post_do.asp

用ASP语言开发的一个不错的留言本。 升级时注册先只上传upgrade.asp并浏览升级

<!--#include file="conn.asp"-->
<!--#include file="connip.asp"-->
<!--#include file=const.asp -->
<!--#include file=md5.asp -->
<%

dim title,name,pass,email,qq,url,pic,nei,t,rt,yd,hf,jh,bl,male,face,icq,msn
dim exec1, rs1, rs, rs2, id,isPrivate, foundErr
      
title=encodestr(Request.form("title"))
name=encodestr(Request.form("name"))
pass=encodestr(Request.form("pass"))
email=encodestr(Request.form("email"))
qq=encodestr(Request.form("qq"))
icq=encodestr(Request.form("icq"))
msn=encodestr(Request.form("msn"))
url=encodestr(Request.form("url"))
nei=replace(Request.form("nei"),"'","""")
pic=encodestr(Request.form("pic"))
male=encodestr(Request.form("male"))
face=encodestr(Request.form("face"))
isPrivate=encodestr(Request.form("isPrivate"))
bl=0

if isDate(request.cookies("gbook")("lastpost")) then
	if dateDiff("s",Cdate(request.cookies("gbook")("lastPost")),now)<=postLimit then
		session("error")="请不要灌水！！<br>"
		foundErr=true
	end if
end if
if len(title)<3 then
	session("error")="请认真填写留言标题！！<br>"
	foundErr=true
end if
if len(name)=0 and not theUser.reged then
	session("error")=session("error") & "请填写用户名！！<br>"
	foundErr=true
end if
if len(nei)<2 then
	session("error")=session("error") & "请认真填写留言内容！！<br>"
	foundErr=true
end if
if len(nei)>maxLength then
	session("error")=session("error") & "留言内容最多"& maxLength &"个字符，请减少你的留言内容！！<br>"
	foundErr=true
end if
if len(title)>40 then
	session("error")=session("error") & "留言标题不可以超过40个字符！！<br>"
	foundErr=true
end if
if len(name)>10 then
	session("error")=session("error") & "用户名不可以超过10个字符！！<br>"
	foundErr=true
end if

if foundErr then
	connclose()
	response.redirect("error.asp")
end if

if theUser.reged then
	name=theUser.name
	qq=theUser.qq
	email=theUser.email
	url=theUser.url
	if theUser.male then
		male="1"
	else
		male="0"
	end if
	face=theUser.face
	bl=1
elseif pass<>"" then
	pass=MD5(pass)
	exec1="select * from [user] where username='"&name&"'"
	Set RS1 = Server.CreateObject("ADODB.RecordSet") 
	rs1.Open exec1, Conn, 1, 2
	if not rs1.eof then
		if pass=rs1("userpassword") then
			qq=rs1("oicq")
			icq=rs1("icq")
			msn=rs1("msn")
			email=rs1("useremail")
			url=rs1("homepage")
			male=rs1("sex")
			face=rs1("GBface")
			bl=1
		else
			rs1.close : set rs1=nothing
			connclose()
			session("error")="保留用户密码帐号不对应！！！"
			response.redirect "error.asp"
		end if
	else
		if email<>"" and not validEmail(email) then
			connclose()
			session("error")="请输入正确的email地址！！！"
			response.redirect "error.asp"
		end if
		if isLikeMasterName(name) then
			connclose()
			session("error")="请不要使用与版主名相似的用户名！！！"
			response.redirect "error.asp"
		end if
		
		Set rs2 = Server.CreateObject("ADODB.Recordset")
		exec1="select * from [user] where userid=0"
		rs2.Open exec1,conn,1,2
		rs2.addnew
		rs2("username")=name
		rs2("userpassword")=pass
		if email<>"" then
			rs2("useremail")=email
		end if
		if qq<>"" then
			rs2("oicq")=qq
		end if
		if icq<>"" then
			rs2("icq")=icq
		end if
		if msn<>"" then
			rs2("msn")=msn
		end if
		if url<>"" then
			rs2("homepage")=url
		end if
		rs2("sex")=male
		rs2("GBface")=face
		rs2("GBpostNum")=0
		rs2("GBprivateNum")=0
		rs2("addDate")=dateAdd("h",timeDiff,now)
		rs2.update
		rs2.close
		set rs2=nothing
		exec1="update GBconst set userNum=userNum+1"
		conn.execute(exec1)
		
		bl=1
	end if
	rs1.close
	set rs1=nothing
else
	'未注册,未填密码
	if mustReg then
		connclose()
		session("error")="只有注册用户可以发言，请注册！"
		response.redirect "error.asp"
	end if
	if email<>"" and not validEmail(email) then
		connclose()
		session("error")="请输入正确的email地址！！！"
		response.redirect "error.asp"
	end if
	if isLikeMasterName(name) then
		connclose()
		session("error")="请不要使用与版主名相似的用户名！！！"
		response.redirect "error.asp"
	end if
		
	exec1="select top 1 userid from [user] where username='"& name &"'"
	set rs2=conn.execute(exec1)
	if not rs2.eof then
		connclose()
		session("error")="您使用的用户名受到保护,请更换!"
		response.redirect("error.asp")
	end if
	rs2.close
	set rs2=nothing
	if request.cookies("gbookGuestName")<>"" then
		if name<>request.cookies("gbookGuestName") then
			connclose()
			session("error")="请不要使用多个用户名留言"
			response.redirect "error.asp"
		end if
	else
		if cookiePath<>"" then
			response.cookies("gbookGuestName").Path=cookiePath
		end if
		response.cookies("gbookGuestName")=name
	end if
end if


Set rs = Server.CreateObject("ADODB.Recordset")
exec1="select * from ly where id=0"
rs.Open exec1,conn,1,2
	rs.addnew
	rs("name")=name
	rs("title")=title
	if email<>"" then
		rs("email")=email
	end if
	if qq<>"" then
		rs("qq")=qq
	end if
	if icq<>"" then
		rs("icq")=icq
	end if
	if msn<>"" then
		rs("msn")=msn
	end if
	if url<>"" then
		rs("url")=url
	end if
	rs("male")=male
	rs("face")=face
	rs("nei")=nei
	rs("t")=dateAdd("h",timeDiff,now)
	rs("pic")=pic
	rs("bl")=bl
	rs("yd")=0
	rs("hf")=0
	rs("jh")=0
	rs("rt")=0
	rs("ip")=request.servervariables("remote_addr")
	rs("comefrom")=getFrom(request.servervariables("remote_addr"))
	if isPrivate="1" then
		rs("isPrivate")=1
	end if
	rs.update
	rs.close
	exec1="select max(id) from ly"
	rs.open exec1,conn,1,1
	id=rs(0)
	rs.close
	set rs=nothing
	exec1="update ly set reid=id, retime=t where id="& id
	conn.execute exec1
	
exec1="update GBconst set topicNum=topicNum+1"
conn.execute(exec1)
if bl=1 then
	exec1="update [user] set GBpostNum=GBpostNum+1 where username='"& name &"'"
	conn.execute(exec1)
end if
if bl=1 and isPrivate="1" then
		exec1="update GBconst set privateNum=privateNum+1"
		conn.execute(exec1)
		exec1="update [user] set GBprivateNum=GBprivateNum+1 where username='"& name &"' "
		conn.execute(exec1)
end if

conn.close
set conn=nothing
connIpclose()

if cookiePath<>"" then
	response.cookies("gbook").Path=cookiePath
end if
response.cookies("gbook")("lastPost")=now

if not theUser.reged then
	response.cookies("gbook")("username")=vbescape(name)
	response.cookies("gbook")("password")=pass
end if

session("url")="show.asp?id="&id
response.redirect "addok.asp"
%>