index.asp

留言板可以留言

<%@ CODEPAGE=65001 %>
<!--#INCLUDE FILE="conn.asp" -->
<!--#INCLUDE FILE="config.asp" -->
<!--#INCLUDE FILE="md5.asp" -->

<%

response.buffer=true
Response.Expires=0

usercookies=Request.Cookies("usercookies")
if not session("password")<>"" then
if usercookies > "0" then
	name=Request.Cookies("usernamebook")
	password=Request.Cookies("passwordbook")
	sql="select * from admin where id=1"
	set rs8=conn.execute(sql)
	if not(rs8.bof and rs8.eof) then
		if password=rs8("userpass") and name=rs8("username") then
		   session("user")=name
		   session("password")="wpassword"
		end if
	end if
end if
end if

Set rs9 = Server.CreateObject("ADODB.Recordset")
sql9 ="SELECT * From about Order By id DESC"
RS9.open sql9,Conn,3,3
mypagesize=cint(rs9("num"))  '每页显示留言数
badnicks=rs9("badnicks")
badwords=rs9("badwords")

Set rs = Server.CreateObject("ADODB.Recordset")
sql = "Select * FROM guestbook Order By dateandtime Desc"
rs.open sql,conn,1,1

IF not IsNumeric(Request("page")) Or IsEmpty(Request("page")) Then
page=1
Else
Page=Int(Abs(Request("page")))
End if
rs.pagesize = mypagesize
total  = rs.RecordCount
rs.absolutepage = page

if request("test")="insert" then

'校验码判断开始
If Request("checkcode")="" Then
	MessageBox "别椤着,请返回输入验证码啊~~~"
    response.end
Elseif Session("CheckCode")="" then
	MessageBox "请返回后请刷新登录页面后重新输入正确的信息~~~"
    response.end
ElseIf Cstr(Session("CheckCode"))<>Cstr(Trim(Request("checkcode"))) Then
	MessageBox "您输入的验证码和系统产生的不一致，请重新输入。~~~"
    response.end
End if
'校验码判断结束

'防止垃圾留言功能开始
dim ComeUrl,cUrl
ComeUrl=lcase(trim(request.ServerVariables("HTTP_REFERER")))
if ComeUrl="" then
	MessageBox "错误信息：对不起，为了系统安全，不允许直接输入地址访问本页面。"
	response.end
else
	cUrl=trim("http://" & Request.ServerVariables("SERVER_NAME"))
	if mid(ComeUrl,len(cUrl)+1,1)=":" then
		cUrl=cUrl & ":" & Request.ServerVariables("SERVER_PORT")
	end if
	cUrl=lcase(cUrl & request.ServerVariables("SCRIPT_NAME"))
	if lcase(left(ComeUrl,instrrev(ComeUrl,"/")))<>lcase(left(cUrl,instrrev(cUrl,"/"))) then
		MessageBox "错误信息：留言本防垃圾留言功能已经打开，禁止从外部链接地址提交留言。"
		response.end
	end if
end if
'防止垃圾留言功能结束

txtname=left(request("txtname"),30)
txtemail=left(request("txtemail"),30)
txthomepage=left(request("txthomepage"),50)
txtoicq=left(request("txtoicq"),10)
if request.form("xxx")="" then
pic="images/1.gif"
else
pic=request.form("xxx")
end if
txtcome=left(request("txtcome"),20)
sex=request("sex")
txtcontent=left(request("txtcontent"),500)

'设置灌水限制
posttime=60
if cint(posttime)<>0 then
	if not isnull(session("posttime")) or cint(posttime)>0 then
		if DateDiff("s",session("posttime"),Now())<cint(posttime) then
		MessageBox "错误信息：留言本防灌水功能已经打开，限制"&posttime&"秒内不能重复留言。"
		response.end
		end if
	end if
end if

if txtemail<>"" and IsValidEmail(txtemail)=false then
	MessageBox "错误信息：邮件地址填写出错：请确认你的邮件地址。" 
	response.end
end if

if txtname="" then
	MessageBox "别椤着,输入内容啊~~~"
    response.end
end if

if txtcontent=""  then
	MessageBox "错误信息：请填入你的名字！"
    response.end
end if

if txtemail="" then txtemail="不告诉你!"
if txtoicq="" then txtoicq="打死我也不说!"
if txtcome="" then txtcome="保密!"
if txthomepage="" or txthomepage="http://" then txthomepage="还没有呢!"

Function htmlencode(source)

	Dim objRegExp

	source=Replace(source,vbTab,"&nbsp;&nbsp;")
	source=Replace(source,"<"&"%","&lt;"&"%")
	source=Replace(source,"%"&">","%"&"&gt;")
	source=Replace(source,"<a ","<a rel=""nofollow"" ")
	Set objRegExp=New RegExp
	objRegExp.IgnoreCase =True
	objRegExp.Global=True
	objRegExp.Pattern="<[^>]*>"
	source= objRegExp.Replace(source,"")
	source=Replace(source,"&","&amp;")
	source=Replace(source,"<","&lt;")
	source=Replace(source,">","&gt;")
	source=Replace(source,"""","&quot;")

	htmlencode=source

End Function

function MessageBox(strOutput)
		response.write "<script language='javascript'>" & VbCRlf
	    response.write "alert('" & strOutput & "');" & VbCrlf
	    response.write "history.go(-1);" & vbCrlf
	    response.write "</script>" & VbCRLF
	    response.end
end function

function IsValidEmail(email)
 dim names, name, i, c
 IsValidEmail = true
 names = Split(email, "@")
 if UBound(names) <> 1 then
   IsValidEmail = false
   exit function
 end if
 for each name in names
   if Len(name) <= 0 then
     IsValidEmail = false
     exit function
   end if
   for i = 1 to Len(name)
     c = Lcase(Mid(name, i, 1))
     if InStr("abcdefghijklmnopqrstuvwxyz_-.", c) <= 0 and not IsNumeric(c) then
       IsValidEmail = false
       exit function
     end if
   next
   if Left(name, 1) = "." or Right(name, 1) = "." then
      IsValidEmail = false
      exit function
   end if
 next
 if InStr(names(1), ".") <= 0 then
   IsValidEmail = false
   exit function
 end if
 i = Len(names(1)) - InStrRev(names(1), ".")
 if i <> 2 and i <> 3 then
   IsValidEmail = false
   exit function
 end if
 if InStr(email, "..") > 0 then
   IsValidEmail = false
 end if

end function

function IsLongStr(str)
dim longStrs,longstr
IsLongStr = true
longStrs = Split(str,"")
for each longStr in longStrs
	if len(longstr) > 50 then
	ISlongStr = false
	end if
next
end function

txtname=htmlencode(txtname)
txtcome=htmlencode(txtcome)
txtemail=htmlencode(txtemail)
txtcome=htmlencode(txtcome)
txthomepage=txthomepage
txtoicq=htmlencode(txtoicq)
txtcontent=htmlencode(txtcontent)
reply = "没有"

'使用屏蔽昵称
check_name=txtname
badnicks=split(badnicks,",")
for i = 0 to ubound(badnicks)
	if instr(check_name,badnicks(i))>0 then
		MessageBox "错误信息：您使用了屏蔽的昵称。"
		response.end
		exit for
	end if
next

'使用屏蔽字符
check_content=txtcontent
badwords=split(badwords,",")
for i = 0 to ubound(badwords)
	if instr(check_content,badwords(i))>0 then
		MessageBox "错误信息：您使用了非法的留言内容。"
		response.end
		exit for
	end if
next

Set rs= Server.CreateObject("ADODB.Recordset")
sql="select * from guestbook"
rs.open sql,conn,3,2
rs.addnew

		rs("name")=txtname
		rs("email")=txtemail
       	rs("homepage")=txthomepage
        rs("come")=Trim(txtcome)
		rs("oicq")=txtoicq
		rs("content")=Trim(txtcontent)
		rs("head")=pic
		rs("dateandtime")=now()
		rs("reply")=reply
		rs("ip")=Request.ServerVariables("REMOTE_HOST")
		rs("sex")=cint(sex)
		rs.update
		rs.close
		if cint(posttime)<>0 then
			session("posttime")=now()
		end if
		response.redirect "index.asp"
end if
%>
<HTML>
<HEAD>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="Keywords" CONTENT="<%=rs9("name")%>,留言簿">
<meta name="description" content="<%=rs9("name")%>的留言簿">
<TITLE><%=rs9("name")%></TITLE>
<style>
<!--
table, td{ font:9pt "宋体" }
.td{ font-family:"宋体";font-size:9pt;line-height:150% }
.big{ font:14.8px "宋体" }
-->
</style>
<script language=javascript>
<!--
function check()
{
if(document.login.txtname.value=="")
{alert("姓名不能为空^_^");return false}
if(document.login.txtcontent.value=="")
{alert("留言内容不能为空^_^");return false}
if(document.login.checkcode.value=="")
{alert("校验码不能为空^_^");return false}
}
-->
</script>
</head>

<body leftMargin="0" topMargin="0">

<table width="540" border="0" cellspacing="0" cellpadding="0" align="center">
  <tr>
    <td background="images/bg_left.gif" valign="top" width="100%">
      <table width="100%" border="0" cellspacing="0" cellpadding="0">
        <tr>
          <td colspan="3"><img src="images/left_kuang_top.gif" width="100%" height="4"></td>
        </tr>
        <tr>
          <td width="4" background="images/left_kuang_left.gif"><img src="images/left_kuang_left.gif" width="4" height="2"></td>
          <td width="100%" valign="top">
            <table width="100%" border="0" cellspacing="0" cellpadding="5" height="100%">
              <tr>
                <td class="td" valign="top">
                  <table align=center border=0 cellpadding=0 cellspacing=1 bgcolor="<%=rs9("bian")%>" width=100%>
                    <tbody>