pm_new_message.asp

简单的asp论坛源码系统,很适用于初学者!界面简洁,功能齐全

<% @ Language=VBScript %>
<% Option Explicit %>
<!--#include file="common.asp" -->
<!--#include file="language_files/pm_language_file_inc.asp" -->
<!--#include file="functions/functions_format_post.asp" -->
<!--#include file="includes/emoticons_inc.asp" -->
<!--#include file="functions/functions_send_mail.asp" -->
<%
'****************************************************************************************
'**  Copyright Notice    
'**
'**  Web Wiz Forums(TM)
'**  http://www.webwizforums.com
'**                            
'**  Copyright (C)2001-2008 Web Wiz(TM). All Rights Reserved.
'**  
'**  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS UNDER LICENSE FROM 'WEB WIZ'.
'**  
'**  IF YOU DO NOT AGREE TO THE LICENSE AGREEMENT THEN 'WEB WIZ' IS UNWILLING TO LICENSE 
'**  THE SOFTWARE TO YOU, AND YOU SHOULD DESTROY ALL COPIES YOU HOLD OF 'WEB WIZ' SOFTWARE
'**  AND DERIVATIVE WORKS IMMEDIATELY.
'**  
'**  If you have not received a copy of the license with this work then a copy of the latest
'**  license contract can be found at:-
'**
'**  http://www.webwizguide.com/license
'**
'**  For more information about this software and for licensing information please contact
'**  'Web Wiz' at the address and website below:-
'**
'**  Web Wiz, Unit 10E, Dawkins Road Industrial Estate, Poole, Dorset, BH15 4JD, England
'**  http://www.webwizguide.com
'**
'**  Removal or modification of this copyright notice will violate the license contract.
'**
'****************************************************************************************



'*************************** SOFTWARE AND CODE MODIFICATIONS **************************** 
'**
'** MODIFICATION OF THE FREE EDITIONS OF THIS SOFTWARE IS A VIOLATION OF THE LICENSE  
'** AGREEMENT AND IS STRICTLY PROHIBITED
'**
'** If you wish to modify any part of this software a license must be purchased
'**
'****************************************************************************************





'Set the buffer to true
Response.Buffer = True

'Declare variables
Dim strToUsername	'Holds the username the pm message is sent to
Dim lngToUserID		'Holds author id of the person who the pm is for
Dim strSubject		'Holds the subject of the pm
Dim strMessage		'Holds the pm
Dim blnReadEmailNotify	'Holds if the user is to be notified when the message is read
Dim blnToUsernameOK	'Set to false if the to username is not found
Dim blnMaxPMsOK		'Set to false if the max number of private messages is exceeded
Dim blnMessageSent	'Set to true if the message is already sent
Dim strEmailSubject	'Holds the subject of the e-mail
Dim strEmailBody	'Holds the body of the e-mail message
Dim blnEmailSent	'set to true if an e-mail is sent
Dim blnBlocked		'Set to true if the user is blocked from messaging this person
Dim blnNoSubject	'Set to true if there is no subject to the PM
Dim strToEmail		'To email address
Dim blnPMNotify		'Set to true if the user wants notifying by emial
Dim intTmpPMno		'Temporary store for PM number the user has
Dim blnFloodControl	'Set to tru if flood control has been exceeded
Dim dtmFloodControlDate	'Holds the flood control date for the database search
Dim intSentPMs 		'Holds the number of PM sent
Dim lngPmMessageID	'Holds the new message ID



'Initilaise varaibles
blnToUsernameOK = False
blnMaxPMsOK = False
blnMessageSent = False
blnBlocked = False
blnNoSubject = False
blnFloodControl = False



'If the user is user is using a banned IP redirect to an error page
If bannedIP() Then
	
	'Clean up
	Call closeDatabase()

	'Redirect
	Response.Redirect("insufficient_permission.asp?M=IP" & strQsSID3)

End If


'If Priavte messages are not on then send them away
If blnPrivateMessages = False OR blnACode Then

	'Clean up
	Call closeDatabase()

	'Redirect
	Response.Redirect("default.asp" & strQsSID1)
End If


'If the user is not allowed then send them away
If intGroupID = 2 OR blnActiveMember = False OR blnBanned Then
	
	'Clean up
	Call closeDatabase()

	'Redirect
	Response.Redirect("insufficient_permission.asp" & strQsSID1)
End If


'Read in the details for the pm
strSubject = Trim(Mid(Request.Form("subject"), 1, 41))
strMessage = Request.Form("Message")
blnReadEmailNotify = CBool(Request.Form("email"))
strToUsername = Trim(Mid(Request.Form("member"), 1, 25))


'If the buddy text box is empty then read in the buddy from the list box
If strToUsername = "" Then strToUsername = Trim(Mid(Request.Form("selectMember"), 1, 15))

'Run the to username through the same SQL filer it was created under otherwise it may not match
strToUsername = formatSQLInput(strToUsername)

'If there is no subject or message then don't post the message as won't be able to link to it
If strSubject = "" OR strMessage = "" Then blnNoSubject = True

'Get rid of scripting tags in the subject
strSubject = removeAllTags(strSubject)



'Check that the user the pm is being sent to exisits

'Initalise the SQL string with a query to read in the dteails of who the PM is to
strSQL = "SELECT " & strDbTable & "Author.Author_ID, " & strDbTable & "Author.Username, " & strDbTable & "Author.Author_email, " & strDbTable & "Author.PM_notify " & _
"FROM " & strDbTable & "Author" & strDBNoLock & " " & _
"WHERE " & strDbTable & "Author.Username = '" & strToUsername & "';"

'Open the recordset
rsCommon.Open strSQL, adoCon

'If the to buddy is found in the database run the rest of the code
If NOT rsCommon.EOF Then

	'Username found so set to true
	blnToUsernameOK = True

	'Get details of who the PM is to
	lngToUserID = CLng(rsCommon("Author_ID"))
	strToEmail = rsCommon("Author_email")
	blnPMNotify = CBool(rsCommon("PM_notify"))


	'Don't let user send private message to guest account
	If (lngToUserID = 2 OR intGroupID = 2) Then blnBlocked = True

	'Close the recordset
	rsCommon.Close



	'Check the user is not blocked from messaging this person

	'Initalise the SQL string with a query to read count the number of pm's the user has recieved
	strSQL = "SELECT " & strDbTable & "BuddyList.Buddy_ID " & _
	"FROM " & strDbTable & "BuddyList" & strDBNoLock & " " & _
	"WHERE " & strDbTable & "BuddyList.Block = " & strDBTrue & " " & _
		"AND " & strDbTable & "BuddyList.Buddy_ID = " & lngLoggedInUserID & " " & _
		"AND " & strDbTable & "BuddyList.Author_ID = " & lngToUserID & ";"

	'Open the recordset
	rsCommon.Open strSQL, adoCon

	'If a record is returned then this user is blocked from messaging this person so don't send the pm, unless this is the forum admin
	If NOT rsCommon.EOF AND blnAdmin = False Then blnBlocked = True

	'Clean up
	rsCommon.Close




	'Check the user has not exceeded there allowed amount of private messages

	'Initalise the SQL string with a query to read count the number of pm's the user has recieved
	strSQL = "SELECT Count(" & strDbTable & "PMMessage.PM_ID) AS CountOfPM " & _
	"FROM " & strDbTable & "PMMessage" & strDBNoLock & " " & _
	"WHERE " & strDbTable & "PMMessage.Author_ID = " & lngToUserID & ";"

	'Open the recordset
	rsCommon.Open strSQL, adoCon

	'If there are records returned and the num of pm's is less than max alloed set blnMaxPMsOK to true
	If NOT rsCommon.EOF Then
		If (CInt(rsCommon("CountOfPM")) < intNumPrivateMessages) OR lngLoggedInUserID = 1 OR lngToUserID = 1 Then blnMaxPMsOK = True
	'Else if no records returened they have no pm's set set blnMaxPMsOK to true anyway (it's intilised to false at the top)
	Else
		blnMaxPMsOK = True
	End If

	'Relese sever objects
	rsCommon.Close
	
	
	
	
	'PM Flood control, make sure the user has not sent to many PM's
	If blnAdmin = False Then
		
		'Get the date with 1 hour taken off
		dtmFloodControlDate = internationalDateTime(DateAdd("h", -1, now()))
		
		'SQL Server doesn't like ISO dates with '-' in them, so remove the '-' part
		If strDatabaseType = "SQLServer" Then dtmFloodControlDate = Replace(dtmFloodControlDate, "-", "", 1, -1, 1)
	
		'Place the date in SQL safe # or '
		If strDatabaseType = "Access" Then
			dtmFloodControlDate = "#" & dtmFloodControlDate & "#"
		Else
			dtmFloodControlDate = "'" & dtmFloodControlDate & "'"
		End If
	
		'Initalise the SQL string with a query to read count the number of pm's the user has recieved
		strSQL = "SELECT Count(" & strDbTable & "PMMessage.PM_ID) AS CountOfSentPM " & _
		"FROM " & strDbTable & "PMMessage" & strDBNoLock & " " & _
		"WHERE " & strDbTable & "PMMessage.From_ID = " & lngLoggedInUserID & " " & _
			"AND " & strDbTable & "PMMessage.PM_Message_Date >= " & dtmFloodControlDate & ";"
	
		'Open the recordset
		rsCommon.Open strSQL, adoCon
	
		'If the user has exceeded the number of sent PM's in this hour don't let them send the PM
		If NOT rsCommon.EOF Then
			intSentPMs = CInt(rsCommon("CountOfSentPM"))
			
			If intSentPMs >= intPmFlood Then blnFloodControl = True
		End If

		'Relese sever objects
		rsCommon.Close
	End If
Else

	'Clean up
	rsCommon.Close
End If







'If the user to send to is found and they don't exceed max num of pm's (unless the sender is admin) then send the pm
If blnToUsernameOK AND blnMaxPMsOK AND blnBlocked = False AND blnNoSubject = False AND blnFloodControl = False Then

	'Place format posts posted with the WYSIWYG Editor
	If Request.Form("browser") = "RTE" Then

		'Call the function to format WYSIWYG posts
		strMessage = WYSIWYGFormatPost(strMessage)