<% dim title,name,pass,email,qq,url,pic,nei,t,rt,yd,hf,jh,bl,male,face,icq,msn dim exec1, rs1, rs, rs2, id,isPrivate, foundErr title=encodestr(Request.form("title")) name=encodestr(Request.form("name")) pass=encodestr(Request.form("pass")) email=encodestr(Request.form("email")) qq=encodestr(Request.form("qq")) icq=encodestr(Request.form("icq")) msn=encodestr(Request.form("msn")) url=encodestr(Request.form("url")) nei=replace(Request.form("nei"),"'","""") pic=encodestr(Request.form("pic")) male=encodestr(Request.form("male")) face=encodestr(Request.form("face")) isPrivate=encodestr(Request.form("isPrivate")) bl=0 if isDate(request.cookies("gbook")("lastpost")) then if dateDiff("s",Cdate(request.cookies("gbook")("lastPost")),now)<=postLimit then session("error")="请不要灌水！！
" foundErr=true end if end if if len(title)<3 then session("error")="请认真填写留言标题！！
" foundErr=true end if if len(name)=0 and not theUser.reged then session("error")=session("error") & "请填写用户名！！
" foundErr=true end if if len(nei)<2 then session("error")=session("error") & "请认真填写留言内容！！
" foundErr=true end if if len(nei)>maxLength then session("error")=session("error") & "留言内容最多"& maxLength &"个字符，请减少你的留言内容！！
" foundErr=true end if if len(title)>40 then session("error")=session("error") & "留言标题不可以超过40个字符！！
" foundErr=true end if if len(name)>10 then session("error")=session("error") & "用户名不可以超过10个字符！！
" foundErr=true end if if foundErr then connclose() response.redirect("error.asp") end if if theUser.reged then name=theUser.name qq=theUser.qq email=theUser.email url=theUser.url if theUser.male then male="1" else male="0" end if face=theUser.face bl=1 elseif pass<>"" then pass=MD5(pass) exec1="select * from [user] where username='"&name&"'" Set RS1 = Server.CreateObject("ADODB.RecordSet") rs1.Open exec1, Conn, 1, 2 if not rs1.eof then if pass=rs1("userpassword") then qq=rs1("oicq") icq=rs1("icq") msn=rs1("msn") email=rs1("useremail") url=rs1("homepage") male=rs1("sex") face=rs1("GBface") bl=1 else rs1.close : set rs1=nothing connclose() session("error")="保留用户密码帐号不对应！！！" response.redirect "error.asp" end if else if email<>"" and not validEmail(email) then connclose() session("error")="请输入正确的email地址！！！" response.redirect "error.asp" end if if isLikeMasterName(name) then connclose() session("error")="请不要使用与版主名相似的用户名！！！" response.redirect "error.asp" end if Set rs2 = Server.CreateObject("ADODB.Recordset") exec1="select * from [user] where userid=0" rs2.Open exec1,conn,1,2 rs2.addnew rs2("username")=name rs2("userpassword")=pass if email<>"" then rs2("useremail")=email end if if qq<>"" then rs2("oicq")=qq end if if icq<>"" then rs2("icq")=icq end if if msn<>"" then rs2("msn")=msn end if if url<>"" then rs2("homepage")=url end if rs2("sex")=male rs2("GBface")=face rs2("GBpostNum")=0 rs2("GBprivateNum")=0 rs2("addDate")=dateAdd("h",timeDiff,now) rs2.update rs2.close set rs2=nothing exec1="update GBconst set userNum=userNum+1" conn.execute(exec1) bl=1 end if rs1.close set rs1=nothing else '未注册,未填密码 if mustReg then connclose() session("error")="只有注册用户可以发言，请注册！" response.redirect "error.asp" end if if email<>"" and not validEmail(email) then connclose() session("error")="请输入正确的email地址！！！" response.redirect "error.asp" end if if isLikeMasterName(name) then connclose() session("error")="请不要使用与版主名相似的用户名！！！" response.redirect "error.asp" end if exec1="select top 1 userid from [user] where username='"& name &"'" set rs2=conn.execute(exec1) if not rs2.eof then connclose() session("error")="您使用的用户名受到保护,请更换!" response.redirect("error.asp") end if rs2.close set rs2=nothing if request.cookies("gbookGuestName")<>"" then if name<>request.cookies("gbookGuestName") then connclose() session("error")="请不要使用多个用户名留言" response.redirect "error.asp" end if else if cookiePath<>"" then response.cookies("gbookGuestName").Path=cookiePath end if response.cookies("gbookGuestName")=name end if end if Set rs = Server.CreateObject("ADODB.Recordset") exec1="select * from ly where id=0" rs.Open exec1,conn,1,2 rs.addnew rs("name")=name rs("title")=title if email<>"" then rs("email")=email end if if qq<>"" then rs("qq")=qq end if if icq<>"" then rs("icq")=icq end if if msn<>"" then rs("msn")=msn end if if url<>"" then rs("url")=url end if rs("male")=male rs("face")=face rs("nei")=nei rs("t")=dateAdd("h",timeDiff,now) rs("pic")=pic rs("bl")=bl rs("yd")=0 rs("hf")=0 rs("jh")=0 rs("rt")=0 rs("ip")=request.servervariables("remote_addr") rs("comefrom")=getFrom(request.servervariables("remote_addr")) if isPrivate="1" then rs("isPrivate")=1 end if rs.update rs.close exec1="select max(id) from ly" rs.open exec1,conn,1,1 id=rs(0) rs.close set rs=nothing exec1="update ly set reid=id, retime=t where id="& id conn.execute exec1 exec1="update GBconst set topicNum=topicNum+1" conn.execute(exec1) if bl=1 then exec1="update [user] set GBpostNum=GBpostNum+1 where username='"& name &"'" conn.execute(exec1) end if if bl=1 and isPrivate="1" then exec1="update GBconst set privateNum=privateNum+1" conn.execute(exec1) exec1="update [user] set GBprivateNum=GBprivateNum+1 where username='"& name &"' " conn.execute(exec1) end if conn.close set conn=nothing connIpclose() if cookiePath<>"" then response.cookies("gbook").Path=cookiePath end if response.cookies("gbook")("lastPost")=now if not theUser.reged then response.cookies("gbook")("username")=vbescape(name) response.cookies("gbook")("password")=pass end if session("url")="show.asp?id="&id response.redirect "addok.asp" %>