post_info.asp

代码名称： Snitz Forums 2000 代码语言： 英文 代码类型： 国外代码 运行环境： ASP 授权方式： 免费代码 代码大小： 530kb 代码等级： 3 整

<%
'#################################################################################
'## Snitz Forums 2000 v3.4.05
'#################################################################################
'## Copyright (C) 2000-05 Michael Anderson, Pierre Gorissen,
'##                       Huw Reddick and Richard Kinser
'##
'## This program is free software; you can redistribute it and/or
'## modify it under the terms of the GNU General Public License
'## as published by the Free Software Foundation; either version 2
'## of the License, or (at your option) any later version.
'##
'## All copyright notices regarding Snitz Forums 2000
'## must remain intact in the scripts and in the outputted HTML
'## The "powered by" text/logo with a link back to
'## http://forum.snitz.com in the footer of the pages MUST
'## remain visible when the pages are viewed on the internet or intranet.
'##
'## This program is distributed in the hope that it will be useful,
'## but WITHOUT ANY WARRANTY; without even the implied warranty of
'## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
'## GNU General Public License for more details.
'##
'## You should have received a copy of the GNU General Public License
'## along with this program; if not, write to the Free Software
'## Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
'##
'## Support can be obtained from our support forums at:
'## http://forum.snitz.com
'##
'## Correspondence and Marketing Questions can be sent to:
'## manderson@snitz.com
'##
'#################################################################################
%>
<!--#INCLUDE FILE="config.asp"-->
<!--#INCLUDE FILE="inc_sha256.asp"-->
<!--#INCLUDE FILE="inc_header.asp" -->
<!--#INCLUDE FILE="inc_func_secure.asp" -->
<!--#INCLUDE FILE="inc_func_member.asp" -->
<!--#INCLUDE FILE="inc_moderation.asp" -->
<!--#INCLUDE FILE="inc_subscription.asp" -->
<!--#INCLUDE FILE="inc_func_count.asp" -->
<% 
if request("ARCHIVE") = "true" then
	strActivePrefix = strTablePrefix & "A_"
	ArchiveView = "true"
else
	strActivePrefix = strTablePrefix
	ArchiveView = ""
end if

'Topic Move Check
Dim blnTopicMoved
Dim fSubscription

fsubscription = 1
blnTopicMoved = false

if strAuthType = "db" and strDBNTUserName = "" and len(Request.Form("Password")) <> 64 then
	strPassword = sha256("" & Request.Form("Password"))
else
	strPassword = ChkString(Request.Form("Password"),"SQLString")
end if

if strAuthType = "db" and strDBNTUserName = "" then
	strDBNTUserName = Request.Form("UserName")
	if mLev = 0 then mLev = cLng(chkUser(strDBNTUserName, strPassword,-1))
end if

MethodType = chkString(Request.Form("Method_Type"),"SQLString")

if Request.Form("CAT_ID") <> "" then
	if IsNumeric(Request.Form("CAT_ID")) = True then
		Cat_ID = cLng(Request.Form("CAT_ID"))
	else
		Response.Redirect("default.asp")
	end if
end if
if Request.Form("FORUM_ID") <> "" then
	if IsNumeric(Request.Form("FORUM_ID")) = True then
		Forum_ID = cLng(Request.Form("FORUM_ID"))
	else
		Response.Redirect("default.asp")
	end if
end if
if Request.Form("TOPIC_ID") <> "" then
	if IsNumeric(Request.Form("TOPIC_ID")) = True then
		Topic_ID = cLng(Request.Form("TOPIC_ID"))
	else
		Response.Redirect("default.asp")
	end if
end if
if Request.Form("REPLY_ID") <> "" then
	if IsNumeric(Request.Form("REPLY_ID")) = True then
		Reply_ID = cLng(Request.Form("REPLY_ID"))
	else
		Response.Redirect("default.asp")
	end if
end if
if Request.Form("Subscription") <> "" then
	fSubscription = cLng(Request.Form("Subscription"))
else
 	fSubscription = 0
end if

if Request.Form("cookies") = "yes" then
	strSelectSize = Request.Form("SelectSize")
end if

if strSelectSize = "" or IsNull(strSelectSize) then 
	strSelectSize = Request.Cookies(strUniqueID & "strSelectSize")
end if
if not(IsNull(strSelectSize)) and strSelectSize <> "" then 
	if strSetCookieToForum = 1 then
    		Response.Cookies(strUniqueID & "strSelectSize").Path = strCookieURL
	else
		Response.Cookies(strUniqueID & "strSelectSize").Path = "/"
	end if
	Response.Cookies(strUniqueID & "strSelectSize") = strSelectSize
	Response.Cookies(strUniqueID & "strSelectSize").expires = dateAdd("yyyy", 1, strForumTimeAdjust)
end if

if MethodType = "Edit" or _
MethodType = "EditTopic" or _
MethodType = "Reply" or _
MethodType = "ReplyQuote" or _
MethodType = "TopicQuote" then
	'## check if topic exists in TOPICS table
	set rsTCheck = my_Conn.Execute ("SELECT TOPIC_ID FROM " & strActivePrefix & "TOPICS WHERE TOPIC_ID = " & Topic_ID)
	if rsTCheck.EOF or rsTCheck.BOF then
		Go_Result "Sorry, that Topic no longer exists in the Database", 0
	end if
	set rsTCheck = nothing
end if

set rs = Server.CreateObject("ADODB.RecordSet")

err_Msg = ""
ok = "" 

if ArchiveView <> "" then
	if MethodType = "Reply" or _
	MethodType = "ReplyQuote" or _
	MethodType = "TopicQuote" then
		Go_Result "This is not allowed in the Archives.", 0
	end if
end if

if MethodType = "Edit" then
	'## Forum_SQL - Get the author of the reply
	strSql = "SELECT R_AUTHOR " 
	strSql = strSql & " FROM " & strActivePrefix & "REPLY "
	strSql = strSql & " WHERE REPLY_ID = " & REPLY_ID
 
	set rsStatus = my_Conn.Execute(strSql)
	if rsStatus.EOF or rsStatus.BOF then
		Go_Result "Please don't attempt to edit the URL<br />to gain access to locked Forums/Categories.", 0
	else
		strReplyAuthor = rsStatus("R_AUTHOR")
		rsStatus.close
		set rsStatus = nothing
	end if
end if

if MethodType = "Edit" or _
MethodType = "EditTopic" or _
MethodType = "Reply" or _
MethodType = "ReplyQuote" or _
MethodType = "Topic" or _
MethodType = "TopicQuote" then
	if MethodType <> "Topic" then
		'## Forum_SQL - Find out if the Category, Forum or Topic is Locked or Un-Locked and if it Exists
		strSql = "SELECT C.CAT_STATUS, C.CAT_NAME, " &_
		"F.FORUM_ID, F.F_STATUS, F.F_TYPE, F.F_SUBJECT, " &_
		"T.T_STATUS, T.T_AUTHOR, T.T_SUBJECT " &_
		" FROM " & strTablePrefix & "CATEGORY C, " &_
		strTablePrefix & "FORUM F, " &_
		strActivePrefix & "TOPICS T" &_
		" WHERE C.CAT_ID = T.CAT_ID " &_
		" AND F.FORUM_ID = T.FORUM_ID " &_
		" AND T.TOPIC_ID = " & Topic_ID & ""
	else
		'## Forum_SQL - Find out if the Category or Forum is Locked or Un-Locked and if it Exists
		strSql = "SELECT C.CAT_STATUS, C.CAT_NAME, " &_
		"F.FORUM_ID, F.F_STATUS, F.F_TYPE, F.F_SUBJECT " &_
		" FROM " & strTablePrefix & "CATEGORY C, " &_
		strTablePrefix & "FORUM F" &_
		" WHERE C.CAT_ID = F.CAT_ID " &_
		" AND F.FORUM_ID = " & Forum_ID & ""
        end if
 
	set rsStatus = my_Conn.Execute(strSql)
	if rsStatus.EOF or rsStatus.BOF then
		Go_Result "Please don't attempt to edit the URL<br />to gain access to locked Forums/Categories.", 0
	else
		blnCStatus = rsStatus("CAT_STATUS")
		strCatTitle = rsStatus("CAT_NAME")
		blnFStatus = rsStatus("F_STATUS")
		Forum_ID = rsStatus("FORUM_ID")
		Forum_Type = rsStatus("F_TYPE")
		strForum_Title = rsStatus("F_SUBJECT")
		if MethodType <> "Topic" then
			blnTStatus = rsStatus("T_STATUS")
			strTopicAuthor = rsStatus("T_AUTHOR")
			strTopicTitle = rsStatus("T_SUBJECT")
		else
			blnTStatus = 1
		end if
		rsStatus.close
		set rsStatus = nothing
	end if
 
	if mLev = 4 then
		AdminAllowed = 1
		ForumChkSkipAllowed = 1
	elseif mLev = 3 then
		if chkForumModerator(Forum_ID, ChkString(strDBNTUserName, "decode")) = "1" then
			AdminAllowed = 1
			ForumChkSkipAllowed = 1
		else
			if lcase(strNoCookies) = "1" then
				AdminAllowed = 1
				ForumChkSkipAllowed = 0
			else
				AdminAllowed = 0
				ForumChkSkipAllowed = 0
			end if
		end if
	elseif lcase(strNoCookies) = "1" then
		AdminAllowed = 1
		ForumChkSkipAllowed = 0
	else
		AdminAllowed = 0
		ForumChkSkipAllowed = 0
	end if 
 
	select case MethodType
		case "Topic"
			if (Forum_Type = 1) then
				Go_Result "You have attempted to post a New Topic to a Forum designated as a Web Link",0
			end if
			if (blnCStatus = 0) and (AdminAllowed = 0) then
				Go_Result "You have attempted to post a New Topic to a Locked Category", 0
			end if
			if (blnFStatus = 0) and (AdminAllowed = 0) then
				Go_Result "You have attempted to post a New Topic to a Locked Forum", 0
			end if
		case "EditTopic"
			if ((blnCStatus = 0) or (blnFStatus = 0) or (blnTStatus = 0)) and (AdminAllowed = 0) then
				Go_Result "You have attempted to edit a Locked Topic", 0
			end if
		case "Reply", "ReplyQuote", "TopicQuote"
			if ((blnCStatus = 0) or (blnFStatus = 0) or (blnTStatus = 0)) and (AdminAllowed = 0) then
				Go_Result "You have attempted to Reply to a Locked Topic", 0
			end if
		case "Edit"
			if ((blnCStatus = 0) or (blnFStatus = 0) or (blnTStatus = 0)) and (AdminAllowed = 0) then
				Go_Result "You have attempted to Edit a Reply to a Locked Topic", 0
			end if
	end select
	if strPrivateForums = "1" and ForumChkSkipAllowed = 0 then
		if not(chkForumAccess(Forum_ID,MemberID,false)) then
    			Go_Result "You do not have access to post to this forum", 0
  		end if
	end if
end if

' If Creating a new topic or reply, the subscription and moderation capabilities will need to be checked.
Moderation = "No"
if MethodType = "Topic" or _
   MethodType = "Edit" or _
   MethodType = "Reply" or _
   MethodType = "ReplyQuote" or _
   MethodType = "TopicQuote" or _
   MethodType = "Forum" or _
   MethodType = "EditForum"  then

	if strModeration > 0 or strSubscription > 0 then
		'## Forum_SQL - Get the Cat_Subscription, Cat_Moderation, Forum_Subscription, Forum_Moderation
		strSql = "SELECT C.CAT_MODERATION, C.CAT_SUBSCRIPTION, C.CAT_NAME "
		if MethodType <> "Forum" then
			strSql = strSql & ", F.F_MODERATION, F.F_SUBSCRIPTION "
		end if
		strsql = strsql & " FROM " & strTablePrefix & "CATEGORY C"
		if MethodType <> "Forum" then
			strSql = strSql & ", " & strTablePrefix & "FORUM F"
		end if
		strSql = strSql & " WHERE C.CAT_ID = " & Cat_ID
		if MethodType <> "Forum" then
			strSql = strSql & "   AND F.FORUM_ID = " & Forum_ID
		end if
		set rsCheck = my_Conn.Execute (strSql)

		CatName           = rsCheck("CAT_NAME")
		CatSubscription   = rsCheck("CAT_SUBSCRIPTION")
		CatModeration     = rsCheck("CAT_MODERATION")
		if MethodType <> "Forum" then
			ForumSubscription = rsCheck("F_SUBSCRIPTION")
			ForumModeration   = rsCheck("F_MODERATION")
		end if
		rsCheck.Close
		set rsCheck = nothing
		if MethodType <> "Forum" then
			'## Moderators and Admins are not subject to Moderation
			if strModeration = 0 or mlev = 4 or chkForumModerator(Forum_ID, strDBNTUserName) = "1" then
				Moderation = "No"
			'## Is Moderation allowed on the category?
			elseif CatModeration = 1 then
				'## if this is a topic, is forum moderation set to all posts or topic?
				if (ForumModeration = 1 or ForumModeration = 2) and (MethodType = "Topic") then
					Moderation = "Yes"
				'## if this is a reply, is forum moderation set to all posts or reply?
				elseif (ForumModeration = 1 or ForumModeration = 3) and (MethodType <> "Topic") then
					Moderation = "Yes"
				end if
		    	end if
	      	end if
	end if
end if

if MethodType = "Edit" then
	member = cLng(ChkUser(strDBNTUserName, strPassword, strReplyAuthor))
	Select Case Member 
		case 0 '## Invalid Pword
			Go_Result "Invalid Password or UserName", 0
			Response.End
		case 1 '## Author of Post so OK
			'## Do Nothing
		case 2 '## Normal User - Not Authorised
			Go_Result "Only an Admin, a Moderator or the Author can change this post", 0
			Response.End
		case 3 '## Moderator so OK - check the Moderator of this forum
			if chkForumModerator(Forum_ID, strDBNTUserName) = "0" then
				Go_Result "Only an Admin, a Moderator or the Author can change this post", 0
			end if