post.asp

这是一套基于WEB的网站管理系统

<!--#include file="config.asp"-->
<%
Dim Rs, SQL,i,replyid,guestid
Dim strContent,strQuote,strTopic
Dim username,isAdmin
Dim Facestr,FaceOption,FormatInput

Newasp.LoadTemplates 9999, 3, 0

HtmlContent = Newasp.HtmlContent
HtmlContent = Replace(HtmlContent,"{$GuestFormContent}", Newasp.HtmlSetting(11))
HtmlContent = Replace(HtmlContent,"{$InstallDir}", Newasp.InstallDir)
HtmlContent = Replace(HtmlContent, "{$ChannelID}", ChannelID)
'--频道目录
HtmlContent = Replace(HtmlContent,"{$ChannelRootDir}", ChannelRootDir, 1, -1, 1)
HtmlContent = Replace(HtmlContent,"{$CurrentStation}",Newasp.ChannelName)
HtmlContent = Replace(HtmlContent,"{$PageTitle}","回复留言")
HtmlContent = ReadClassMenu(HtmlContent)
HtmlContent = ReadClassMenubar(HtmlContent)
HtmlContent = HTML.ReadAnnounceList(HtmlContent)

HtmlContent = Replace(HtmlContent, "{$MemberName}", Newasp.membername)
HtmlContent = Replace(HtmlContent,"{$LeastString}", Newasp.LeastString)
HtmlContent = Replace(HtmlContent, "{$MaxString}", Newasp.MaxString)


If CInt(Newasp.PostGrade) > 0 And Trim(Session("AdminName")) = Empty Then
	If CInt(Newasp.PostGrade) > CInt(Newasp.membergrade) Then
		Call OutputScript(Newasp.HtmlSetting(5),"index.asp")
		Response.End
	End If
End If

guestid = Newasp.ChkNumeric(Request("guestid"))
replyid = Newasp.ChkNumeric(Request("replyid"))
If guestid = 0 Then
	Response.Write"错误的系统参数!请输入正确的主题ID。"
	Response.End
Else
	Set Rs = Newasp.Execute("SELECT title,content,username,isAdmin FROM NC_GuestBook WHERE guestid ="& guestid)
	If Rs.BOF And Rs.EOF Then
		Set Rs = Nothing
		Call OutAlertScript("错误的系统参数!没有找到该留言主题。")
	Else
		strTopic = Newasp.CheckTopic(Rs("title"))
		strContent = Rs("content")
		username = Rs("username")
		isAdmin = Rs("isAdmin")
	End If
	Rs.Close:Set Rs = Nothing
End If
If replyid > 0 Then
	Set Rs = Newasp.Execute("SELECT rContent FROM NC_GuestReply WHERE id ="& replyid)
	If Rs.BOF And Rs.EOF Then
		Set Rs = Nothing
		Call OutAlertScript("错误的系统参数!没有找到该回复留言。")
	Else
		strContent = Rs("rContent")
	End If
	Rs.Close:Set Rs = Nothing
End If
If CInt(Request("quote")) = 1 Then
	If isAdmin <> 0 Then
		If username = Newasp.membername Or Newasp.membergrade = "999" Or Trim(Session("AdminName")) <> "" Then
			strQuote = "<table class=quote><tr><td>" & strContent & "</td><tr></table>"
		Else
			strQuote =  Newasp.HtmlSetting(16)
		End If
	Else
		strQuote = "<table class=quote><tr><td>" & strContent & "</td><tr></table>"
	End If
Else
	strQuote = ""
End If

If Newasp.CheckStr(LCase(Request.Form("action"))) = "save" And Request.Form("action") <> "" Then
	Call SaveGuestReply
Else
	Call ReplyGuestBook
End If

Public Sub ReplyGuestBook()

	HtmlContent = Replace(HtmlContent,"{$Action}","save")
	HtmlContent = Replace(HtmlContent,"{$ReplyContent}",vbNullString)
	HtmlContent = Replace(HtmlContent,"{$SubmitValue}","回复留言")
	HtmlContent = Replace(HtmlContent, "{$GuestID}", guestid)
	HtmlContent = Replace(HtmlContent, "{$ReplyID}", replyid)
	HtmlContent = Replace(HtmlContent,"{$GuestTopic}",strTopic)
	HtmlContent = Replace(HtmlContent,"{$UserName}",Newasp.membername)
	HtmlContent = Replace(HtmlContent,"{$GuestEmail}","mymail@163.com")
	HtmlContent = Replace(HtmlContent,"{$GuestQQ}","123456789")
	HtmlContent = Replace(HtmlContent,"{$RefererUrl}",Request.ServerVariables("HTTP_REFERER"))

	FaceOption = ""
	For i=1 to 20 
		FaceOption = FaceOption & "<option "
		Facestr="images/" & i & ".gif"
		FaceOption = FaceOption & "value='" & Facestr &"'>头像" &i &"</option>"
	Next
	HtmlContent = Replace(HtmlContent, "{$FaceOption}", FaceOption)

	If CInt(Newasp.membergrade) > 1 Or Trim(Session("AdminName")) <> "" Then
		FormatInput = "<span style=""background-color: #fFfFff"" id=""myt"" onclick=""javascript:formatbt(this);""  style=""cursor:hand; font-size:11pt"">设置标题样式 ABCdef</span>"
		FormatInput = FormatInput & "<input type=""checkbox"" name=""cancel"" value="""" onclick=""Cancelform()""> 取消格式"
		HtmlContent = Replace(HtmlContent,"{$FormatInput}",FormatInput)
	Else
		HtmlContent = Replace(HtmlContent,"{$FormatInput}","")
	End If
	HtmlContent = Replace(HtmlContent,"{$Topicformat}","")
	HtmlContent = Replace(HtmlContent,"{$GuestContent}",Server.HTMLEncode(strQuote))
	Response.Write HtmlContent
End Sub

Sub SaveGuestReply()
	On Error Resume Next
	Dim ForbidReply
	If CInt(Newasp.PostGrade) > 0 And Trim(Session("AdminName")) = Empty Then
		If CInt(Newasp.PostGrade) > CInt(Newasp.membergrade) Then
			ErrMsg = ErrMsg + Newasp.HtmlSetting(5)
			FoundErr = True
		End If
	End If
	If Newasp.CheckPost = False Then
		ErrMsg = ErrMsg + "<li>您提交的数据不合法，请不要从外部提交。</li>"
		FoundErr = True
	End If
	If Trim(Request.Form("username")) = "" Then
		ErrMsg = ErrMsg + "用户名不能为空\n"
		Founderr = True
	End If
	If Newasp.IsValidStr(Request.Form("username")) = False Then
		ErrMsg = ErrMsg + "用户名中含有非法字符\n"
		Founderr = True
	End If
	If Trim(Request.Form("topic")) = "" Then
		ErrMsg = ErrMsg + "回复主题不能为空\n"
		Founderr = True
	End If
	If Trim(Request.Form("content")) = "" Then
		ErrMsg = ErrMsg + "回复内容不能为空\n"
		Founderr = True
	End If
	If Len(Request.Form("content")) < Clng(Newasp.LeastString) Then
		ErrMsg = ErrMsg + ("回复内容不能小于" & Newasp.LeastString & "字符！")
		Founderr = True
	End If
	If Len(Request.Form("content")) > Clng(Newasp.MaxString) Then
		ErrMsg = ErrMsg + ("回复内容不能大于" & Newasp.MaxString & "字符！")
		Founderr = True
	End If
	If Trim(Newasp.membergrade) <> "999" And Trim(Session("AdminName")) = "" Then
		ForbidReply =Newasp.Execute("SELECT ForbidReply FROM NC_GuestBook WHERE guestid=" & Newasp.ChkNumeric(Request.Form("guestid")))(0)
		If ForbidReply <> 0 Then
			ErrMsg = ErrMsg + Newasp.HtmlSetting(7)
			Founderr = True
		End If
	End If
	If Founderr = True Then
		Call OutAlertScript(ErrMsg)
		Exit Sub
	End If
	Call PreventRefresh  '防刷新
	Set Rs = Server.CreateObject("ADODB.Recordset")
	SQL = "SELECT * FROM NC_GuestReply WHERE (id is null)"
	Rs.Open SQL,Conn,1,3
	Rs.Addnew
		If Newasp.membername <> "" And Newasp.memberid <> "" Then
			Rs("userid") = Newasp.memberid
			Rs("rusername") = Newasp.membername
		Else
			Rs("userid") = 0
			Rs("rusername") = Left(Request.Form("username"),50)
		End If
		Rs("guestid") = Trim(Request.Form("guestid"))
		Rs("Topicformat") = Trim(Request.Form("Topicformat"))
		Rs("rTitle") = Newasp.ChkFormStr(Left(Request.Form("topic"),100))
		Rs("rContent") = Trim(Request.Form("content"))
		Rs("rFace") = Trim(Request.Form("face"))
		Rs("ReplyTime") = Now()
		Rs("ReplyIP") = Newasp.GetUserIP
	Rs.update
	Rs.Close:Set Rs = Nothing
	Dim GroupSetting
	If Newasp.membername <> "" And Newasp.membergrade <> "" Then
		GroupSetting = Split(Newasp.UserGroupSetting(CInt(Newasp.membergrade)), "|||")
		Newasp.Execute ("UPDATE NC_User SET userpoint = userpoint + " & CLng(GroupSetting(27)) & " WHERE userid="& CLng(Newasp.memberid))
	End If
	Newasp.Execute ("UPDATE NC_GuestBook SET ReplyNum = ReplyNum + 1,lastime = " & NowString & " WHERE guestid="& guestid)
	Call OutputScript(Newasp.HtmlSetting(8),Request.Form("url"))
End Sub
Set HTML = Nothing
CloseConn
%>