java.util.List;
+
+import com.util.Constant;
+import com.util.DBO;
+
+/**
+ * 
+ * 网站后台管理注册会员 查询 冻结 删除会员
+ */	
+
+public class MemberManageBean {
+
+	private List list;
+	private ResultSet rs = null;
+	private int EVERYPAGENUM = 2;
+	private int count = -1;
+	private int qq = 0;
+	private String sql="select count(*) from member where type='person'";
+	private String sql2="select * from member where type='person' order by id desc ";
+	//声明时间变量
+	String date1=new SimpleDateFormat("yyyy-MM-dd").format(Calendar.getInstance().getTime());
+	String date=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(Calendar.getInstance().getTime());
+	
+	//分页查询所有个人会员
+	public void setEVERYPAGENUM(int EVERYPAGENUM){
+    	this.EVERYPAGENUM=EVERYPAGENUM;
+    }
+    public int getMessageCount() { //得到信息总数
+       DBO dbo=new DBO();
+       dbo.open();
+        try { 
+            rs = dbo.executeQuery(sql);
+            rs.next();
+            count = rs.getInt(1);
+            return count;
+        } catch (SQLException ex) {
+            ex.printStackTrace();
+            return -1;
+        } finally {
+            dbo.close();
+        }
+    }
+    public int getPageCount() { //得到共多少页（根据每页要显示几条信息）
+        if (count % EVERYPAGENUM == 0) {
+            return count / EVERYPAGENUM;
+        } else {
+            return count / EVERYPAGENUM + 1;
+        }
+    }
+    public List getMessage(int page) { //得到每页要显示的信息
+        DBO dbo=new DBO();
+        dbo.open();
+        List list = new ArrayList();
+        try {
+            rs = dbo.executeQuery(sql2);
+            for (int i = 0; i < (page - 1) * EVERYPAGENUM; i++) {
+                rs.next();
+            }
+            for (int t = 0; t < EVERYPAGENUM; t++) {
+                if (rs.next()) {
+                    qq++;
+                    List list2=new ArrayList();
+                    list2.add(rs.getInt("id"));
+    				list2.add(rs.getString("username"));
+    				list2.add(rs.getString("regtime"));
+    				list2.add(rs.getString("ifuse"));
+    				list2.add(rs.getString("logintimes"));
+    				list2.add(rs.getString("lasttime"));
+    				list2.add(rs.getString("lastip"));
+    				list.add(list2);
+                } else {
+                    break; //减少空循环的时间
+                }
+            }
+            return list;
+        } catch (SQLException ex) {
+            ex.printStackTrace();
+            return null;
+        } finally {
+            dbo.close();
+        }
+    }
+    
+    ///所有企业会员////////////////////
+    public int getMessageCountCO() { //得到信息总数
+        DBO dbo=new DBO();
+        dbo.open();
+         try { 
+             rs = dbo.executeQuery("select count(*) from member where type='co'");
+             rs.next();
+             count = rs.getInt(1);
+             return count;
+         } catch (SQLException ex) {
+             ex.printStackTrace();
+             return -1;
+         } finally {
+             dbo.close();
+         }
+     }
+     public List getMessageCO(int page) { //得到每页要显示的信息
+         DBO dbo=new DBO();
+         dbo.open();
+         List list = new ArrayList();
+         try {
+             rs = dbo.executeQuery("select * from member where type='co' order by id desc ");
+             for (int i = 0; i < (page - 1) * EVERYPAGENUM; i++) {
+                 rs.next();
+             }
+             for (int t = 0; t < EVERYPAGENUM; t++) {
+                 if (rs.next()) {
+                     qq++;
+                    List list2=new ArrayList();
+                    list2.add(rs.getInt("id"));
+     				list2.add(rs.getString("username"));
+     				list2.add(rs.getString("regtime"));
+     				list2.add(rs.getString("ifuse"));
+     				list2.add(rs.getString("logintimes"));
+     				list2.add(rs.getString("lasttime"));
+     				list2.add(rs.getString("lastip"));
+     				list.add(list2);
+                 } else {
+                     break; //减少空循环的时间
+                 }
+             }
+             return list;
+         } catch (SQLException ex) {
+             ex.printStackTrace();
+             return null;
+         } finally {
+             dbo.close();
+         }
+     }
+     
+     //所有在用会员
+     public int getMessageCountUS() { //得到信息总数
+         DBO dbo=new DBO();
+         dbo.open();
+          try { 
+              rs = dbo.executeQuery("select count(*) from member where ifuse='1'");
+              rs.next();
+              count = rs.getInt(1);
+              return count;
+          } catch (SQLException ex) {
+              ex.printStackTrace();
+              return -1;
+          } finally {
+              dbo.close();
+          }
+      }
+      public List getMessageUS(int page) { //得到每页要显示的信息
+          DBO dbo=new DBO();
+          dbo.open();
+          List list = new ArrayList();
+          try {
+              rs = dbo.executeQuery("select * from member where ifuse='1' order by id desc ");
+              for (int i = 0; i < (page - 1) * EVERYPAGENUM; i++) {
+                  rs.next();
+              }
+              for (int t = 0; t < EVERYPAGENUM; t++) {
+                  if (rs.next()) {
+                      qq++;
+                     List list2=new ArrayList();
+                     list2.add(rs.getInt("id"));
+      				list2.add(rs.getString("username"));
+      				list2.add(rs.getString("regtime"));
+      				list2.add(rs.getString("ifuse"));
+      				list2.add(rs.getString("logintimes"));
+      				list2.add(rs.getString("lasttime"));
+      				list2.add(rs.getString("lastip"));
+      				list2.add(rs.getString("type"));
+      				list.add(list2);
+                  } else {
+                      break; //减少空循环的时间
+                  }
+              }
+              return list;
+          } catch (SQLException ex) {
+              ex.printStackTrace();
+              return null;
+          } finally {
+              dbo.close();
+          }
+      }
+//    所有冻结会员
+      public int getMessageCountCL() { //得到信息总数
+          DBO dbo=new DBO();
+          dbo.open();
+           try { 
+               rs = dbo.executeQuery("select count(*) from member where ifuse='0'");
+               rs.next();
+               count = rs.getInt(1);
+               return count;
+           } catch (SQLException ex) {
+               ex.printStackTrace();
+               return -1;
+           } finally {
+               dbo.close();
+           }
+       }
+       public List getMessageCL(int page) { //得到每页要显示的信息
+           DBO dbo=new DBO();
+           dbo.open();
+           List list = new ArrayList();
+           try {
+               rs = dbo.executeQuery("select * from member where ifuse='0' order by id desc ");
+               for (int i = 0; i < (page - 1) * EVERYPAGENUM; i++) {
+                   rs.next();
+               }
+               for (int t = 0; t < EVERYPAGENUM; t++) {
+                   if (rs.next()) {
+                       qq++;
+                      List list2=new ArrayList();
+                      list2.add(rs.getInt("id"));
+       				list2.add(rs.getString("username"));
+       				list2.add(rs.getString("regtime"));
+       				list2.add(rs.getString("ifuse"));
+       				list2.add(rs.getString("logintimes"));
+       				list2.add(rs.getString("lasttime"));
+       				list2.add(rs.getString("lastip"));
+       				list2.add(rs.getString("type"));
+       				list.add(list2);
+                   } else {
+                       break; //减少空循环的时间
+                   }
+               }
+               return list;
+           } catch (SQLException ex) {
+               ex.printStackTrace();
+               return null;
+           } finally {
+               dbo.close();
+           }
+       }
+//     今日注册会员
+       public int getMessageCountTODAY() { //得到信息总数
+           DBO dbo=new DBO();
+           dbo.open();
+            try { 
+                rs = dbo.executeQuery("select count(*) from member where regtime between '"+date1+"' and '"+date+"'");
+                rs.next();
+                count = rs.getInt(1);
+                return count;
+            } catch (SQLException ex) {
+                ex.printStackTrace();
+                return -1;
+            } finally {
+                dbo.close();
+            }
+        }
+        public List getMessageTODAY(int page) { //得到每页要显示的信息
+            DBO dbo=new DBO();
+            dbo.open();
+            List list = new ArrayList();
+            try {
+                rs = dbo.executeQuery("select * from member where regtime between '"+date1+"' and '"+date+"' order by id desc ");
+                for (int i = 0; i < (page - 1) * EVERYPAGENUM; i++) {
+                    rs.next();
+                }
+                for (int t = 0; t < EVERYPAGENUM; t++) {
+                    if (rs.next()) {
+                        qq++;
+                       List list2=new ArrayList();
+                       list2.add(rs.getInt("id"));
+        				list2.add(rs.getString("username"));
+        				list2.add(rs.getString("regtime"));
+        				list2.add(rs.getString("ifuse"));
+        				list2.add(rs.getString("logintimes"));
+        				list2.add(rs.getString("lasttime"));
+        				list2.add(rs.getString("lastip"));
+        				list2.add(rs.getString("type"));
+        				list.add(list2);
+                    } else {
+                        break; //减少空循环的时间
+                    }
+                }
+                return list;
+            } catch (SQLException ex) {
+                ex.printStackTrace();
+                return null;
+            } finally {
+                dbo.close();
+            }
+        }
+   
+    /*********************************************************************************************************************************
+     * 删除 冻结会员
+     * @param id
+     * @return
+     *********************************************************************/
+    //  删除会员
+	public int delMember(int id[]){
+		DBO dbo=new DBO();
+		dbo.open();
+		try{
+			for(int i = 0;i<id.length;i++){
+				dbo.executeUpdate("delete from  member where  id = '"+id[i]+"'");	
+				dbo.executeUpdate("delete from  pmember where  mid = '"+id[i]+"'");
+				dbo.executeUpdate("delete from  cmember where  mid = '"+id[i]+"'");
+			}
+			return Constant.SUCCESS;
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+	}
+	//冻结会员
+	public int closeMember(int id){
+		String sql = "select ifuse from member where id='"+id+"' ";
+		String sql2 = "update member set ifuse='0' where id='"+id+"'";
+		String sql3 = "update member set ifuse='1' where id='"+id+"'";
+		DBO dbo=new DBO();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			if(rs.next()){
+				int ifuse=rs.getInt(1);
+				if(ifuse == 1){
+					int j = dbo.executeUpdate(sql2);
+					if(j == 1)
+						return Constant.SUCCESS;
+					else
+						return Constant.SYSTEM_ERROR;
+				}
+				else{
+					int j = dbo.executeUpdate(sql3);
+					if(j == 1)
+						return Constant.SUCCESS;
+					else
+						return Constant.SYSTEM_ERROR;
+				}
+			}
+			else{
+				return Constant.SYSTEM_ERROR;
+			}
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+	}
+	/**********************************************************************
+     * 后台查询单条个人 企业会员信息 查询会员类型
+     * @param id
+     * @return
+     *********************************************************************/
+    //以id为条件查询会员类型
+    public String getType(int id){
+    	String sql = "select type from member where id='"+id+"'";
+    	DBO dbo=new DBO();
+    	dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			if(rs.next()){
+				String type = rs.getString(1);
+				return type;
+			}
+			else
+				return null;
+		}catch(Exception e){
+			e.printStackTrace();
+			return null;
+		}finally{
+			dbo.close();
+		}
+    }
+    //以id为条件 单条会员登陆信息
+    public List getMemberLogin(int id){
+		String sql = "select * from member where id='"+id+"'";
+		DBO dbo=new DBO();
+		list = new ArrayList();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			rs.next();
+			list.add(rs.getString("username"));
+			list.add(rs.getString("type"));
+			list.add(rs.getString("regtime"));
+			list.add(rs.getString("ifuse"));
+			list.add(rs.getString("logintimes"));
+			list.add(rs.getString("lasttime"));
+			list.add(rs.getString("lastip"));
+			return list;
+		}catch(Exception e){
+			e.printStackTrace();
+			return list;
+		}finally{
+			dbo.close();
+		}
+	}
+	//以id为条件 单条个人会员信息
+	public List getPerSonMember(int id){
+		String sql = "select * from pmember where mid='"+id+"'";
+		DBO dbo=new DBO();
+		list = new ArrayList();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			rs.next();
+			list.add(rs.getString("realname"));
+			list.add(rs.getString("sex"));
+			list.add(rs.getString("bir"));
+			list.add(rs.getString("sheng"));
+			list.add(rs.getString("city"));
+			list.add(rs.getString("telphone"));
+			list.add(rs.getString("email"));
+			list.add(rs.getString("question"));
+			list.add(rs.getString("answer"));
+			list.add(rs.getString("address"));
+			return list;
+		}catch(Exception e){
+			e.printStackTrace();
+			return list;
+		}finally{
+			dbo.close();
+		}
+	}
+//	以id为条件 单条企业会员信息
+	public List getCoMember(int id){
+		String sql = "select * from cmember where mid='"+id+"'";
+		DBO dbo=new DBO();
+		list = new ArrayList();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			rs.next();
+			list.add(rs.getString("coname"));
+			list.add(rs.getString("address"));
+			list.add(rs.getString("postnum"));
+			list.add(rs.getString("tel"));
+			list.add(rs.getString("email"));
+			list.add(rs.getString("question"));
+			list.add(rs.getString("answer"));
+			list.add(rs.getString("intro"));
+			return list;
+		}catch(Exception e){
+			e.printStackTrace();
+			return list;
+		}finally{
+			dbo.close();
+		}
+	}
+	//////////////以用户名为条件查询///////////////
+//	以用户名为条件查询会员类型
+    public String getType(String name){
+    	String sql = "select type from member where username='"+name+"'";
+    	DBO dbo=new DBO();
+    	dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			if(rs.next()){
+				String type = rs.getString(1);
+				return type;
+			}
+			else
+				return null;
+		}catch(Exception e){
+			e.printStackTrace();
+			return null;
+		}finally{
+			dbo.close();
+		}
+    }
+    //以用户名为条件查询用户id，然后用id来查询会员信息 跳转到//以id为条件查询会员类型
+    public int getID(String name){
+    	String sql = "select id from member where username='"+name+"'";
+    	DBO dbo=new DBO();
+    	dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			if(rs.next()){
+				int id = rs.getInt(1);
+				return id;
+			}
+			else
+				return 0;
+		}catch(Exception e){
+			e.printStackTrace();
+			return 0;
+		}finally{
+			dbo.close();
+		}
+    }
+//////////////以用户名 id为条件查询///////////////
+//	以用户名 id为条件查询会员类型，然后用id来查询会员信息 跳转到//以id为条件查询会员
+    public String getType(int id,String name){
+    	String sql = "select type from member where id='"+id+"' and username='"+name+"'";
+    	DBO dbo=new DBO();
+    	dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			if(rs.next()){
+				String type = rs.getString(1);
+				return type;
+			}
+			else
+				return null;
+		}catch(Exception e){
+			e.printStackTrace();
+			return null;
+		}finally{
+			dbo.close();
+		}
+    }
+    
+	/////////////////////按注册时间查询/////////////////////
+    public List getMemberByTime(String stime,String etime){
+    	String sql = "select * from member where regtime between '"+stime+"' and '"+etime+" 23:59:59' ";
+    	DBO dbo=new DBO();
+		list = new ArrayList();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			while(rs.next()){
+				List list2=new ArrayList();
+                list2.add(rs.getInt("id"));
+ 				list2.add(rs.getString("username"));
+ 				list2.add(rs.getString("regtime"));
+ 				list2.add(rs.getString("ifuse"));
+ 				list2.add(rs.getString("logintimes"));
+ 				list2.add(rs.getString("lasttime"));
+ 				list2.add(rs.getString("lastip"));
+ 				list2.add(rs.getString("type"));
+ 				list.add(list2);
+			}
+			return list;
+		}catch(Exception e){
+			e.printStackTrace();
+			return list;
+		}finally{
+			dbo.close();
+		}
+    }
+}
diff --git a/com/bean/NewsBean.java b/com/bean/NewsBean.java
new file mode 100644
index 0000000..a6751c0
--- /dev/null
+++ b/com/bean/NewsBean.java
@@ -0,0 +1,491 @@
+package com.bean;
+
+/**
+ * 新闻管理
+ * 
+ */
+import java.io.File;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Calendar;
+import java.util.List;
+
+import com.util.Constant;
+import com.util.DBO;
+
+public class NewsBean {
+
+	private String date=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(Calendar.getInstance().getTime());
+	private List list;
+	private ResultSet rs = null;
+	
+	
+	//不置顶新闻分页
+	private int EVERYPAGENUM = 2;
+	private int count = -1;
+	private int qq = 0;
+	private String sql="select count(*) from news where up='0' ";
+	private String sql2="select * from news where up='0' order by id desc ";
+	private String sql3="select count(*) from news where up='1' ";
+	private String sql4="select * from news where up='1' order by id desc ";
+    public void setEVERYPAGENUM(int EVERYPAGENUM){
+    	this.EVERYPAGENUM=EVERYPAGENUM;
+    }
+    public int getMessageCount() { //得到信息总数
+       DBO dbo=new DBO();
+       dbo.open();
+        try { 
+            rs = dbo.executeQuery(sql);
+            rs.next();
+            count = rs.getInt(1);
+            return count;
+        } catch (SQLException ex) {
+            ex.printStackTrace();
+            return -1;
+        } finally {
+            dbo.close();
+        }
+    }
+    public int getPageCount() { //得到共多少页（根据每页要显示几条信息）
+        if (count % EVERYPAGENUM == 0) {
+            return count / EVERYPAGENUM;
+        } else {
+            return count / EVERYPAGENUM + 1;
+        }
+    }
+    public List getMessage(int page) { //得到每页要显示的信息
+        DBO dbo=new DBO();
+        dbo.open();
+        List list = new ArrayList();
+        try {
+            rs = dbo.executeQuery(sql2);
+            for (int i = 0; i < (page - 1) * EVERYPAGENUM; i++) {
+                rs.next();
+            }
+            for (int t = 0; t < EVERYPAGENUM; t++) {
+                if (rs.next()) {
+                    qq++;
+                    List list2=new ArrayList();
+                    list2.add(rs.getInt(1));
+    				list2.add(rs.getString(2));
+    				list2.add(rs.getString(3));
+    				list2.add(rs.getString(5));
+    				list2.add(rs.getString(6));
+    				list2.add(rs.getInt(7));
+    				list2.add(rs.getInt(8));
+    				list2.add(rs.getInt(9));
+    				list.add(list2);
+                } else {
+                    break; //减少空循环的时间
+                }
+            }
+            return list;
+        } catch (SQLException ex) {
+            ex.printStackTrace();
+            return list;
+        } finally {
+            dbo.close();
+        }
+    }
+    /////////////////////////////////////////
+    //置顶新闻分页
+    public int getMessageCountUp() { //得到信息总数
+        DBO dbo=new DBO();
+        dbo.open();
+         try { 
+             rs = dbo.executeQuery(sql3);
+             rs.next();
+             count = rs.getInt(1);
+             return count;
+         } catch (SQLException ex) {
+             ex.printStackTrace();
+             return -1;
+         } finally {
+             dbo.close();
+         }
+     }
+     public List getMessageUp(int page) { //得到每页要显示的信息
+         DBO dbo=new DBO();
+         dbo.open();
+         List list = new ArrayList();
+         try {
+             rs = dbo.executeQuery(sql4);
+             for (int i = 0; i < (page - 1) * EVERYPAGENUM; i++) {
+                 rs.next();
+             }
+             for (int t = 0; t < EVERYPAGENUM; t++) {
+                 if (rs.next()) {
+                     qq++;
+                     List list2=new ArrayList();
+                     list2.add(rs.getInt(1));
+     				list2.add(rs.getString(2));
+     				list2.add(rs.getString(3));
+     				list2.add(rs.getString(5));
+     				list2.add(rs.getString(6));
+     				list2.add(rs.getInt(7));
+     				list2.add(rs.getInt(8));
+     				list2.add(rs.getInt(9));
+     				list.add(list2);
+                 } else {
+                     break; //减少空循环的时间
+                 }
+             }
+             return list;
+         } catch (SQLException ex) {
+             ex.printStackTrace();
+             return list;
+         } finally {
+             dbo.close();
+         }
+     }
+	
+	//add news
+	public int addNews(String title,String pic,String content,String adder,String ifhide){
+		String sql = "insert into news (title,pic,content,addtime,adder,ifhide,visit,up) " +
+				"values ('"+title+"','"+pic+"','"+content+"','"+date+"','"+adder+"','"+ifhide+"','0','0')";
+		String sql2 = "update news set ifhide='0' where pic!='无'";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			if(!pic.equals("无")){
+				dbo.executeUpdate(sql2);
+			}
+			int i = dbo.executeUpdate(sql);
+			if(i == 1){
+				return Constant.SUCCESS;
+			}
+			else{
+				return Constant.SYSTEM_ERROR;
+			}
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+	}
+	
+	//update news no pic
+	public int updateNews(int id,String title,String content,String adder,String ifhide){
+		String sql = "update news set title = '"+title+"',content='"+content+"',addtime='"+date+"'," +
+				"adder='"+adder+"',ifhide='"+ifhide+"' where id = '"+id+"' ";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			int i = dbo.executeUpdate(sql);
+			if(i == 1){
+				return Constant.SUCCESS;
+			}
+			else{
+				return Constant.SYSTEM_ERROR;
+			}
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+	}
+//	update news with pic
+	public int updateNewsWithPic(int id,String title,String pic,String content,String adder,String ifhide){
+		String sql = "update news set title = '"+title+"',pic='"+pic+"',content='"+content+"',addtime='"+date+"'," +
+				"adder='"+adder+"',ifhide='"+ifhide+"' where id = '"+id+"' ";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			int i = dbo.executeUpdate(sql);
+			if(i == 1){
+				return Constant.SUCCESS;
+			}
+			else{
+				return Constant.SYSTEM_ERROR;
+			}
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+	}
+	//delete news
+	public int delNews(int id[]){
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			for(int i = 0;i<id.length;i++){
+				
+				dbo.executeUpdate("delete from  news  where  id = '"+id[i]+"'");				
+			}
+			return Constant.SUCCESS;
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+	}
+	public void del(String filepath) {
+		try{
+			File f = new File(filepath);//定义文件路径        
+			if(f.exists()){//判断是文件还是目录
+			    f.delete();//递归调用
+			}
+		}catch(Exception e){
+			
+		}
+	}
+	//屏蔽、显示新闻
+	public int hideNews(int id){
+		String sql = "update news set ifhide='1' where id='"+id+"'";
+		String sql2 = "update news set ifhide='0' where id='"+id+"'";
+		String sql3 = "select ifhide,pic from news where id='"+id+"'";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql3);
+			rs.next();
+			int i = rs.getInt(1);
+			String pic=rs.getString(2);
+			if(!pic.trim().equals("无")){
+				dbo.executeUpdate("update news set ifhide='0' where pic!='无'");
+			}
+			if(i == 1){
+				int flag = dbo.executeUpdate(sql2);
+				if(flag == 1)
+					return Constant.SUCCESS;
+				else
+					return Constant.SYSTEM_ERROR;
+			}
+			else{
+				int flag = dbo.executeUpdate(sql);
+				if(flag == 1)
+					return Constant.SUCCESS;
+				else
+					return Constant.SYSTEM_ERROR;
+			}
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+	}
+   //置顶 取消置顶 新闻
+	public int upNews(int id){
+		String sql = "update news set up='1' where id='"+id+"'";
+		String sql2 = "update news set up='0' where id='"+id+"'";
+		String sql3 = "select up from news where id='"+id+"'";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql3);
+			rs.next();
+			int i = rs.getInt(1);
+			if(i == 1){
+				int flag = dbo.executeUpdate(sql2);
+				if(flag == 1)
+					return Constant.SUCCESS;
+				else
+					return Constant.SYSTEM_ERROR;
+			}
+			else{
+				int flag = dbo.executeUpdate(sql);
+				if(flag == 1)
+					return Constant.SUCCESS;
+				else
+					return Constant.SYSTEM_ERROR;
+			}
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+	}
+	//get one news to update
+	public List getOneNews(int id){
+		String sql = "select * from news where id = '"+id+"'";
+		DBO dbo = new DBO();
+		list = new ArrayList();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			while(rs.next()){
+				list.add(rs.getString(1));//0id
+				list.add(rs.getString(2));//1title
+				list.add(rs.getString(3));//2pic
+				list.add(rs.getString(4));//3content
+				list.add(rs.getString(5));//5adder
+				list.add(rs.getString(6));//6ifhide
+				list.add(rs.getString(7));//7visit
+			}
+			return list;
+		}catch(Exception e){
+			e.printStackTrace();
+			return list;
+		}finally{
+			dbo.close();
+		}
+	}
+	
+	//get news count
+	public int getNewsCount(){
+		String sql = "select count (*) from news ";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			if(rs.next()){
+				return rs.getInt(1);
+			}
+			else{
+				return 0;
+			}
+		}catch(Exception e){
+			e.printStackTrace();
+			return 0;
+		}finally{
+			dbo.close();
+		}
+	}
+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////	
+	
+	//前台新闻页新闻列表
+	public List getAllNews(){
+		String sql = "select id,title,addtime  from news   order by id desc ";
+		DBO dbo = new DBO();
+		list = new ArrayList();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			while(rs.next()){
+				List list2 = new ArrayList();
+				list2.add(rs.getString("id"));
+				list2.add(rs.getString("title"));
+				list2.add(rs.getString("addtime"));
+				list.add(list2);
+			}
+			return list;
+		}catch(Exception e){
+			e.printStackTrace();
+			return list;
+		}finally{
+			dbo.close();
+		}
+	}
+//	
+//	更新点击率
+	public int upVisit(int id){
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			int i = dbo.executeUpdate("update  news set visit=visit+1  where  id = '"+id+"'");		
+			if(i==1){
+				return Constant.SUCCESS;
+			}
+			else{
+				return Constant.SYSTEM_ERROR;
+			}
+		}catch(Exception e){
+			e.printStackTrace();
+			return Constant.SYSTEM_ERROR;
+		}finally{
+			dbo.close();
+		}
+	}
+	//
+	public int exeUp(String sql){
+		DBO dbo=new DBO();
+		dbo.open();
+		try{
+			int i=dbo.executeUpdate(sql);
+			if(i==1)return 1;
+			else return 0;
+		}catch(Exception e){
+			e.printStackTrace();
+			return 0;
+		}
+		
+	}
+	
+	
+	
+	///////////////////////////////////////////////////////////////////////////
+	public int getMessageCountAAA(String sql) { //得到信息总数
+	       DBO dbo=new DBO();
+	       dbo.open();
+	        try { 
+	            rs = dbo.executeQuery(sql);
+	            rs.next();
+	            count = rs.getInt(1);
+	            return count;
+	        } catch (SQLException ex) {
+	            ex.printStackTrace();
+	            return -1;
+	        } finally {
+	            dbo.close();
+	        }
+	    }
+	public List getMessageAAA(int page,String sql) { //得到每页要显示的信息
+        DBO dbo=new DBO();
+        dbo.open();
+        List list = new ArrayList();
+        try {
+            rs = dbo.executeQuery(sql);
+            for (int i = 0; i < (page - 1) * EVERYPAGENUM; i++) {
+                rs.next();
+            }
+            for (int t = 0; t < EVERYPAGENUM; t++) {
+                if (rs.next()) {
+                    qq++;
+                    List list2=new ArrayList();
+                    list2.add(rs.getString(1));
+    				list2.add(rs.getString(2));
+    				list2.add(rs.getString(3));
+    				list2.add(rs.getString(4));
+    				list2.add(rs.getString(5));
+    				list2.add(rs.getString(6));
+    				list2.add(rs.getString(7));
+    				list.add(list2);
+                } else {
+                    break; //减少空循环的时间
+                }
+            }
+            return list;
+        } catch (SQLException ex) {
+            ex.printStackTrace();
+            return list;
+        } finally {
+            dbo.close();
+        }
+    }
+	public List get1ComList(String sql){
+		DBO dbo=new DBO();
+        dbo.open();
+        List list = new ArrayList();
+        try {
+            rs = dbo.executeQuery(sql);
+           
+                while(rs.next()) {
+                    List list2=new ArrayList();
+                    list2.add(rs.getString(1));
+                    list2.add(rs.getString(2));
+                    list2.add(rs.getString(3));
+                    list2.add(rs.getString(4));
+                    list2.add(rs.getString(5));
+                    list2.add(rs.getString(6));
+                    list2.add(rs.getString(7));
+                    list.add(list2);
+            }
+            return list;
+        } catch (SQLException ex) {
+            ex.printStackTrace();
+            return list;
+        } finally {
+            dbo.close();
+        }
+	}
+}
+
diff --git a/com/bean/SystemBean.java b/com/bean/SystemBean.java
new file mode 100644
index 0000000..b961585
--- /dev/null
+++ b/com/bean/SystemBean.java
@@ -0,0 +1,96 @@
+package com.bean;
+
+/**
+ * 系统核心设置
+ * @author Administrator
+ *
+ */
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.util.ArrayList;
+import java.util.List;
+
+import com.util.Constant;
+import com.util.DBO;
+
+
+public class SystemBean {
+
+	private List list;
+	private ResultSet rs;
+	
+	
+	//get site infomation
+	public List getSystem(){
+		String sql = "select * from system ";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			rs.next();
+			list = new ArrayList();
+			list.add(rs.getString(2));
+			list.add(rs.getString(3));
+			list.add(rs.getString(4));
+			list.add(rs.getString(5));
+			list.add(rs.getString(6));
+			list.add(rs.getString(7));
+			list.add(rs.getString(8));
+			list.add(rs.getString(9));
+			list.add(rs.getString(10));
+			list.add(rs.getString(11));
+			return list;
+		}catch(Exception e){
+			e.printStackTrace();
+			return list;
+		}finally{
+			dbo.close();
+		}
+	}
+	
+	//get site name
+	public List getSiteInfo(){
+		String sql = "select * from system ";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			rs.next();
+			list = new ArrayList();
+			list.add(rs.getString("sitename")); //0
+			list.add(rs.getString("url")); //1
+			list.add(rs.getString("keyword")); //2
+			list.add(rs.getString("description")); //3
+			list.add(rs.getString("email")); //4
+			list.add(rs.getString("state")); //5
+			list.add(rs.getString("reasons")); //6
+			list.add(rs.getString("record")); //7
+			list.add(rs.getString("copyright")); //8
+			return list;
+		}catch(Exception e){
+			e.printStackTrace();
+			return list;
+		}finally{
+			dbo.close();
+		}
+	}
+	
+	//get system dir
+	public String getDir(){
+		String sql = "select dir from system ";
+		DBO dbo = new DBO();
+		dbo.open();
+		try{
+			rs = dbo.executeQuery(sql);
+			rs.next();
+			String dir = rs.getString(1);
+			return dir;
+		}catch(Exception e){
+			e.printStackTrace();
+			return null;
+		}finally{
+			dbo.close();
+		}
+	}
+	
+}
diff --git a/com/csgw/ApplicationResources.properties b/com/csgw/ApplicationResources.properties
new file mode 100644
index 0000000..bf45591
--- /dev/null
+++ b/com/csgw/ApplicationResources.properties
@@ -0,0 +1,2 @@
+# Resources for parameter 'com.csgw.struts.ApplicationResources'
+# Project csgw
\ No newline at end of file
diff --git a/com/csgw/action/HzpsAction.java b/com/csgw/action/HzpsAction.java
new file mode 100644
index 0000000..2f53385
--- /dev/null
+++ b/com/csgw/action/HzpsAction.java
@@ -0,0 +1,129 @@
+/*
+ * Generated by MyEclipse Struts
+ * Template path: templates/java/JavaClass.vtl
+ */
+package com.csgw.action;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.apache.struts.action.Action;
+import org.apache.struts.action.ActionForm;
+import org.apache.struts.action.ActionForward;
+import org.apache.struts.action.ActionMapping;
+
+import com.bean.HzpBean;
+import com.util.Constant;
+
+/** 
+ * MyEclipse Struts
+ * Creation date: 05-05-2010
+ * 
+ * XDoclet definition:
+ * @struts.action validate="true"
+ */
+public class HzpsAction extends Action {
+	/*
+	 * Generated Methods
+	 */
+
+	/** 
+	 * Method execute
+	 * @param mapping
+	 * @param form
+	 * @param request
+	 * @param response
+	 * @return ActionForward
+	 */
+	public ActionForward execute(ActionMapping mapping, ActionForm form,
+			HttpServletRequest request, HttpServletResponse response) {
+		// TODO Auto-generated method stub
+		HttpSession session=request.getSession();
+		HzpBean tb=new HzpBean();
+		String method=request.getParameter("method").trim();
+		///////////////////////////////////////////////////////////////////////商品
+		if(method.equals("deltrave")){
+			String id=request.getParameter("id").trim();
+			int flag = tb.delTrave(id);
+			if(flag == Constant.SUCCESS){
+				request.setAttribute("message", "操作成功！");
+				return (mapping.findForward("admin/hzp/index.jsp"));  
+			}
+			else{
+				request.setAttribute("message", "系统维护中，请稍后再试！");
+				return (mapping.findForward("admin/hzp/index.jsp"));  
+			}
+		}
+		else if(method.equals("hotdeltrave")){
+			String id=request.getParameter("id").trim();
+			int flag = tb.delTrave(id);
+			if(flag == Constant.SUCCESS){
+				request.setAttribute("message", "操作成功！");
+				return (mapping.findForward("admin/hzp/hot.jsp"));  
+			}
+			else{
+				request.setAttribute("message", "系统维护中，请稍后再试！");
+				return (mapping.findForward("admin/hzp/hot.jsp"));  
+			}
+		}
+		else if(method.equals("tejiadeltrave")){
+			String id=request.getParameter("id").trim();
+			int flag = tb.delTrave(id);
+			if(flag == Constant.SUCCESS){
+				request.setAttribute("message", "操作成功！");
+				return (mapping.findForward("admin/hzp/tejia.jsp"));  
+			}
+			else{
+				request.setAttribute("message", "系统维护中，请稍后再试！");
+				return (mapping.findForward("admin/hzp/tejia.jsp"));  
+			}
+		}
+		else if(method.equals("tuijiandeltrave")){
+			String id=request.getParameter("id").trim();
+			int flag = tb.delTrave(id);
+			if(flag == Constant.SUCCESS){
+				request.setAttribute("message", "操作成功！");
+				return (mapping.findForward("admin/hzp/tuijian.jsp"));   
+			}
+			else{
+				request.setAttribute("message", "系统维护中，请稍后再试！");
+				return (mapping.findForward("admin/hzp/tuijian.jsp"));   
+			}
+		}
+		 
+		else if(method.equals("addType")){
+			String type=request.getParameter("type").trim();
+			int flag=tb.addType(type);
+			if(flag == Constant.SUCCESS){
+				request.setAttribute("message", "操作成功！");
+				return (mapping.findForward("admin/hzp/type.jsp"));   
+			}
+			else if(flag==Constant.DEFAULT_ERROR){
+				request.setAttribute("message", "该分类已存在！");
+				return (mapping.findForward("admin/hzp/type.jsp"));   
+			}
+			else{
+				request.setAttribute("message", "系统维护中，请稍后再试！");
+				return (mapping.findForward("admin/hzp/type.jsp"));   
+			}
+		}
+		else if(method.equals("delType")){
+			String id=request.getParameter("id").trim();
+			int flag=tb.delType(id);
+			if(flag == Constant.SUCCESS){
+				request.setAttribute("message", "操作成功！");
+				return (mapping.findForward("admin/hzp/type.jsp"));   
+			}
+			
+			else{
+				request.setAttribute("message", "系统维护中，请稍后再试！");
+				return (mapping.findForward("admin/hzp/type.jsp"));   
+			}
+		}
+		 
+		else{
+			return (mapping.findForward("index.jsp"));
+		}
+	}
+}
\ No newline at end of file
diff --git a/com/util/CheckCode.java b/com/util/CheckCode.java
new file mode 100644
index 0000000..1919005
--- /dev/null
+++ b/com/util/CheckCode.java
@@ -0,0 +1,18 @@
+package com.util;
+/**
+ * 验证码生成类
+ */
+import java.util.Random;
+
+public class CheckCode {
+
+	public String getCheckCode(){
+		Random random = new Random();
+		String sRand="";
+		for (int i=0;i<4;i++){
+	    String rand=String.valueOf(random.nextInt(10));
+	    sRand+=rand;
+		}
+	    return sRand;
+	}
+}
diff --git a/com/util/Common.java b/com/util/Common.java
new file mode 100644
index 0000000..0a39ff8
--- /dev/null
+++ b/com/util/Common.java
@@ -0,0 +1,81 @@
+package com.util;
+
+/**
+ * 常用方法类
+ * 
+ * 
+ */
+import java.text.SimpleDateFormat;
+import java.util.Calendar;
+import java.util.Date;
+
+public final class Common {
+	////////////字符串 HTML 转换
+	public static String turn(String str) {
+	
+		while (str.indexOf("\n") != -1) {
+			str = str.substring(0, str.indexOf("\n")) + "<br>"
+					+ str.substring(str.indexOf("\n") + 1);
+		}
+		while (str.indexOf(" ") != -1) {
+			str = str.substring(0, str.indexOf(" ")) + "&nbsp;"
+					+ str.substring(str.indexOf(" ") + 1);
+		}
+		return str;
+	}
+	
+	/////////////返回日期  当前日期传入0  一年之前传入-1 三年后传入3
+	public static String getDate(int num){
+	
+		SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd");
+		Calendar c = Calendar.getInstance();
+		c.add(Calendar.YEAR, num);
+		
+		return df.format(c.getTime());
+	}
+	
+	/////////////数据库输出字符串的过滤
+	public static String SQLStr(String str){
+	
+		if(str != null && str.length()>1 && str.substring(0,1).equals("?")){
+			str = str.substring(1);
+		}
+				
+		if(str == null || str.equals("") || str.equals(" ")){
+			str = "&nbsp;";
+		}
+		return str;
+	} 
+	/////////////过滤空格
+	public static String PageStr(String str){
+	
+		if(str==null || str.trim().equals("") || str.equals(" ")||str.equals("null")){
+			str = "";
+		}
+		str = str.trim();
+		return str;
+	}
+	/////////////格式化日期	
+	public static String formatRZ(String oldDate){
+	
+		SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd");
+		Date Date = new Date(oldDate);
+		return df.format(Date);
+	}
+	
+	////////////汉化
+	public static String toChineseAndTrim(String str){
+	
+		if(str==null){
+			str="";
+		}
+		try{
+			byte b[]=str.getBytes("iso-8859-1");
+			str=new String(b);
+			str=str.trim();
+		}catch(Exception e){
+			e.printStackTrace();
+		}
+		return str;
+	}
+}
\ No newline at end of file
diff --git a/com/util/Constant.java b/com/util/Constant.java
new file mode 100644
index 0000000..f283f55
--- /dev/null
+++ b/com/util/Constant.java
@@ -0,0 +1,18 @@
+package com.util;
+/**
+ * 常量
+ * @author Administrator
+ *
+ */
+public final class Constant {
+
+	public final static String CONTENTTYPE="text/html;charset=gb2312";
+	public final static String CHARACTERENCODING="gb2312";
+	public final static int DEFAULT_ERROR=0;
+	public final static int SUCCESS=1;
+	public final static int NAME_ERROR=2;
+	public final static int PASSWORD_ERROR=3;
+	public final static int SYSTEM_ERROR=4;
+	public final static int SAME_NAME=5;
+	public final static String NONAME_ERROR="noname_error";
+}
diff --git a/com/util/DBO.class b/com/util/DBO.class
new file mode 100644
index 0000000000000000000000000000000000000000..afa320d0f4f941d20460233712a065798571a740
GIT binary patch
literal 2482
zcmZ`)TXz#x6#gbjGt+b`5H96z0fDrIMv6Cjq0*Ln!z~4*;AJuy+LTEq%uGrvD2TEU
zm---esV|7E#p1=Kz>-4I1@HckW|cqT@;k|pOIsd#&Samxzw>>2pS}C<e@~wQXv4J-
zHe!#0y&>$wegy{<91Ni!v0A)=Lv=WeBjW35Esi0sU?7C!I3eSt`2B&5Qz0x6;e%p7
z9YQ_Mh_4St;71BRmhp)KErbS~sY3#~f~43D1!u)RB>aZOk`g~h#Me2om@?8bG7<v1
zmEpFue?%MAqRx3U+Dn6>yD2Nv!DGiwyAqa^kK?Z98fhcr^3<1fB&;c%jYT!ajA|k-
z+NZf%+{)RyL8oA6DwA?|O7KUTP7txzN*WRt^rte$p<Fs)*aKR^q$OZw4Kk_c1^T&|
zmMxf>2?;g2X*mX^N>Gh4L(jR!(VStAONc~@#7r$S6pg!fDl^p4ROWijaB`*_Hw4$v
z?lIlS3VP&R@4+0;CaH$<=fl}ALD7=Q9?jK<U*SSMFBy4mfk@M72G$Q5?yj6`^;+q4
ziV39lL0X+^YalWxQWDfXFU7V@vxo9Yx0t^@DUlkbujg>9D3FRR*h(%8Xibl^TCF3=
zgx=a`r$!B1hNU8l^Ah@mwY}ib9*vrou9?G@<3=wyNxeJg7{@ayomJ>^?VPbmAJ%Nv
z&aii9Xk-Svh7xVtx3#e%wq?08Y!wb%6`QbGMoz^jE~tp0NyeCpaePWX`5QN<|GAR?
z@qYfhKc=7FoOymL|NUJV7gbyWbHBLoxC%uoRYApPBDA4=RIFc5E@dVSTf)j&p!uIB
zr>{SKG4V@#ql(XQS;ZB6q2j7owu`K&FRp)+pLkZhoTN%GI)1djbS-b3c|I}o{O6)u
z{=w~+pfbKx@iyKeQ2xffncu$6|9W@k&pRsK!w$aJqHX%lt?93C=O?CAw4+1CPIRky
zAG=g^qDw^&wyOB5K!zoX=G>GSW$h#^EXzEc7-4%6v25x!HHWWKK5N;Bv@{F8alZFh
z@ze_eOzg6f#^Mu*X&G%uBu~7*awAKK%>!70=e5pUOGPu4;Yt;)9v76P+XnloG$Kea
zQh`vi6QCj?@o|R}g*{^Bm=<pmrL5=?wzErShL$efSZ!v?vck#a-0&MVbqBR9r$|!5
z)_DYbR4Rsr_t*#@V!~pE<1l?3cQ092xY9>)tzx1igiDDpiQ>6v-vrwi>p0Rka{l|_
z6K%sUpXivv-i#LRb&y0ab8Y3Xb=)QHHO-G9J>Z9gDAy3ffaM5a1ubuu+<%}&oa_(#
zp1^;yIUESrglnE4_y}@y^Iwpsph$Rx+J^{*>n5SzLu3C#y!JO1oO+Cf;YE`Ow@hL&
zw@EDF`Gdmk5i+YMu(*0Xl)@Us1}vtAMyiOAaSK(5bsx!WqlXONIT>xM3BV@gD&#l?
z;r#bk<g!$PAhK*Ok>y1qD`pW{geClsRwS|#K_c!zEgNnTx_Q!xrR=+HY&(y@fQ+{U
z0X8p#1c46je(nuYj1+2Hrm)h7m>{u=B(~h=Q8B||W)j#-_XCuEkjVXbmzDs}8~DfG
zpAG5n@*r3H&?O+(5OVeJvmgf;c9M{%2su~<$+_V{Zssn^Smyz*^<j4H6MO@DRXFF2
z7v9HRh-@ro`E?1M;>$mUMjr&^6xOlx=cpYarpY{}v6hvpRLg1RVXvol@gPGb?6SaM
z;p9S9BuAhZSt&|hRp2sP)I}1wR29y->4k5qzIeSfCnZ<-6s}f9_r5B6!`$d=jJ{qK
K-A9=|?EW9ngEle%

literal 0
HcmV?d00001

diff --git a/com/util/DBO.java b/com/util/DBO.java
new file mode 100644
index 0000000..e538a63
--- /dev/null
+++ b/com/util/DBO.java
@@ -0,0 +1,137 @@
+package com.util;
+
+import java.sql.*;
+import java.sql.DriverManager;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+
+import javax.activation.DataSource;
+import java.sql.*;
+import java.sql.DriverManager;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+import javax.naming.Context;
+import javax.naming.InitialContext;
+
+public class DBO {
+
+	private Connection conn;
+	private Statement stmt;
+  	private DataSource ds;
+	
+	public DBO()
+	{
+	}
+
+	/**
+		打开数据库
+	*/
+	public void open() 
+	{
+		try 
+		{
+			Class.forName("com.mysql.jdbc.Driver"); 
+			conn=DriverManager.getConnection("jdbc:mysql://localhost/wsdc?useUnicode=true&characterEncoding=gb2312","root","root");
+			//Class.forName("com.microsoft.jdbc.sqlserver.SQLServerDriver");           
+			//conn = DriverManager.getConnection("jdbc:microsoft:sqlserver://localhost:1433;databasename=xwfb","sa","123");
+			stmt=conn.createStatement();
+			System.out.println("打开数据库连接");
+		} 
+		catch (Exception ex) 
+		{
+		System.err.println("打开数据库时出错: " + ex.getMessage());
+		}
+	}
+
+	/**
+		关闭数据库，将连接返还给连接池
+	*/
+	public void close() 
+	{
+		try 
+		{
+		
+				
+		//	connMgr.freeConnection("java", conn);
+			conn.close();
+			System.out.println ("释放连接");
+		} 
+		catch (SQLException ex) 
+		{
+			System.err.println("返还连接池出错: " + ex.getMessage());
+		}
+	}
+
+	/**
+		执行查询
+	*/
+	public ResultSet executeQuery(String sql) throws SQLException
+	{
+		ResultSet rs = null;
+		
+
+		rs = stmt.executeQuery(sql);
+		System.out.println ("执行查询");
+		return rs;
+	}
+
+	/**
+		执行增删改
+	*/
+	public int executeUpdate(String sql) throws SQLException
+	{
+		int ret = 0;
+		
+	
+		ret = stmt.executeUpdate(sql);
+	
+		System.out.println ("执行增删改");
+		return ret;
+	}
+
+	/**
+		将SQL语句加入到批处理
+	*/
+	public void addBatch(String sql) throws SQLException 
+	{
+		stmt.addBatch(sql);
+	}
+
+	/**
+		执行批处理
+	*/
+	public int [] executeBatch() throws SQLException 
+	{
+		boolean isAuto=conn.getAutoCommit();
+		
+		conn.setAutoCommit(false);
+		int [] updateCounts = stmt.executeBatch();
+		
+//		conn.commit();
+		
+//		conn.setAutoCommit(isAuto);
+		//conn.setAutoCommit(true);
+		return updateCounts;
+	}
+	public boolean getAutoCommit() throws SQLException
+	{
+		return conn.getAutoCommit();
+	}
+	public void setAutoCommit(boolean auto)  throws SQLException 
+	{
+		conn.setAutoCommit(auto);
+	}
+	
+	public void commit() throws SQLException 
+	{
+		conn.commit();
+//		this.close();
+	}
+	public void rollBack() throws SQLException 
+	{
+		conn.rollback();
+//		this.close();
+	}
+	
+}
diff --git a/com/util/DBO.java.bak b/com/util/DBO.java.bak
new file mode 100644
index 0000000..2552228
--- /dev/null
+++ b/com/util/DBO.java.bak
@@ -0,0 +1,137 @@
+package com.util;
+
+import java.sql.*;
+import java.sql.DriverManager;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+
+import javax.activation.DataSource;
+import java.sql.*;
+import java.sql.DriverManager;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+import javax.naming.Context;
+import javax.naming.InitialContext;
+
+public class DBO {
+
+	private Connection conn;
+	private Statement stmt;
+  	private DataSource ds;
+	
+	public DBO()
+	{
+	}
+
+	/**
+		打开数据库
+	*/
+	public void open() 
+	{
+		try 
+		{
+			Class.forName("com.mysql.jdbc.Driver"); 
+			conn=DriverManager.getConnection("jdbc:mysql://localhost/wsdc?useUnicode=true&characterEncoding=gb2312","root","");
+			//Class.forName("com.microsoft.jdbc.sqlserver.SQLServerDriver");           
+			//conn = DriverManager.getConnection("jdbc:microsoft:sqlserver://localhost:1433;databasename=xwfb","sa","123");
+			stmt=conn.createStatement();
+			System.out.println("打开数据库连接");
+		} 
+		catch (Exception ex) 
+		{
+		System.err.println("打开数据库时出错: " + ex.getMessage());
+		}
+	}
+
+	/**
+		关闭数据库，将连接返还给连接池
+	*/
+	public void close() 
+	{
+		try 
+		{
+		
+				
+		//	connMgr.freeConnection("java", conn);
+			conn.close();
+			System.out.println ("释放连接");
+		} 
+		catch (SQLException ex) 
+		{
+			System.err.println("返还连接池出错: " + ex.getMessage());
+		}
+	}
+
+	/**
+		执行查询
+	*/
+	public ResultSet executeQuery(String sql) throws SQLException
+	{
+		ResultSet rs = null;
+		
+
+		rs = stmt.executeQuery(sql);
+		System.out.println ("执行查询");
+		return rs;
+	}
+
+	/**
+		执行增删改
+	*/
+	public int executeUpdate(String sql) throws SQLException
+	{
+		int ret = 0;
+		
+	
+		ret = stmt.executeUpdate(sql);
+	
+		System.out.println ("执行增删改");
+		return ret;
+	}
+
+	/**
+		将SQL语句加入到批处理
+	*/
+	public void addBatch(String sql) throws SQLException 
+	{
+		stmt.addBatch(sql);
+	}
+
+	/**
+		执行批处理
+	*/
+	public int [] executeBatch() throws SQLException 
+	{
+		boolean isAuto=conn.getAutoCommit();
+		
+		conn.setAutoCommit(false);
+		int [] updateCounts = stmt.executeBatch();
+		
+//		conn.commit();
+		
+//		conn.setAutoCommit(isAuto);
+		//conn.setAutoCommit(true);
+		return updateCounts;
+	}
+	public boolean getAutoCommit() throws SQLException
+	{
+		return conn.getAutoCommit();
+	}
+	public void setAutoCommit(boolean auto)  throws SQLException 
+	{
+		conn.setAutoCommit(auto);
+	}
+	
+	public void commit() throws SQLException 
+	{
+		conn.commit();
+//		this.close();
+	}
+	public void rollBack() throws SQLException 
+	{
+		conn.rollback();
+//		this.close();
+	}
+	
+}
diff --git a/com/util/Filter.java b/com/util/Filter.java
new file mode 100644
index 0000000..70da28a
--- /dev/null
+++ b/com/util/Filter.java
@@ -0,0 +1,38 @@
+package com.util;
+/**
+ * 
+ * HTML符号过滤类
+ * @author Administrator
+ *
+ */
+public final class Filter {
+
+	public Filter(){
+		
+	}
+	public static String escapeHTMLTags( String input ) {
+
+		if( input == null || input.length() == 0 ) {
+			return input;
+		}
+		StringBuffer buf = new StringBuffer();
+		char ch = ' ';
+		for( int i=0; i<input.length(); i++ ) {
+			ch = input.charAt(i);
+			if( ch == '<' ) {
+				buf.append( "&lt;" );
+			}
+			else if( ch == '>' ) {
+				buf.append( "&gt;" );
+			}
+			else if(ch=='&'){
+				buf.append("&amp;");
+			}
+			else {
+				buf.append( ch );
+			}
+		}
+			return buf.toString();
+	}
+	
+}
diff --git a/com/util/Log.java b/com/util/Log.java
new file mode 100644
index 0000000..34496d7
--- /dev/null
+++ b/com/util/Log.java
@@ -0,0 +1,35 @@
+package com.util;
+
+/**
+ * 日志
+ */
+import java.io.BufferedWriter;
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileWriter;
+import java.io.IOException;
+import java.io.PrintWriter;
+
+public class Log {
+
+	public void addLog(String str){
+		try {
+			File file=new File("c://log.txt");
+			FileWriter fw=new FileWriter(file,true);
+			BufferedWriter bw=new   BufferedWriter(fw);
+			PrintWriter   pw   =   new   PrintWriter(bw);   
+			pw.write(str);
+			bw.newLine();//断行
+			bw.flush();//将数据更新至文件
+			pw.close();
+			fw.close();//关闭文件流
+		} catch (FileNotFoundException e) {
+			System.out.println("警告：日志文件没找到！！！！");
+			e.printStackTrace();
+		} catch (IOException e) {
+			System.out.println("警告：日志文件IO错误！！！！");
+			e.printStackTrace();
+		}
+	}
+}
+
diff --git a/com/util/MD5.java b/com/util/MD5.java
new file mode 100644
index 0000000..aa9c899
--- /dev/null
+++ b/com/util/MD5.java
@@ -0,0 +1,35 @@
+package com.util;
+
+/**
+ *MD5密码加密类
+ *
+ */
+
+import java.security.*; 
+import java.security.spec.*; 
+public final class MD5 {
+	
+	public final static String MD5(String s){ 
+		char hexDigits[] = { 
+		'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 
+		'e', 'f'}; 
+		try { 
+			byte[] strTemp = s.getBytes(); 
+			MessageDigest mdTemp = MessageDigest.getInstance("MD5"); 
+			mdTemp.update(strTemp); 
+			byte[] md = mdTemp.digest(); 
+			int j = md.length; 
+			char str[] = new char[j * 2]; 
+			int k = 0; 
+			for (int i = 0; i < j; i++) { 
+				byte byte0 = md[i]; 
+				str[k++] = hexDigits[byte0 >>> 4 & 0xf]; 
+				str[k++] = hexDigits[byte0 & 0xf]; 
+			} 
+			return new String(str); 
+		} 
+		catch (Exception e){ 
+			return null; 
+		} 
+	}
+}
diff --git a/com/util/SmartFile.java b/com/util/SmartFile.java
new file mode 100644
index 0000000..b0a1809
--- /dev/null
+++ b/com/util/SmartFile.java
@@ -0,0 +1,268 @@
+package com.util;
+import java.io.ByteArrayInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import javax.servlet.ServletException;
+
+public class SmartFile
+{
+    private SmartUpload m_parent;
+    private int m_startData;
+    private int m_endData;
+    private int m_size;
+    private String m_fieldname;
+    private String m_filename;
+    private String m_fileExt;
+    private String m_filePathName;
+    private String m_contentType;
+    private String m_contentDisp;
+    private String m_typeMime;
+    private String m_subTypeMime;
+    //private String m_contentString;
+    private boolean m_isMissing;
+    public static final int SAVEAS_AUTO = 0;
+    public static final int SAVEAS_VIRTUAL = 1;
+    public static final int SAVEAS_PHYSICAL = 2;
+
+    SmartFile()
+    {
+        m_startData = 0;
+        m_endData = 0;
+        m_size = 0;
+        m_fieldname = "";//new String("");
+        m_filename = "";//new String();
+        m_fileExt = "";//new String();
+        m_filePathName = "";//new String("");
+        m_contentType = "";//new String();
+        m_contentDisp = "";//new String();
+        m_typeMime = "";//new String();
+        m_subTypeMime = "";//new String();
+        //m_contentString = "";//new String();
+        m_isMissing = true;
+    }
+
+    public void saveAs(String s) throws IOException,SmartUploadException
+    {
+        saveAs(s,0);
+    }
+
+    public void saveAs(String s,int i) throws IOException,SmartUploadException
+    {
+        //Method invokes dubious new String() constructor; just use ""
+        //Creating a new java.lang.String object using the no-argument constructor wastes memory because the object so created will be functionally indistinguishable from the empty string constant "".\u00A0 Java guarantees that identical string constants will be represented by the same String object.\u00A0 Therefore, you should just use the empty string constant directly.
+        //String s1 = new String();
+        String s1 = "";
+        s1 = m_parent.getPhysicalPath(s,i);
+        if(s1 == null)
+        {
+            throw new IllegalArgumentException("There is no specified destination file (1140).");
+        }
+        try
+        {
+            java.io.File file = new java.io.File(s1);
+            FileOutputStream fileoutputstream = new FileOutputStream(file);
+            fileoutputstream.write(m_parent.m_binArray,m_startData,m_size);
+            fileoutputstream.close();
+        }
+        catch(IOException ioexception)
+        {
+            throw new SmartUploadException("File can't be saved (1120).");
+        }
+    }
+
+    public void fileToField(ResultSet resultset,String s) throws ServletException,IOException,SmartUploadException,SQLException
+    {
+        long l = 0L;
+        int i = 0x10000;
+        int j = 0;
+        int k = m_startData;
+        if(resultset == null)
+        {
+            throw new IllegalArgumentException("The RecordSet cannot be null (1145).");
+        }
+        if(s == null)
+        {
+            throw new IllegalArgumentException("The columnName cannot be null (1150).");
+        }
+        if(s.length() == 0)
+        {
+            throw new IllegalArgumentException("The columnName cannot be empty (1155).");
+        }
+        l = BigInteger.valueOf(m_size).divide(BigInteger.valueOf(i)).longValue();
+        j = BigInteger.valueOf(m_size).mod(BigInteger.valueOf(i)).intValue();
+        try
+        {
+            for(int i1 = 1;(long)i1 < l;i1++)
+            {
+                resultset.updateBinaryStream(s,new ByteArrayInputStream(m_parent.m_binArray,k,i),i);
+                k = k != 0 ? k : 1;
+                k = i1 * i + m_startData;
+            }
+
+            if(j > 0)
+            {
+                resultset.updateBinaryStream(s,new ByteArrayInputStream(m_parent.m_binArray,k,j),j);
+            }
+        }
+        catch(SQLException sqlexception)
+        {
+            byte abyte0[] = new byte[m_size];
+            System.arraycopy(m_parent.m_binArray,m_startData,abyte0,0,m_size);
+            resultset.updateBytes(s,abyte0);
+        }
+        catch(Exception exception)
+        {
+            throw new SmartUploadException("Unable to save file in the DataBase (1130).");
+        }
+    }
+
+    public boolean isMissing()
+    {
+        return m_isMissing;
+    }
+
+    public String getFieldName()
+    {
+        return m_fieldname;
+    }
+
+    public String getFileName()
+    {
+        return m_filename;
+    }
+
+    public String getFilePathName()
+    {
+        return m_filePathName;
+    }
+
+    public String getFileExt()
+    {
+        return m_fileExt;
+    }
+
+    public String getContentType()
+    {
+        return m_contentType;
+    }
+
+    public String getContentDisp()
+    {
+        return m_contentDisp;
+    }
+
+    public String getContentString()
+    {
+        String s = new String(m_parent.m_binArray,m_startData,m_size);
+        return s;
+    }
+
+    public String getTypeMIME() throws IOException
+    {
+        return m_typeMime;
+    }
+
+    public String getSubTypeMIME()
+    {
+        return m_subTypeMime;
+    }
+
+    public int getSize()
+    {
+        return m_size;
+    }
+
+    protected int getStartData()
+    {
+        return m_startData;
+    }
+
+    protected int getEndData()
+    {
+        return m_endData;
+    }
+
+    protected void setParent(SmartUpload smartupload)
+    {
+        m_parent = smartupload;
+    }
+
+    protected void setStartData(int i)
+    {
+        m_startData = i;
+    }
+
+    protected void setEndData(int i)
+    {
+        m_endData = i;
+    }
+
+    protected void setSize(int i)
+    {
+        m_size = i;
+    }
+
+    protected void setIsMissing(boolean flag)
+    {
+        m_isMissing = flag;
+    }
+
+    protected void setFieldName(String s)
+    {
+        m_fieldname = s;
+    }
+
+    protected void setFileName(String s)
+    {
+        m_filename = s;
+    }
+
+    protected void setFilePathName(String s)
+    {
+        m_filePathName = s;
+    }
+
+    protected void setFileExt(String s)
+    {
+        m_fileExt = s;
+    }
+
+    protected void setContentType(String s)
+    {
+        m_contentType = s;
+    }
+
+    protected void setContentDisp(String s)
+    {
+        m_contentDisp = s;
+    }
+
+    protected void setTypeMIME(String s)
+    {
+        m_typeMime = s;
+    }
+
+    protected void setSubTypeMIME(String s)
+    {
+        m_subTypeMime = s;
+    }
+
+    public byte getBinaryData(int i)
+    {
+        if(m_startData + i > m_endData)
+        {
+            throw new ArrayIndexOutOfBoundsException("Index Out of range (1115).");
+        }
+        if(m_startData + i <= m_endData)
+        {
+            return m_parent.m_binArray[m_startData + i];
+        }
+        else
+        {
+            return 0;
+        }
+    }
+}
diff --git a/com/util/SmartFiles.java b/com/util/SmartFiles.java
new file mode 100644
index 0000000..a7422f2
--- /dev/null
+++ b/com/util/SmartFiles.java
@@ -0,0 +1,74 @@
+package com.util;
+import java.io.IOException;
+import java.util.Collection;
+import java.util.Enumeration;
+import java.util.Hashtable;
+
+public class SmartFiles
+{
+    //private SmartUpload m_parent;
+    private Hashtable m_files;
+    private int m_counter;
+
+    SmartFiles()
+    {
+        m_files = new Hashtable();
+        m_counter = 0;
+    }
+
+    protected void addFile(SmartFile file)
+    {
+        if(file == null)
+        {
+            throw new IllegalArgumentException("newFile cannot be null.");
+        }
+        else
+        {
+            m_files.put(new Integer(m_counter),file);
+            m_counter++;
+            return;
+        }
+    }
+
+    public SmartFile getFile(int i)
+    {
+        if(i < 0)
+        {
+            throw new IllegalArgumentException("File's index cannot be a negative value (1210).");
+        }
+        SmartFile file = (SmartFile)m_files.get(new Integer(i));
+        if(file == null)
+        {
+            throw new IllegalArgumentException("Files' name is invalid or does not exist (1205).");
+        }
+        else
+        {
+            return file;
+        }
+    }
+
+    public int getCount()
+    {
+        return m_counter;
+    }
+
+    public long getSize() throws IOException
+    {
+        long l = 0L;
+        for(int i = 0;i < m_counter;i++)
+        {
+            l += getFile(i).getSize();
+        }
+        return l;
+    }
+
+    public Collection getCollection()
+    {
+        return m_files.values();
+    }
+
+    public Enumeration getEnumeration()
+    {
+        return m_files.elements();
+    }
+}
diff --git a/com/util/SmartRequest.java b/com/util/SmartRequest.java
new file mode 100644
index 0000000..8e13c21
--- /dev/null
+++ b/com/util/SmartRequest.java
@@ -0,0 +1,76 @@
+package com.util;
+import java.util.Enumeration;
+import java.util.Hashtable;
+
+public class SmartRequest
+{
+    private Hashtable m_parameters;
+    private int m_counter;
+
+    SmartRequest()
+    {
+        m_parameters = new Hashtable();
+        m_counter = 0;
+    }
+
+    protected void putParameter(String s,String s1)
+    {
+        if(s == null)
+        {
+            throw new IllegalArgumentException("The name of an element cannot be null.");
+        }
+        if(m_parameters.containsKey(s))
+        {
+            Hashtable hashtable = (Hashtable)m_parameters.get(s);
+            hashtable.put(new Integer(hashtable.size()),s1);
+        }
+        else
+        {
+            Hashtable hashtable1 = new Hashtable();
+            hashtable1.put(new Integer(0),s1);
+            m_parameters.put(s,hashtable1);
+            m_counter++;
+        }
+    }
+
+    public String getParameter(String s)
+    {
+        if(s == null)
+        {
+            throw new IllegalArgumentException("Form's name is invalid or does not exist (1305).");
+        }
+        Hashtable hashtable = (Hashtable)m_parameters.get(s);
+        if(hashtable == null)
+        {
+            return null;
+        }
+        else
+        {
+            return(String)hashtable.get(new Integer(0));
+        }
+    }
+
+    public Enumeration getParameterNames()
+    {
+        return m_parameters.keys();
+    }
+
+    public String[] getParameterValues(String s)
+    {
+        if(s == null)
+        {
+            throw new IllegalArgumentException("Form's name is invalid or does not exist (1305).");
+        }
+        Hashtable hashtable = (Hashtable)m_parameters.get(s);
+        if(hashtable == null)
+        {
+            return null;
+        }
+        String as[] = new String[hashtable.size()];
+        for(int i = 0;i < hashtable.size();i++)
+        {
+            as[i] = (String)hashtable.get(new Integer(i));
+        }
+        return as;
+    }
+}
diff --git a/com/util/SmartUpload.java b/com/util/SmartUpload.java
new file mode 100644
index 0000000..b753ae4
--- /dev/null
+++ b/com/util/SmartUpload.java
@@ -0,0 +1,910 @@
+package com.util;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.util.Vector;
+
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import javax.servlet.jsp.JspWriter;
+import javax.servlet.jsp.PageContext;
+
+public class SmartUpload
+{
+    protected byte m_binArray[];
+    protected HttpServletRequest m_request;
+    protected HttpServletResponse m_response;
+    protected ServletContext m_application;
+    private int m_totalBytes;
+    private int m_currentIndex;
+    private int m_startData;
+    private int m_endData;
+    private String m_boundary;
+    private long m_totalMaxFileSize;
+    private long m_maxFileSize;
+    private Vector m_deniedFilesList;
+    private Vector m_allowedFilesList;
+    private boolean m_denyPhysicalPath;
+
+    //private boolean m_forcePhysicalPath;
+    private String m_contentDisposition;
+    public static final int SAVE_AUTO = 0;
+    public static final int SAVE_VIRTUAL = 1;
+    public static final int SAVE_PHYSICAL = 2;
+    private SmartFiles m_files;
+    private SmartRequest m_formRequest;
+
+    public SmartUpload()
+    {
+        m_totalBytes = 0;
+        m_currentIndex = 0;
+        m_startData = 0;
+        m_endData = 0;
+        m_boundary = ""; //new String();
+        m_totalMaxFileSize = 0L;
+        m_maxFileSize = 0L;
+        m_deniedFilesList = new Vector();
+        m_allowedFilesList = new Vector();
+        m_denyPhysicalPath = false;
+        //m_forcePhysicalPath = false;
+        m_contentDisposition = ""; //new String();
+        m_files = new SmartFiles();
+        m_formRequest = new SmartRequest();
+    }
+
+    /**
+     * @deprecated Method init is deprecated
+     */
+    public final void init(ServletConfig servletconfig) throws ServletException
+    {
+        m_application = servletconfig.getServletContext();
+    }
+
+    /**
+     * @deprecated Method service is deprecated
+     */
+    public void service(HttpServletRequest httpservletrequest,HttpServletResponse httpservletresponse) throws ServletException,IOException
+    {
+        m_request = httpservletrequest;
+        m_response = httpservletresponse;
+    }
+
+    public final void initialize(ServletConfig servletconfig,HttpServletRequest httpservletrequest,HttpServletResponse httpservletresponse) throws ServletException
+    {
+        m_application = servletconfig.getServletContext();
+        m_request = httpservletrequest;
+        m_response = httpservletresponse;
+    }
+
+    public final void initialize(PageContext pagecontext) throws ServletException
+    {
+        m_application = pagecontext.getServletContext();
+        m_request = (HttpServletRequest)pagecontext.getRequest();
+        m_response = (HttpServletResponse)pagecontext.getResponse();
+    }
+
+    /**
+     * @deprecated Method initialize is deprecated
+     */
+    public final void initialize(ServletContext servletcontext,HttpSession httpsession,HttpServletRequest httpservletrequest,HttpServletResponse httpservletresponse,JspWriter jspwriter) throws ServletException
+    {
+        m_application = servletcontext;
+        m_request = httpservletrequest;
+        m_response = httpservletresponse;
+    }
+
+    public void upload() throws ServletException,IOException,SmartUploadException
+    {
+        int i = 0;
+        //boolean flag = false;
+        boolean flag1 = false;
+        //boolean flag2 = false;
+        long l = 0L;
+        //String s = "";//new String();
+        //String s2 = "";//new String();
+        String s4 = ""; //new String();
+        String s5 = ""; //new String();
+        String s6 = ""; //new String();
+        String s7 = ""; //new String();
+        String s8 = ""; //new String();
+        String s9 = ""; //new String();
+        String s10 = ""; //new String();
+        m_totalBytes = m_request.getContentLength();
+        m_binArray = new byte[m_totalBytes];
+        int j;
+        for(;i < m_totalBytes;i += j)
+        {
+            try
+            {
+                m_request.getInputStream();
+                j = m_request.getInputStream().read(m_binArray,i,m_totalBytes - i);
+            }
+            catch(Exception exception)
+            {
+                throw new SmartUploadException("Unable to upload.");
+            }
+        }
+
+        for(;!flag1 && m_currentIndex < m_totalBytes;m_currentIndex++)
+        {
+            if(m_binArray[m_currentIndex] == 13)
+            {
+                flag1 = true;
+            }
+            else
+            {
+                m_boundary = m_boundary + (char)m_binArray[m_currentIndex];
+
+            }
+        }
+        if(m_currentIndex == 1)
+        {
+            return;
+        }
+        for(m_currentIndex++;m_currentIndex < m_totalBytes;m_currentIndex = m_currentIndex + 2)
+        {
+        	long now=new java.util.Date().getTime();
+            String s1 = getDataHeader();
+            m_currentIndex = m_currentIndex + 2;
+            boolean flag3 = s1.indexOf("filename") > 0;
+            String s3 = getDataFieldValue(s1,"name");
+            if(flag3)
+            {
+                s6 = getDataFieldValue(s1,"filename");   
+                s4 = now+getFileName(s6);   
+                s5 = getFileExt(s4);
+                s7 = getContentType(s1);
+                s8 = getContentDisp(s1);
+                s9 = getTypeMIME(s7);
+                s10 = getSubTypeMIME(s7);
+            }
+            getDataSection();
+            if(flag3 && s4.length() > 0)
+            {
+                if(m_deniedFilesList.contains(s5))
+                {
+                    throw new SecurityException("The extension of the file is denied to be uploaded (1015).");
+                }
+                if(!m_allowedFilesList.isEmpty() && !m_allowedFilesList.contains(s5))
+                {
+                    throw new SecurityException("The extension of the file is not allowed to be uploaded (1010).");
+                }
+                if(m_maxFileSize > 0L && (long)((m_endData - m_startData) + 1) > m_maxFileSize)
+                {
+                    throw new SecurityException("Size exceeded for this file : " + s4 + " (1105).");
+                }
+                l += (m_endData - m_startData) + 1;
+                if(m_totalMaxFileSize > 0L && l > m_totalMaxFileSize)
+                {
+                    throw new SecurityException("Total File Size exceeded (1110).");
+                }
+            }
+            if(flag3)
+            {
+                SmartFile file = new SmartFile();
+                file.setParent(this);
+                file.setFieldName(s3);
+                file.setFileName(s4);
+                file.setFileExt(s5);
+                file.setFilePathName(s6);
+                file.setIsMissing(s6.length() == 0);
+                file.setContentType(s7);
+                file.setContentDisp(s8);
+                file.setTypeMIME(s9);
+                file.setSubTypeMIME(s10);
+                if(s7.indexOf("application/x-macbinary") > 0)
+                {
+                    m_startData = m_startData + 128;
+                }
+                file.setSize((m_endData - m_startData) + 1);
+                file.setStartData(m_startData);
+                file.setEndData(m_endData);
+                m_files.addFile(file);
+            }
+            else
+            {
+                String s11 = new String(m_binArray,m_startData,(m_endData - m_startData) + 1);
+                m_formRequest.putParameter(s3,s11);
+            }
+            if((char)m_binArray[m_currentIndex + 1] == '-')
+            {
+                break;
+            }
+        }
+    }
+
+    public int save(String s) throws ServletException,IOException,SmartUploadException
+    {
+        return save(s,0);
+    }
+
+    public int save(String s,int i) throws ServletException,IOException,SmartUploadException
+    {
+        int j = 0;
+        if(s == null)
+        {
+            s = m_application.getRealPath("/");
+            //System.out.println("s == null,m_application.getRealPath:" + s);
+        }
+        if(s.indexOf("/") != -1)
+        {
+            if(s.charAt(s.length() - 1) != '/')
+            {
+                s = s + "/";
+                //System.out.println("m_application.getRealPath::" + s);
+            }
+        }
+        else
+        {
+            if(s.charAt(s.length() - 1) != '\\')
+            {
+                s = s + "\\";
+                //System.out.println("m_application.getRealPath" + s);
+            }
+        }
+        //System.out.println("m_application.getRealPath:::" + s);
+        FileNames = new String[m_files.getCount()];
+        for(int k = 0;k < m_files.getCount();k++)
+        {
+            if(!m_files.getFile(k).isMissing())
+            {
+              //  System.out.println("s + m_files.getFile(k).getFileName():" + s + m_files.getFile(k).getFileName());
+                m_files.getFile(k).saveAs(s + m_files.getFile(k).getFileName(),i);
+                FileNames[j] = s + m_files.getFile(k).getFileName();
+                j++;
+            }
+        }
+        return j;
+    }
+
+    //Add
+    private String[] FileNames;
+    public String[] getFileNames()
+    {
+        //Method may expose internal representation by returning array
+        //Returning an array value stored in one of the object's fields exposes the internal representation of the object.? For classes shared by other untrusted classes, this could potentially be a security issue.? Returning a new copy of the array is better approach in many situations.
+        String[] vFileNames = new String[FileNames.length];
+        System.arraycopy(FileNames,0,vFileNames,0,FileNames.length);
+        return vFileNames;
+    }
+
+    public int getSize()
+    {
+        return m_totalBytes;
+    }
+
+    public byte getBinaryData(int i)
+    {
+        byte byte0;
+        try
+        {
+            byte0 = m_binArray[i];
+        }
+        catch(Exception exception)
+        {
+            throw new ArrayIndexOutOfBoundsException("Index out of range (1005).");
+        }
+        return byte0;
+    }
+
+    public SmartFiles getFiles()
+    {
+        return m_files;
+    }
+
+    public SmartRequest getRequest()
+    {
+        return m_formRequest;
+    }
+
+    public void downloadFile(String s) throws ServletException,IOException,SmartUploadException
+    {
+        downloadFile(s,null,null);
+    }
+
+    public void downloadFile(String s,String s1) throws ServletException,IOException,SmartUploadException,SmartUploadException
+    {
+        downloadFile(s,s1,null);
+    }
+
+    public void downloadFile(String s,String s1,String s2) throws ServletException,IOException,SmartUploadException
+    {
+        downloadFile(s,s1,s2,65000);
+    }
+
+    public void downloadFile(String s,String s1,String s2,int i) throws ServletException,IOException,SmartUploadException
+    {
+        if(s == null)
+        {
+            throw new IllegalArgumentException("File '" + s + "' not found (1040).");
+        }
+        if(s.equals(""))
+        {
+            throw new IllegalArgumentException("File '" + s + "' not found (1040).");
+        }
+        if(!isVirtual(s) && m_denyPhysicalPath)
+        {
+            throw new SecurityException("Physical path is denied (1035).");
+        }
+        if(isVirtual(s))
+        {
+            s = m_application.getRealPath(s);
+        }
+        java.io.File file = new java.io.File(s);
+        FileInputStream fileinputstream = new FileInputStream(file);
+        long l = file.length();
+        //boolean flag = false;
+        int k = 0;
+        byte abyte0[] = new byte[i];
+        if(s1 == null)
+        {
+            m_response.setContentType("application/x-msdownload");
+        }
+        else
+        {
+            if(s1.length() == 0)
+            {
+                m_response.setContentType("application/x-msdownload");
+            }
+            else
+            {
+                m_response.setContentType(s1);
+            }
+        }
+        m_response.setContentLength((int)l);
+        m_contentDisposition = m_contentDisposition != null ? m_contentDisposition : "attachment;";
+        if(s2 == null)
+        {
+            m_response.setHeader("Content-Disposition",m_contentDisposition + " filename=" + getFileName(s));
+        }
+        else
+        {
+            if(s2.length() == 0)
+            {
+                m_response.setHeader("Content-Disposition",m_contentDisposition);
+            }
+            else
+            {
+                m_response.setHeader("Content-Disposition",m_contentDisposition + " filename=" + s2);
+            }
+        }
+        while((long)k < l)
+        {
+            int j = fileinputstream.read(abyte0,0,i);
+            k += j;
+            m_response.getOutputStream().write(abyte0,0,j);
+        }
+        fileinputstream.close();
+    }
+
+    public void downloadField(ResultSet resultset,String s,String s1,String s2) throws ServletException,IOException,SQLException
+    {
+        if(resultset == null)
+        {
+            throw new IllegalArgumentException("The RecordSet cannot be null (1045).");
+        }
+        if(s == null)
+        {
+            throw new IllegalArgumentException("The columnName cannot be null (1050).");
+        }
+        if(s.length() == 0)
+        {
+            throw new IllegalArgumentException("The columnName cannot be empty (1055).");
+        }
+        byte abyte0[] = resultset.getBytes(s);
+        if(s1 == null)
+        {
+            m_response.setContentType("application/x-msdownload");
+        }
+        else
+        {
+            if(s1.length() == 0)
+            {
+                m_response.setContentType("application/x-msdownload");
+            }
+            else
+            {
+                m_response.setContentType(s1);
+            }
+        }
+        m_response.setContentLength(abyte0.length);
+        if(s2 == null)
+        {
+            m_response.setHeader("Content-Disposition","attachment;");
+        }
+        else
+        {
+            if(s2.length() == 0)
+            {
+                m_response.setHeader("Content-Disposition","attachment;");
+            }
+            else
+            {
+                m_response.setHeader("Content-Disposition","attachment; filename=" + s2);
+            }
+        }
+        m_response.getOutputStream().write(abyte0,0,abyte0.length);
+    }
+
+    public void fieldToFile(ResultSet resultset,String s,String s1) throws ServletException,IOException,SmartUploadException,SQLException
+    {
+        try
+        {
+            if(m_application.getRealPath(s1) != null)
+            {
+                s1 = m_application.getRealPath(s1);
+            }
+            InputStream inputstream = resultset.getBinaryStream(s);
+            FileOutputStream fileoutputstream = new FileOutputStream(s1);
+            int i;
+            while((i = inputstream.read()) != -1)
+            {
+                fileoutputstream.write(i);
+            }
+            fileoutputstream.close();
+        }
+        catch(Exception exception)
+        {
+            throw new SmartUploadException("Unable to save file from the DataBase (1020).");
+        }
+    }
+
+    private String getDataFieldValue(String s,String s1)
+    {
+        String s2 = ""; // = new String();
+        String s3 = ""; // = new String();
+        int i = 0;
+        //boolean flag = false;
+        //boolean flag1 = false;
+        //boolean flag2 = false;
+        s2 = s1 + "=" + '"';
+        i = s.indexOf(s2);
+        if(i > 0)
+        {
+            int j = i + s2.length();
+            int k = j;
+            s2 = "\"";
+            int l = s.indexOf(s2,j);
+            if(k > 0 && l > 0)
+            {
+                s3 = s.substring(k,l);
+            }
+        }
+        return s3;
+    }
+
+    private String getFileExt(String s)
+    {
+        String s1; // = new String();
+        int i = 0;
+        int j = 0;
+        if(s == null)
+        {
+            return null;
+        }
+        i = s.lastIndexOf('.') + 1;
+        j = s.length();
+        s1 = s.substring(i,j);
+        if(s.lastIndexOf('.') > 0)
+        {
+            return s1;
+        }
+        else
+        {
+            return "";
+        }
+    }
+
+    private String getContentType(String s)
+    {
+        String s1 = ""; // = new String();
+        String s2 = ""; // = new String();
+        int i = 0;
+        //boolean flag = false;
+        s1 = "Content-Type:";
+        i = s.indexOf(s1) + s1.length();
+        if(i != -1)
+        {
+            int j = s.length();
+            s2 = s.substring(i,j);
+        }
+        return s2;
+    }
+
+    private String getTypeMIME(String s)
+    {
+        //String s1 = new String();
+        int i = 0;
+        i = s.indexOf("/");
+        if(i != -1)
+        {
+            return s.substring(1,i);
+        }
+        else
+        {
+            return s;
+        }
+    }
+
+    private String getSubTypeMIME(String s)
+    {
+        //String s1 = new String();
+        //boolean flag = false;
+        int i = 0;
+        i = s.indexOf("/") + 1;
+        if(i != -1)
+        {
+            int j = s.length();
+            return s.substring(i,j);
+        }
+        else
+        {
+            return s;
+        }
+    }
+
+    private String getContentDisp(String s)
+    {
+        //String s1 = new String();
+        String s1 = "";
+        int i = 0;
+        int j = 0;
+        i = s.indexOf(":") + 1;
+        j = s.indexOf(";");
+        s1 = s.substring(i,j);
+        return s1;
+    }
+
+    private void getDataSection()
+    {
+        //boolean flag = false;
+        //String s = "";
+        //String s = new String();
+        int i = m_currentIndex;
+        int j = 0;
+        int k = m_boundary.length();
+        m_startData = m_currentIndex;
+        m_endData = 0;
+        while(i < m_totalBytes)
+        {
+            if(m_binArray[i] == (byte)m_boundary.charAt(j))
+            {
+                if(j == k - 1)
+                {
+                    m_endData = ((i - k) + 1) - 3;
+                    break;
+                }
+                i++;
+                j++;
+            }
+            else
+            {
+                i++;
+                j = 0;
+            }
+        }
+        m_currentIndex = m_endData + k + 3;
+    }
+
+    private String getDataHeader()
+    {
+        //boolean flag = false;
+        int i = m_currentIndex;
+        int j = 0;
+        for(boolean flag1 = false;!flag1;)
+        {
+            if(m_binArray[m_currentIndex] == 13 && m_binArray[m_currentIndex + 2] == 13)
+            {
+                flag1 = true;
+                j = m_currentIndex - 1;
+                m_currentIndex = m_currentIndex + 2;
+            }
+            else
+            {
+                m_currentIndex++;
+            }
+        }
+
+        String s = new String(m_binArray,i,(j - i) + 1);
+        return s;
+    }
+
+    private String getFileName(String s)
+    {
+        //String s1 = ""; // = new String();
+        //String s2 = ""; // = new String();
+        //boolean flag = false;
+        //boolean flag1 = false;
+        //boolean flag2 = false;
+        int i = 0;
+        i = s.lastIndexOf('/');
+        if(i != -1)
+        {
+            return s.substring(i + 1,s.length());
+        }
+        i = s.lastIndexOf('\\');
+        if(i != -1)
+        {
+            return s.substring(i + 1,s.length());
+        }
+        else
+        {
+            return s;
+        }
+    }
+
+    public void setDeniedFilesList(String s) throws ServletException,IOException,SQLException
+    {
+        //String s1 = "";
+        if(s != null)
+        {
+            String s2 = "";
+            for(int i = 0;i < s.length();i++)
+            {
+                if(s.charAt(i) == ',')
+                {
+                    if(!m_deniedFilesList.contains(s2))
+                    {
+                        m_deniedFilesList.addElement(s2);
+                    }
+                    s2 = "";
+                }
+                else
+                {
+                    s2 = s2 + s.charAt(i);
+                }
+            }
+
+            //if(s2 != "")
+            if(!s2.equals(""))
+            {
+                m_deniedFilesList.addElement(s2);
+            }
+        }
+        else
+        {
+            m_deniedFilesList = null;
+        }
+    }
+
+    public void setAllowedFilesList(String s)
+    {
+        //String s1 = "";
+        if(s != null)
+        {
+            String s2 = "";
+            for(int i = 0;i < s.length();i++)
+            {
+                if(s.charAt(i) == ',')
+                {
+                    if(!m_allowedFilesList.contains(s2))
+                    {
+                        m_allowedFilesList.addElement(s2);
+                    }
+                    s2 = "";
+                }
+                else
+                {
+                    s2 = s2 + s.charAt(i);
+                }
+            }
+            //if(s2 != "")
+            if(!s2.equals(""))
+            {
+                m_allowedFilesList.addElement(s2);
+            }
+        }
+        else
+        {
+            m_allowedFilesList = null;
+        }
+    }
+
+    public void setDenyPhysicalPath(boolean flag)
+    {
+        m_denyPhysicalPath = flag;
+    }
+
+    public void setForcePhysicalPath(boolean flag)
+    {
+        //m_forcePhysicalPath = flag;
+    }
+
+    public void setContentDisposition(String s)
+    {
+        m_contentDisposition = s;
+    }
+
+    public void setTotalMaxFileSize(long l)
+    {
+        m_totalMaxFileSize = l;
+    }
+
+    public void setMaxFileSize(long l)
+    {
+        m_maxFileSize = l;
+    }
+
+    protected String getPhysicalPath(String s,int i) throws IOException
+    {
+        String s1 = ""; //new String();
+        String s2 = ""; //new String();
+        String s3 = ""; //new String();
+        boolean flag = false;
+        s3 = System.getProperty("file.separator");
+        if(s == null)
+        {
+            throw new IllegalArgumentException("There is no specified destination file (1140).");
+        }
+        if(s.equals(""))
+        {
+            throw new IllegalArgumentException("There is no specified destination file (1140).");
+        }
+        if(s.lastIndexOf("\\") >= 0)
+        {
+            s1 = s.substring(0,s.lastIndexOf("\\"));
+            s2 = s.substring(s.lastIndexOf("\\") + 1);
+        }
+        if(s.lastIndexOf("/") >= 0)
+        {
+            s1 = s.substring(0,s.lastIndexOf("/"));
+            s2 = s.substring(s.lastIndexOf("/") + 1);
+        }
+        s1 = s1.length() != 0 ? s1 : "/";
+        java.io.File file = new java.io.File(s1);
+        if(file.exists())
+        {
+            flag = true;
+        }
+        if(i == 0)
+        {
+            if(isVirtual(s1))
+            {
+                s1 = m_application.getRealPath(s1);
+                if(s1.endsWith(s3))
+                {
+                    s1 = s1 + s2;
+                }
+                else
+                {
+                    s1 = s1 + s3 + s2;
+                }
+                return s1;
+            }
+            if(flag)
+            {
+                if(m_denyPhysicalPath)
+                {
+                    throw new IllegalArgumentException("Physical path is denied (1125).");
+                }
+                else
+                {
+                    return s;
+                }
+            }
+            else
+            {
+                throw new IllegalArgumentException("This path does not exist (1135).");
+            }
+        }
+        if(i == 1)
+        {
+            if(isVirtual(s1))
+            {
+                s1 = m_application.getRealPath(s1);
+                if(s1.endsWith(s3))
+                {
+                    s1 = s1 + s2;
+                }
+                else
+                {
+                    s1 = s1 + s3 + s2;
+                }
+                return s1;
+            }
+            if(flag)
+            {
+                throw new IllegalArgumentException("The path is not a virtual path.");
+            }
+            else
+            {
+                throw new IllegalArgumentException("This path does not exist (1135).");
+            }
+        }
+        if(i == 2)
+        {
+            if(flag)
+            {
+                if(m_denyPhysicalPath)
+                {
+                    throw new IllegalArgumentException("Physical path is denied (1125).");
+                }
+                else
+                {
+                    return s;
+                }
+            }
+            if(isVirtual(s1))
+            {
+                throw new IllegalArgumentException("The path is not a physical path.");
+            }
+            else
+            {
+                throw new IllegalArgumentException("This path does not exist (1135).");
+            }
+        }
+        else
+        {
+            return null;
+        }
+    }
+
+    public void uploadInFile(String s) throws IOException,SmartUploadException
+    {
+        //boolean flag = false;
+        int i = 0;
+        int j = 0;
+        if(s == null)
+        {
+            throw new IllegalArgumentException("There is no specified destination file (1025).");
+        }
+        if(s.length() == 0)
+        {
+            throw new IllegalArgumentException("There is no specified destination file (1025).");
+        }
+        if(!isVirtual(s) && m_denyPhysicalPath)
+        {
+            throw new SecurityException("Physical path is denied (1035).");
+        }
+        i = m_request.getContentLength();
+        m_binArray = new byte[i];
+        int k;
+        for(;j < i;j += k)
+        {
+            try
+            {
+                k = m_request.getInputStream().read(m_binArray,j,i - j);
+            }
+            catch(Exception exception)
+            {
+                throw new SmartUploadException("Unable to upload.");
+            }
+        }
+
+        if(isVirtual(s))
+        {
+            s = m_application.getRealPath(s);
+        }
+        try
+        {
+            java.io.File file = new java.io.File(s);
+            FileOutputStream fileoutputstream = new FileOutputStream(file);
+            fileoutputstream.write(m_binArray);
+            fileoutputstream.close();
+        }
+        catch(Exception exception1)
+        {
+            throw new SmartUploadException("The Form cannot be saved in the specified file (1030).");
+        }
+    }
+
+    private boolean isVirtual(String s)
+    {
+        if(m_application.getRealPath(s) != null)
+        {
+            java.io.File file = new java.io.File(m_application.getRealPath(s));
+            return file.exists();
+        }
+        else
+        {
+            return false;
+        }
+    }
+}
diff --git a/com/util/SmartUploadException.java b/com/util/SmartUploadException.java
new file mode 100644
index 0000000..599927d
--- /dev/null
+++ b/com/util/SmartUploadException.java
@@ -0,0 +1,8 @@
+package com.util;
+public class SmartUploadException extends Exception
+{
+    SmartUploadException(String s)
+    {
+        super(s);
+    }
+}