www.gusucode.com > 超文本多用户论坛程序 1.1 > bbs/gyhs.asp
<%on error resume next%> <%'特殊符号过滤 function Fsql(countsql) errorchar=array("'","!","@","$","%","^","&","*","<",">","or","/","\") for i=0 to ubound(errorchar) if instr(countsql,errorchar(i))>0 then Fsql=true end if next end function %> <%'数据库关闭 sub dbclose conn.close set conn=nothing end sub %> <%'*******************************************************%> <% '判断论坛是否存在以及浏览用户是否支持COOKIES response.cookies("PD")="true" if request.cookies("PD")="" then response.redirect"help.asp?menu=cook" end if ltbh= request("ltbh") user=request("username") if ltbh=empty then '为空返回总论坛首页 sql="select ltbh from zwuser where cnuser='"& user &"'" set rst=conn.execute(sql) if rst.eof then response.redirect"../index.asp" else ltbh=rst("ltbh") response.redirect "?ltbh="<bh end if rst.close set rst=nothing else if Fsql(ltbh)=true then response.redirect"../index.asp" sql="select ltbh from zwltpz where ltbh='"& ltbh &"'" set rs=conn.execute(sql) if rs.eof then response.redirect"../index.asp" end if end if %> <%'*******************************************************%> <%'*******************************************************%> <% '写cookies风格 sql="select ltmb,ltmc,gjz from zwltpz where ltbh='"<bh&"'" set rsfg=conn.execute(sql) '发布后添加此语句on error resume next response.cookies("fg")=rsfg("ltmb") response.cookies("mc")=rsfg("ltmc") response.cookies("gjz")=rsfg("gjz") rsfg.close set rsfg=nothing fg=request.cookies("fg") if fg=empty then fg=1 response.write "<html><head><meta http-equiv=Content-Type content=text/html;charset=gb2312></head><link href=imgs/skins/"& fg &"/bbs.css rel=stylesheet><script src=dyhbbs.js></script><script src=imgs/skins/"& fg &"/bbs.js></script>" %> <%'*******************************************************%> <!--webbot bot="PurpleText" PREVIEW="外部数据提交防止" --> <% sub wbfz server_v1=Cstr(Request.ServerVariables("HTTP_REFERER")) server_v2=Cstr(Request.ServerVariables("SERVER_NAME")) if mid(server_v1,8,len(server_v2))<>server_v2 then %> <script language=vbscript> <!-- window.alert"禁止从外部提交数据!请登陆" window.location="../" --> </script> <% end if end sub %><%'*******************************************************%><% '判断访问者是否登陆 function dlhs username=request.cookies("username") userpass=request.cookies("userpass") if userpass=empty or username=empty then dlhs=true else sql="select cnuser,cnpass from zwuser where cnuser='"&username&"'and cnpass='"&userpass&"'" set rsdl=conn.execute(sql) if rsdl.eof then dlhs=true rsdl.close set rsdl=nothing end if end function %><%'*******************************************************%><% '判断是否管理员 function gly ltbh=request("ltbh") username=request.cookies("username") userpass=request.cookies("userpass") if userpass=empty or username=empty then gly=true else sql="select cnuser,cnpass from zwuser where cnuser='"&username&"'and cnpass='"&userpass&"' and ltbh='"<bh&"'" set rsgly=conn.execute(sql) if rsgly.eof then gly=true rsgly.close set rsgly=nothing end if end function %><%'*******************************************************%><%'判断发帖子作者是否版主 function sfbz(bankuaiid,yhuser) sqlbzcx="select banzhu from zwbk where id="&bankuaiid&"" set bzs=conn.execute(sqlbzcx) banzhu=bzs("banzhu") master=split(banzhu,"|") for i = 0 to ubound(master) If yhuser=""&master(i)&"" Then sfbz=true end if next bzs.close set bzs=nothing end function %><%'*******************************************************%>