saveannounce.asp

应用于高等院校党团思想教育

<%@ LANGUAGE="VBSCRIPT" %>

<!--#include file="conn.asp"-->
<!-- #include file="inc/char.asp" -->
<!-- #include file="inc/const.asp" -->
<!--#include file="inc/grade.asp"-->

<% 
	rem ----------------------
	rem ------主程序开始------
	rem ----------------------
	dim announceid
	dim UserName
	dim userPassword
	dim useremail
	dim article
	dim Topic
	dim body
	dim FoundError
	dim ErrMsg
	dim dateTimeStr
	dim addAll
	dim newUser
	dim UserID
	dim ip
	dim Expression
	dim boardID
   	dim sql
   	dim rs
   	dim FoundUser
	dim boardtype
	dim signflag
	dim mailflag
	dim TIME_ADJUST
	dim lockboard
	dim skin

	rem ------获得asp文件参数------
	call getInput()

	rem -----检查版面ID的合法性------	
	dim boardRs
	set boardRs=conn.execute("select lockboard from board where boardid="&cstr(boardid))
	if boardRs.bof and boardRs.eof then
		Errmsg=ErrMsg+"<Br>"+"<li>你要加贴的版面不存在！"
		FoundError=true
	else
		lockboard=boardRs("lockboard")
		if request("skin")="" then
			skin=rs("boardskin")
		elseif not isInteger(request("skin")) then
			skin=0
		elseif request("skin")=0 then
			skin=0
		elseif request("skin")=1 then
			skin=1
		else
			skin=0
		end if
	end if
	boardRs.close
	set boardRs=nothing
	if err.number<>0 then err.clear
	
	foundError=false
	ErrMsg=""

	rem -----检查user输入数据的合法性------	
	call chkData()	

	if foundError=true then
  	       	call Error()
	else
		call checkUser()
		if foundError then
  	       		call Error()
		else
			call saveAnnounce()
		end if
		
	end if
	
	set rs=nothing
	call endConnection()

	rem ----------------------
	rem ------主程序结束------
	rem ----------------------
	rem 检测用户输入数据合法性
	sub checkUser()
   	set rs=server.createobject("adodb.recordset")
   	sql="select username,userpassword,lockuser,userclass,article from [User] where username='"&replace(trim(username),"'","''")&"'"
   	rs.open sql,conn,1,3
   	if not rs.EOF then
        	FoundUser=True
   	end if
	if not FoundUser then
		Errmsg=ErrMsg+"<Br>"+"<li>本论坛只有<a href=reg.asp>注册用户</a>才能发言！"
		founderror=true
        elseif UserPassword<>rs("UserPassword") then
           	ErrMsg=ErrMsg+"<Br>"+"<li>您的密码不正确(可能该名字被他人占用了，请尝试用<a href=reg.asp>别的名字</a>)"
	       	foundError=true
	elseif rs("lockuser")=1 then
           	ErrMsg=ErrMsg+"<Br>"+"<li>该用户账号已被锁定，请和管理员联系。"
	       	foundError=true
       	else
         	rs("article")=rs("article")+1
		session.Contents("username")=UserName
		session("password")=UserPassWord
		article=rs("article")
		if rs("userclass")<>user_level7 and rs("userclass")<>user_level8 and rs("userclass")<>user_level9 then
			if rs("article")>=level2_point and rs("article")<level3_point then
				if rs("userclass")<>user_level2 then
					rs("userclass")=user_level2
					rs.update
				end if
			elseif rs("article")>=level3_point and rs("article")<level4_point then
				if rs("userclass")<>user_level3 then
					rs("userclass")=user_level3
					rs.update
				end if
			elseif rs("article")>=level4_point and rs("article")<level5_point then
				if rs("userclass")<>user_level4 then
					rs("userclass")=user_level4
					rs.update
				end if
			elseif rs("article")>=level5_point and rs("article")<level6_point then
				if rs("userclass")<>user_level5 then
					rs("userclass")=user_level5
					rs.update
				end if
			elseif rs("article")>=level6_point then
				if rs("userclass")<>user_level6 then
					rs("userclass")=user_level6
					rs.update
				end if
			end if
		end if
		session("userclass")=rs("userclass")
		call activeuser()
'		response.write ""&rs("userclass")&""
'		response.end
         	rs.update

		if lockboard=1 then
			if rs("userclass")<>user_level9 then
				Errmsg=ErrMsg+"<Br>"+"<li>您没有权限在本版面发布贴子！"
				FoundError=true
			end if
		elseif lockboard=2 then
			if rs("userclass")<>user_level8 and rs("userclass")<>user_level9 and rs("userclass")<>user_level7 then
				Errmsg=ErrMsg+"<Br>"+"<li>您没有权限在本版面发布贴子！"
				FoundError=true
			end if
		end if
      	end if
    	rs.close
	end sub

	rem 保存贴子信息
	sub saveAnnounce()
        DateTimeStr=CSTR(NOW()+TIMEADJUST/24)
        dim cmdTemp
	dim InsertCursor
        dim dataconn
        Set DataConn = Server.CreateObject("ADODB.Connection")
        dataconn.open connstr
        Set cmdTemp = Server.CreateObject("ADODB.Command")
	Set InsertCursor = Server.CreateObject("ADODB.Recordset")
        cmdTemp.CommandText="SELECT * FROM bbs1 WHERE (UserName IS NULL)"
        cmdTemp.CommandType = 1
        Set cmdTemp.ActiveConnection = dataconn
  	     	InsertCursor.Open cmdTemp, , 1, 3
	     	InsertCursor.AddNew
		InsertCursor("BoardID")=boardID
	     	InsertCursor("ParentID")=0
         	InsertCursor("Child")=0
	     	InsertCursor("UserName")=UserName
	     	InsertCursor("Topic")=Topic
	     	InsertCursor("Body")=Body
	     	InsertCursor("DateAndTime")=DateTimeStr
	     	InsertCursor("hits")=0
	     	InsertCursor("length")=strlength(body)
	     	InsertCursor("rootID")=0
	     	InsertCursor("layer")=1
	     	InsertCursor("orders")=0
         	InsertCursor("ip")=ip
         	InsertCursor("Expression")=Expression
         	InsertCursor("locktopic")=0
         	InsertCursor("signflag")=signflag
         	InsertCursor("emailflag")=mailflag
	     	InsertCursor.Update
		InsertCursor.MoveLast
         	announceid=InsertCursor("AnnounceID")
         	InsertCursor("RootID")= announceid
	     	InsertCursor("Times")= announceid
	     	InsertCursor.Update
 	    	InsertCursor.close

        sql="SELECT lastpostuser,lastposttime,lastbbsnum,lasttopicnum FROM board WHERE boardid="&cstr(boardID)
     	rs.Open sql,conn,1,3
         	rs("lastpostuser")=username
         	rs("lastposttime")=DateTimeStr
         	rs("lastbbsnum")=rs("lastbbsnum")+1
         	rs("lasttopicnum")=rs("lasttopicnum")+1
	     	rs.Update
 	rs.close
  		if err.number<>0 then
	       		err.clear
			ErrMsg=ErrMsg+"<Br>"+"<li>数据库操作失败，请以后再试"&err.Description 
  	       		call Error()
		else
	    		response.redirect("list.asp?boardid="&boardid&"&skin="&skin&"")
    		end if
	dataconn.close
	set dataconn=nothing
	end sub

	sub activeuser()
	dim rsactiveusers,activeuser
	set rsactiveusers=server.createobject("adodb.recordset")
	activeuser="select * from online where username='"&session.contents("username")&"'"
	rsactiveusers.open activeuser,conn,1,3
	if rsactiveusers.eof and rsactiveusers.bof then
		rsactiveusers.addnew
		rsactiveusers("id")=Session.SessionID
		rsactiveusers("username")=session.contents("username")
		rsactiveusers("userclass")=session("userclass")
		rsactiveusers("ip")=Request.ServerVariables("REMOTE_HOST")
		rsactiveusers("startime")=Now()
		rsactiveusers("lastimebk")=Now()
		rsactiveusers("lastime")=DateToStr(Now())
		rsactiveusers("browser")=Request.ServerVariables("HTTP_USER_AGENT")
		rsactiveusers("stats")=Request.ServerVariables("SCRIPT_NAME")
		rsactiveusers.update
		session("userid")=""
	else
		rsactiveusers("lastimebk")=Now()
		rsactiveusers("lastime")=DateToStr(Now())
		rsactiveusers("stats")=Request.ServerVariables("SCRIPT_NAME")
		rsactiveusers.update
	end if
	if session("userid")<>"" then
	activeuser="delete from online where id="&cstr(session("userid"))
	Conn.Execute activeuser
	end if
	rsactiveusers.close
	set rsactiveusers=nothing
	end sub

	rem ------获得asp文件参数------
	sub getInput()
	if request("boardid")="" then
		foundError=true
		Errmsg=Errmsg+"<br>"+"<li>请指定论坛版面。"
	elseif not isInteger(request("boardid")) then
		foundError=true
		Errmsg=Errmsg+"<br>"+"<li>非法的版面参数。"
	else
		boardID=request("boardID")
	end if
	IP=Request.ServerVariables("REMOTE_ADDR") 
	Expression=Request.Form("Expression")&".gif"
   	Topic=trim(request("subject"))
   	Body=trim(request("body"))
   	UserName=trim(request("username"))
   	boardtype=trim(request("boardtype"))
	signflag=trim(request("signflag"))
	mailflag=trim(request("emailflag"))
   	UserPassWord=trim(request("passwd"))
	end sub

	rem -----检查user输入数据的合法性------	
	function chkData()
	if signflag="yes" then
		signflag=1
	else
		signflag=0
	end if
	if mailflag="yes" then
		mailflag=1
	else
		mailflag=0
	end if

	if UserName="" or strLength(UserName)>20 then
   		ErrMsg=ErrMsg+"<Br>"+"<li>请输入姓名(长度不能大于20)"
   		foundError=True
	elseif Trim(UserPassWord)="" or strLength(UserPassWord)>10 then
   		ErrMsg=ErrMsg+"<Br>"+"<li>请输入密码(长度不能大于10)"
   		foundError=True
	end if
	if Topic="" then
   		FoundError=True
   		if Len(ErrMsg)=0 then
      			ErrMsg=ErrMsg+"<Br>"+"<li>主题不应为空"
   		else
      			ErrMsg=ErrMsg+"<Br>"+"<li>主题不应为空"
   		end if
	elseif strLength(topic)>100 then
   		FoundError=True
   		if strLength(ErrMsg)=0 then
      			ErrMsg=ErrMsg+"<Br>"+"<li>主题长度不能超过100"
   		else
      			ErrMsg=ErrMsg+"<Br>"+"<li>主题长度不能超过100"
   		end if
	end if
	if strLength(body)>AnnounceMaxBytes then
   		ErrMsg=ErrMsg+"<Br>"+"<li>发言内容不得大于" & CSTR(AnnounceMaxBytes) & "bytes"
   		foundError=true
	end if
	if err.number<>0 then err.clear
	end function
%>
<html>

<head>
<title><%=ForumName%>--我要发言</title>
<link rel="stylesheet" type="text/css" href="forum.css">
<meta NAME="GENERATOR" Content="Microsoft FrontPage 3.0">
<meta HTTP-EQUIV="Content-Type" content="text/html; charset=gb2312">
</head>
<body bgcolor="#ffffff" alink="#333333" vlink="#333333" link="#333333" topmargin="0" leftmargin="0">
<!--#include file="inc/theme.asp"-->
<!--#include file="footer.asp"-->
</body>
</html>