📄 newvote.asp
字号:
<!--#INCLUDE FILE="inc/db_inc.asp"-->
<!--#INCLUDE FILE="inc/md5_inc.asp"-->
<!--#INCLUDE FILE="inc/char_inc.asp"-->
<!--#INCLUDE FILE="header.asp"-->
<%
dim ip, strip, killip
dim StrSql, toptext, rs, rs2, StrHtml, StrHtml2, error, sex, avatar, err, userid, threadid
StrHtml = loadtemplate("htmltop")
StrHtml = Replace(StrHtml, "{pagetitle}", loadtemplate("newvotetitle"))
StrHtml = Replace(StrHtml, "{forumtitle}", boardtitle)
response.write StrHtml
' 短消息提示
response.write pmpopwin
StrHtml = loadtemplate("pagetitle")
if request.cookies("sf")("username") = "" then
toptext = loadtemplate("toptextguest")
else
toptext = loadtemplate("toptextuser")
end if
toptext = toptext & loadtemplate("toptext")
StrHtml = Replace(StrHtml, "{top_text}", toptext)
StrHtml = Replace(StrHtml, "{username}", request.cookies("sf")("username"))
response.write StrHtml
' 论坛关闭
StrSql = "select * from sf_setup"
Set rs2 = Conn.Execute(StrSql)
if rs2("forumclose") = 1 then
StrHtml = loadtemplate("error")
StrHtml = Replace(StrHtml, "{error_text}", rs2("forumclosehint"))
response.write StrHtml
response.end
end if
' 禁止IP访问
if rs2("killip") = 1 then
userip = cstr(request.ServerVariables("REMOTE_ADDR"))
killiplist = rs2("killiplist")
if killiplist <> "" and userip <> "" then
killip = split(killiplist, "|")
struserip = split(userip, ".")
i = 0
do until i > ubound(killip)
strkillip = split(killip(i), ".")
bolkill = true
if (struserip(0) <> strkillip(0)) and (strkillip(0) <> "*") then bolkill = false
if (struserip(1) <> strkillip(1)) and (strkillip(1) <> "*") then bolkill = false
if (struserip(2) <> strkillip(2)) and (strkillip(2) <> "*") then bolkill = false
if (struserip(3) <> strkillip(3)) and (strkillip(3) <> "*") then bolkill = false
if bolkill then
StrHtml = loadtemplate("error")
StrHtml = Replace(StrHtml, "{error_text}", rs2("killiphint"))
response.write StrHtml
Response.End
end if
i = i + 1
loop
end if
end if
' 检测forumid是否合法
err = false
forumid = ChkSql(request("forumid"))
if not IsNumeric(forumid) then
err = true
else
StrSql = "select sf_forum.forumid, sf_forum.title, sf_forum.allowposting, sf_forum.canpostpoll, sf_forum.onlyuser, sf_forum.onlymember, sf_forum.memberlist, sf_forum.cateid, sf_cate.cateid, sf_cate.catetitle from sf_forum left join sf_cate on sf_forum.cateid = sf_cate.cateid where forumid = " & forumid
Set rs2 = Conn.Execute(StrSql)
if rs2.bof or rs2.eof then
err = true
else
forumtitle = rs2("title")
cateid = rs2("cateid")
catetitle = rs2("catetitle")
allowpost = rs2("allowposting")
canpostpoll = rs2("canpostpoll")
onlymember = rs2("onlymember")
memberlist = rs2("memberlist")
' 如果只允许内部成员访问...
if onlymember = 1 then
if not IsMember(forumid, memberlist) then error = error & "<br><li>" & loadtemplate("err_member")
StrSql = "select password, userid from sf_user where username = '" & ChkSql(request.cookies("sf")("username")) & "'"
Set rs2 = Conn.Execute(StrSql)
if rs2.bof or rs2.eof then
error = error & "<br><li>" & loadtemplate("err_chkpassword")
else
if request.cookies("sf")("password") <> rs2("password") then error = error & loadtemplate("err_chkpassword")
end if
end if
end if
end if
if err then error = error & "<br><li>" & loadtemplate("err_forumnotexist")
if allowpost = 0 then error = error & "<br><li>" & loadtemplate("err_post")
if canpostpoll = 0 then error = error & "<br><li>" & loadtemplate("err_postpoll")
' 如果有错误则提示
if error <> "" then
StrHtml = loadtemplate("error")
StrHtml = Replace(StrHtml, "{error_text}", error)
response.write StrHtml
response.end
end if
StrHtml = loadtemplate("pagepath")
StrHtml = Replace(StrHtml, "{path_text}", "<a href=""index.asp"">" & boardtitle & "</a> » <a href=""showcate.asp?cateid=" & cateid & """>" & catetitle & "</a> » <a href=""showforum.asp?forumid=" & forumid & """>" & forumtitle & "</a> » " & loadtemplate("newvotetitle"))
response.write StrHtml
' 如果未注册或未登录...
if request.cookies("sf")("username") = "" or request.cookies("sf")("password") = "" then
StrHtml = loadtemplate("error")
StrHtml = Replace(StrHtml, "{error_text}", loadtemplate("err_unregistered"))
response.write StrHtml
response.end
end if
' 检测密码...
StrSql = "select password, userid from sf_user where username = '" & ChkSql(request.cookies("sf")("username")) & "'"
Set rs2 = Conn.Execute(StrSql)
err = false
if rs2.bof or rs2.eof then
err = true
else
if request.cookies("sf")("password") <> rs2("password") then
err = true
else
userid = rs2("userid")
StrSql = "update sf_user set lastactivity = '" & now() & "' where userid = " & userid
Conn.Execute(StrSql)
end if
end if
if err then
StrHtml = loadtemplate("error")
StrHtml = Replace(StrHtml, "{error_text}", loadtemplate("err_chkpassword"))
response.write StrHtml
response.end
end if
step = ChkSql(request("step"))
select case step
case "2"
error = ""
err = false
if request("subject") = "" then
error = error & "<br><li>" & loadtemplate("err_postsubject")
else
if strLength(request("subject")) > 100 then error = error & "<br><li>" & loadtemplate("err_postsubject")
end if
StrHtml = loadtemplate("err_postvotetext")
if request("text") = "" or request("vote") = "" then
error = error & "<br><li>" & StrHtml
else
StrHtml = loadtemplate("err_posttext")
StrHtml = Replace(StrHtml, "{textmaxlength}", postmaxlength)
if request("text") = "" then
error = error & "<br><li>" & StrHtml
else
if strLength(request("text")) > postmaxlength then
error = error & "<br><li>" & StrHtml
else
' 分离出投票项目
strvote = ChkSql(request("vote"))
vote_array = split(strvote, chr(10))
' 如果项目少于2个或多于10个...
if (ubound(vote_array) < 1) or (ubound(vote_array) > 9) then error = error & "<br><li>" & StrHtml
end if
end if
end if
timeout = ChkSql(request("time"))
select case timeout
case "60"
timeout = 60
case "30"
timeout = 30
case "15"
timeout = 15
case "7"
timeout = 7
case else
timeout = 0
end select
if request("type") = "1" then
votetype = 1
else
votetype = 0
end if
'如果有错误则输出错误信息
if error <> "" then
StrHtml = loadtemplate("error")
StrHtml = Replace(StrHtml, "{error_text}", error)
response.write StrHtml
response.end
end if
' 保存投票
j = ubound(vote_array)
strvote = ""
strnum = ""
for i = 0 to j
if rtrim(vote_array(i)) <> "" then
strvote = strvote & vote_array(i) &"||"
strnum = strnum & "0||"
end if
next
' 去除尾部多余的间隔符
strvote = left(strvote, len(strvote) - 2)
strnum = left(strnum, len(strnum) - 2)
' 得到当前时间
nowtime = now()
StrSql = "insert into sf_poll(dateline, options, votes, users, active, numberoptions, timeout, type) values("
StrSql = StrSql & "'" & nowtime & "', '" & server.htmlencode(killbadword(strvote)) & "', '" & strnum & "', '||', 0, " & j+1 & ", " & timeout & ", " & votetype & ")"
Conn.Execute(StrSql)
StrSql = "select top 1 pollid from sf_poll order by pollid DESC"
Set rs2 = Conn.Execute(StrSql)
pollid = rs2("pollid")
' 保存主题
rating = ChkSql(request("rating"))
if not IsNumeric(rating) then
rating = 0
else
rating = cint(rating)
end if
icon = ChkSql(request("icon"))
if not IsNumeric(icon) then
icon = 0
else
icon = cint(icon)
if icon < 0 or icon > 14 then icon = 0
end if
StrSql = "insert into sf_thread(title, lastpost, forumid, pollid, [open], replycount, postusername, postuserid, lastposter, dateline, views, iconid, best, displayorder, lastposterid, rating) values("
StrSql = StrSql & "'" & ChkSql(server.htmlencode(killbadword(request("subject")))) & "', "
StrSql = StrSql & "'" & nowtime & "', "
StrSql = StrSql & forumid & ", " & pollid & ", 1, 0, '" & ChkSql(request.cookies("sf")("username")) & "', " & userid & ", "
StrSql = StrSql & "'" & ChkSql(request.cookies("sf")("username")) & "', '" & nowtime & "', 0, " & icon & ", 0, 0, " & userid & ", " & rating & ")"
Conn.Execute(StrSql)
StrSql = "select top 1 * from sf_thread order by threadid DESC"
Set rs2 = Conn.Execute(StrSql)
threadid = rs2("threadid")
sign = 0
emot = 0
xbcode = 0
autourl = 0
if request("sign") = "1" then sign = 1
if request("usexbcode") = "1" then xbcode = 1
if request("useemot") = "1" then emot = 1
if request("url") = "1" then autourl = 1
StrSql = "insert into sf_post(threadid, forumid, parentid, username, userid, title, dateline, pagetext, allowsmilie, allowautourl, allowxbcode, showsignature, ipaddress, iconid, layer, notes, attachmentid) values("
StrSql = StrSql & threadid & ", " & forumid & ", -1, '" & ChkSql(request.cookies("sf")("username")) & "', " & userid & ", '" & ChkSql(server.htmlencode(killbadword(request("subject")))) & "', '" & nowtime & "', '" & ChkSql(server.htmlencode(killbadword(request("text")))) & "', " & emot & ", " & autourl & ", " & xbcode & ", " & sign & ", '" & cstr(request.ServerVariables("REMOTE_ADDR")) & "', " & icon & ", 1, '', 0)"
Conn.Execute(StrSql)
StrSql = "update sf_forum set threadcount = threadcount + 1, postcount = postcount + 1, lastpost = '" & nowtime & "', lastposter = '" & ChkSql(request.cookies("sf")("username")) & "', lastposterid = " & userid & ", lastposttitle = '" & ChkSql(request("subject")) & "', lastpostid = " & threadid & " where forumid = " & forumid
Conn.Execute(StrSql)
StrSql = "update sf_user set posts = posts + 1, rating = rating + " & ratingthread & ", lastposttime = '" & nowtime & "', lastpostid = " & threadid & ", lastposttitle = '" & ChkSql(server.htmlencode(request("subject"))) & "' where userid = " & userid
Conn.Execute(StrSql)
StrSql = "update sf_counter set threadnum = threadnum + 1"
Conn.Execute(StrSql)
StrSql = "update sf_counter set postnum = postnum + 1"
Conn.Execute(StrSql)
StrHtml = loadtemplate("hint")
StrHtml = Replace(StrHtml, "{hint_text}", loadtemplate("hint_newthread"))
StrHtml = Replace(StrHtml, "{pro_name}", "showthread.asp?threadid=" & threadid)
response.write StrHtml
case else
StrHtml = loadtemplate("newvote")
StrHtml2 = ""
for i = 1 to 14
if i = 8 then StrHtml2 = StrHtml2 + "<br>"
StrHtml2 = StrHtml2 & "<input type=""radio"" value=""" & i & """ name=""icon"">" & "<img src=""image/posticon/icon" & i & ".gif""> " & chr(10)
next
StrHtml = Replace(StrHtml, "{post_icon}", StrHtml2)
' 产生隐含值
StrHtml = Replace(StrHtml, "{hidden_field}", "<input type=""hidden"" name=""forumid"" value=""" & forumid & """>")
response.write StrHtml
response.write sfcopyright
end select
response.write loadtemplate("htmlbottom")
Conn.Close
Set Conn = nothing
Set rs = nothing
Set rs2 = nothing
set ip = nothing
set strip = nothing
set killip = nothing
%>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -