www.gusucode.com > ASP+ACCESS学生论坛设计与实现(源代码+论文+开题报告) > ASP+ACCESS学生论坛设计与实现(源代码+论文+开题报告)\13学生论坛ASPAC\BBS\smallpaper.asp
<!--#include file="conn.asp"--> <!--#include file="inc/const.asp"--> <!--#include file="inc/dv_clsother.asp"--> <!--#include file="inc/md5.asp"--> <% '2003-12-3 Edit by YangZheng Mybbs.Loadtemplates("paper_even_toplist") Dim cansmallpaper cansmallpaper=false Mybbs.stats=Template.Strings(16) GetBoardPermission Mybbs.Nav Mybbs.ShowErr() If Cint(Mybbs.GroupSetting(17))=0 then Response.redirect "showerr.asp?ErrCodes=<li>"&template.Strings(18)&"&action=OtherErr" Else If Mybbs.userid=0 then Dvbb.membername=Template.Strings(19) End If cansmallpaper=True End If Mybbs.ShowErr() If request("action")="savepaper" then Call savepaper() Else call main() End If Mybbs.ActiveOnline Mybbs.Footer() Sub main() Dim redcolor,ispass1,ispass2 Dim Tempwrite redcolor=Mybbs.Mainsetting(1) If Mybbs.Forum_Setting(35) then ispass1=Template.Strings(21) Else ispass1=Template.Strings(20) End if If Mybbs.Forum_Setting(34) then ispass2=Template.Strings(21) Else ispass2=Template.Strings(20) End if If IsSqlDataBase=1 Then Mybbs.execute("delete from Dv_smallpaper where datediff(d,s_addtime,"&SqlNowString&")>1") Else Mybbs.execute("delete from Dv_smallpaper where datediff('d',s_addtime,"&SqlNowString&")>1") End If Mybbs.Name = "BoardInfo_" & Mybbs.BoardID Mybbs.LoadBoardNews_Paper(Mybbs.BoardID) Mybbs.head_var 1,Mybbs.Board_Data(4,0),"","" Tempwrite=Template.html(10) Tempwrite=Replace(Tempwrite,"{$username}",Mybbs.HtmlEnCode(Mybbs.Membername)) Tempwrite=Replace(Tempwrite,"{$password}",Mybbs.Memberword) Tempwrite=Replace(Tempwrite,"{$redcolor}",redcolor) Tempwrite=Replace(Tempwrite,"{$paymoney}",Mybbs.GroupSetting(46)) Tempwrite=Replace(Tempwrite,"{$ispass1}",ispass1) Tempwrite=Replace(Tempwrite,"{$ispass2}",ispass2) Tempwrite=Replace(Tempwrite,"{$boardid}",Mybbs.Boardid) Response.Write Tempwrite End Sub Sub savepaper() Dim username Dim password Dim title Dim content userName=Mybbs.Checkstr(trim(request.form("username"))) PassWord=Mybbs.Checkstr(trim(request.form("password"))) title=Mybbs.Checkstr(trim(request.form("title"))) Content=Mybbs.Checkstr(request.form("Content")) If Mybbs.chkpost=False Then Mybbs.AddErrCode(16) End If If UserName="" Or Mybbs.strLength(userName)>Cint(Mybbs.Forum_setting(41)) Or Mybbs.strLength(userName) < Cint(Mybbs.Forum_setting(40)) then Mybbs.AddErrCode(66) End If If title="" Then Response.redirect "showerr.asp?ErrCodes=<li>"&template.Strings(22)&"&action=OtherErr" ElseIf Mybbs.strLength(title)>80 then Response.redirect "showerr.asp?ErrCodes=<li>"&template.Strings(23)&"&action=OtherErr" End If If content="" Then Mybbs.AddErrCode(80) ElseIf Mybbs.strLength(content)>500 then Response.redirect "showerr.asp?ErrCodes=<li>"&template.Strings(24)&"&action=OtherErr" End If Mybbs.ShowErr() '客人不允许发,验证用户 If cansmallpaper Then If Not ChkUserLogin(password,username) Then Mybbs.AddErrCode(12) Mybbs.Showerr() End If Dim Rs,SQL Set Rs=server.createobject("adodb.recordset") sql="Select userWealth From [Dv_User] Where UserName='"&UserName&"'" Rs.open sql,conn,1,3 If Not(rs.eof and rs.bof) Then If CLng(rs("UserWealth"))<Clng(Mybbs.GroupSetting(46)) Then Response.redirect "showerr.asp?ErrCodes=<li>"&template.Strings(25)&"&action=OtherErr" Else rs("UserWealth")=rs("UserWealth")-Cint(Mybbs.GroupSetting(46)) rs.update End If Else If Mybbs.userid<>0 or username<>Template.Strings(19) Then Response.redirect "showerr.asp?ErrCodes=<li>"&template.Strings(26)&"&action=OtherErr" End If End If Rs.close:Set Rs=Nothing End If Mybbs.ShowErr() sql="insert into Dv_smallpaper (s_boardid,s_username,s_title,s_content) values "&_ "("&_ Mybbs.boardid&",'"&_ username&"','"&_ title&"','"&_ content&"')" 'response.write sql Mybbs.execute(sql) '发表小字报成功后RELOAD缓存 Mybbs.Name = "BoardInfo_" & Mybbs.BoardID Mybbs.LoadBoardNews_Paper(Mybbs.BoardID) Mybbs.head_var 1,Mybbs.Board_Data(4,0),"","" Mybbs.Dvbbs_suc("<li>"&Template.Strings(27)) End Sub '检查用户身份 Public Function ChkUserLogin(password,username) Dim SQL,Rs ChkUserLogin=False If PassWord<>Mybbs.MemberWord Then PassWord=md5(PassWord,16) '校验用户名和密码是否合法 If Not IstrueName(UserName) Then Mybbs.AddErrCode(18) If Len(PassWord)<>16 AND Len(PassWord)<>32 Then Mybbs.AddErrCode(18) If UserName=Mybbs.MemberName Then PassWord=Mybbs.MemberWord Mybbs.ShowErr() SQL = "Select UserGroupID,userpassword,lockuser,TruePassWord From [Dv_User] Where UserName='"&UserName&"' " Set Rs=Mybbs.Execute(SQL) If Not Rs.EOF Then If PassWord<>rs(1) And PassWord<>rs(3) Then ChkUserLogin=False ElseIf rs(2)=1 or rs(0)=5 Then ChkUserLogin=False Else ChkUserLogin=True End If Else Exit Function End If:Set Rs = Nothing End Function '通用函数 Function IstrueName(uName) IstrueName=False If InStr(uName,"=")>0 Then Exit Function If InStr(uName,"%")>0 Then Exit Function If InStr(uName,Chr(32))>0 Then Exit Function If InStr(uName,"?")>0 Then Exit Function If InStr(uName,"&")>0 Then Exit Function If InStr(uName,";")>0 Then Exit Function If InStr(uName,",")>0 Then Exit Function If InStr(uName,"'")>0 Then Exit Function If InStr(uName,Chr(34))>0 Then Exit Function If InStr(uName,chr(9))>0 Then Exit Function If InStr(uName,"")>0 Then Exit Function If InStr(uName,"$")>0 Then Exit Function IstrueName=True End Function %>