📄 post2.asp
字号:
<!--#INCLUDE FILE="config.asp" -->
<%
if DateDiff("s",Session("LastPostTime"),now())<PostTime then
Response.write "<html><script>alert(""如果发贴还需要等待"&PostTime - DateDiff("s",Session("LastPostTime"),now())&"秒"");self.location=(""javascript:history.go(-1)"")</script></html>"
Response.end
end if
set my_conn= Server.CreateObject("ADODB.Connection")
my_Conn.Open ConnString
%>
<%
Function ChkAdmin(strName, StrPasswd)
strSql ="SELECT Member_id, M_Name, M_Password from Members where M_Name = '" & strName & "' and M_Password = '" & StrPasswd &"'"
set rs_chk = my_conn.Execute (StrSql)
if rs_chk.BOF or rs_chk.EOF then
ChkAdmin = 0
else
strsql = "SELECT Admin.Admin_Name, Admin.Forum_ID from Admin"
set rsAdmin = my_conn.Execute (strsql)
if not(rsAdmin.eof or rsAdmin.bof) then
do until rsAdmin.eof
if rsAdmin("Admin_Name")=strName then ChkAdmin=1
rsAdmin.movenext
loop
end if
end if
strsql = "select SFAdmin_Name, SFAdmin_Password from SFAdmin"
set rs_chk = my_conn.Execute (strSQL)
if strName=rs_chk("SFAdmin_Name") and strpasswd=rs_chk("SFAdmin_Password") then ChkAdmin =1
rs_chk.close
set rs_chk = nothing
set rsAdmin = nothing
End Function
strsql = "select F_AdminOnly from forum where Forum_ID = " & Request.Form("forum_id")
set rs = my_conn.Execute (strsql)
if rs("F_AdminOnly") then
if cint(ChkAdmin(Request.Cookies("User")("Name"), Request.Cookies("User")("Pword"))) <> 1 then
%>
<table align="center" bgcolor=<%=TableColor%> border="0" width=500 cellspacing="1" cellpadding="3" class="sft">
<tr><td bgcolor=<%=HeadColor%> align="center" class="sfh">抱歉,您无权进入本版块</td></tr>
<tr><td bgcolor=<%=CellColor1%> align="center"><br>只有版主和管理员才可以有权进入本版块!<br>如果您是版主或管理员,请<a href="login.asp">登录论坛</a>后再进入本版块</td></tr>
</table>
<%
Response.End
end if
end if
%>
<%
if Request.Form("topic_id")<>"" then
strsql= "select t_status from topics where topic_id = " & Request.Form("topic_id")
set rs = my_conn.Execute (strsql)
if not (rs("t_status")) then
Response.write "<html><script>alert(""您正在回复或编辑的主题可能不存在,或者它已被关闭!"");self.location=(""index.asp"")</script></html>"
Response.end
end if
end if
set rs = server.CreateObject("ADODB.RecordSet")
Sub DoCount
strSQl ="Update totals set totals.P_Count=totals.P_Count + 1"
my_conn.Execute (strSQL)
End Sub
Sub UpdateUCount(user_name)
StrSQL = "Update members set members.M_Posts=members.M_Posts + 1 where M_name = '" & user_name & "'"
my_conn.Execute (StrSQL)
End sub
Function ChkString(str)
if str = "" then
str = " "
Else
if BadWordFiler = "true" then
bwords = split(BadWords, "|")
for i = 0 to ubound(bwords)
str= replace(str, bwords(i), string(len(bwords(i)),"*"), 1,-1,1)
next
End if
str=replace(str,"'","'",1,-1,1)
end if
ChkString = str
End Function
err_msg =""
ok=""
Function ChkUser(strName, StrPasswd)
strSql ="SELECT Member_id, M_Name, M_Password from Members where M_Name = '" & strName & "' and M_Password = '" & StrPasswd &"'"
set rs_chk = my_conn.Execute (StrSql)
if rs_chk.BOF or rs_chk.EOF then
ChkUser = 0
else
if cint(rs_chk("Member_ID"))= cint(Request.Form("Author")) then
ChkUser = 1
else
strsql = "SELECT Admin.Admin_Name, Admin.Forum_ID from Admin where Admin.Forum_ID = "&Request.form("forum_id")
set rsAdmin = my_conn.Execute (strsql)
if not(rsAdmin.eof or rsAdmin.bof) then
do until rsAdmin.eof
if rsAdmin("Admin_Name")=strName then ChkUser=1
rsAdmin.movenext
loop
end if
end If
end if
strsql = "select SFAdmin_Name, SFAdmin_Password from SFAdmin"
set rs_chk = my_conn.Execute (strSQL)
if strName=rs_chk("SFAdmin_Name") and strpasswd=rs_chk("SFAdmin_Password") then ChkUser =1
rs_chk.close
set rs_chk = nothing
set rsAdmin = nothing
End Function
Function GetSig(User_Name)
strSQL = "Select M_Sig from members where M_Name = '" & Request.Form("UserName") & "'"
set rsSig = my_conn.Execute (strSQL)
GetSig = rsSig("M_Sig")
rsSig.close
set rsSig = nothing
End Function
Sub GO_Result(str_err_msg, boolOk)
%>
<html>
<head>
<title><%=SFTitle%></title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<!--#include file="styles.css" -->
</head>
<body>
<br><br><br>
<table align="center" bgcolor=<%=TableColor%> border="0" width=360 cellspacing="1" cellpadding="3" class="sft">
<tr><td bgcolor=<%=CellColor1%> align="center">
<%
if boolOk = true then
DoCount
UpdateUCount Request.Form("username")
Session("LastPostTime")=now()
%>
您的帖子已经发表!谢谢!<br><br><a href="forum.asp?forum_id=<%=Request.Form("forum_id")%>&forum_title=<%=Request.Form("forum_title")%>">回到论坛...</a>
<script language=javascript>
setTimeout("location.replace('forum.asp?forum_id=<%=Request.Form("forum_id")%>&forum_title=<%=Request.Form("forum_title")%>')",500)
</script>
<%
Else
%>
错误:<%= str_err_msg %>
<br><br><a href="javascript:history.go(-1)">退回上一步</a>
<%
Response.End
End If
%>
</td></tr>
</table>
</body></html><%
Response.End
End Sub
if Request.Form("method_type") = "edit" then
if cint(ChkUser(Request.Form("username"), Request.Form("password")))<>1 then
GO_Result "只有管理员、本版版主或作者才可以修改帖子!", false
Response.End
end if
txtMessage = Request.Form("Message")
' sigstr = "*本帖子由 "& Request.Form("UserName") & " 编辑于 " & now()
strSql = "select r_sig from reply where Reply_ID=" & Request.Form("reply_id")
set rsSig = my_conn.Execute (strSQL)
sigstr = rsSig("r_sig") & "<br><i>" & "*本回复由 "& Request.Form("UserName") & " 编辑于 " & now() &"</i>"
rsSig.close
set rsSig = nothing
strSql = "update reply set R_Message = '" & chkString(server.htmlencode(txtMessage)) & "', R_Sig= '" & sigstr &"' where Reply_ID=" & Request.Form("reply_id")
my_conn.Execute (StrSql)
strSql = "update forum set F_Last_Post = #" & now() & "# where Forum_ID = " & Request.Form("forum_id")
my_conn.Execute (StrSql)
err_msg= ""
if Err.description <> "" then
GO_Result "There was an error = " & Err.description, false
Response.End
Else
Go_Result "更新成功!", true
End If
strSql = "update topics set T_Last_Post = #" & now() & "# where Topic_ID = " & Request.Form("topic_id")
my_conn.Execute (StrSql)
err_msg= ""
if Err.description <> "" then
GO_Result "错误:" & Err.description, false
Response.End
Else
Go_Result "更新成功!", true
Response.End
End If
End if
if Request.Form("method_type") = "editTopic" then
if cint(ChkUser(Request.Form("username"), Request.Form("password")))<>1 then
GO_Result "只有管理员、本版版主或作者才可以修改帖子", false
Response.End
end if
txtMessage = Request.Form("Message")
' sigstr = "*本帖子由 "& Request.Form("UserName") & " 编辑于 " & now()
strSql = "select t_sig from topics where Topic_ID=" & Request.Form("reply_id")
set rsSig = my_conn.Execute (strSQL)
sigstr = rsSig("t_sig") & "<br><i>" & "*本帖子由 "& Request.Form("UserName") & " 编辑于 " & now() &"</i>"
rsSig.close
set rsSig = nothing
strSql = "update Topics set T_Message = '" & chkString(server.htmlencode(txtMessage)) & "', T_Sig= '" & sigstr & "' where Topic_ID=" & Request.Form("reply_id")
my_conn.Execute (StrSql)
err_msg= ""
if Err.description <> "" then
GO_Result "There was an error = " & Err.description, false
Response.End
Else
Go_Result "更新成功!", true
End If
End if
if lcase(Request.Form("method_type")) = "topic" then
strSql ="SELECT Member_id, M_Email, M_Name, M_Password from Members where M_Name = '" & Request.Form("UserName") & "' and M_Password = '" & Request.Form("Password") &"'"
set rs = my_conn.Execute (StrSql)
if rs.BOF or rs.EOF then
GO_Result "无效的用户名或密码!", false
Response.End
Else
if Request.Form("Message") = "" then
GO_Result "您需要填写内容!", false
Response.End
end if
if Request.Form("TopicSubject") = "" then
GO_Result "您需要填写主题!", false
Response.End
end if
if Request.Form("VoteItem")="" and Request.Form("vote") = "yes" then
GO_Result "您需要填写投票项目!", false
Response.End
end if
Strmsg = chkString(server.htmlencode(Request.Form("Message")))
if Request.Form("sig") = "yes" then sigstr = GetSig(Request.Form("UserName"))
if sigstr="" then sigstr=" "
memberstr= rs("M_Name")
strSql = "insert into topics (forum_id, T_Subject, T_Message, T_Originator, T_Sig, T_IP, T_Last_Member"
if Request.Form("notreply") = "yes" then strSql = strsql & ", T_Status"
if Request.Form("vote") = "yes" then strSql = strSql & ", T_VoteItem, T_VoteNumber, T_VoteUser, T_VoteTime"
strSql = strSql & ") Values ("
strSql = strSql & Request.Form("forum_id") & ", '"
strSql = strSql & trim(chkString(server.htmlencode(Request.Form("TopicSubject")))) & "', '"
strSql = strSql & Strmsg & "', "
strSql = strSql & rs("Member_ID") & ", '"
strSql = strSql & sigstr &"', '"
strSql = strSql & Request.ServerVariables("REMOTE_ADDR") & "', '"
strSql = strSql & memberstr & "'"
if Request.Form("notreply") = "yes" then strSql = strsql & ", false"
if Request.Form("vote") = "yes" then
strvote = chkString(server.htmlencode(Request.Form("VoteItem")))
vote_array = split(strvote,CHR(10))
i = 0
j = 0
strvote=""
strnum=""
do until i>ubound(vote_array) or j>9
if rtrim(vote_array(i))<>"" then
strvote=strvote & vote_array(i) &"|"
strnum=strnum & "0|"
j= j+1
end if
i = i + 1
loop
strvote = left(strvote, len(strvote)-1)
strnum = left(strnum, len(strnum)-1)
strSql = strSql & ", '" & strvote & "', '" & strnum & "', '|', " & 30
end if
strSql = strSql & ")"
my_conn.Execute (StrSql)
if Err.description <> "" then
err_msg = "错误! " & Err.description
Else
err_msg = "更新成功!"
End if
strSql = "select top 1 Topic_ID from Topics order by T_Last_Post DESC"
set rsLast = my_conn.Execute (StrSql)
if not rs.eof then LastID=rsLast("Topic_ID")
strSql = "update forum set F_Last_Post = #" & now() & "#,F_Last_Reply = '" & trim(chkString(server.htmlencode(Request.Form("TopicSubject")))) & "', F_Last_Member = '" & memberstr & "', F_Last_ID = " & LastID & ", F_Count = F_Count +1 where Forum_ID = " & Request.Form("forum_id")
my_conn.Execute (StrSql)
strsql = "update members set M_LastTime = #" & now() & "#,M_LastPost = '" & trim(chkString(server.htmlencode(Request.Form("TopicSubject")))) & "' where member_id = " & rs("Member_ID")
my_conn.Execute (strsql)
GO_Result err_msg, true
Response.End
End If
End if
if Request.Form("method_type") = "reply" then
strSql ="SELECT Member_id, M_Name, M_Email, M_Password from Members where M_Name = '" & Request.Form("UserName") & "' and M_Password = '" & Request.Form("Password") &"'"
set rs = my_conn.Execute (StrSql)
if rs.BOF or rs.EOF then
err_msg = "无效的用户名或密码!"
GO_Result(err_msg), false
Response.End
Else
if Request.Form("Message") = "" then
GO_Result "您需要填写内容!", false
Response.End
End if
Strmsg = chkString(server.htmlencode(Request.Form("Message")))
if Request.Form("sig") = "yes" then sigstr = GetSig(Request.Form("UserName"))
if sigstr="" then sigstr=" "
memberstr = rs("M_Name")
strSql = "insert into reply (forum_id, topic_id, r_posted_by, r_message, r_sig, r_ip) Values ("
strSql = StrSql & Request.Form("forum_id") & ", "
strSql = StrSql & Request.Form("topic_id") & ", "
strSql = StrSql & rs("Member_ID") & ", '"
strSql = StrSql & Strmsg & "', '"
strSql = StrSql & sigstr & "', '"
strSql = strSql & Request.ServerVariables("REMOTE_ADDR") &"')"
my_conn.Execute (StrSql)
strSql = "update topics set T_Last_Post = #" & now() & "#, T_Last_Member = '" & memberstr & "', T_Replies = T_Replies +1 where Topic_ID = " & Request.Form("topic_id")
my_conn.Execute (StrSql)
strSql = "update forum set F_Last_Post = #" & now() & "#, F_Last_Reply = '" & trim(chkString(server.htmlencode(Request.Form("topic_title")))) & "', F_Last_Member = '" & memberstr & "', F_Last_ID = " & Request.Form("topic_id") & ", F_Count = F_Count +1 where Forum_ID = " & Request.Form("forum_id")
my_conn.Execute (StrSql)
strsql = "update members set M_LastTime = #" & now() & "#,M_LastPost = '回复:" & trim(chkString(server.htmlencode(Request.Form("topic_title")))) & "' where member_id = " & rs("Member_ID")
my_conn.Execute (strsql)
if Err.description <> "" then
GO_Result "错误:" & Err.description, false
Response.End
Else
if lcase(Request.Form("M")) = "true" then
strSQL = " SELECT Members.M_Name, Members.M_Email FROM Members INNER JOIN " & _
" Topics ON Members.Member_id = Topics.T_Originator WHERE Topics.Topic_ID= " & Request.Form("topic_ID")
set rs2 = my_conn.Execute (strSQL)
rs2.close
set rs2 = nothing
End if
GO_Result "更新成功!", True
Response.End
End if
End if
End if
my_conn.Close
set my_conn = nothing
set rs = nothing
set rsAdmin = nothing
%>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -