<% dim title,name,pass,email,qq,url,pic,nei,t,rt,yd,hf,jh,bl,male,face,icq,msn dim rtid, rs, exec, rs2, rs1, reID, reTime,isPrivate, foundErr title=encodestr(Request.form("title")) name=encodestr(Request.form("name")) pass=encodestr(Request.form("pass")) email=encodestr(Request.form("email")) qq=encodestr(Request.form("qq")) icq=encodestr(Request.form("icq")) msn=encodestr(Request.form("msn")) url=encodestr(Request.form("url")) male=encodestr(Request.form("male")) face=encodestr(Request.form("face")) nei=replace(Request.form("nei"),"'","""") pic=encodestr(Request.form("pic")) rtid=encodestr(Request.form("rtid")) isPrivate=encodestr(Request.form("isPrivate")) bl=0 if isDate(request.cookies("gbook")("lastpost")) then if dateDiff("s",Cdate(request.cookies("gbook")("lastPost")),now)<=postLimit then session("error")="请不要灌水！！
" foundErr=true end if end if if len(title)<3 then session("error")="请认真填写留言标题！！
" foundErr=true end if if len(name)=0 and not theUser.reged then session("error")=session("error") & "请填写用户名！！
" foundErr=true end if if len(nei)<2 then session("error")=session("error") & "请认真填写留言内容！！
" foundErr=true end if if len(nei)>maxLength then session("error")=session("error") & "留言内容最多"& maxLength &"个字符，请减少你的留言内容！！
" foundErr=true end if if len(title)>40 then session("error")=session("error") & "留言标题不可以超过40个字符！！
" foundErr=true end if if len(name)>10 then session("error")=session("error") & "用户名不可以超过10个字符！！
" foundErr=true end if if foundErr then response.redirect("error.asp") end if if theUser.reged then name=theUser.name qq=theUser.qq icq=theUser.icq msn=theUser.msn email=theUser.email url=theUser.url if theUser.male then male="1" else male="0" end if face=theUser.face bl=1 elseif pass<>"" then pass=MD5(pass) exec="select * from [user] where username='"&name&"'" Set RS = Server.CreateObject("ADODB.RecordSet") rs.Open exec, Conn, 1, 1 if not rs.eof then if pass=rs("userpassword") then qq=rs("oicq") icq=rs("icq") msn=rs("msn") email=rs("useremail") url=rs("homepage") male=rs("sex") face=rs("GBface") rsclose() bl=1 else rsclose() connclose() session("error")="保留用户密码帐号不对应！！！" response.redirect "error.asp" end if else rsclose() if email<>"" and not validEmail(email) then connclose() session("error")="请输入正确的email地址！！！" response.redirect "error.asp" end if if isLikeMasterName(name) then connclose() session("error")="请不要使用与版主名相似的用户名！！！" response.redirect "error.asp" end if Set rs = Server.CreateObject("ADODB.Recordset") exec="select * from [user] where userid=0" rs.Open exec,conn,1,2 rs.addnew rs("username")=name rs("userpassword")=pass if email<>"" then rs("useremail")=email end if if qq<>"" then rs("oicq")=qq end if if icq<>"" then rs("icq")=icq end if if msn<>"" then rs("msn")=msn end if if url<>"" then rs("homepage")=url end if rs("sex")=male rs("GBface")=face rs("GBpostNum")=0 rs("GBprivateNum")=0 rs("AddDate")=dateAdd("h",timeDiff,now) rs.update rsclose() exec="update GBconst set userNum=userNum+1" conn.execute(exec) bl=1 end if else '未注册,未填密码 if mustReg then connclose() session("error")="只有注册用户可以发言，请注册！" response.redirect "error.asp" end if if email<>"" and not validEmail(email) then connclose() session("error")="请输入正确的email地址！！！" response.redirect "error.asp" end if if isLikeMasterName(name) then connclose() session("error")="请不要使用与版主名相似的用户名！！！" response.redirect "error.asp" end if exec="select top 1 userid from [user] where username='"& name &"'" set rs=conn.execute(exec) if not rs.eof then connclose() session("error")="您使用的用户名受到保护,请更换!" response.redirect("error.asp") end if rs.close set rs=nothing if request.cookies("gbookGuestName")<>"" then if name<>request.cookies("gbookGuestName") then connclose() session("error")="请不要使用多个用户名留言" response.redirect "error.asp" end if else if cookiePath<>"" then response.cookies("gbookGuestName").Path=cookiePath end if response.cookies("gbookGuestName")=name end if end if '父帖是不是根帖 exec="select rt from ly where id="& rtid set rs=conn.execute(exec) if rs.eof then connclose() session("error")="您要回复的留言已不存在!" response.redirect("error.asp") else if rs(0)>0 then rtid=rs(0) end if end if Set rs = Server.CreateObject("ADODB.Recordset") exec="select * from ly where id=0" rs.Open exec,conn,1,2 rs.addnew rs("name")=name rs("title")=title if email<>"" then rs("email")=email end if if qq<>"" then rs("qq")=qq end if if icq<>"" then rs("icq")=icq end if if msn<>"" then rs("msn")=msn end if if url<>"" then rs("url")=url end if rs("male")=male rs("face")=face rs("nei")=nei rs("t")=dateAdd("h",timeDiff,now) rs("retime")=dateAdd("h",timeDiff,now) rs("pic")=pic rs("bl")=bl rs("yd")=0 rs("hf")=0 rs("jh")=0 rs("rt")=rtid rs("ip")=request.servervariables("remote_addr") rs("comefrom")=getFrom(request.servervariables("remote_addr")) if isPrivate="1" then rs("isPrivate")=1 end if rs.update rs.close exec="select max(id) from ly" rs.open exec,conn,1,1 reID=rs(0) rs.close exec="select top 1 * from ly where id="& Cstr(rtid) rs.open exec,conn,1,3 if not (rs.eof and rs.bof) then rs("hf")=rs("hf")+1 rs("reid")=reid rs("reTime")=dateAdd("h",timeDiff,now) rs.update end if rsclose() if bl=1 then exec="update [user] set GBpostNum=GBpostNum+1 where username='"& name &"'" conn.execute(exec) end if connclose() if cookiePath<>"" then response.cookies("gbook").Path=cookiePath end if response.cookies("gbook")("lastPost")=now if not theUser.reged then response.cookies("gbook")("username")=vbescape(name) response.cookies("gbook")("password")=pass end if session("url")="show.asp?id="&rtid response.redirect "addok.asp" %>