photoshow.asp

一套非常实用的博客源代码,功能全,界面简单易用.

<!--#include file="commond.asp" -->
<!--#include file="include/function.asp" -->
<!--#include file="include/ubbcode.asp" -->
<!--#include file="include/md5code.asp" -->
<!--#include file="header.asp" -->
<table width="780" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#ffffff">
  <tr>
	<td>
<%IF Request.QueryString("action")="postcomm" Then
	Dim ph_commID,msg_Title,msg_Content
	ph_commID=Request.Form("ph_commID")
	dim server_v1,server_v2
	server_v1=Cstr(Request.ServerVariables("HTTP_REFERER"))
	server_v2=Cstr(Request.ServerVariables("SERVER_NAME"))
	if mid(server_v1,8,len(server_v2))<>server_v2 then
	   Response.write"<script>alert(""你提交的路径有误，禁止从站点外部提交数据请不要乱该参数！"");history.go(-1);</script>"
	   Response.end
	elseIf IsInteger(ph_commID)=False Then
		Response.Write("<script>alert(""参数出现错误"");history.go(-1);</script>")
		Response.End
	ElseIf (memStatus<>"SupAdmin" And memStatus<>"Admin") And DateDiff("s",Request.Cookies(CookieName)("memLastPost"),Now())<10 Then
		Response.Write("<script>alert(""你发表评论速度太快了,请10秒后再操作!"");history.go(-1);</script>")
		Response.End
	Else
	  	Dim comm_LogQuery,comm_LogISOK
		Set comm_LogQuery=znwl.ExeCute("SELECT ph_DisComm FROM Photo WHERE ph_ID="&ph_commID&"")
		IF comm_LogQuery.EOF AND comm_LogQuery.BOF Then
			comm_LogISOK=1
		Else
			IF comm_LogQuery(0)=True Then
				comm_LogISOK=2
			End IF
		End IF
		Set comm_LogQuery=Nothing
		Dim comm_AllreadyMem,comm_AllreadyMemErr
		Set comm_AllreadyMem=Server.CreateObject("ADODB.RecordSet")
		SQL="SELECT mem_Name,mem_Password,mem_Status,mem_LastIP FROM blog_Member WHERE mem_Name='"&CheckStr(Request.Form("username"))&"'"
		comm_AllreadyMem.Open SQL,znwl,1,3
		SQLQueryNums=SQLQueryNums+1
		IF comm_AllreadyMem.EOF AND comm_AllreadyMem.BOF Then
			comm_AllreadyMemErr=0
		ElseIF comm_AllreadyMem("mem_Password")=MD5(CheckStr(Request.Form("mem_Password"))) Then
			Response.Cookies(CookieName)("memName")=comm_AllreadyMem("mem_Name")
			Response.Cookies(CookieName)("memPassword")=comm_AllreadyMem("mem_Password")
			Response.Cookies(CookieName)("memStatus")=comm_AllreadyMem("mem_Status")
			memName=comm_AllreadyMem("mem_Name")
			comm_AllreadyMem("mem_LastIP")=Guest_IP
			comm_AllreadyMem.Update
			comm_AllreadyMemErr=2
		Else
			comm_AllreadyMemErr=1
		End IF
		comm_AllreadyMem.Close
		Set comm_AllreadyMem=Nothing
		IF CheckStr(Request.Form("message"))=Empty OR CheckStr(Request.Form("username"))=Empty Then
			Response.Write("<script>alert(""请将必须信息填写完整!"");history.go(-1);</script>")
			Response.End
		ElseIF Len(CheckStr(Request.Form("message")))>1008 OR Len(CheckStr(Request.Form("message")))<5 Then
			Response.Write("<script>alert(""评论内容不能少于5个字符或超过1008个字符!"");history.go(-1);</script>")
			Response.End
		ElseIF Len(CheckStr(Request.Form("username")))>12 OR Len(CheckStr(Request.Form("username")))<2 Then
			Response.Write("<script>alert(""用户名长度不能少于2或者大于10个字符，5个汉字!"");history.go(-1);</script>")
			Response.End
		ElseIF IsValidUserName(CheckStr(Request.Form("username")))=False Then
			Response.Write("<script>alert(""用户名中含有非法字符!"");history.go(-1);</script>")
			Response.End
		ElseIF memName=Empty AND comm_AllreadyMemErr=1 Then
			Response.Write("<script>alert(""很遗憾，你所使用的用户名已经注册!"");history.go(-1);</script>")
			Response.End
		ElseIF comm_LogISOK=1 Then
			Response.Write("<script>alert(""对不起，你所要评论的不存在或已删除!"");history.go(-1);</script>")
			Response.End
		ElseIF Not(memStatus="SupAdmin" OR memStatus="Admin") AND comm_LogISOK=2 Then
			Response.Write("<script>alert(""对不起，你所评论的日志不允许发表评论!"");history.go(-1);</script>")
			Response.End
		'屏蔽无聊链接(2002/03/17)
		ElseIF Strurls(Request.Form("message"),"[url")>MaxUrl or Strurls(Request.Form("message"),"http://")>MaxHttp then 
			Response.Write("<script>alert(""您输入的内容有非法链接\n只能有两个连接\n请返回重新输入"");history.go(-1);</script>")
			Response.End
		Else
			Dim comm_Content,comm_memName,comm_DisSM,comm_DisUBB,comm_DisIMG,comm_AutoURL,comm_AutoKEY,comm_memFace,comm_Hide
			comm_Content=CheckStr(Request.Form("message"))
			comm_memName=CheckStr(Request.Form("username"))
			comm_Hide=Request.Form("hidden_message")
			'comm_memFace=CheckStr(Request.Form("userface"))
			IF comm_Hide=Empty Then comm_Hide=1
			IF memName=Empty And comm_AllreadyMemErr<>2 Then
				Dim SaveMem,comm_memPassword
				SaveMem=Request.Form("SaveMem")
				comm_memPassword=MD5(CheckStr(Request.Form("mem_Password")))
				IF SaveMem=1 Then
					znwl.ExeCute("INSERT INTO blog_Member(mem_Name,mem_Password,mem_LastIP) VALUES ('"&comm_memName&"','"&comm_memPassword&"','"&Guest_IP&"')")
					znwl.ExeCute("UPDATE blog_Info SET blog_MemNums=blog_MemNums+1")
					SQLQueryNums=SQLQueryNums+2
					Response.Cookies(CookieName)("memName")=comm_memName
					Response.Cookies(CookieName)("memPassword")=comm_memPassword
					Response.Cookies(CookieName)("memStatus")="Member"
				End IF
				znwl.ExeCute("INSERT INTO photo_Comment(ph_ID,comm_Content,comm_Author,comm_Hide,comm_PostIP) VALUES ("&ph_commID&",'"&comm_Content&"','"&comm_memName&"',"&comm_Hide&",'"&Guest_IP&"')")
				SQLQueryNums=SQLQueryNums+1
			Else
				znwl.ExeCute("INSERT INTO photo_Comment(ph_ID,comm_Content,comm_Author,comm_Hide,comm_PostIP) VALUES ("&ph_commID&",'"&comm_Content&"','"&memName&"',"&comm_Hide&",'"&Guest_IP&"')")
				SQLQueryNums=SQLQueryNums+1
			End IF
			Application.Lock
			'Application.Contents(CookieName&"_Photo_LastComm") = ""
			Application.UnLock
			znwl.ExeCute("UPDATE Photo SET ph_Comments=ph_Comments+1 WHERE ph_ID="&ph_commID&"")
			SQLQueryNums=SQLQueryNums+1
			Response.Cookies(CookieName)("memLastpost")=Now()
			Response.Write("<script>alert(""发表成功,谢谢参与!"");document.location.href=""photoshow.asp?photoID="&ph_commID&"#comment"";</script>")
		End If
	End If
ElseIF Request.QueryString("action")="delecomm" Then
	IF IsInteger(Request.QueryString("commID"))=False OR IsInteger(Request.QueryString("photoID"))=False Then
		Response.Write("<script>alert(""参数出现错误"");history.go(-1);</script>")
		Response.End
	Else
		Dim ph_AuthorQuery
		Set ph_AuthorQuery=znwl.ExeCute("SELECT ph_Author FROM Photo WHERE ph_ID="&CheckStr(Request.QueryString("photoID")))
		SQLQueryNums=SQLQueryNums+1
		IF ph_AuthorQuery.EOF AND ph_AuthorQuery.BOF Then
			Response.Write("<script>alert(""参数出现错误"");history.go(-1);</script>")
			Response.End
		Else
			IF Not (memStatus="SupAdmin" OR (memStatus="Admin" And memName=ph_AuthorQuery(0))) Then
				Response.Write("<script>alert(""你没有权限删除!"");history.go(-1);</script>")
			Else
				Dim dele_Comm
				Set dele_Comm=znwl.ExeCute("SELECT ph_ID,comm_Author FROM photo_Comment WHERE comm_ID="&CheckStr(Request.QueryString("commID")))
				SQLQueryNums=SQLQueryNums+1
				IF dele_Comm.EOF AND dele_Comm.BOF Then
					Response.Write("<script>alert(""没有找到指定数据!"");history.go(-1);</script>")
				Else
					znwl.ExeCute("UPDATE photo SET ph_Comments=ph_Comments-1 WHERE ph_ID="&dele_Comm("ph_ID"))
					znwl.Execute("DELETE * FROM photo_Comment WHERE comm_ID="&CheckStr(Request.QueryString("commID")))
					SQLQueryNums=SQLQueryNums+4
					Application.Lock
					'Application.Contents(CookieName&"_blog_DelPhComm") = ""
					Application.UnLock
					Response.Write("<script>alert(""删除成功!"");document.location.href=""photoshow.asp?photoID="&CheckStr(Request.QueryString("photoID"))&""";</script>")
				End IF
				Set dele_Comm=Nothing
			End IF
		End IF
		Set ph_AuthorQuery=Nothing
	End IF
ElseIf Request.QueryString("action")="postvote" Then
	Dim voteNums,formV,VoteNum0,VoteNum1,VoteNum2,VoteNum3,VoteNum4
	ph_commID=Request.Form("ph_commID")
	voteNums=Request.Form("voteNums")
	voteNum0=Request.Form("voteNum0")
	voteNum1=Request.Form("voteNum1")
	voteNum2=Request.Form("voteNum2")
	voteNum3=Request.Form("voteNum3")
	voteNum4=Request.Form("voteNum4")
	Dim ph_Vote
	select case voteNums
		case "1"
			voteNum0 = (cint(voteNum0)+1)
		case "2"
			voteNum1 = (cint(voteNum1)+1)
		case "3"
			voteNum2 = (cint(voteNum2)+1)
		case "4"
			voteNum3 = (cint(voteNum3)+1)
		case "5"
			voteNum4 = (cint(voteNum4)+1)
	end select
	ph_Vote = voteNum0 & "|" & voteNum1 & "|" & voteNum2 & "|" & voteNum3 & "|" & voteNum4
	If voteNums=Empty Or voteNums=0 Then
		Response.Write("<script>alert(""请点击分数选项!"");history.go(-1);</script>")
		Response.End
	ElseIf DateDiff("s",Request.Cookies(CookieName)("ph_Votepost"&ph_commID&""&ph_commID&""),Now())<43200 Then
		Response.Write("<script>alert(""你已打过分了,谢谢关注!"");history.go(-1);</script>")
		Response.End
	Else
		znwl.ExeCute("UPDATE Photo SET ph_Vote='"&ph_Vote&"' WHERE ph_ID="&ph_commID&"")
		SQLQueryNums=SQLQueryNums+1
		Response.Cookies(CookieName)("ph_Votepost"&ph_commID&""&ph_commID&"")=Now()
		Response.Write("<script>alert(""打分成功,谢谢关注!"");document.location.href=""photoshow.asp?photoID="&ph_commID&"#vote"";</script>")
	End If
Else

	Dim PhotoID
	PhotoID=CheckStr(Trim(Request.QueryString("PhotoID")))
	If Not IsInteger(PhotoID) Then PhotoID=0
	IF PhotoID=Empty Then
		Response.Write("<div align='center'><h4>参数错误,请不要乱提交数据!</h4><br /><br /><a href=""javascript:history.go(-1)"">返回上一页</a> 或 <a href=""default.asp"">返回首页</a></div>")
	Else
		Dim Ph_Show
		Set Ph_Show=Server.CreateObject("ADODB.RecordSet")
		SQL="SELECT * FROM Photo WHERE ph_ID="&PhotoID&""
		Ph_Show.Open SQL,znwl,1,3
		If Ph_Show.BOF AND Ph_Show.EOF Then
			Response.Write("<div align='center'><h4>参数错误,没有找到数据!</h4><br /><br /><a href=""javascript:history.go(-1)"">返回上一页</a> 或 <a href=""default.asp"">返回首页</a></div>")
		Else
			Dim phid,phCateIDz,phvote,Ph_Images,n,TotalNum,photoImage,photo_Prev,photo_Next
			phid=Ph_Show("ph_ID")
			phCateID=Ph_Show("ph_CateID")
			phvote=split(Ph_Show("ph_Vote"),"|")
			Ph_Images=split(Ph_Show("ph_Image"),vbcrlf)
			TotalNum = 0
			'计算投票总数
			for n = 0 to 4
				TotalNum = phvote(n) + TotalNum
			next
			Dim ph_Next
			Set ph_Next=znwl.Execute("SELECT TOP 1 ph_ID,ph_Name FROM Photo WHERE ph_ID>"&PhotoID&" ORDER BY ph_ID ASC")
			SQLQueryNums=SQLQueryNums+1
			If ph_Next.EOF AND ph_Next.BOF Then
				photo_Next=""
			Else
				photo_Next="&nbsp;&nbsp;&nbsp;&nbsp;<a href=""photoshow.asp?photoID="&ph_Next(0)&""" title=""下一张"">"&ph_Next(1)&"</a> >>"
			End If
			ph_Next.close
			Set ph_Next=Nothing
			
			Dim ph_Prev
			Set ph_Prev=znwl.Execute("SELECT TOP 1 ph_ID,ph_Name FROM Photo WHERE ph_ID<"&PhotoID&" ORDER BY ph_ID DESC")
			SQLQueryNums=SQLQueryNums+1
			If ph_Prev.EOF AND ph_Prev.BOF Then
				photo_Prev=""
			Else
				photo_Prev="<< <a href=""photoshow.asp?photoID="&ph_Prev(0)&""" title=""上一张"">"&ph_Prev(1)&"</a>&nbsp;&nbsp;&nbsp;&nbsp;"
			End If
			ph_Prev.close
			Set ph_Prev=Nothing