new_post.asp

简单的asp论坛源码系统,很适用于初学者!界面简洁,功能齐全

	strMessage = WYSIWYGFormatPost(strMessage)

'Else standrd editor is	used so	convert	forum codes
Else
	'Call the function to format posts
	strMessage = FormatPost(strMessage)
End If


'If the user wants forum codes enabled then format the post using them
If Request.Form("forumCodes") Then strMessage = FormatForumCodes(strMessage)


'Check the message for malicious HTML code
strMessage = HTMLsafe(strMessage)


'Get rid of scripting tags in the subject
strSubject = removeAllTags(strSubject)
'strSubject = formatInput(strSubject) 'This is manily for XSS and is now done when displayed in the forum for improved searching

'If the user is in a guest then clean up their username to remove malicious code
If lngLoggedInUserID = 2 Then
	strGuestName = formatSQLInput(strGuestName)
	strGuestName = formatInput(strGuestName)
End If



'If topic icons then clean up any input
If blnTopicIcon Then
	
	'If the topic icon is not selected don't fill the db with crap and leave field empty
	If strTopicIcon = strImagePath & "blank_smiley.gif" Then strTopicIcon = ""
	
	'Clean up user input
	strTopicIcon = formatInput(strTopicIcon)
	strTopicIcon = removeAllTags(strTopicIcon)
End If
	




'********************************************
'***	Read in	poll details (if Poll)	  ***
'********************************************

'If this is a poll then read in the poll details
If strMode = "poll" AND	blnPollCreate Then

	'Read in poll question and multiple votes
	strPollQuestion	= Trim(Mid(Request.Form("pollQuestion"), 1, 70))
	blnMultipleVotes = CBool(Request.Form("multiVote"))
	blnPollReply = CBool(Request.Form("pollReply"))

	'If there is no	poll question then there initilise the error variable
	If strPollQuestion = ""	Then strReturnCode = "noPoll"

	'Clean up poll question
	strPollQuestion	= removeAllTags(strPollQuestion)


	'Loop through and read in the poll question
	For intPollChoice = 1 To intMaxPollChoices

		'ReDimension the array for the correct number of choices
		'ReDimensioning	arrays is bad for performance but usful	in this	for what I need	it for
		ReDim Preserve saryPollChoice(intPollChoice)

		'Read in the poll choice
		saryPollChoice(intPollChoice) =	Trim(Mid(Request.Form("choice" & intPollChoice), 1, 60))

		'If there is nothing in	position 1 and 2 set a return error code
		If intPollChoice < 2 AND saryPollChoice(intPollChoice) = "" Then strReturnCode = "noPoll"

		'If there is nothing in	the poll selection then	jump out the loop
		If saryPollChoice(intPollChoice) = "" Then

			'ReDimension the array for the correct number of choices
			ReDim Preserve saryPollChoice(intPollChoice - 1)

			'Exit loop
			Exit For
		End If

		'Clean up input
		saryPollChoice(intPollChoice) =	removeAllTags(saryPollChoice(intPollChoice))
	Next
End If





'******************************************
'***	     Filter Bad	Words	      *****
'******************************************

'Initalise the SQL string with a query to read in all the words	from the smut table
strSQL = "SELECT " & strDbTable & "Smut.* " & _
"FROM " & strDbTable & "Smut " & strDBNoLock & ";"

'Open the recordset
rsCommon.Open strSQL, adoCon

'Loop through all the words to check for
Do While NOT rsCommon.EOF

	'Put the bad word into a string	for imporoved perfoamnce
	strBadWord = rsCommon("Smut")
	strBadWordReplace = rsCommon("Word_replace")

	'Replace the swear words with the words	in the database	the swear words
	strSubject = Replace(strSubject, strBadWord, strBadWordReplace,	1, -1, 1)
	strMessage = Replace(strMessage, strBadWord, strBadWordReplace,	1, -1, 1)

	'If this is a poll run the poll	choices	through	the bad	word filter as well
	If strMode = "poll" Then

		'Clean up the poll question
		strPollQuestion	= Replace(strPollQuestion, strBadWord, strBadWordReplace, 1, -1, 1)

		'Loop though and check all the strings in the Poll array
		For intPollChoice = 1 To UBound(saryPollChoice)
			saryPollChoice(intPollChoice) =	Replace(saryPollChoice(intPollChoice), strBadWord, strBadWordReplace, 1, -1, 1)
		Next
	End If

	'Move to the next word in the recordset
	rsCommon.MoveNext
Loop

'Reset server varaible
rsCommon.Close





'******************************************
'***	      Anti-spam	Check		***
'******************************************

'Initalise the SQL string with a query to read in the last post	from the database
strSQL = "SELECT "
If strDatabaseType = "SQLServer" OR strDatabaseType = "Access" Then
	strSQL = strSQL & "TOP 15"
End If
strSQL = strSQL & " " & strDbTable & "Thread.Message, " & strDbTable & "Thread.Author_ID, " & strDbTable & "Thread.Message_date " & _
"FROM " & strDbTable & "Thread " & strDBNoLock & " " & _
"ORDER BY " & strDbTable & "Thread.Message_date DESC"
If strDatabaseType = "mySQL" Then
	strSQL = strSQL & " LIMIT 15"
End If
strSQL = strSQL & ";"

'Open the recordset
rsCommon.Open strSQL, adoCon

'If there is a post returned by	the recorset then check	it's not already posted	and for	spammers
If NOT rsCommon.EOF Then
	'Check the last	message	posted is not the same as the new one
	If (rsCommon("Message")	= strMessage) Then

		'Set the return	code
		strReturnCode =	"posted"
	End If

	'Check the user	hasn't posted in the last limit	set for	secounds and not more than 5 times in the last spam time limit set for minutes
	Do While NOT rsCommon.EOF AND blnAdmin = False AND lngLoggedInUserID <> 2

		'Check the user	hasn't posted in the last spam time limit set for seconds
		If rsCommon("Author_ID") = lngLoggedInUserID AND DateDiff("s", rsCommon("Message_date"), now())	< intSpamTimeLimitSeconds AND intSpamTimeLimitSeconds <> 0 Then

			'Set the return	code
			strReturnCode =	"maxS"
		End If

		'Check that the	user hasn't posted 5 posts in the spam time limit set for minutes
		If rsCommon("Author_ID") = lngLoggedInUserID AND DateDiff("n", rsCommon("Message_date"), now())	< intSpamTimeLimitMinutes AND intSpamTimeLimitMinutes <> 0 Then

			'Add 1 to the number of	posts in the last 5 minutes
			intNumOfPostsInFiveMin = intNumOfPostsInFiveMin	+ 1

			'If the	number of posts	is more	than 3 then set	the return code
			If intNumOfPostsInFiveMin = 5 Then

				'Set the return	code
				strReturnCode =	"maxM"
			End If
		End If

		'Move to the next post
		rsCommon.MoveNext
	Loop
End If

'Clean up
rsCommon.Close





'**********************************************
'***  If input problems	send to	error page  ***
'**********************************************

'If there is a return code then	this post is not valid so redirect to error page
If strReturnCode <> "" Then

	'Clean up
	Call closeDatabase()

	'Redirect to error page
	Response.Redirect("not_posted.asp?mode=" & strReturnCode & strQsSID3)
End If




'********************************************
'***		  Save new Poll		  ***
'********************************************

'If this is a poll then save the poll to the database
If strMode = "poll" AND	blnPollCreate Then

	'********************************************
	'***	     Save poll question		  ***
	'********************************************

	'Initalise the SQL string with a query to get the poll last poll details to get the poll ID number in next (use nolock as this is a new insert so a dirty read is OK)
	strSQL = "SELECT" & strDBTop1 & " " & strDbTable & "Poll.* " & _
	"FROM " & strDbTable & "Poll" & strRowLock & " " & _
	"ORDER BY " & strDbTable & "Poll.Poll_ID DESC" & strDBLimit1 & ";"

	With rsCommon
		'Set the cursor	type property of the record set	to Dynamic so we can navigate through the record set
		.CursorType = 2

		'Set the Lock Type for the records so that the record set is only locked when it is updated
		.LockType = 3

		'Open the author table
		.Open strSQL, adoCon

		'Insert	the new	poll question in the recordset
		.AddNew

		'Update	recordset
		.Fields("Poll_question") = strPollQuestion
		.Fields("Multiple_votes") = blnMultipleVotes
		.Fields("Reply") = blnPollReply

		'Update	the database with the new poll question
		.Update

		'Re-run	the Query once the database has	been updated to get the poll's ID number
		.Requery

		'Read in the new poll's ID number
		lngPollID = CLng(rsCommon("Poll_ID"))

		'Clean up
		.Close
	End With


	'********************************************
	'***	      Save poll	choices		  ***
	'********************************************

	'Initalise the SQL string with a query to get the choice (use nolock as this is a new insert so a dirty read is OK)
	strSQL = "SELECT " & strDbTable & "PollChoice.* " & _
	"FROM " & strDbTable & "PollChoice" & strRowLock & " " & _
	"WHERE " & strDbTable & "PollChoice.Poll_ID=0;"

	With rsCommon
		'Set the cursor	type property of the record set	to Dynamic so we can navigate through the record set
		.CursorType = 2

		'Set the Lock Type for the records so that the record set is only locked when it is updated
		.LockType = 3

		'Open the author table
		.Open strSQL, adoCon

		'Add the new poll choices to recordset
		For intPollChoice = 1 To UBound(saryPollChoice)
		
			'Insert	the new	poll choices in	the recordset
			.AddNew

			'Update	recordset
			.Fields("Poll_ID") = lngPollID
			.Fields("Choice") = saryPollChoice(intPollChoice)
		Next

		'Update	the database with the new poll choices
		.Update

		'Clean up
		.Close
	End With

	'Change	the mode to new	to save	the new	polls post message
	strMode = "new"
End If





'******************************************
'***	 Save new topic	subject		***
'******************************************

'If this is a new topic	then save the new subject heading and read back	the new	topic ID number
If strMode = "new" AND (blnPost OR blnPollCreate OR (blnAdmin OR blnModerator)) Then

	'Initalise the SQL string with a query to get the Topic	details
	strSQL = "SELECT" & strDBTop1 & " " & strDbTable & "Topic.Topic_ID, " & strDbTable & "Topic.Forum_ID, " & strDbTable & "Topic.Poll_ID, " & strDbTable & "Topic.Icon, " & strDbTable & "Topic.Subject, " & strDbTable & "Topic.Priority, " & strDbTable & "Topic.Hide, " & strDbTable & "Topic.Event_date, " & strDbTable & "Topic.Event_date_end " & _
	"FROM " & strDbTable & "Topic" & strRowLock & " " & _
	"WHERE " & strDbTable & "Topic.Forum_ID = " & intForumID & " "  & _
	"ORDER BY " & strDbTable & "Topic.Topic_ID DESC" & strDBLimit1 & ";"

	With rsCommon
		'Set the cursor	type property of the record set	to Dynamic so we can navigate through the record set
		.CursorType = 2

		'Set the Lock Type for the records so that the record set is only locked when it is updated
		.LockType = 2

		'Open the author table
		.Open strSQL, adoCon
		
		'Set error trapping
		On Error Resume Next

		'Insert	the new	topic details in the recordset
		.AddNew

		'Update	recordset
		.Fields("Forum_ID") = intForumID
		.Fields("Poll_ID") = lngPollID
		If blnTopicIcon Then .Fields("Icon") = strTopicIcon
		.Fields("Subject") = strSubject
		.Fields("Priority") = intPriority
		.Fields("Hide") = blnCheckFirst
		'If Calendar events allowed save 'em
		If blnCalendar AND blnEvents Then .Fields("Event_date") = dtmEventDate
		If blnCalendar AND blnEvents Then .Fields("Event_date_end") = dtmEventDateEnd

		'Update	the database with the new topic	details
		.Update
		
		'If an error has occurred write an error to the page
		If Err.Number <> 0 Then	Call errorMsg("An error has occurred while writing to the database.", "save_new_topic_data", "new_post.asp")
				
		'Disable error trapping
		On Error goto 0

		'Re-run	the Query once the database has	been updated
		.Requery

		'Read in the new topic's ID number
		lngTopicID = CLng(rsCommon("Topic_ID"))

		'Set the rerun page properties
		intReturnPageNum = 1

		'Clean up
		.Close
	End With
End If