new_reply_form.asp

简单的asp论坛源码系统,很适用于初学者!界面简洁,功能齐全

<% @ Language=VBScript %>
<% Option Explicit %>
<!--#include file="common.asp" -->
<!--#include file="functions/functions_date_time_format.asp" -->
<!--#include file="functions/functions_edit_post.asp" -->
<!--#include file="functions/functions_format_post.asp" -->
<!--#include file="includes/emoticons_inc.asp" -->
<%
'****************************************************************************************
'**  Copyright Notice    
'**
'**  Web Wiz Forums(TM)
'**  http://www.webwizforums.com
'**                            
'**  Copyright (C)2001-2008 Web Wiz(TM). All Rights Reserved.
'**  
'**  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS UNDER LICENSE FROM 'WEB WIZ'.
'**  
'**  IF YOU DO NOT AGREE TO THE LICENSE AGREEMENT THEN 'WEB WIZ' IS UNWILLING TO LICENSE 
'**  THE SOFTWARE TO YOU, AND YOU SHOULD DESTROY ALL COPIES YOU HOLD OF 'WEB WIZ' SOFTWARE
'**  AND DERIVATIVE WORKS IMMEDIATELY.
'**  
'**  If you have not received a copy of the license with this work then a copy of the latest
'**  license contract can be found at:-
'**
'**  http://www.webwizguide.com/license
'**
'**  For more information about this software and for licensing information please contact
'**  'Web Wiz' at the address and website below:-
'**
'**  Web Wiz, Unit 10E, Dawkins Road Industrial Estate, Poole, Dorset, BH15 4JD, England
'**  http://www.webwizguide.com
'**
'**  Removal or modification of this copyright notice will violate the license contract.
'**
'****************************************************************************************



'*************************** SOFTWARE AND CODE MODIFICATIONS **************************** 
'**
'** MODIFICATION OF THE FREE EDITIONS OF THIS SOFTWARE IS A VIOLATION OF THE LICENSE  
'** AGREEMENT AND IS STRICTLY PROHIBITED
'**
'** If you wish to modify any part of this software a license must be purchased
'**
'****************************************************************************************




'Set the response buffer to true as we maybe redirecting
Response.Buffer = True 

'Make sure this page is not cached
Response.Expires = -1
Response.ExpiresAbsolute = Now() - 2
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "No-Store"


'Dimension variables
Dim strMode			'Holds the mode of the page
Dim strMasterForumName		'Holds the main forum name
Dim intMasterForumID		'Holds the main forum ID
Dim intCatID			'Holds the cat ID
Dim strCatName			'Holds the cat name
Dim lngTopicID			'Holds the Topic ID number
Dim lngMessageID		'Holds the message ID to be edited
Dim strTopicSubject		'Holds the subject topic being replied to
Dim strReplyUsername		'Holds the repliers username or quoters username
Dim strReplyMessage		'Holds the message to be replied to or quoted
Dim lngPostUserID		'Holds the user ID of the user to post the message
Dim blnForumLocked		'Set to true if the forum is locked
Dim blnEmailNotify		'Set to true if the users want to be notified by e-mail of a post
Dim strPostPage 		'Holds the page the form is posted to
Dim intRecordPositionPageNum	'Holds the recorset page number to show the Threads for
Dim strMessage			'Holds the post message
Dim strForumName		'Holds the name of the forum
Dim intIndexPosition		'Holds the idex poistion in the emiticon array
Dim intNumberOfOuterLoops	'Holds the outer loop number for rows
Dim intLoop			'Holds the loop index position
Dim intInnerLoop		'Holds the inner loop number for columns
Dim blnTopicLocked		'Holds if the topic is locked or not
Dim intTotalRecords		'Holds the total number of records
Dim strUsername			'For login include
Dim strPassword			'For login include
Dim blnPollNoReply		'Holds if it is a poll only
Dim lngPollID			'Holds the poll ID
Dim strUploadedFiles		'Holds the names of any files or images uploaded
Dim strTopicIcon		'Holds the topic icon
Dim intEventYear		'Holds the year of Calendar event
Dim intEventMonth		'Holds the month of Calendar event
Dim intEventDay			'Holds the day of Calendar event
Dim dtmEventDate		'Holds the date if this is a calendar event
Dim dtmPostDate			'Holds the date the thread was made
Dim intEventYearEnd		'Holds the year of Calendar event
Dim intEventMonthEnd		'Holds the month of Calendar event
Dim intEventDayEnd		'Holds the day of Calendar event
Dim dtmEventDateEnd		'Holds the Calendar event date


'If the user is user is using a banned IP redirect to an error page
If bannedIP() Then
	
	'Clean up
	Call closeDatabase()
	
	'Redirect
	Response.Redirect("insufficient_permission.asp?M=IP" & strQsSID3)
End If




'Read in the message ID number to edit
lngTopicID = CLng(Request.QueryString("TID"))
lngMessageID = CLng(Request.QueryString("PID"))
If isNumeric(Request.QueryString("PN")) Then intRecordPositionPageNum = CInt(Request.QueryString("PN")) Else intRecordPositionPageNum = 1
strMode = Trim(Mid(Request.QueryString("M"), 1, 2))
If isNumeric(Request.QueryString("TR")) Then intTotalRecords = CLng(Request.QueryString("TR")) Else intTotalRecords = 1
intForumID = 0

'Set the page mode
If strMode = "Q" Then 
	strMode = "quote"
Else
	strMode = "reply"
End If

	
'Get the message from the database to reply/quote
If lngTopicID > 0 Then	
	
	'Initalise the strSQL variable with an SQL statement to get the message to be quoted
	strSQL = "SELECT" & strDBTop1 & " " & strDbTable & "Topic.Topic_ID, " & strDbTable & "Topic.Forum_ID, " & strDbTable & "Topic.Subject, " & strDbTable & "Topic.Locked, " & strDbTable & "Topic.Poll_ID, " & strDbTable & "Topic.Event_date, " & strDbTable & "Thread.Author_ID, " & strDbTable & "Thread.Message, " & strDbTable & "Thread.Message_date, " & strDbTable & "Author.Username, " & strDbTable & "GuestName.Name " & _
	"FROM (" & strDbTable & "Author" & strDBNoLock & " INNER JOIN (" & strDbTable & "Topic" & strDBNoLock & " INNER JOIN " & strDbTable & "Thread" & strDBNoLock & " ON " & strDbTable & "Topic.Topic_ID = " & strDbTable & "Thread.Topic_ID) ON " & strDbTable & "Author.Author_ID = " & strDbTable & "Thread.Author_ID) LEFT JOIN " & strDbTable & "GuestName" & strDBNoLock & " ON " & strDbTable & "Thread.Thread_ID = " & strDbTable & "GuestName.Thread_ID "  & _
	"WHERE " & strDbTable & "Topic.Topic_ID = " & lngTopicID & " " & _
	"AND " & strDbTable & "Topic.Hide = " & strDBFalse & " " & _
	"AND (" & strDbTable & "Thread.Hide = " & strDBFalse & " OR " & strDbTable & "Thread.Author_ID = " & lngLoggedInUserID & ") " & _
	"ORDER BY " & strDbTable & "Thread.Message_date DESC " & strDBLimit1 & ";"
	

'If large reply button clicked get the last thread in topic
Else
	'Initalise the strSQL variable with an SQL statement to get the message to be quoted
	strSQL = "SELECT " & strDbTable & "Topic.Topic_ID, " & strDbTable & "Topic.Forum_ID, " & strDbTable & "Topic.Subject, " & strDbTable & "Topic.Locked, " & strDbTable & "Topic.Poll_ID, " & strDbTable & "Topic.Event_date, " & strDbTable & "Thread.Author_ID, " & strDbTable & "Thread.Message, " & strDbTable & "Thread.Message_date, " & strDbTable & "Author.Username, " & strDbTable & "GuestName.Name " & _
	"FROM (" & strDbTable & "Author" & strDBNoLock & " INNER JOIN (" & strDbTable & "Topic" & strDBNoLock & " INNER JOIN " & strDbTable & "Thread" & strDBNoLock & " ON " & strDbTable & "Topic.Topic_ID = " & strDbTable & "Thread.Topic_ID) ON " & strDbTable & "Author.Author_ID = " & strDbTable & "Thread.Author_ID) LEFT JOIN " & strDbTable & "GuestName" & strDBNoLock & " ON " & strDbTable & "Thread.Thread_ID = " & strDbTable & "GuestName.Thread_ID "  & _
	"WHERE " & strDbTable & "Thread.Thread_ID = " & lngMessageID & " " &_
	"AND " & strDbTable & "Topic.Hide = " & strDBFalse & " " & _
	"AND (" & strDbTable & "Thread.Hide = " & strDBFalse & " OR " & strDbTable & "Thread.Author_ID = " & lngLoggedInUserID & ");"
End If

'Query the database
rsCommon.Open strSQL, adoCon 
	

'Read in the details from the recordset
If NOT rsCommon.EOF Then
	intForumID = CInt(rsCommon("Forum_ID"))
	strTopicSubject = rsCommon("Subject")
	blnTopicLocked = CBool(rsCommon("Locked"))
	lngTopicID = CLng(rsCommon("Topic_ID"))
	strTopicSubject = rsCommon("Subject")
	lngPostUserID = CLng(rsCommon("Author_ID"))
	strReplyUsername = rsCommon("Username")
	strReplyMessage = rsCommon("Message")
	lngPollID = CLng(rsCommon("Poll_ID"))
	If isDate(rsCommon("Event_date")) Then dtmEventDate = CDate(rsCommon("Event_date"))
	dtmPostDate = CDate(rsCommon("Message_date"))
	
	'If the post being quoted is written by a guest see if they have a name
	If lngPostUserID = 2 Then strReplyUsername = rsCommon("Name")
End If

'Clean up
rsCommon.Close


'If this is a quote setup the quote block	
If strMode = "quote" Then
		
	'Build up the quoted thread post
	strMessage = " [QUOTE=" & strReplyUsername & "] " 
	
	'Read in the quoted thread from the recordset
	strMessage = strMessage & strReplyMessage
	
	
	'Apply forum codes 
	strMessage = EditPostConvertion (strMessage)
	
	'Place the forum code for closing quote at the end	
	strMessage = strMessage & "[/QUOTE] "
End If	
	


'Clean up input to prevent XXS hack
strTopicSubject = formatInput(strTopicSubject)




'Check the forum permissions

'Initalise the strSQL variable with an SQL statement to query the database
strSQL = "" & _
"SELECT" & strDBTop1 & " " & strDbTable & "Category.Cat_ID, " & strDbTable & "Category.Cat_name, " & strDbTable & "Forum.Forum_ID, " & strDbTable & "Forum.Sub_ID, " & strDbTable & "Forum.Forum_name, " & strDbTable & "Forum2.Forum_name AS Main_forum, " & strDbTable & "Forum.Password, " & strDbTable & "Forum.Forum_code, " & strDbTable & "Forum.Locked, " & strDbTable & "Forum.Show_topics, " & strDbTable & "Permissions.* " & _
"FROM " & strDbTable & "Category" & strDBNoLock & ", " & strDbTable & "Forum" & strDBNoLock & ", " & strDbTable & "Forum AS " & strDbTable & "Forum2" & strDBNoLock & ", " & strDbTable & "Permissions" & strDBNoLock & " " & _
"WHERE " & strDbTable & "Category.Cat_ID = " & strDbTable & "Forum.Cat_ID " & _
 	"AND " & strDbTable & "Forum.Forum_ID = " & strDbTable & "Permissions.Forum_ID " & _
 	"AND (" & strDbTable & "Forum.Sub_ID = " & strDbTable & "Forum2.Forum_ID OR (" & strDbTable & "Forum.Sub_ID = 0 AND " & strDbTable & "Forum.Forum_ID = " & strDbTable & "Forum2.Forum_ID)) " & _
 	"AND " & strDbTable & "Forum.Forum_ID = " & intForumID & " " & _
 	"AND (" & strDbTable & "Permissions.Author_ID = " & lngLoggedInUserID & " OR " & strDbTable & "Permissions.Group_ID = " & intGroupID & ") " & _
"ORDER BY " & strDbTable & "Forum.Sub_ID, " & strDbTable & "Forum.Forum_Order, " & strDbTable & "Permissions.Author_ID DESC" & strDBLimit1 & ";"
	

'Query the database
rsCommon.Open strSQL, adoCon

'If there is a record returned by the recordset then check to see if you need a password to enter it
If NOT rsCommon.EOF Then

	'Read in forum details from the database
	intCatID = CInt(rsCommon("Cat_ID"))
	strCatName = rsCommon("Cat_name")
	strForumName = rsCommon("Forum_name")
	strMasterForumName = rsCommon("Main_forum")
	intMasterForumID = CLng(rsCommon("Sub_ID"))
	blnForumLocked = CBool(rsCommon("Locked"))
	
	'Read in the forum permissions
	blnRead = CBool(rsCommon("View_Forum"))
	blnReply = CBool(rsCommon("Reply_posts"))
	blnModerator = CBool(rsCommon("Moderate"))
	blnCheckFirst = CBool(rsCommon("Display_post"))
	blnEvents = CBool(rsCommon("Calendar_event"))

	'If the user has no read writes then kick them
	If blnRead = False Then
		
		'Reset Server Objects
		rsCommon.Close
		Call closeDatabase()

		'Redirect to a page asking for the user to enter the forum password
		Response.Redirect("insufficient_permission.asp" & strQsSID1)
	End If


	'If the forum requires a password and a logged in forum code is not found on the users machine then send them to a login page
	If rsCommon("Password") <> "" AND (getCookie("fID", "Forum" & intForumID) <> rsCommon("Forum_code") AND getSessionItem("Forum" & intForumID) <> rsCommon("Forum_code")) Then

		'Reset Server Objects
		rsCommon.Close
		Call closeDatabase()
		
		'Redirect to a page asking for the user to enter the forum password
		Response.Redirect("forum_password_form.asp?FID=" & intForumID & strQsSID3)
	End If
End If

'Clean up
rsCommon.Close


'Check that the poll is not a poll only and replies are allowed
If lngPollID <> 0 Then
	
	strSQL = "SELECT " & strDbTable & "Poll.Reply " & _
	"FROM " & strDbTable & "Poll" & strDBNoLock & " "  & _
	"WHERE " & strDbTable & "Poll.Poll_ID=" & lngPollID & ";"
		
	'Query the database
	rsCommon.Open strSQL, adoCon 
	
	'Read in the details from the recordset
	blnPollNoReply = CBool(rsCommon("Reply"))
	
	'Clean up
	rsCommon.Close
End If


'If this is a submission from the quick reply form to the full reply form run so extra code
If Request.Form("QR") = "1" Then
	
	'The mode is Quick Reply to Full Reply
	strMode = "QuickToFull"