#forget.mo

WAPmo手机网站管理平台是一款创建与管理维护WAP网站的的软件产品

Option Explicit

TBBS.AddLang "common|head|foot|error|forget"
TBBS.SetNodes "env|user"

TBBS.AddNav "", TBBS.Lang("retake")
TBBS.Page("name") = TBBS.GetNav()
TBBS.AddOnline 0, TBBS.Page("name")

TBBS.Vars("skin") = "default"
TBBS.GetReferer

Dim clsRetake
Call main

Private Sub doGet()
    If ForbidRetake() Then Exit Sub
    TBBS.Vars("state") = 0
    TBBS.Vars("step") = 1
    TBBS.Vars("retake_step") = TBBS.Lang("retake_step" & TBBS.Vars("step"))
End Sub

Private Function ForbidRetake()
    Dim ret
    ret = True
    If Not InString("qa|email", TBBS.Env("retake"), True) Then
        TBBS.AddError "forbid_retake", Array()
    ElseIf TBBS.Env("retake") = "email" Then
        If TBBS.Env("smtp_server") = "" Or TBBS.Env("smtp_username") = "" Or TBBS.Env("smtp_password") = "" Then
            TBBS.AddError "retake_missing_smtp", Array()
        Else
            ret = False
        End If
    Else
        ret = False
    End If
    ForbidRetake = ret
End Function

Private Sub doPost()
    If ForbidRetake() Then Exit Sub
    Set clsRetake = MyKernel.Command("WM_RETAKE")
    TBBS.Vars("state") = 1
    TBBS.Vars("step") = atoi(MyIO.Form("step"))
    Select Case TBBS.Vars("step")
    Case 1
        Call doPostStep1
    Case 2
        Call doPostStep2
    Case Else
        TBBS.AddError "invalid_handle", Array()
    End Select
    Set clsRetake = Nothing
    TBBS.Vars("retake_step") = TBBS.Lang("retake_step" & TBBS.Vars("step"))
End Sub

Private Sub doPostStep1()
    Dim clsCmd, strSQL
    TBBS.Vars("username") = Trim(MyIO.Form("username"))
    If Not TBBS.CheckValidate("retake") Then
        TBBS.AddHint "invalid_validate", Array()
    ElseIf TBBS.Vars("username") = "" Then
        TBBS.AddHint "empty_username", Array()
    ElseIf Not ValidRetake() Then
        'pass
    Else
        strSQL = "USERNAME='$(UserName)'"
        strSQL = Replace(strSQL, "$(UserName)", SafeString(TBBS.Vars("username")))
        Set clsCmd = MyKernel.Command(T_USER)
        clsCmd.CommandType = "SELECT"
        clsCmd.Column = "SEQID,USERNAME,QUESTION,ANSWER,EMAIL"
        clsCmd.Where = strSQL
        If Not clsCmd.Exec Then
            Call AddRetake("failed")
            TBBS.AddHint "missing_username", Array()
        ElseIf TBBS.Env("retake") = "qa" Then
            If clsCmd("question") = "" Or clsCmd("answer") = "" Then
                Call AddRetake("failed")
                TBBS.AddError "missing_qa", Array()
            Else
                Session("RETAKE_SEQID") = clsCmd("seqid")
                Session("RETAKE_USERNAME") = clsCmd("username")
                Session("RETAKE_QUESTION") = clsCmd("question")
                Session("RETAKE_ANSWER") = clsCmd("answer")
                TBBS.Vars("state") = 2
                TBBS.Vars("step") = 2
                TBBS.Vars("question") = clsCmd("question")
            End If
        ElseIf TBBS.Env("retake") = "email" Then
            If clsCmd("email") = "" Then
                Call AddRetake("failed")
                TBBS.AddError "missing_email", Array()
            Else
                TBBS.Vars("state") = 100
                TBBS.Vars("passwd") = GetRandom(10)
                If Not TBBS.SendEmail(clsCmd("email"), GetEmailSubject(), GetEmailBody()) Then
                    TBBS.AddHint "send_retake_email_failed", Array()
                Else
                    TBBS.AddHint "send_retake_email_ok", Array()
                    clsCmd.CommandType = "UPDATE"
                    clsCmd.Where = "seqid=" & clsCmd("seqid")
                    clsCmd.Add "passwd", MD5(TBBS.Vars("passwd"))
                    clsCmd.Exec
                End If
                Call AddRetake("total")
            End If
        End If
        Set clsCmd = Nothing
    End If
    Session.Contents.Remove "Validate"
End Sub

Private Function ValidRetake()
    Dim strSQL
    Dim ret
    ret = False
    strSQL = "INIP='$(IP)'"
    strSQL = Replace(strSQL, "$(IP)", MyIO.Env("REMOTE_ADDR"))
    If Not clsRetake.Exec("*", strSQL) Then
        ret = True
    ElseIf clsRetake("intime") < TBBS.Vars("date") Then
        ret = True
    ElseIf clsRetake("failed") >= atoi(TBBS.Env("retake_failed")) Then
        TBBS.AddError "retake_failed_too_much", Array()
    ElseIf clsRetake("total") >= atoi(TBBS.Env("retake_total")) Then
        TBBS.AddError "retake_total_too_much", Array()
    Else
        ret = True
    End If
    ValidRetake = ret
End Function

Private Sub AddRetake(ByVal strName)
    If clsRetake("inip") = "" Then
        clsRetake(strName) = 1
        clsRetake.CommandType = "INSERT"
        clsRetake.Add "inip", MyIO.Env("REMOTE_ADDR")
        clsRetake.Add strName, clsRetake(strName)
        clsRetake.Add IIf(strName = "failed", "total", "failed"), 0
        clsRetake.Add "intime", TBBS.Vars("time")
        clsRetake.Exec
    ElseIf clsRetake("intime") < TBBS.Vars("date") Then
        clsRetake(strName) = 1
        clsRetake.CommandType = "UPDATE"
        clsRetake.Where = "inip='" & clsRetake("inip") & "'"
        clsRetake.Add strName, clsRetake(strName)
        clsRetake.Add IIf(strName = "failed", "total", "failed"), 0
        clsRetake.Add "intime", TBBS.Vars("time")
        clsRetake.Exec
    Else
        clsRetake(strName) = clsRetake(strName) + 1
        clsRetake.CommandType = "UPDATE"
        clsRetake.Where = "inip='" & clsRetake("inip") & "'"
        clsRetake.Add strName, clsRetake(strName)
        clsRetake.Add "intime", TBBS.Vars("time")
        clsRetake.Exec
    End If
    TBBS.Vars("total") = atoi(TBBS.Env("retake_failed")) - clsRetake(strName)
End Sub

Private Function GetEmailSubject()
    Dim ret
    ret = TBBS.Env("retake_subject")
    ret = Replace(ret, "[bbs_name]", TBBS.Env("bbs_name"))
    GetEmailSubject = ret
End Function

Private Function GetEmailBody()
    Dim ret
    ret = MyKernel.Resource("moex.twinbbs.retake")
    ret = Replace(ret, "[bbs_name]", TBBS.Env("bbs_name"))
    ret = Replace(ret, "[username]", TBBS.Vars("username"))
    ret = Replace(ret, "[password]", TBBS.Vars("passwd"))
    ret = Replace(ret, "[host]", MyIO.Env("HTTP_HOST"))
    ret = Replace(ret, "[time]", FormatTime(Now(), "Y-m-d"))
    GetEmailBody = ret
End Function

Private Sub doPostStep2()
    Dim strSQL
    TBBS.Vars("question") = Session("RETAKE_QUESTION")
    If Not ValidRetake() Then
        'pass
    ElseIf Session("RETAKE_SEQID") = "" Or Session("RETAKE_USERNAME") = "" Or SESSION("RETAKE_QUESTION") = "" Or SESSION("RETAKE_ANSWER") = "" Then
        Call AddRetake("failed")
        TBBS.AddError "invalid_handle", Array()
    ElseIf TBBS.Env("retake") <> "qa" Then
        Call AddRetake("failed")
        TBBS.AddError "invalid_handle", Array()
    ElseIf Session("RETAKE_ANSWER") <> MyIO.Form("answer") Then
        Call AddRetake("failed")
        TBBS.AddHint "invalid_answer", Array()
    Else
        TBBS.Vars("state") = 100
        TBBS.Vars("passwd") = GetRandom(10)
        strSQL = "UPDATE $(Table) SET PASSWD='$(Passwd)' WHERE SEQID=$(SeqID)"
        strSQL = Replace(strSQL, "$(Table)", T_USER)
        strSQL = Replace(strSQL, "$(Passwd)", MD5(TBBS.Vars("passwd")))
        strSQL = Replace(strSQL, "$(SeqID)", Session("RETAKE_SEQID"))
        MyKernel.DB.Exec strSQL
        TBBS.AddHint "retake_ok", Array()
        Call AddRetake("total")
        Session.Contents.Remove "RETAKE_SEQID"
        Session.Contents.Remove "RETAKE_USERNAME"
        Session.Contents.Remove "RETAKE_QUESTION"
        Session.Contents.Remove "RETAKE_ANSWER"
    End If
End Sub