<%Response.Buffer=true response.expires=0 application.lock randomize set rsparam=conn.execute("select * from param") sUserName=left(request("sUserName"),10) call get_guests call get_maxuser ip=request.ServerVariables("REMOTE_ADDR") oneip=true if trim(request.ServerVariables("HTTP_VIA"))<>"" and trim(request.ServerVariables("HTTP_X_FORWARDED_FOR"))<>"" then ip=request.ServerVariables("HTTP_X_FORWARDED_FOR") end if ip=trim(ip) room_id=cint(request("room_id")) set rs=conn.execute("select * from room where ID="&room_id) if rs.bof or rs.eof then set rs=conn.execute("select * from room") room_id=rs("ID") end if room_name=rs("room_name") if sUserName=rs("room_auto") and rs("room_owner")<>sUserName then call echoerr("你被拒绝进入["&room_name&"]","default.asp") response.end end if conn.Execute("UPDATE room SET room_time='"&now()&"' WHERE ID="&room_id) function enterroom(userSex,user_level,temp_level) dim enter_des,rs1,full_flag full_flag=true enter_des=Array("一边走，一边唱着“今天不回家”的##来到%%！","夜阑人静，##孤身来到熟睡中的%%！","云淡风轻，##孤零的身影游荡进%%！", _ "晨风习习，##出现在薄雾围绕的%%里！","在一天的最美的时刻，##走进%%！","丽日和风下，##步入%%！","艳阳高挂，##来到%%小歇！", _ "烈日当空，##来到%%小歇！","##忙里偷闲来到%%里坐坐！","##缓缓步入夕阳下的%%！","灯火正阑珊，累了一天的##出现在%%里！", _ "夜深人寂了，%%里出现##的身影！") say_mess="" for i=0 to MaxUser if guests(i,0)=sUserName then guests(i,0)="" say_mess="'【欢迎】到处溜达了一会儿的##又出现在%%的大门口！','"&sUserName&"','"&room_name&"',0,'#0000cc','green',-3,'"&time()&"'," end if next for i=0 to MaxUser if guests(i,0)="" then full_flag=false exit for end if next if full_flag and MaxUserrsparam("superlevel") then Session.Timeout=3 call get_says say_id=says(current,0) des_index=Cint(Hour(now())/2) if des_index>11 then des_index=0 current=current+1 if current>MaxTalk then current=0 if say_mess="" then if userSex then say_color="green" color2="ee9966" say_who="girl" else say_color="8800cc" color2="6699ee" say_who="boy" end if say_mess="'【欢迎】"&replace(enter_des(des_index),"##",say_who&"##")&"','"&sUserName&"','"&room_name&"',0,'"&say_color&"','"&color2&"',-3,'"&time()&"'," end if say_id=say_id+1 says(current,0)=say_id says(current,1)=sUserNmae says(current,2)="大家" says(current,3)=false says(current,4)=room_id says(current,5)=say_mess call put_says else Session.Timeout=10 end if call put_guests call put_maxuser end if enterroom=full_flag end function function chuser(u) dim filter filter=Array("水吧","mast","管理","admin","网管","爷","爸","妈","爹","祖","laozi","father","mother","fuck") for i=0 to UBound(filter) if instr(u,filter(i))<>0 then chuser=true exit function end if next for i=0 to 47 if instr(u,chr(i))<>0 then chuser=true exit function end if next for i=58 to 64 if instr(u,chr(i))<>0 then chuser=true exit function end if next for i=91 to 96 if instr(u,chr(i))<>0 then chuser=true exit function end if next for i=123 to 255 if instr(u,chr(i))<>0 then chuser=true exit function end if next if trim(trstr(server.HTMLEncode(u)))<>u then chuser=true exit function end if chuser=false end function sErrText="" for i=0 to MaxUser if guests(i,2)=ip and guests(i,0)<>"" and guests(i,0)<>sUserName then oneip=false guests(i,14)=false end if next sPass=request("sPass") if sPass=sUserName then sErrText=sErrText+"
错误：用户名与密码相同！" sPass=trPass(sPass) slNM=Lcase(sUserName) if (slNM="") then sErrText=sErrText+"
错误：用户名为空！" if chuser(slNM) then sErrText=sErrText+"
错误：用户名含有非法字符！" set rs=conn.execute("SELECT count(*) as newnum FROM user WHERE first_ip='"&ip&"' and datediff('n',log_time,'"&now()&"')<10") newuser=false if rs("newnum")>2 then newuser=true set rs=conn.execute("SELECT * FROM ip_lock WHERE '" &ip& "' like '%'+ip+'%'") ip_lock=false if not (rs.bof and rs.eof) then if rs("end_time")>now() then ip_lock=true end if end if if (sErrText="") then enter=request("enter") if (enter="进 入") or (enter="IE4.0") then isFull=false sql="SELECT * FROM user WHERE username='" & sUserName & "'" Set Rs=conn.Execute(sql) if (Rs.bof or rs.eof) then if ip_lock then sErrText=sErrText+"
对不起：您的IP被封锁了！" elseif newuser then sErrText=sErrText+"
对不起：您暂时不能注册新用户，请等几分钟再试！" elseif rsparam("enlogin") then bSex=request("bSex") if not bSex then bSex=false insert_item="username,passwd,sex,log_time,user_level,first_ip,last_ip,visit_num,in_time,out_info,exp_num,out_time,f_size,l_height,n_color,s_color" sz="'"&sUserName&"','"&sPass&"',"&bSex&",'"&now()&"',1,'"&ip&"','"&ip&"',1,'"&now()&"',0,0,'"&now()&"',4,6,"&Int(Rnd*18)&","&Int(Rnd*18) conn.Execute("INSERT INTO user ("&insert_item&") VALUES ("&sz&")") isFull=enterroom(bSex,1,0) else sErrText=sErrText+"
对不起：管理员禁止新用户登陆！" end if else if rs("passwd")=sPass then if (Rs("out_info")-5)=0 and Rs("out_time")>now() then sErrText=sErrText+"
对不起：您是被赶出聊天室的，目前聊天室还不允许你进去！" elseif (Rs("out_info")-6)=0 and Rs("out_time")>now() then sErrText=sErrText+"
对不起：您的帐号被暂时冻结，目前聊天室还不允许你进去！" elseif (Rs("out_info")-7)=0 then sErrText=sErrText+"
对不起：您的帐号被永久冻结了！" elseif rs("user_level")<8 and ip_lock then sErrText=sErrText+"
对不起：您的IP被封锁了！" else if Rs("out_info")=4 and Rs("out_time")>now() then u_level=1 out_time=Rs("out_time") t_level=0 else u_level=rs("user_level") out_time=now() set rs1=conn.execute("select temp_level from vrecord where username='"&sUserName&"' and temp_level>6") if not (rs1.eof or rs1.bof) then t_level=-1*rs1("temp_level") elseif u_level>6 then t_level=-1*u_level else t_level=0 end if end if visit_num=Rs("visit_num")+1 conn.Execute("UPDATE user SET visit_num="&visit_num&",last_ip='"&ip&"',in_time='"&now()&"',out_time='"&out_time&"' WHERE username='"&sUserName&"'") isFull=enterroom(rs("sex"),u_level,t_level) end if else sErrText=sErrText+"
错误：用户名已经存在，你输入了错误的密码！" end if end if if isFull then sErrText=sErrText+"
对不起：由于服务器能力限制，只能有"&(MaxUser+1)&"个用户登录，现在已经满了！" elseif sErrText="" then Response.Redirect("chat.asp") Response.end end if elseif enter="修 改" then sPass2=trPass(request("sPass2")) if sPass=sPass2 then sErrText=sErrText+"
输入错误：新密码与原密码一样！" if sErrText="" then sql="SELECT username,passwd FROM user WHERE username='"&sUserName&"'" set rs=conn.Execute(sql) if rs.bof or rs.eof then sErrText=sErrText+"
执行错误：用户名尚未注册！" else if rs("passwd")=sPass then conn.Execute("UPDATE user SET passwd='"&sPass2&"' WHERE username='"&sUserName&"'") sErrText="操作成功：你成功地修改了密码！" else sErrText=sErrText+"
执行错误：你输入了错误的密码！" end if end if end if conn.close elseif enter="自 杀" then sPass3=trPass(request("sPass3")) if sPass<>sPass3 then sErrText=sErrText+"
输入错误：确认密码与登录密码不一样！" if sErrText="" then sql="SELECT username,passwd FROM user WHERE username='"&sUserName&"'" set rs=conn.Execute(sql) if rs.bof or rs.eof then sErrText=sErrText+"
执行错误：用户名尚未注册！" else if rs("passwd")=sPass then conn.Execute("DELETE FROM user WHERE username='"&sUserName&"'") sErrText="操作成功：你成功地删除了用户"&sUserName&"！" else sErrText=sErrText+"
执行错误：你输入了错误的密码！" end if end if end if conn.close end if end if application.unlock call echoerr(sErrText,"default.asp")%>