s.asp

中国网站网贴吧程序源码（ASP+ACCESS） 实现功能： 多级分类查找,可按多级分类查找贴吧,多用户申请,任何人都可以申请自己的贴吧, 用户三种权限管理,1,普通会员,2,普通版主(只有管理自己的贴

<a href="t.asp?/=<%=Server.UrlEncode(rs("BoardName"))%>">
<%if not rs.eof then%>
<%=HTMLCode(rs("BoardName"))%>
<%rs.movenext             
end if%></a>
</TD>

                <TD width="19%" class=INDEX_TMALL>
<a href="t.asp?/=<%=Server.UrlEncode(rs("BoardName"))%>">
<%if not rs.eof then%>
<%=HTMLCode(rs("BoardName"))%>
<%rs.movenext             
end if%></a>
</TD>

                <TD width="19%" class=INDEX_TMALL>
<a href="t.asp?/=<%=Server.UrlEncode(rs("BoardName"))%>">
<%if not rs.eof then%>
<%=HTMLCode(rs("BoardName"))%>
<%rs.movenext             
end if%></a>
</TD>

                <TD width="19%" class=INDEX_TMALL>
<a href="t.asp?/=<%=Server.UrlEncode(rs("BoardName"))%>">
<%if not rs.eof then%>
<%=HTMLCode(rs("BoardName"))%>
<%rs.movenext             
end if%></a>
</TD></TR>
<%
rs.movenext
loop
end if
rs.close
set rs=nothing
%>
              <TR>
                <TD width="100%" height="20" colspan="6"></TD></TR>
</TBODY></TABLE>

<%
Sql="Select * from QiQiBoy_Board_Disp where BoardName='"+Keys+"'"
Set Rs=Conn.execute(Sql)
if rs.eof then
%>
         <TABLE cellSpacing=0 cellPadding=0 width="100%" align=center border=0>
           <TBODY>
            <form name="form" onsubmit="return form_onsubmit()" method="post" action="s.asp?Action=1">
              <TR>
                <TD width="5%" height="30"></TD>
                <TD width="20%" height="30" align="right" class=INDEX_XMALL>所属大类：</td><TD width="70%" height="30">
<SELECT class=input1 name="BoardNlass" onChange="changelocation(document.form.BoardNlass.options[document.form.BoardNlass.selectedIndex].value)" size="1">
<%
set rs=server.createobject("adodb.recordset")
sql = "select * from QiQiBoy_Nlass_Disp"
rs.open sql,conn,1,1
if rs.eof and rs.bof then
response.write "..."
response.end
else
%>
<OPTION selected value>==请选择大类==</OPTION>
<%do while not rs.eof%>
<OPTION value="<%=trim(rs("BoardNlass"))%>"><%=trim(rs("BoardNlassName"))%></OPTION>
<%
rs.movenext
loop
end if
rs.close
set rs=nothing
%></SELECT>
</TD>
                <TD width="5%" height="30"></TD></TR>
              <TR>
                <TD width="5%" height="30"></TD>
                <TD width="20%" height="30" align="right" class=INDEX_XMALL>所属小类：</td><TD width="70%" height="30"><SELECT name="BoardClass"><OPTION selected value>==请选择小类==</OPTION></SELECT></TD>
                <TD width="5%" height="30"></TD></TR>
              <TR>
                <TD width="5%" height="30"></TD>
                <TD width="20%" height="30" align="right" class=INDEX_XMALL>贴吧名称：</td><TD width="70%" height="30"><input name="BoardName" value="<%=Keys%>" maxLength="50" size="50"> *</TD>
                <TD width="5%" height="30"></TD></TR>
              <TR>
                <TD width="5%" height="30"></TD>
                <TD width="20%" height="30" align="right" class=INDEX_XMALL>贴吧简介：</td><TD width="70%" height="30"><TEXTAREA name="BoardDescription" rows="6" cols="60"></TEXTAREA> *</TD>
                <TD width="5%" height="30"></TD></TR>
<% If HOST_CODE=0 then %>
              <TR>
                <TD width="5%" height="30"></TD>
                <TD width="20%" height="30" align="right" class=INDEX_XMALL>验证编码：</td><TD width="70%" height="30"><input type="text" name="verifycode" maxLength=4 size="8"> * <%Call GetSafeCode%></TD>
                <TD width="5%" height="30"></TD></TR>
<% end if %>
              <TR>
                <TD width="5%" height="30"></TD>
                <TD width="20%" height="30"></td><TD width="70%" height="30"><INPUT type=submit name="SUBMIT" value=" 创建贴吧 "></TD>
                <TD width="5%" height="30"></TD></TR></form>
              <TR>
                <TD width="5%" height="30"></TD>
                <TD width="90%" height="10" colspan="2"></TD>
                <TD width="5%" height="30"></TD></TR>
<% else
response.redirect"t.asp?/="&Server.UrlEncode(rs("BoardName"))&""
end if %>
<% else %>
<%
server_v1=Cstr(Request.ServerVariables("HTTP_REFERER"))
server_v2=Cstr(Request.ServerVariables("SERVER_NAME"))
if mid(server_v1,8,len(server_v2))<>server_v2 then
response.write "<br><br><center><table border=1 cellpadding=20 bordercolor=black bgcolor=#EEEEEE width=450>"
response.write "<tr><td style=font:9pt Verdana>"
response.write "<center><font face=Georgia,Tahoma size=2><u>友情提示：服务器禁止非法操作...</u></font></center>"
response.write "</td></tr></table></center>"
response.end
end if
%>
<%
fqys=request.servervariables("query_string") 
dim nothis(18) 
nothis(0)="net user" 
nothis(1)="xp_cmdshell" 
nothis(2)="/add" 
nothis(3)="exec%20master.dbo.xp_cmdshell" 
nothis(4)="net localgroup administrators" 
nothis(5)="select" 
nothis(6)="count" 
nothis(7)="asc" 
nothis(8)="char" 
nothis(9)="mid" 
nothis(10)="'" 
nothis(11)=":" 
nothis(12)="""" 
nothis(13)="insert" 
nothis(14)="delete" 
nothis(15)="drop" 
nothis(16)="truncate" 
nothis(17)="from" 
nothis(18)="%" 
errc=false 
for i= 0 to ubound(nothis) 
if instr(FQYs,nothis(i))<>0 then 
errc=true 
end if 
next 
if errc then 
response.write "<br><br><center><table border=1 cellpadding=20 bordercolor=black bgcolor=#EEEEEE width=450>"
response.write "<tr><td style=font:9pt Verdana>"
response.write "<center><font face=Georgia,Tahoma size=2><u>友情提示：服务器禁止非法操作...</u></font></center>"
response.write "</td></tr></table></center>"
response.end 
end if 
%>
<% If HOST_CODE=0 then %>
<%
	if not IsNumeric(request("verifycode")) then
		rs.close
		set rs=nothing
		Response.Write ("<script>alert('友情提示!\n\n验证编码必须是数字!');history.back();</script>")
		Response.end
	end if

	if (int(session("SafeCode"))<>int(request("verifycode"))) then
		rs.close
		set rs=nothing
		Response.Write ("<script>alert('友情提示!\n\n验证编码输入错误!');history.back();</script>")
		Response.end
	end if
%>
<% end if %>
<%
	If UserGroupID<HOST_NEW then
		Response.Write ("<script>alert('友情提示!\n\n你的权限不够,管理员已设置创建新帖吧权限!');history.back();</script>")
		Response.end
	End If
	Dim BoardNlass,BoardClass,BoardChild,BoardName,BoardDescription
	BoardNlass=PostString(Request.Form("BoardNlass"))
	BoardClass=PostString(Request.Form("BoardClass"))
	BoardChild=CInt(Request.QueryString("BoardChild"))
	BoardName=Request.Form("BoardName")
	BoardName=PostString(BoardName)
	BoardDescription=PostString(Request.Form("BoardDescription"))
	If BoardNlass="" Then
		Response.Write ("<script>alert('友情提示!\n\n请选择贴吧所属大类!');history.back();</script>")
		Response.end
	End If
	If BoardClass="" Then
		Response.Write ("<script>alert('友情提示!\n\n请选择贴吧所属小类!');history.back();</script>")
		Response.end
	End If
	if Trim(BoardName)="" or Len(BoardName)>50 or Len(BoardName)<1 then
		Response.Write ("<script>alert('友情提示!\n\n贴吧名称不得小于1字数或大于50字数!');history.back();</script>")
		Response.end
	else
		BoardName=Trim(BoardName)
	end if
	if Trim(BoardDescription)="" or Len(BoardDescription)>80 or Len(BoardDescription)<1 then
		Response.Write ("<script>alert('友情提示!\n\n贴吧简介不得小于1字数或大于80字数!');history.back();</script>")
		Response.end
	else
		BoardDescription=Trim(BoardDescription)
	end if
	Sql="select BoardName from QiQiBoy_Board_Disp where BoardName='"&BoardName&"'"
	Set Rs=Conn.execute(Sql)
	if not rs.eof then
		Response.Write ("<script>alert('友情提示!\n\n提交的贴吧已被申请使用!');history.back();</script>")
		Response.end
	end if
	Sql="select Max(BoardID) from QiQiBoy_Board_Disp"
	Set Rs=Conn.execute(Sql)
	MaxBoardID=Rs(0)
	if isNull(MaxBoardID) then MaxBoardID=0
	Sql="select Max(BoardChild) from QiQiBoy_Board_Disp"
	Set Rs=Conn.execute(Sql)
	MaxBoardChild=Rs(0)
        if isNull(MaxBoardChild) then MaxBoardChild=0
	Sql="Insert into QiQiBoy_Board_Disp (BoardID,BoardNlass,BoardClass,BoardChild,BoardName,BoardDescription,BoardMaster,LastModify) values("&MaxBoardID+1&",'"&BoardNlass&"','"&BoardClass&"',"&MaxBoardChild+1&",'"&BoardName&"','"&BoardDescription&"',' ',#"&Now()&"#)"
	Conn.execute(Sql)
	Sql="Update QiQiBoy_Status_Disp set TotalBoards=TotalBoards+1"
	Set Rs=Conn.execute(Sql)
%>
<% end if %>
<script language="JavaScript" src="js/board_js.asp"></script>
<% if Action = 1 then %>
              <TR>
                <TD width="5%" height="20"></TD>
                <TD colspan="2" width="90%" height="20"></TD>
                <TD width="5%" height="20"></TD></TR>
              <TR>
                <TD colspan="4" background="IMAGES/betle_img_line.gif"></TD></TR>
              <TR>
                <TD width="5%" height="20"></TD>
                <TD class=INDEX_XMALL width="90%" height="50" align=center><img src="Images/loading.gif" border="0"></TD>
                <TD width="5%" height="20"></TD></TR>
              <TR>
                <TD width="5%" height="20"></TD>
                <TD colspan="2" width="90%" height="20"></TD>
                <TD width="5%" height="20"></TD></TR>
              <TR>
                <TD colspan="4" background="IMAGES/betle_img_line.gif"></TD></TR>
<%
Sql="select BoardName from QiQiBoy_Board_Disp where BoardNlass="&Cint(BoardNlass)&" and BoardClass="&Cint(BoardClass)&" and BoardChild="&Cint(MaxBoardChild+1)
Set Rs=Conn.execute(Sql)
BoardName=rs(0)
%>
<meta http-equiv="refresh" content="0;URL=t.asp?/=<%=Server.UrlEncode(BoardName)%>">
<% end if %>

<%else if S=T or S=C or S=U then%>
<%
response.redirect"y.asp?M="&S&"&N="&Server.UrlEncode(Keys)&""
%>
<%end if%>
<%end if%>
</TBODY></TABLE></TD></TR></TBODY></TABLE>
<!--#include file="end.asp"-->