📄 post_info.asp
字号:
QuoteOk = ChkQuoteOk(Session(strCookieURL & "userid"))
end if
set rs = my_Conn.Execute (strSql)
if rs.BOF or rs.EOF or not(QuoteOk) then '## Invalid Password
Go_Result "无效的会员名或登录密码!", 0
%>
<!--#INCLUDE FILE="inc_footer.asp" -->
<%
Response.End
else
if not(chkForumAccess(Request.Form("FORUM_ID"))) then
Go_Result "你不能在本论坛发表文章" & strDBNTUserName, 0
end if
txtMessage = ChkString(Request.Form("Message"),"message")
txtSubject = ChkString(Request.Form("Subject"),"title")
' if txtMessage = " " then
' Go_Result "你必须填写内容", 0
%>
<!--INCLUDE FILE="inc_footer.asp" -->
<%
' Response.End
' end if
if txtSubject = " " then
Go_Result "你必须填写标题!", 0
%>
<!--#INCLUDE FILE="inc_footer.asp" -->
<%
Response.End
end if
if CheckWord(ChkString(Request.Form("Subject"),"title"), 80) = True then
Go_Result "你填写的标题的总长度不能够超过 40 个汉字(汉字和全角标点符号为 2 字符)!", 0
%>
<!--#INCLUDE FILE="inc_footer.asp" -->
<%
Response.End
end if
if ChkBadWords2(txtSubject) or ChkBadWords2(txtMessage) then
Go_Result "你填写的标题或内容包含不良词语,请注意!", 0
%>
<!--#INCLUDE FILE="inc_footer.asp" -->
<%
Response.End
end if
' if Request.Form("sig") = "yes" and GetSig(STRdbntUserName) <> "" then
if Request.Form("sig") = "yes" then
txtMessage = txtMessage
' ###### Modify By http://www.chinaxp.net 原程序如下: ######
' txtMessage = txtMessage & vbCrLf & vbCrLf & ChkString(GetSig(STRdbntUserName), "signature" )
end if
if Request.Form("rmail") <> "1" then
TF = "0"
else
TF = "1"
end if
' ###### Forum_SQL - Add new post to Topics Table ######
strSql = "INSERT INTO " & strTablePrefix & "TOPICS (FORUM_ID"
strSql = strSql & ", CAT_ID"
strSql = strSql & ", T_SUBJECT"
strSql = strSql & ", T_MESSAGE"
strSql = strSql & ", T_AUTHOR"
strSql = strSql & ", T_LAST_POST"
strSql = strSql & ", T_LAST_POST_AUTHOR"
strSql = strSql & ", T_DATE"
strSql = strSql & ", T_INPLACE" ' ###### for MS SQL Server ### Add Author http://www.chinaxp.net ######
strSql = strSql & ", T_STATUS"
strSql = strSql & ", T_FACE"
if strIPLogging <> "0" then
strSql = strSql & ", T_IP"
end if
strSql = strSql & ", T_MAIL"
if Request.Form("strFileUpLoad")<>"" AND Request.Form("strFileUpLoadID")<>"" then
strSql = strSql & ", T_FILEID"
strSql = strSql & ", T_FILENAME"
end if
strSql = strSql & ") VALUES ("
strSql = strSql & Request.Form("FORUM_ID")
strSql = strSql & ", " & Request.Form("CAT_ID")
strSql = strSql & ", '" & txtSubject & "'"
strSql = strSql & ", '" & txtMessage & "'"
strSql = strSql & ", " & rs("MEMBER_ID")
strSql = strSql & ", '" & DateToStr(strForumTimeAdjust) & "'"
strSql = strSql & ", " & rs("MEMBER_ID")
strSql = strSql & ", '" & DateToStr(strForumTimeAdjust) & "'"
' ###### for MS SQL Server ### Add Author http://www.wormcn.net ######
if Request.Form("locktop")=true or Request.Form("locktop")=1 then
strSql = strSql & ", 1 "
else
strSql = strSql & ", 0 "
end if
if Request.Form("lock") = 1 then
strSql = strSql & ", 0 "
else
strSql = strSql & ", 1 "
end if
if Request.Form("usericon")<>"" then
strSql = strSql & ", " & Request.Form("usericon")
else
strSql = strSql & ", 0"
end if
if strIPLogging <> "0" then
strSql = strSql & ", '" & remoteIP() & "'"
end if
strSql = strSql & ", " & TF
if Request.Form("strFileUpLoad") <> "" AND Request.Form("strFileUpLoadID") <> "" then
strSql = strSql & ", " & Request.Form("strFileUpLoadID")
strSql = strSql & ", '" & Trim(Request.Form("strFileUpLoad")) & "'"
end if
strSql = strSql & ")"
my_Conn.Execute (strSql)
if Err.description <> "" then
err_Msg = "发生一个错误 → " & Err.description
else
err_Msg = "更新完成"
end if
strSql = "SELECT TOP 1 TOPIC_ID FROM " & strTablePrefix & "TOPICS "
strSql = strSql & "WHERE TOPIC_ID > 0 ORDER BY TOPIC_ID DESC"
set rs_topic = my_Conn.Execute (strSql)
if rs_topic.BOF or rs_topic.EOF then
strTopicID = "0"
else
strTopicID = rs_topic("TOPIC_ID")
if strTopicID = "" then
strTopicID = "0"
end if
end if
rs_topic.close
set rs_topic = nothing
'## Forum_SQL - Increase count of topics and replies in Forum table by 1
strSql = "UPDATE " & strTablePrefix & "FORUM "
strSql = strSql & " SET F_LAST_POST = '" & DateToStr(strForumTimeAdjust) & "'"
strSql = strSql & ", F_LAST_REPLY = " & strTopicID
strSql = strSql & ", F_TOPICS = F_TOPICS + 1"
strSql = strSql & ", F_COUNT = F_COUNT"
strSql = strSql & ", F_LAST_POST_AUTHOR = " & rs("MEMBER_ID") & ""
strSql = strSql & " WHERE FORUM_ID = " & Request.Form("FORUM_ID")
my_Conn.Execute (strSql)
Go_Result err_Msg, 1
%>
<!--#INCLUDE FILE="inc_footer.asp" -->
<%
Response.End
end if
end if
if Request.Form("Method_Type") = "Reply" or Request.Form("Method_Type") = "ReplyQuote" or Request.Form("Method_Type") = "TopicQuote" then
'## Forum_SQL
strSql = "SELECT MEMBER_ID, M_LEVEL, M_EMAIL, "&Strdbntsqlname
if strAuthType = "db" then
strSql = strSql & ", M_PASSWORD "
end if
strSql = strSql & " FROM " & strMemberTablePrefix & "MEMBERS "
strSql = strSql & " WHERE "&Strdbntsqlname&" = '" & STRdbntUserName & "'"
strSql = strSql & " AND " & strMemberTablePrefix & "MEMBERS.M_STATUS = " & 1
if strAuthType = "db" then
strSql = strSql & " AND M_PASSWORD = '" & Request.Form("Password") &"'"
QuoteOk = (ChkQuoteOk(STRdbntUserName) and ChkQuoteOk(Request.Form("Password")))
else
QuoteOk = ChkQuoteOk(STRdbntUserName)
end if
set rs = my_Conn.Execute (strSql)
if rs.BOF or rs.EOF or not(QuoteOk) then '## Invalid Password
err_Msg = "Invalid Password or User Name"
Go_Result(err_Msg), 0
%>
<!--#INCLUDE FILE="inc_footer.asp" -->
<%
Response.End
else
if not(chkForumAccess(Request.Form("FORUM_ID"))) then
Go_Result "你不能在本论坛发表文章"& strDBNTUserName, 0
end if
txtMessage = ChkString(Request.Form("Message"),"message")
if ChkBadWords2(txtSubject) or ChkBadWords2(txtMessage) then
Go_Result "你填写的标题或内容包含不良词语,请注意!", 0
%>
<!--#INCLUDE FILE="inc_footer.asp" -->
<%
Response.End
end if
if Request.Form("sig") = "yes" then
txtMessage = txtMessage
end if
' ### Modify By http://www.wormcn.net 原程序如下: ###
' if Request.Form("sig") = "yes" and GetSig(STRdbntUserName) <> "" then
' txtMessage = txtMessage & vbCrLf & vbCrLf & ChkString(GetSig(STRdbntUserName), "signature" )
' end if
DoReplyEmail Request.Form("TOPIC_ID"), rs("MEMBER_ID"), Request.Form("UserName")
if Request.Form("rmail") <> "1" then
RF = "0"
else
RF = "1"
end if
if CanUserPost(Request.Form("TOPIC_ID"), rs("MEMBER_ID")) = "yes" then
'## Forum_SQL
strSql = "INSERT INTO " & strTablePrefix & "REPLY "
strSql = strSql & "(TOPIC_ID"
strSql = strSql & ", FORUM_ID"
strSql = strSql & ", CAT_ID"
strSql = strSql & ", R_AUTHOR"
strSql = strSql & ", R_FACE"
strSql = strSql & ", R_DATE "
if strIPLogging <> "0" then
strSql = strSql & ", R_IP"
end if
strSql = strSql & ", R_MAIL"
strSql = strSql & ", R_MESSAGE"
if Request.Form("strFileUpLoad")<>"" AND Request.Form("strFileUpLoadID")<>"" then
strSql = strSql & ", R_FILEID"
strSql = strSql & ", R_FILENAME"
end if
strSql = strSql & ") VALUES ("
strSql = strSql & Request.Form("TOPIC_ID")
strSql = strSql & ", " & Request.Form("FORUM_ID")
strSql = strSql & ", " & Request.Form("CAT_ID")
strSql = strSql & ", " & rs("MEMBER_ID")
if Request.Form("usericon")<>"" then
strSql = strSql & ", " & Request.Form("usericon")
else
strSql = strSql & ", 0"
end if
strSql = strSql & ", '" & DateToStr(strForumTimeAdjust) & "'"
if strIPLogging <> "0" then
strSql = strSql & ", '" & remoteIP() & "'"
end if
strSql = strSql & ", " & RF
strSql = strSql & ", " & "'" & txtMessage & "'"
if Request.Form("strFileUpLoad") <> "" AND Request.Form("strFileUpLoadID") <> "" then
strSql = strSql & ", " & Request.Form("strFileUpLoadID")
strSql = strSql & ", '" & Trim(Request.Form("strFileUpLoad")) & "'"
end if
strSql = strSql & ")"
my_Conn.Execute (strSql)
'###################### Attach Files #######################
' if strAllowUploads = "1" then
' strSQL = "SELECT MAX(REPLY_ID) AS MAXID FROM " & strTablePrefix & "REPLY "
' strSQL = strSQL + "WHERE TOPIC_ID = " & Request.Form("TOPIC_ID")
' strSQL = strSQL + " AND R_AUTHOR = " & rs("MEMBER_ID")
' set rs2 = my_Conn.Execute (strSql)
' intReplyID = rs2("MAXID")
' rs2.close
' strSQL = "UPDATE " & strTablePrefix & "USERFILES "
' strSQL = strSQL & "SET F_REPLY_ID = " & intReplyID
' strSQL = strSQL & " WHERE MEMBER_ID = " & rs("MEMBER_ID")
' strSQL = strSQL & " AND F_REPLY_ID = -1 AND F_TOPIC_ID =" & Request.Form("TOPIC_ID")
' my_Conn.execute (strSQL)
' end if
'###################### Attach Files #######################
'## Forum_SQL - Update Last Post and count
strSql = "UPDATE " & strTablePrefix & "TOPICS "
strSql = strSql & " SET T_LAST_POST = '" & DateToStr(strForumTimeAdjust) & "'"
strSql = strSql & ", T_REPLIES = T_REPLIES + 1 "
strSql = strSql & ", T_LAST_POST_AUTHOR = " & rs("MEMBER_ID")
if Request.Form("lock") = 1 then
strSql = strSql & ", T_STATUS = 0 "
end if
strSql = strSql & " WHERE TOPIC_ID = " & Request.Form("TOPIC_ID")
my_Conn.Execute (strSql)
'## Forum_SQL
strSql = "UPDATE " & strTablePrefix & "FORUM "
strSql = strSql & " SET F_LAST_POST = '" & DateToStr(strForumTimeAdjust) & "'"
strSql = strSql & ", F_LAST_REPLY = " & Request.Form("TOPIC_ID")
strSql = strSql & ", F_LAST_POST_AUTHOR = " & rs("MEMBER_ID")
strSql = strSql & ", F_COUNT = F_COUNT + 1 "
strSql = strSql & " WHERE FORUM_ID = " & Request.Form("FORUM_ID")
my_Conn.Execute (strSql)
else
Err.description = "你已经发表过,必须等60秒后才能重新发表"
end if
if Err.description <> "" then
Go_Result "发生一个错误 → " & Err.description, 0
%>
<!--#INCLUDE FILE="inc_footer.asp" -->
<%
Response.End
else
if Request.Form("M") = "1" then
'## Forum_SQL
strSql = "SELECT " & strMemberTablePrefix & "MEMBERS.M_NAME, " & strMemberTablePrefix & "MEMBERS.M_EMAIL "
strSql = strSql & " FROM " & strMemberTablePrefix & "MEMBERS, " & strTablePrefix & "TOPICS "
strSql = strSql & " WHERE " & strMemberTablePrefix & "MEMBERS.MEMBER_ID = " & strTablePrefix & "TOPICS.T_AUTHOR "
strSql = strSql & " AND " & strTablePrefix & "TOPICS.TOPIC_ID = " & Request.Form("TOPIC_ID")
set rs2 = my_Conn.Execute (strSql)
DoEmail rs2("M_EMAIL"), rs2("M_NAME")
rs2.close
set rs2 = nothing
end if
Go_Result "更新完成", 1
%>
<!--#INCLUDE FILE="inc_footer.asp" -->
<%
Response.End
end if
end if
end if
if Request.Form("Method_Type") = "Forum" then
member = cint(ChkUser(strDBNTUserName, Request.Form("Password")))
select case Member
case 0
'## Invalid Pword
Go_Result "错误的用户名跟密码", 0
%>
<!--#INCLUDE FILE="inc_footer.asp" -->
<%
Response.End
case 1 '## Author of Post
'## Do Nothing
case 2 '## Normal User - Not Authorised
Go_Result "只有版主能建立论坛", 0
%>
<!--#INCLUDE FILE="inc_footer.asp" -->
<%
Response.End
case 3 '## Moderator
if chkForumModerator(Request.Form("FORUM_ID"), STRdbntUserName) = "0" then
Go_Result "只有版主能建立新论坛", 0
end if
case 4 '## Admin
'## Do Nothing
case else
Go_Result cstr(Member), 0
%>
<!--#INCLUDE FILE="inc_footer.asp" -->
<%
Response.End
end select
txtMessage = ChkString(Request.Form("Message"),"message")
txtSubject = ChkString(Request.Form("Subject"),"title")
Err_Msg = ""
if txtSubject = " " then
Err_Msg = Err_Msg & "<li>你必须输入新论坛的名称</li>"
end if
if txtMessage = "" then
Err_Msg = Err_Msg & "<li>你必须输入新论坛的简介</li>"
end if
if ChkBadWords2(txtSubject) or ChkBadWords2(txtMessage) then
Err_Msg = Err_Msg & "<FONT color=red>你填写的标题或内容包含不良词语,请注意!</FONT>"
end if
if Err_Msg = "" then
'## Forum_SQL - Do DB Update
strSql = "INSERT INTO " & strTablePrefix & "FORUM "
strSql = strSql & "(CAT_ID"
if strPrivateForums = "1" then
strSql = strSql & ", F_PRIVATEFORUMS"
strSql = strSql & ", F_PASSWORD_NEW"
'##########
strSql = strSql & ", F_HIDDEN"
'##########
' strSql = strSql & ", F_USERLIST"
end if
' ### WormCN.net Modification ###
strSql = strSql & ", F_COUNT"
strSql = strSql & ", F_TOPICS"
strSql = strSql & ", F_LAST_POST"
strSql = strSql & ", F_LAST_REPLY"
strSql = strSql & ", F_CREATED"
strSql = strSql & ", F_SUBJECT"
strSql = strSql & ", F_DESCRIPTION"
strSql = strSql & ", F_TYPE"
strSql = strSql & ") VALUES ("
strSql = strSql & Request.Form("CAT_ID")
if strPrivateForums = "1" then
strSql = strSql & ", " & Request.Form("AuthType") & ""
strSql = strSql & ", '" & ChkString(Request.Form("AuthPassword"),"password") & "'"
'##########
if Request.Form("HideForum") = 1 then
strSql = strSql & ", 1 "
else
strSql = strSql & ", 0 "
end if
'##########
' strSql = strSql & ", '" & ChkString(Request.Form("AuthUsers"),"list") & "'"
end if
' ### WormCN.net Modification ###
strSql = strSql & ", 0"
strSql = strSql & ", 0"
strSql = strSql & ", " & "'" & DateToStr(strForumTimeAdjust) & "'"
strSql = strSql & ", 0"
strSql = strSql & ", " & "'" & DateToStr(strForumTimeAdjust) & "'"
strSql = strSql & ", '" & txtSubject & "'"
strSql = strSql & ", '" & txtMessage & "'"
strSql = strSql & ", " & Request.Form("Type")
strSql = strSql & ")"
my_Conn.Execute (strSql)
err_Msg = ""
if Err.description <> "" then
Go_Result "发生一个错误 → " & Err.description, 0
%>
<!--#INCLUDE FILE="inc_footer.asp" -->
<%
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -