remark.asp

blog 程序 DIV BLOG 0.6 Readme [ http://www.IamTing.com ] DIV BLOG 0.6版更新说明 =====================

<!--#INCLUDE FILE="conn.asp" -->
<!--#INCLUDE FILE="log_lib.asp" -->
<%
if not instr(1,Request.ServerVariables("http_Referer"),Request.ServerVariables ("SERVER_NAME"),1)=8 then
		message "不好意思，你提交的数据来自网站外部"
		response.end
end if

log_r_content=RTrim(replace(request("log_r_content"),"'","''"))
log_r_author=replace(request("log_r_author"),"'","''")
log_r_face=replace(request("log_r_face"),"'","''")
log_id=replace(request("log_id"),"'","''")
log_r_id=replace(request("log_r_id"),"'","''")
cat_id=replace(request("cat_id"),"'","''")
adduser=replace(request("adduser"),"'","''")

IF log_id="" Then
      MESSAGE("log_id句柄传递错误，请不要搞破坏！谢谢！")
      response.end
ElseIF DateDiff("s",Request.Cookies(dlog_cookies_name)("memLastPost"),Now())<30 Then '此处时间可以改！
      MESSAGE("您发表评论的时间太快了，系统设置评论间隔为30秒！")
      response.end
end if


allows=request("allows")
allowubb=request("allowubb")

if allows="" then
    allows=0
	end if
if allowubb="" then
	allowubb=0
	end if


if log_r_content="" then
   MESSAGE("不能提交空白的评论")
   response.end
end if

'dim ulogin,isad,username
function getstrlength(str)
wordl=0
strl=len(str)
for i=1 to strl
strm=mid(str,i,1)
if asc(strm)<0 then
wordl=wordl+2
else
wordl=wordl+1
end if
next
getstrlength=wordl
end function

    Username=Session("username"&dlog_session)
    Password=Session("password"&dlog_session)
    if username="" or password="" then
            Username=replace(request.Cookies(dlog_cookies_name)("Username"),"'","")
            Password=replace(request.Cookies(dlog_cookies_name)("Password"),"'","")
    end if
    sql= "SELECT isad FROM User_MDB where username = '" & Username & "' and password='" & Password & "'"
    set rs_inc=conn.Execute(sql)
            if not (rs_inc.BOF or rs_inc.eof) then
                ulogin="true" 
            Session("username"&dlog_session) = Username
            Session("password"&dlog_session) = Password
            Session("isad"&dlog_session)=rs_inc("isad")

                isad=Session("isad"&dlog_session)       
            end if
            rs_inc.Close()

if not ulogin="true" then
    username=replace(request("log_r_author"),"'","''")
    if username="" then
       MESSAGE("请填写你的呢称")
       response.end
    end if
    
    ul=username
    ull=getstrlength(ul)
  if ull>16 or ull<1 then
    MESSAGE("<li>对不起，用户名长度不能长于16个字节（八个汉字）</li>")
    response.end
  end if

  for i=1 to ull
    x=mid(username,i,1)
    for cc=1 to 32
      if x=chr(cc) or x="<" or x=">" or x="?" or x="," or x=chr(34) or x=";" or x="%" then
        MESSAGE("用户名只能是数字字母和中文")
        response.end
      end if
    next
  next

  set rs = Server.CreateObject("ADODB.Recordset")   
  sql = "SELECT * FROM user_mdb where username= '" & username & "'"
  rs.open sql,conn,1,3
  'set rs=conn.execute(sql)
if adduser="true" then
  if not (rs.Bof or rs.eof) then
    isun="true"
    MESSAGE("该名称已经被注册勒，请返回重填")
    response.end
  end if
 end if
  If not isun="true" Then
     if adduser="true" then

        Password=replace(request("Password"),"'","''")
        if password="" then
           MESSAGE("<li>对不起，请填写密码</li>")
        response.end
        end if

        Password=md5(Password)

        HomePage="http://"
        underwrite="空白"
        qq=0
        email=""
        reg_time=now()
        isad=0

        rs.addnew
        rs("Username")=Username
        rs("Password")=Password
        rs("email")=email
        rs("qq")=qq

        rs("homePage")=homePage
        rs("reg_time")=reg_time
        rs("isad")=isad
        rs("underwrite")=underwrite
        rs.update

        sql= "UPDATE log_count Set U_COUNT = U_COUNT + 1 where COUNT_ID = 1"
        conn.Execute(sql)
    Session("username"&dlog_session) = Username
    Session("password"&dlog_session) = Password
        uLogin="true"
        rs.close() 

     else 
        if adduser="" then unknowadd="true"
     end if
   end if


end if


'if request("add_log_r")="true" then
if Ulogin="true" or unknowadd="true" then
'if log_r_author=username or isad=-1 then
  if request("remark_action")="add_remark" then
     sql= "INSERT INTO log_r(log_r_content,log_r_author,log_r_face,log_id,allows,allowubb)VALUES('"&log_r_content&"','"&log_r_author&"','"&log_r_face&"','"&log_id&"',"&allows&","&allowubb&")"
     conn.Execute(sql)
   
     SQL= "UPDATE log SET lr_Count=lr_Count+1 where log_id= " & log_id & ""
     conn.Execute(sql)
     SQL= "UPDATE log_count SET r_Count=r_Count+1 where count_id=1"
     conn.Execute(sql)
     SQL= "UPDATE user_mdb SET f_r_count=f_r_count+1 where username= '" & log_r_author & "'"
	conn.Execute(sql)

  end if 
'end if
end if


if Ulogin="true" then
if log_r_author=username or isad=-1 then
  if request("remark_action")="edit_remark" then
     sql= "UPDATE log_r SET allows= "&allows&" where log_r_id= "&log_r_id&""
	 conn.Execute(sql)
     sql= "UPDATE log_r SET allowubb= "&allowubb&" where log_r_id= "&log_r_id&""
	 conn.Execute(sql)
     if request("del_log_r")="true" then
        sql="delete from log_r where log_r_id="&log_r_id
        conn.Execute(sql)

	SQL= "UPDATE log SET lr_Count=lr_Count-1 where log_id= " & log_id & ""
        conn.Execute(sql)
        SQL= "UPDATE log_count SET r_Count=r_Count-1 where count_id=1"
        conn.Execute(sql)
        SQL= "UPDATE user_mdb SET f_r_count=f_r_count-1 where username= '" & log_r_author & "'"
	conn.Execute(sql)
     else
     log_r_content=log_r_content & "[align=right][size=1][color=#cccccc][Edit on " & now() & " By " & username & "][/color][/size][/align]"
     
     sql= "UPDATE log_r SET log_r_content = '"&log_r_content&"' WHERE log_r_ID = " & log_r_id
     conn.Execute(sql)
     end if
  end if
end if
end if

Response.Cookies(dlog_cookies_name)("memLastpost")=Now()

conn.close()
set conn=nothing
 url="showlog.asp?log_id="&log_id&"&cat_id="&cat_id
    Response.Redirect(url)
%>