save.asp

asp构建网站bbs.采用B/S架构

<%function laiyuan()
laiyuan=false
come=Request.ServerVariables("HTTP_REFERER")
here=Request.ServerVariables("SERVER_NAME")
if mid(come,8,len(here))<>here then
laiyuan=false
else
laiyuan=true
end if
end function
laiyuan()
if laiyuan=false then
response.redirect"index.asp"
end if%><!--#include file="up.asp"-->
<%bdlogin(2)
pagenum=request.querystring("pagenum")
re=request.querystring("re")
riqi=now+timeset/24
name=Replace(Request.Form("name"),"'","''")
password=Replace(Request.Form("password"),"'","''")%>
<!--#include file="md5.asp"-->
<%password1=md5(password)
body=Replace(Request.Form("body"),"'","''")
body=replace(body,"|?|","")
bodyok=Replace(body," ","")
face=request.form("face")
if face="" then
face="re"
end if
ls=session("lasttime")
if ls+1/8640>now() then
noyes="发 帖 失 败 ！"
mes="<meta http-equiv=refresh content=4;url=javascript:history.go(-1)><font color="&c1&">&nbsp;<b>对不起！你不能成功地发出帖子！！！</b></font><br>·本论坛为了防止灌水，限制了同一人发帖的时间间隔为 <b>10</b> 秒！<br><br>"
else
select case re
case"no"
ddii=myconn.execute("select max(id) from bbstl")(0)
if isnull(ddii) or ddii="" then ddii=0
fid=int(ddii)+1
zhuti=Replace(Request.Form("zhuti"),"'","''")
zhuti=Replace(zhuti,"|?|","")
zhutiok=Replace(zhuti," ","")
set rs=myconn.execute("select userid from [user] where name='"&name&"' and (password='"&password&"' or password='"&password1&"')")
if rs.eof or zhutiok="" or bodyok="" then
noyes="发 帖 失 败 ！"
mes="<meta http-equiv=refresh content=4;url=javascript:history.go(-1)><font color="&c1&">&nbsp;<b>对不起！你不能成功地发出帖子！！！可能存在以下问题：</b></font><br>· 你并没有填写主题或主要内容！<br>· 你填写的名字或密码错误！<br>· 如果你还没有注册一个用户，请<a href=zhuce.asp><font color=#000080>立即注册</font></a>！<br><br>"
else

cangg="yes"

isvote="0"
voteyn=request.form("voteyn")
if voteyn=1 then
function checkStr(str)
	if isnull(str) then
		checkStr = ""
		exit function 
	end if
	checkStr=replace(str,"'","''")
end function
votetype=request.form("votetype")
vote=Checkstr(trim(replace(request.Form("vote"),"|","")))
vote=split(vote,chr(13)&chr(10))
nnn1=ubound(vote)
if nnn1>9 then nnn1=9
for i=0 to nnn1
if not (vote(i)="" or vote(i)=" ") then
bodyv=bodyv&"|"&vote(i)
num=num&"|0"
end if
next
if bodyv="" then
isvote="0"
else
isvote="2"
outtime=request.form("outtime")
outt=now+outtime
myconn.execute("insert into vote(id,vote,votenum,type,outtime) values("&fid&",'"&bodyv&"','"&num&"',"&votetype&",'"&outt&"')")
end if
end if

if cangg="yes" then
lastbbs=""&name&"|?|"&left(zhuti,20)&"|?|"&riqi&"|?|"&fid&"|?|"&face&"|?|"&autotable&""
lastbbs1="——|?|"&left(body,40)&""
myconn.execute("insert into bbstl(id,zhuti,name,face,bd,riqi,orders,type,isvote,totable)VALUES("&fid&",'"&zhuti&"','"&name&"','"&face&"',"&bd&",'"&riqi&"','"&riqi&"',0,'"&isvote&"',"&autotable&")")
myconn.execute("insert into bbs"&autotable&"(id,zhuti,name,body,riqi,face,bd,orders,type,isvote,ips)VALUES("&fid&",'"&zhuti&"','"&name&"','"&body&"','"&riqi&"','"&face&"',"&bd&",'"&riqi&"',0,'"&isvote&"','"&ip&"')")
myconn.execute("update [user] set qian=qian+200,meili=meili+30,jingyan=jingyan+30 WHERE name='"&name&"'")
myconn.execute("update [bbsinfo] set topicnum=topicnum+1,bbsnum=bbsnum+1")
myconn.execute("update [bdinfo] set tnum=tnum+1,bbsnum=bbsnum+1,lastbbs='"&lastbbs&"' where bn="&bd&" and key<>'0'")
myconn.execute("update [bbstl] set lastre='"&lastbbs1&"' where id="&fid&"")
noyes="发 帖 成 功 ！"
mes="<meta http-equiv=refresh content=3;url=list.asp?bd="&bd&"><font color="&c1&"><b>&nbsp;发表成功----如果你不点击下面的连接，将在 3 秒后自动跳转到 "&wz&"！</b></font><br>· <a href=show.asp?id="&fid&"&bd="&bd&"&totable="&autotable&">回到你所发的帖的页面！</a><br>· <a href=list.asp?bd="&bd&">"&wz&"</a><br>· <a href=index.asp>"&tl&"</a><br><br>"
end if
end if
set rs=nothing




case"yes"
set lock=myconn.execute("select type from bbstl where id="&id&"")
if lock("type")=4 or lock("type")=5 then
canre1="no"
end if
set lock=nothing
if admin=3 then
canre1="yes"
end if
if canre="yes" then canre1="yes"
if canre1="no" then
noyes="操 作 失 败"
mes="<p style='margin: 15'>该帖子已经删除或被锁定</p>"
%><!--#include file="mes.asp"-->
<%
response.end
end if

set rs=myconn.execute("SELECT*FROM [user] where name='"&name&"'and (password='"&password&"' or password='"&password1&"')")
if rs.eof or bodyok="" then
noyes="回 复 失 败 ！"
mes="<meta http-equiv=refresh content=4;url=javascript:history.go(-1)><font color="&c1&">&nbsp;<b>对不起！你不能成功地回复帖子！！！可能存在以下问题：</b></font><br>· 你并没有填写主要内容！<br>· 你填写的名字或密码错误！<br>· 如果你还没有注册一个用户，请<a href=zhuce.asp><font color=#000080>立即注册</font></a>！<br><br>"
else
cangg="yes"
id=request.querystring("id")
set tota=myconn.execute("select top 1 totable,name from bbstl where id="&id&"")
tot=tota("totable")
upname=tota("name")
set tota=nothing
bbnum=myconn.execute("select count(bbsid) from bbs"&tot&" where bid="&id&" and type<>5")(0)
myconn.execute("update bbstl set bnum="&bbnum&" where id="&id&"")
myconn.execute("update bbs"&tot&" set bnum="&bbnum&" where id="&id&"")

myconn.execute("insert into bbs"&tot&"(bid,name,body,bd,orders,face,type,riqi,ips)VALUES("&id&",'"&name&"','"&body&"',"&bd&",'"&riqi&"','"&face&"',0,'"&riqi&"','"&ip&"')")
myconn.execute("update bbstl set orders='"&riqi&"' where id="&id&"")
myconn.execute("update bbs"&tot&" set bnum=bnum+1 where id="&id&"")
body1=left(body,20)
lastbbs=""&name&"|?|"&body1&"|?|"&riqi&"|?|"&id&"|?|"&face&"|?|"&tot&""
lastbbs1=""&name&"|?|"&body1&""
myconn.execute("update [bdinfo] set lastbbs='"&lastbbs&"',tnum=tnum+1,bbsnum=bbsnum+1 where bn="&bd&" and key<>'0'")
myconn.execute("update [bbstl] set lastre='"&lastbbs1&"',bnum=bnum+1 where id="&id&"")
myconn.execute("update [user] set qian=qian+20,meili=meili+5 WHERE name='"&upname&"'")
myconn.execute("update bbsinfo set bbsnum=bbsnum+1")
noyes="回 复 成 功 ！"
mes="<meta http-equiv=refresh content=3;url=list.asp?bd="&bd&"><font color="&c1&"><b>&nbsp;回复成功----如果你不点击下面的连接，将在 3 秒后自动跳转到 "&wz&"！</b></font><br>· <a href=show.asp?id="&id&"&bd="&bd&"&totable="&tot&"&topage="&pagenum&">回到你所回复的帖的页面！</a><br>· <a href=list.asp?bd="&bd&">"&wz&"</a><br>· <a href=index.asp>"&tl&"</a><br><br>"
end if
set rs=nothing
end select
if cangg="yes" then
myconn.execute("update [user] set bbsnum=bbsnum+1 where name='"&name&"'")
myconn.execute("update bbsinfo set todaynum=todaynum+1")
set bbs1=myconn.execute("select * from bbsinfo") 
mosttopic=bbs1("mosttopic")
todaynum=bbs1("todaynum")
set bbs1=nothing
if int(todaynum)>int(mosttopic) then
myconn.execute("update bbsinfo set mosttopic="&todaynum&"")
end if
session("lasttime")=Now()
end if
end if
%><br><!--#include file="mes.asp"--><br><!--#include file="down.asp"-->