<!--#include file="globalop.asp"--><!--#include file="dbfunc.asp"-->
<%Response.Buffer=true
  response.expires=0
  application.lock
  myname=Session("myname")
  myid=Session("myid")
  if myid="" then myid=0
  call get_guests
  application.unlock
set rsparam=conn.execute("select * from param")
if myname="" or myname<>guests(myid,0) or Session("mytemp")<>guests(myid,1) then
  errText="你尚未登录到聊天室，没有删除留言的权利！"
else
  if guests(myid,4)=rsparam("superlevel") then myname="聊天室管理员"
  id=request("id")
  if id="" or (not isnumeric(id)) then id=0
   sql="SELECT * FROM guestbook WHERE id=" & id 
   set rs=conn.Execute(sql)
   if rs.eof or rs.bof then
     errText="你要删除的留言并不存在！"
   else
     flag=false
     if myname=rs("who") or (rs("secret") and myname=rs("towho")) then
       flag=true
     elseif guests(myid,4)-rsparam("ldelnote")>=0 then
       flag=true
       conn.Execute("INSERT INTO record (occ_env,occ_time,for_what) VALUES ('"&myname&" 删除了ID为 "&id&" 的留言','"&now()&"','["&rs("post_time")&"] "&rs("who")&" 写给 "&rs("towho")&"  标题 "&rs("text_title")&"')")
     end if
     if flag then 
       conn.Execute("DELETE FROM guestbook WHERE id="&id)
       errText="你成功删除了此条留言！"
     else
       errText="你无权删除此条留言！"
     end if
   end if
end if
call echoerr(errText,"guest.asp")%>