<%mess = trdb(left(request("mess"),800)) mess=replace(mess," ","　") email=trdb(request.Form("email")) if email="" then email=" " addr=trdb(request.Form("addr")) if addr="" then addr=" " web=trdb(request.Form("web")) if web="" then web=" " title=trdb(request.Form("title")) towho=trdb(request.form("towho")) if towho="" then towho="大家" secret=request("secret") passwd = trPass(request.Form("passwd")) response.cookies("guest_email")=email response.cookies("guest_web")=web response.cookies("guest_addr")=addr For Each cookie in Response.Cookies Response.Cookies(cookie).Expires = now()+30 Next application.lock my_level=0 myname=Session("myname") myid=Session("myid") if myid="" then myid=0 call get_guests if myname="" or myname<>guests(myid,0) or Session("mytemp")<>guests(myid,1) then login=false myname=trdb(request("name")) else my_level=guests(myid,4) login=true end if application.unlock errText = "" if myname = "" OR title="" or mess="" then errText="输入错误：用户名、发言标题、发言内容不能为空！" elseif not login then set rs = Conn.execute("SELECT passwd,user_level FROM user WHERE username='" & myname &"'") if (rs.bof or rs.eof) then errText=errText&"
输入错误：用户"&myname&"尚未注册！" elseif passwd<>rs("passwd") then errText=errText&"
输入错误：你输入了错误的密码！" else my_level=rs("user_level") end if rs.close end if set rs=Conn.execute("SELECT count(*) as cc FROM guestbook WHERE who='"&myname&"' and datediff('n',post_time,'"&now()&"')<30") if rs("cc")>4 then errText=errText&"
连续留言：禁止同一个帐号在较短的时间内连续留言！" if request.ServerVariables("HTTP_VIA")<>"" then ip=request.ServerVariables("HTTP_X_FORWARDED_FOR") else ip=request.ServerVariables("REMOTE_ADDR") end if set rs=Conn.execute("SELECT count(*) as cc FROM guestbook WHERE ip='"&ip&"' and datediff('n',post_time,'"&now()&"')<30") if rs("cc")>5 then errText=errText&"
连续留言：禁止同一个IP在较短的时间内连续留言！" if not secret then secret=false if towho="大家" then secret=false if secret then set rs = Conn.execute("SELECT passwd FROM user WHERE username='" & towho &"'") if (rs.bof or rs.eof) then errText=errText&"
输入错误：你使用了私人留言，但你的留言对象"&towho&"不存在！" end if rs.close end if if errText="" then set rsparam=conn.execute("select * from param") if my_level=rsparam("superlevel") then myname="聊天室管理员" insert_item="who,towho,secret,ip,email,web,addr,post_time,text_title,text_body" sz="'"&myname&"','"&towho&"',"&secret&",'"&ip&"','"&email&"','"&web&"','"&addr&"',now(),'"&title&"','"&mess&"'" into_db = "INSERT INTO guestbook ("&insert_item&") VALUES ("&sz&")" conn.Execute(into_db) end if conn.Execute("DELETE FROM guestbook WHERE DATEDIFF('d',post_time,now())>120") set rs=Conn.execute("SELECT Max(ID) as MI FROM guestbook") conn.Execute("DELETE FROM guestbook WHERE ID<"&(rs("MI")-1000)) conn.close if errText="" then response.redirect("guest.asp") else call echoerr(errText,"write.asp") end if%>