save.asp

一个美化的论坛程序

<!--#include file="function.asp"-->
<!--#include file="conn.asp"-->
<!--#include file="const.asp"-->
<!--#include file="char.asp"-->
<%dim replyid,bbsid,errmsg
if Request.Cookies("bookbaby")("username")="" or Request.Cookies("bookbaby")("userpwd")="" then
	username=trim(Request.Form("username"))
	password=trim(Request.Form("password"))
else
	username=Request.Cookies("bookbaby")("username")
	password=Request.Cookies("bookbaby")("userpwd")
end if
if username="" or password="" then
	errmsg=errmsg+"<li>用户名和密码不能为空"
	call error()
	response.end
end if
sql="select username,password,sex from user where lockuser=0 and username='"&username&"' and password='"&password&"' and not lockuser"
rs.open sql,conn,1,1
if rs.eof then
	errmsg=errmsg+"<li>用户名或者密码错误,或者用户已经被管理员锁定"
	call error()
	response.end
else
	Response.Cookies("bookbaby")("username")=username
	Response.Cookies("bookbaby")("userpwd")=password
	conn.execute "delete * from online where username='"&Request.Cookies("bookbaby")("username")&"'"
	conn.execute "delete * from online where username='"&username&"'"
	conn.execute "insert into online(username,sex,stat,lasttime) values ('"&username&"',"&rs("sex")&",'发表文章','"&now()&"')"
end if
rs.close
boardid=request("boardid")
if request("act")="" then
	errmsg="<li>参数错误！"
	call error()
	response.end
else
	act=request("act")
end if
if boardid="" and action="bbs" then
	errmsg="<li>请选择论坛！"
	call error()
	response.end
end if
if request("action")<>"bbs" and request("action")<>"reply" then 
	errmsg="<li>操作错误！"
	call error()
	response.end
else
	action=request("action")
end if
if request("replyid")<>"" then 
	replyid=request("replyid")
	id=request("replyid")
	bbsid=request("bbsid")
elseif request("bbsid")<>"" then
	bbsid=request("bbsid")
	id=request("bbsid")
end if
if action="bbs" and act="add" and trim(Request("title"))="" then 
	errmsg="<li>主题不能为空！"
	call error()
	response.end
else
	title=HTMLEncode(request("title"))
end if
if trim(request("content"))="" then 
	errmsg="<li>内容不能为空！"
	call error()
	response.end
else
	content=HTMLEncode(request("content"))
end if
if act="add" then
	call add()
elseif act="edit" then
	call edit()
else
	call del()
end if
sub add()
	if datediff("s",session("addtime"),time())<=5 then
		errmsg="<li>本论坛规定两次发帖时间间隔不得少于30秒,您离下次发表时间还剩<font color=#ff0000>"&(100-datediff("s",session("addtime"),time()))&"</font>秒"
		call error()
		Response.End
	end if
sql="select * from "&action&" where bbsid is null"
rs.open sql,conn,1,3
	rs.addnew
	rs("ip")=Request.ServerVariables("REMOTE_ADDR")
	rs("username")=Request.Cookies("bookbaby")("username")
	rs("content")=content
	rs("dateandtime")=now
	rs("face")=request.form("face")
	if action="bbs" then
		rs("title")=title
		rs("lastreply")=now
		rs("boardid")=boardid
		conn.execute "update board set topiccount=topiccount+1 where boardid="&boardid
	end if
	if action="reply" then
		if request("replyorder")<>"" then conn.execute("Update reply Set replyorder=replyorder+1 Where replyorder>=" & Request("replyorder"))
		rs("bbsid")=bbsid
		rs("replyorder")=Request("replyorder")
		if Request("replygrade")<>"" then rs("replygrade")=Request("replygrade")+1
		conn.execute "update bbs set lastreply='"&now&"' where bbsid="&bbsid
	end if
	conn.execute "update board set count=count+1 where boardid="&boardid
	conn.execute "update board set lastreplytime='"&now&"',lastreplyuser='"&Request.Cookies("bookbaby")("username")&"' where boardid="&boardid
	rs.update
	if action="reply" then
		replyid=rs("replyid")
	else
		bbsid=rs("bbsid")
	end if
	session("addtime")=time()
rs.close
call success()
end sub
sub edit()
if action="bbs" then
sql="select title,editrecord,content,face from "&action&" where "&action&"id="&id&" and username='"&Request.Cookies("bookbaby")("username")&"'"
else
sql="select editrecord,content,face from "&action&" where "&action&"id="&id&" and username='"&Request.Cookies("bookbaby")("username")&"'"
end if
rs.open sql,conn,1,3
if not rs.eof then
if action="bbs" then rs("title")=title
	rs("content")=content
	rs("face")=request.form("face")
	rs("editrecord")=now()
	rs.update
end if
rs.close
end sub
sub success()
conn.execute("update user set announce=announce+1,score=score+2 where username='"&username&"'")
end sub
set rs=nothing
conn.close
set conn=nothing
response.redirect "success.asp?type="&request("type")&"&act="&act&"&boardid="&boardid&"&bbsid="&bbsid&"&replyid="&replyid
%>