book.asp

网站整站

<!--#include file="inc/conn.asp"-->
<!--#include file="inc/set.asp"-->
<!--#include file="inc/function.asp"-->
<!--#include file="inc/inc.asp"-->
<!--#include file="inc/ubb.asp"-->
<%
'//版权所有：野草设计

'//程序作者：野草

'//当前版本：V2.0

'//联系QQ：94440079

'//官方网站：http://www.yecaoweb.com
%>
<%
title="留言讨论"
execute(loadskin(skinmode))
call head()
%>
<script>
function CheckAll(form){
  for (var i=0;i<form.elements.length;i++)
    {
    var e = form.elements[i];
    if (e.Name != "chkAll"&&e.disabled==false)
       e.checked = form.chkAll.checked;
    }
  }
function unselectall(){
    if(document.form.chkAll.checked){
	document.form.chkAll.checked = document.form.chkAll.checked&0;
    } 	
}
function downdel(){
if(document.form.Action.value=="Del")
{document.form.action="book.asp?action=delallbook";
if(confirm("确定要删除选中的记录吗？"))
return true;
else
return false;
}}
</script>
<table  border="0"  cellspacing="0" cellpadding="0" id="content">
<tr>
<td valign="top" align="center"  id="center" nowrap>
<table border="0"   cellspacing="0" cellpadding="0"  width="100%"><tr>
<td class="111" nowrap></td>
<td  class="222" nowrap>
<table border="0" cellspacing="0" cellpadding="0"  width="100%"><tr>
<td  width="90%" nowrap>
<%
YC("&nbsp;当前位置：<a href=index.asp>本站首页</a>→<a href=""book.asp"">留言讨论</a>")
if request.querystring("action")="addbook" then
YC("→<a href=""?action=addbook"">发布留言</a>")
elseif request.querystring("action")="editbook" then
YC("→编辑留言主题")
elseif request.querystring("action")="showbook" then
YC("→查看留言")
elseif request.querystring("action")="editreplybook" then
YC("→编辑留言回复")
end if
%></td>
<td  width="10%" nowrap>
<%if gobook="yes" or checklogined() then%>
<a href='book.asp?action=addbook' style='behavior:url(img/lightfont.htc)'>发表留言</a>
<%else%>
<a href='user.asp?action=notice'>用户注册</a>
<%end if%>
</td></tr></table>
<td class="333" nowrap></td></td></tr></table>
<%
select case request("action")	
case""
     call book()
     call NowWhere("留言讨论","book.asp")
case "showbook"
     call showbook()
	 call NowWhere("查看留言","book.asp?action=showbook&id="&request.querystring("id"))
     showbooksql="update [YC_book] set click=click+1 where id="&request.querystring("id")
     conn.execute(showbooksql)
case "addbook"
      call addbook()
      call NowWhere("发布留言","book.asp?action=addbook")
case "replybook"
     call replybook()
case "editbook"
      call editbook()
case "editreplybook"
      call editreplybook()
case "goadd"
		'┏━━━━━━┓
		'┃添加留言主题┃
		'┗━━━━━━┛
	checkgetcode()
	if gobook<>"yes" then
	if checklogined()=false then
YCGO("error.asp?action=back&text="&server.urlencode("系统无法识别您的身份!"))
response.end
	end if
	end if
	if trim(request.form("content"))="" then
YCGO("error.asp?action=back&text="&server.urlencode("留言内容不能为空!"))
response.end
	end if
		sqladdbook="select id,title,color,exper,content,ip,date,lastupdatetime,user from YC_book"
		set rsaddbook=server.createobject("adodb.recordset")
		rsaddbook.open sqladdbook,conn,1,3
		rsaddbook.addnew
		if gobook="yes" then
		rsaddbook("user")="游客"
		else
		rsaddbook("user")=YC_post("用户名",username,0,20,2)
		call addexper("1","0")
		end if
		rsaddbook("title")=YC_post("留言主题",request.form("title"),0,40,2)
		rsaddbook("color")=YC_post("标题颜色",request.form("color"),0,7,0)
		rsaddbook("content")=server.htmlencode(JPE(request.form("content")))
		rsaddbook("ip")=request.servervariables("remote_addr")
		rsaddbook("exper")=YC_post("积分",request.form("exper"),1,10,1)
		rsaddbook("date")=now()
		rsaddbook("lastupdatetime")=now()
        rsaddbook("pass")=1

		rsaddbook.update
		rsaddbook.close
		set rsaddbook=nothing
		YC("<script>location.href='book.asp';</script>")
		response.end
case "goaddreply"
		'┏━━━━┓
		'┃添加回复┃
		'┗━━━━┛
    if checklogined()=false then
YCGO("error.asp?action=back&text="&server.urlencode("系统无法识别您的身份!"))
response.end
	end if
	if trim(request.form("content"))="" then
YCGO("error.asp?action=back&text="&server.urlencode("回复内容不能为空!"))
response.end
	end if
		sqlreply="select bookid,title,content,ip,date,user from [YC_bookreply]"
		set rsreply=server.createobject("adodb.recordset")
		rsreply.open sqlreply,conn,1,3
		rsreply.addnew
		rsreply("bookid")=YC_post("主题ID",request.form("bookid"),1,0,0)
		rsreply("content")=server.htmlencode(JPE(request.form("content")))
		rsreply("ip")=request.servervariables("remote_addr")
		rsreply("date")=now()
		if gobook="yes" then
		rsreply("user")="游客"
		else
		rsreply("user")=YC_post("用户名",username,0,20,2)
		call addexper("1","0")
		end if
		

		rsreply.update
		rsreply.close
		set rsreply=nothing
YC_sql("update [YC_book] set reply=reply+1,replyuser='"&username&"',replydate=now(),lastupdatetime=now() where id="&request.form("bookid"))
response.redirect Request.ServerVariables("HTTP_REFERER")
response.end
case "goeditbook"
		'┏━━━━━━┓
		'┃编辑留言主题┃
		'┗━━━━━━┛
	if gobook<>"yes" then
	if checklogined()=false then
YCGO("error.asp?action=back&text="&server.urlencode("系统无法识别您的身份!"))
response.end
	end if
	end if

	if trim(request.form("content"))="" then
YCGO("error.asp?action=back&text="&server.urlencode("留言内容不能为空!"))
response.end
	end if
if  request.form("exper")<>"" then
	if not isnumeric(request.form("exper")) then
YCGO("error.asp?action=back&text="&server.urlencode("积分只能输入数字!"))
response.end
	end if
end if

		sqledit="select id,editdate,title,color,exper,content from [YC_book] where id="&request.form("bookid")
		set rsedit=server.createobject("adodb.recordset")
		rsedit.open sqledit,conn,1,3
		rsedit("title")=YC_post("留言主题",request.form("title"),0,40,2)
		rsedit("color")=YC_post("标题颜色",request.form("color"),0,7,0)
		rsedit("content")=server.htmlencode(JPE(request.form("content")))
		rsedit("exper")=YC_post("积分",request.form("exper"),1,10,1)
		rsedit("editdate")=now()
		rsedit.update
		rsedit.close
		set rsedit=nothing
		YC("<script>location.href='book.asp';</script>")
		response.end
case "goeditreply"
		'┏━━━━━━┓
		'┃编辑留言回复┃
		'┗━━━━━━┛
	if gobook<>"yes" then
	if checklogined()=false  then
YCGO("error.asp?action=back&text="&server.urlencode("系统无法识别您的身份!"))
response.end
	end if
	end if
	if trim(request.form("content"))="" then
YCGO("error.asp?action=back&text="&server.urlencode("留言内容不能为空!"))
response.end
	end if
		sqladdbook="select id,title,editdate,content from [YC_bookreply] where bookid="&request.form("bookid")&" and id="&request.form("id")
		set rsaddbook=server.createobject("adodb.recordset")
		rsaddbook.open sqladdbook,conn,1,3
		rsaddbook("content")=server.htmlencode(JPE(request.form("content")))
		rsaddbook("editdate")=now()
		rsaddbook.update
		rsaddbook.close
		set rsaddbook=nothing
		YC("<script>location.href='book.asp';</script>")
		response.end
'┏━━━━━━┓
'┃批量删除处理┃
'┗━━━━━━┛
case "delallbook"
	if supertype<>1 then
YCGO("error.asp?action=back&text="&server.urlencode("系统无法识别您的身份!"))
response.end
	end if
'初始化变量
dim postid,sqldel,sqldelurl,rsdel,rsdelurl
postid=YC_post("批量删除ID",request("postid"),0,0,0) 
if postid="" then
YCGO("error.asp?action=back&text="&server.urlencode("请选择要操作的记录!"))
response.end
end if
'选择变量
if instr(postid,",")>0 then
postid=replace(postid," ","")
sqldel="select * from [YC_book] where id in ("&postid&")"
sqldelurl="select * from [YC_bookreply] where bookid in ("&postid&")"
else
postid=clng(postid)
sqldel="select * from [YC_book] where id="&postid
sqldelurl="select * from [YC_bookreply] where bookid="&postid
end if
'批量删除留言本主题
set rsdel= server.createobject("adodb.recordset")
rsdel.open sqldel,conn,1,3
do while not rsdel.eof
rsdel.delete