English
ReviewUrl.asp
资源名称:eat.rar [点击查看]
上传用户:jisenq
上传日期:2014-06-29
资源大小:7216k
文件大小:6k
源码类别:
数据库编程
开发平台:
ASP/ASPX
- <%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>
- <% Option Explicit %>
- <%session.CodePage="936"%>
- <!--#include file="FS_Inc/Const.asp" -->
- <!--#include file="FS_InterFace/MF_Function.asp" -->
- <!--#include file="FS_Inc/Function.asp" -->
- <!--#include file="FS_Inc/Md5.asp" -->
- <%
- Response.Buffer = True
- Response.Expires = -1
- Response.ExpiresAbsolute = Now() - 1
- Response.Expires = 0
- Response.CacheControl = "no-cache"
- response.Charset = "gb2312"
- Dim Conn,User_Conn,review_Sql,review_RS,strShowErr,Cookie_Domain
- Dim Server_Name,Server_V1,Server_V2
- Dim TmpStr,TmpArr,ReviewTypes,needAudited,ReviewIP
- Dim stype,Id,UserNumber,noname,password,title,Action,content,LimitReviewChar
- TmpStr = "":needAudited = True
- MF_Default_Conn
- MF_User_Conn
- Cookie_Domain = Get_MF_Domain()
- if Cookie_Domain="" then
- Cookie_Domain = "localhost"
- else
- if left(lcase(Cookie_Domain),len("http://"))="http://" then Cookie_Domain = mid(Cookie_Domain,len("http://")+1)
- if right(Cookie_Domain,1)="/" then Cookie_Domain = mid(Cookie_Domain,1,len(Cookie_Domain) - 1)
- end if
- ''防盗连
- Server_Name = Len(Request.ServerVariables("SERVER_NAME"))
- Server_V1 = Left(Replace(Cstr(Request.ServerVariables("HTTP_REFERER")),"http://",""),Server_Name)
- Server_V2 = Left(Cstr(Request.ServerVariables("SERVER_NAME")),Server_Name)
- if Server_V1 <> Server_V2 and Server_V1 <> "" and Server_V2 <> "" then
- response.Write("没有权限,请访问<a href=""http://"&Cookie_Domain&""">"&Cookie_Domain&"</a>.")
- response.End()
- end if
- stype = NoSqlHack(request.Form("type")) 'NS
- Id = NoSqlHack(request.Form("Id")) 'Id
- UserNumber = trim(NoSqlHack(request.Form("UserNumber")))
- password = md5(request.Form("password"),16)
- noname = NoSqlHack(request.Form("noname")) ''匿名 UserNumber=0
- title = NoSqlHack(request.Form("title"))
- content = NoSqlHack(request.Form("content"))
- Action = NoSqlHack(request.Form("Action"))
- if Action="" then Call HTMLEnd("Action不能为空","back")
- if stype="" then Call HTMLEnd("type不能为空","back")
- if title="" then Call HTMLEnd("title不能为空","back")
- if content="" then Call HTMLEnd("content不能为空","back")
- if len(content)>1000 then Call HTMLEnd("content超过1000字符。中文算两个字符。","back")
- if not isnumeric(Id) then Call HTMLEnd("Id必须是数字","back")
- if noname="" and noname<>"0" Then
- If UserNumber="" Or password="" Then
- If Session("FS_UserName")<>"" Then
- UserNumber=session("FS_UserName")
- password = session("FS_UserPassword")
- Else
- if UserNumber="" then Call HTMLEnd("用户名不能为空","back")
- if password="" then Call HTMLEnd("用户密码不能为空","back")
- End If
- End If
- set review_RS=User_Conn.execute("select top 1 ReviewTF from FS_ME_SysPara")
- if not review_RS.eof then if not isnull(review_RS(0)) then needAudited=cbool(review_RS(0))
- RsClose
- else
- UserNumber = "0"
- end if
- If UserNumber<>"0" then
- set review_RS=User_Conn.execute("select UserNumber from FS_ME_Users where (UserNumber='"&UserNumber&"' or UserName='"&UserNumber&"') and UserPassword='"&password&"'")
- if not review_RS.eof then
- UserNumber = review_RS(0)
- else
- 'UserNumber = "0"
- Call HTMLEnd("用户名或密码错误,请重新输入。","back")
- end if
- RsClose
- end if
- select case ucase(stype)
- case "NS"
- ReviewTypes=0
- case "DS"
- ReviewTypes=1
- if not needAudited then
- ''如果不需要审核则看该条下载是否需要
- set review_RS=Conn.execute("select ShowReviewTF,LimitReviewChar from FS_DS_List where ReviewTF=1 and ID = "&Id)
- if not review_RS.eof then if not isnull(review_RS(0)) then needAudited=cbool(review_RS(0)):LimitReviewChar=review_RS("LimitReviewChar")
- RsClose
- end if
- case "MS"
- ReviewTypes=2
- case "HS"
- ReviewTypes=3
- case "SD"
- ReviewTypes=4
- case "LOG"
- ReviewTypes=5
- case else
- Call HTMLEnd("Error:type("&stype&") is not found!","back")
- end select
- ReviewIP = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
- if ReviewIP="" then ReviewIP = Request.ServerVariables("REMOTE_ADDR")
- Sub HTMLEnd(Info,URL)
- if URL="back" then
- response.Write("<script>alert('"&Info&"n FooSun.cn');history.back();</script>")
- response.End()
- elseif URL<>"" then
- response.Write("<script>alert('"&Info&"n FooSun.cn');location='"&URL&"';</script>")
- response.End()
- else
- response.Write(""&Info&"<br /> FooSun.cn"&vbNewLine)
- response.End()
- end if
- End Sub
- Sub review_Data()
- Dim UserName
- review_Sql = "select UserNumber,InfoID,ReviewTypes,Title,Content,AddTime,ReviewIP,isLock,AdminLock,QuoteID from FS_ME_Review where ReviewID=0"
- set review_RS = CreateObject(G_FS_RS)
- review_RS.Open review_Sql,User_Conn,1,3
- if review_RS.eof then
- review_RS.addnew
- review_RS("ReviewTypes") = ReviewTypes
- review_RS("InfoID") = Id
- review_RS("UserNumber") = UserNumber
- review_RS("Title") = title
- review_RS("content") = content
- review_RS("QuoteID") = 0
- review_RS("isLock") = 0
- ''需要审核
- if needAudited then
- review_RS("AdminLock") = 1
- else
- review_RS("AdminLock") = 0
- end if
- review_RS("AddTime") = now
- review_RS("ReviewIP") = ReviewIP
- review_RS.update
- RsClose:Set User_Conn = Nothing
- if needAudited then TmpStr = "我们审核通过后即可显示。"
- Call HTMLEnd("感谢您的评论。"&TmpStr,"back")
- else
- end if
- End Sub
- 'content = "我爱你,你知道吗?我真的爱你的很啊。"
- 'LimitReviewChar = "爱,你"
- ''过滤关键字
- if not isnull(LimitReviewChar) and LimitReviewChar<>"" then
- Dim f_i,f_str,f_arr
- f_str = content
- f_arr = split(LimitReviewChar,",")
- for f_i = 0 to ubound(f_arr)
- f_str = replace(f_str,f_arr(f_i),"")
- next
- if f_str <>"" then content = f_str
- end if
- Call review_Data()
- User_Conn.close
- Conn.close
- Sub RsClose()
- review_RS.Close
- Set review_RS = Nothing
- end Sub
- %>
