newreply.asp

一个叫做雪人的论坛源码

<!--#INCLUDE FILE="inc/db_inc.asp"-->
<!--#INCLUDE FILE="inc/md5_inc.asp"-->
<!--#INCLUDE FILE="inc/char_inc.asp"-->
<!--#INCLUDE FILE="inc/xbcode_inc.asp"-->
<!--#INCLUDE FILE="inc/uploadfile_inc.asp"-->
<!--#INCLUDE FILE="header.asp"-->
<!--#INCLUDE FILE="user.asp"-->
<%
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'	Snowman Forum v2.0 for MS SQL Server
'
'	Copyright(C) Snowman, All rights reserved.
'
'	http://www.xinboard.net
'
'	Access版本免费, 欲使用SQL Server商业版本请购买使用权
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

dim StrSql, toptext, rs2, StrHtml, StrHtml2, error, sex, avatar, err, userid, threadid, threadtitle, postid, posttitle

StrHtml = loadtemplate("htmltop")
StrHtml = Replace(StrHtml, "{pagetitle}", loadtemplate("newreplytitle"))
StrHtml = Replace(StrHtml, "{style_path}", loadtemplate("path"))
StrHtml = Replace(StrHtml, "{forumtitle}", boardtitle)
response.write StrHtml
' Display pm window
response.write pmpopwin
StrHtml = loadtemplate("pagetitle")
StrHtml = Replace(StrHtml, "{title_img}", "<img src=""style/" & loadtemplate("path") & "/image/title.gif"">")

if request.cookies("sf")("username") = "" then
	toptext = loadtemplate("toptextguest")
else
	toptext = loadtemplate("toptextuser")
end if
toptext = toptext & loadtemplate("toptext")
StrHtml = Replace(StrHtml, "{top_text}", toptext)
StrHtml = Replace(StrHtml, "{username}", request.cookies("sf")("username"))
response.write StrHtml

' 如果postid与threadid两个参数都为空...
if request("postid") = "" and request("threadid") = "" then
	error = error & "<br><li>" & loadtemplate("err_url")
else
	if request("threadid") <> "" then
	
		' 检测threadid是否合法
		err = false
		threadid = ChkSql(request("threadid"))
		if not IsNumeric(threadid) then
			err = true
		else
			StrSql = "select * from sf_thread where visible = 1 and threadid = " & threadid
			Set rs2 = Conn.Execute(StrSql)
			if rs2.bof or rs2.eof then
				err = true
			else
				threadtitle = rs2("title")
				posttitle = threadtitle
				forumid = rs2("forumid")
				open = rs2("open")
				layer = 1
				' postid = -1 表示是直接回复, 而非引用回复
				postid = -1
			end if
		end if
		if err then error = error & "<br><li>" & loadtemplate("err_threadnotexist")
	else
		' 检测postid是否合法
		err = false
		postid = ChkSql(request("postid"))
		if not IsNumeric(postid) then
			err = true
		else
			postid = clng(postid)
			StrSql = "select * from sf_post where postid = " & postid
			Set rs2 = Conn.Execute(StrSql)
			if rs2.bof or rs2.eof then
				err = true
			else
				posttitle = rs2("title")
				threadid = rs2("threadid")
				layer = rs2("layer")
				StrSql = "select * from sf_thread where visible = 1 and threadid = " & threadid
				Set rs2 = Conn.Execute(StrSql)
				if rs2.bof or rs2.eof then
					err = true
					error = error & "<br><li>" & loadtemplate("err_postnotexist")
				else
					threadtitle = rs2("title")
					forumid = rs2("forumid")
					open = rs2("open")
				end if
			end if
		end if
		if err then error = error & "<br><li>" & loadtemplate("err_postnotexist")
	end if
end if

if not err then
	StrSql = "select sf_forum.forumid, sf_forum.title, sf_forum.allowposting, sf_forum.allowuploadfile, sf_forum.canreply, sf_forum.onlyuser, sf_forum.onlymember, sf_forum.memberlist, sf_forum.cateid, sf_cate.cateid, sf_cate.catetitle from sf_forum left join sf_cate on sf_forum.cateid = sf_cate.cateid where forumid = " & forumid
	Set rs2 = Conn.Execute(StrSql)
	if rs2.bof or rs2.eof then
		err = true
	else
		forumtitle = rs2("title")
		cateid = rs2("cateid")
		catetitle = rs2("catetitle")
		allowpost = rs2("allowposting")
		allowuploadfile = rs2("allowuploadfile")
		canreply = rs2("canreply")
		onlymember = rs2("onlymember")
		memberlist = rs2("memberlist")
		' 如果只允许内部成员访问...
		if onlymember = 1 then
			if not IsMember(forumid, memberlist) then error = error & "<br><li>" & loadtemplate("err_member")
			StrSql = "select password, userid from sf_user where username = '" & ChkSql(request.cookies("sf")("username")) & "'"
			Set rs2 = Conn.Execute(StrSql)
			if rs2.bof or rs2.eof then
				error = error & "<br><li>" & loadtemplate("err_chkpassword")
			else
				if request.cookies("sf")("password") <> rs2("password") then error = error & loadtemplate("err_chkpassword")
			end if
		end if
	end if
end if
if err then error = error & "<br><li>" & loadtemplate("err_forumnotexist")
if allowpost = 0 then error = error & "<br><li>" & loadtemplate("err_post")
if canreply = 0 then error = error & "<br><li>" & loadtemplate("err_reply")
if open <> 1 then error = error & "<br><li>" & loadtemplate("err_threadclose")
' 如果有错误则提示
if error <> "" then
	StrHtml = loadtemplate("error")
	StrHtml = Replace(StrHtml, "{error_text}", error)
	response.write StrHtml
	response.end
end if

StrHtml = loadtemplate("pagepath")
StrHtml = Replace(StrHtml, "{path_text}", "<img src=""style/" & loadtemplate("path") & "/image/home.gif""><a href=index.asp>" & boardtitle & "</a> &raquo; <a href=""showcate.asp?cateid=" & cateid & """>" & catetitle & "</a> &raquo; <a href=""showforum.asp?forumid=" & forumid & """>" & forumtitle & "</a> &raquo; " & loadtemplate("newreplytitle"))
response.write StrHtml

error = ""
' 如果未注册或未登录...
if request.cookies("sf")("username") = "" or request.cookies("sf")("password") = "" then
	StrHtml = loadtemplate("error")
	StrHtml = Replace(StrHtml, "{error_text}", loadtemplate("err_unregistered"))
	response.write StrHtml
	response.end		
end if
' 检测密码...
usergroup = 0
StrSql = "select password, userid, usergroup from sf_user where username = '" & ChkSql(request.cookies("sf")("username")) & "'"
Set rs2 = Conn.Execute(StrSql)
err = false
if rs2.bof or rs2.eof then
	err = true
else
	if request.cookies("sf")("password") <> rs2("password") then err = true
	userid = rs2("userid")
	usergroup = rs2("usergroup")
	StrSql = "update sf_user set lastforum = " & forumid & ", lastactivity = '" & now() & "' where userid = " & userid
	Conn.Execute(StrSql)
end if
if usergroup > 1 then
	StrHtml = loadtemplate("err_posttime")
	StrHtml = Replace(StrHtml, "{posttime}", PostTime - DateDiff("s",Session("LastPostTime"),now()))
	if DateDiff("s",Session("LastPostTime"),now()) < posttime then
		error = "<br><li>" & StrHtml
		StrHtml = Replace(loadtemplate("error"), "{error_text}", error)
		response.write StrHtml
		response.end
	end if
end if
if err then
	StrHtml = loadtemplate("error")
	StrHtml = Replace(StrHtml, "{error_text}", loadtemplate("err_chkpassword"))
	response.write StrHtml
	response.end
end if
%>
<!--#INCLUDE FILE="btn.js"-->
<%
step = ChkSql(request("step"))
select case step
	case "2"
		formsize = request.totalbytes
		formdata = request.binaryread(formsize)
		bcrlf = chrb(13) & chrb(10)
		divider = leftb(formdata, instrb(formdata, bcrlf) - 1)
		filesize = 0

		error = ""
		err = false
		if GetFormVal("subject") = "" then
			error = error & "<br><li>" & loadtemplate("err_postsubject")
		else
			if strLength(GetFormVal("subject")) > 100 then error = error & "<br><li>" & loadtemplate("err_postsubject")
		end if
		StrHtml = loadtemplate("err_posttext")
		StrHtml = Replace(StrHtml, "{textmaxlength}", postmaxlength)
		if GetFormVal("text") = "" then
			error = error & "<br><li>" & StrHtml
		else
			if strLength(GetFormVal("text")) > postmaxlength then error = error & "<br><li>" & StrHtml
		end if
		path = Server.MapPath("upload\")
		if allowuploadfile = 1 then
			filename = SaveFile("attachment",path,uploadfilesizemax)
			if filename = "" then error = error & "<br><li>" & loadtemplate("err_uploadfile")