<% function ForumIdToAppid(forumID) dim arr, iterate arr = ubound(allforum,2) for iterate = 0 to arr if ""&allforum(0,iterate) = ""&forumID then ForumIdToAppid = iterate exit function end if next end function function isThisMemberAModSomeWhere(memId, allmoderators) if len(allmoderators) = 0 or isGuest then isThisMemberAModSomeWhere = "false" exit function end if if Instr(1, "," & allmoderators & ",", "," & memId&"" & ",", 0) > 0 then isThisMemberAModSomeWhere = "true" else isThisMemberAModSomeWhere = "false" end function Class PermissionSetting Private Permission_post_ Private Permission_poll_ Private Permission_vote_ Private Permission_rate_ Private Permission_upload_ Private memID_ Private appid_ Private forumID_ Private groupID_ Private isGPermissionOn_ Private allowpoll_ Private enableRating_ Private UploadRestriction_ Private UploadReturnedValue_ Private IsPrivateUser_ Private IsModerator_ Private allModerators_ Private allPrivateUsers_ Private Sub Class_Initialize() End Sub ' Public functions Public function Moderator() Dim isModerator, mo, mode Moderator = false mode = iff(isEmpty(allModerators_),allforum(11,appid_),allModerators_) if not (isNull(mode) and mode = "") then if Instr(1, "," & mode & ",", "," & memID_ & ",", 0) > 0 then Moderator = true end if end function Public function VerifyPrivate() Dim PrivateUser if isAdmin then VerifyPrivate = true exit function end if if allforum(6,appid_) = 1 then VerifyPrivate = false PrivateUser = iff(isEmpty(allPrivateUsers_),allforum(7,appid_),allPrivateUsers_) if not (isNull(PrivateUser) and PrivateUser = "") then if Instr(1, "," & PrivateUser & ",", "," & memID_ & ",", 0) > 0 then VerifyPrivate = true end if else VerifyPrivate = true end if end function ' Public sub Public sub UploadPermission() Dim strSQL, objRS, objCom,returnedValue,upSetting,upRestriction if isEmpty(Permission_post_) then Call GetPermission(false) end if if allforum(17,appid_) = 0 or lcase(Application(dbName&"upload")) = "noupload" or Permission_post_ < 2 then 'user try to compromise the system Permission_upload_ = "0|" UploadRestriction_ = 10 UploadReturnedValue_ = -2 exit sub end if Dim blnBypassDB if isGPermissionOn_ = 0 then blnBypassDB = true else blnBypassDB = false if not blnBypassDB then ' grab upload permission from database if isEmpty(Permission_upload_) then blnBypassDB = true ' did not grab permission from DB successfully (not active, not defined, etc.) end if if blnBypassDB then if not isAdmin then Set objCom = server.createobject("adodb.command") with objCom .activeconnection = datastore .commandText = dbOwnerPrefix&"spCheckUpPermission" .commandType = adCmdStoredProc .Parameters.Append .Createparameter("@RETURN_VALUE", adInteger, adParamReturnValue, 0 ) .Parameters.Append .Createparameter("@memID", adInteger, adParamInput, 0, memID_) .Parameters.Append .Createparameter("@forumID", adInteger, adParamInput, 0, forumID_) .Parameters.Append .Createparameter("@isMod", adVarChar, adParamInput, 5, lcase(""&IsModerator_)) .Parameters.Append .Createparameter("@upSetting", adVarChar, adParamOutput, 150 ) .Parameters.Append .Createparameter("@upRestriction", adUnsignedTinyInt, adParamOutput, 0) .execute , , adExecuteNoRecords returnedValue = .parameters("@RETURN_VALUE") upSetting = .parameters("@upSetting") upRestriction = .parameters("@upRestriction") end with Set objCom = nothing Permission_upload_ = upSetting UploadRestriction_ = upRestriction UploadReturnedValue_ = returnedValue end if else 'Permission_upload_ already gotton from the Call GetPermission(false) UploadRestriction_ = 0 UploadReturnedValue_ = -2 end if End sub Public Sub GetPermission(p_level) ' true or false, if true, get all permission, if false, get only post_reply permission call CheckPrivateAndModerator Dim blnBypassDB if isGPermissionOn_ = 0 then blnBypassDB = true else blnBypassDB = false if isAdmin or IsModerator_ or memID_ = "-1" then blnBypassDB = true 'don't query database--unnecessary 'Default Values ------------------------ Dim GuestRight, AuthRight, PrivateRight, IsPrivateForum IsPrivateForum = allforum(6,appid_) PrivateRight=allforum(8,appid_) GuestRight=allforum(9,appid_) AuthRight=allforum(10,appid_) Dim allowPoll:allowPoll = false Dim pollCreatePermission: pollCreatePermission = allforum(18,appid_) Dim allowVote:allowVote = false Dim votePermission: votePermission = allforum(19,appid_) 'Default Values ------------------------ Dim objRS if not blnBypassDB then 'query database Dim allData Dim groupPermissionStoredProcedure:groupPermissionStoredProcedure = iff(IsPrivateForum,"spGetPrivateGroupPermission","spGetGroupPermission") 'response.write groupPermissionStoredProcedure set objRS = server.createobject("adodb.recordset") with objRS .CacheSize = 1 .open dbOwnerPrefix&groupPermissionStoredProcedure&"("&memID_&","&forumID_&")", datastore, , , adcmdStoredProc 'adCmdText If not (.EOF or .BOF) then allData = .getrows End if .close end with set objRS=nothing if isArray(allData) then Dim DBpost_reply,DBpoll,DBvote,DBrate,DBuploadRestriction DBpost_reply = allData(0,0) DBpoll = allData(1,0) DBvote = allData(2,0) DBrate = allData(3,0) DBuploadRestriction = allData(4,0) 'get DB post_reply permission If IsPrivateForum = 1 and not IsPrivateUser_ then Permission_post_ = 0 else If DBpost_reply = 5 then Permission_post_ = 0 else Permission_post_ = DBpost_reply end if 'get DB poll permission if Application(dbName&"allowpoll") <> 0 then if Permission_post_ >=3 and DBpoll = 1 then allowPoll = true end if Permission_poll_ = allowPoll 'Get DB Vote Permission if Permission_post_ > 1 and DBvote = 1 then allowVote = true end if Permission_vote_ = allowVote 'get DB rate permission if Permission_post_ > 1 and enableRating_>0 and DBrate = 1 then Permission_rate_ = true end if 'get DB upload permission Permission_upload_ = DBuploadRestriction else blnBypassDB = true end if end if if not blnBypassDB then exit sub ' Get post_reply permission if isAdmin then Permission_post_ = 4 'grant administrator post&reply right' else SELECT CASE IsPrivateForum Case 1 'this forum is a private forum' if not IsPrivateUser_ then 'verify if this member is a private member for this forum' Permission_post_ = 0 else if IsModerator_ then Permission_post_ = 4 else Permission_post_ = PrivateRight end if end if Case 0 'this forum is not a private forum' if memID_ = "-1" then Permission_post_ = GuestRight else if IsModerator_ then Permission_post_ = 4 else Permission_post_ = AuthRight end if end if END SELECT end if if not p_level then exit sub 'exit sub if not all permissions are required. ' Get Poll permission if Application(dbName&"allowpoll") <> 0 then if pollCreatePermission = 1 then 'only moderator if IsModerator_ then allowPoll = true elseif pollCreatePermission = 2 then 'who has post permission if Permission_post_ >= 3 then allowPoll = true end if end if if isAdmin then allowpoll = true Permission_poll_ = allowPoll ' Get Vote permission if votePermission = 0 and (Permission_post_ = 2 or Permission_post_ = 4) then allowVote = true elseif votePermission = 1 and Permission_post_>=3 then allowVote = true end if if isAdmin then allowVote = true if memID_ = "-1" then allowVote = false Permission_vote_ = allowVote ' Get Rate Permission if enableRating_>0 then if enableRating_ = 1 and memID_<>"-1" then Permission_rate_ = true elseif enableRating_ = 2 and (IsModerator_ or isAdmin) then Permission_rate_ = true end if end if End Sub Public Sub CheckPrivateAndModerator IsPrivateUser_ = VerifyPrivate() IsModerator_ = Moderator() End Sub ' Public Properties Let Public Property Let memID(int_memID) memID_ = int_memID End Property Public Property Let Appid(int_appid) appid_ = int_appid forumID_ = allforum(0,appid_) isGPermissionOn_ = allforum(29,appid_) enableRating_ = allforum(22,appid_) allModerators_ = empty allPrivateUsers_ = empty End Property Public Property Let GroupID(int_groupID) groupID_ = int_groupID End Property ' Public Properties Get Public Property Get Post Post = Permission_post_ End Property Public Property Get Poll Poll = Permission_poll_ End Property Public Property Get Vote Vote = Permission_vote_ End Property Public Property Get Rate Rate = Permission_rate_ End Property Public Property Get Upload call UploadPermission() Upload = Permission_upload_ End Property Public Property Get UploadRestriction UploadRestriction = UploadRestriction_ End Property Public Property Get UploadReturnedValue ' -1 means not meeting the upload requirements. UploadReturnedValue = UploadReturnedValue_ End Property Public Property Get enableRating enableRating = enableRating_ End Property Public Property Get isPrivateUser 'used after getpermission isPrivateUser = isPrivateUser_ End Property Public Property Get isModerator 'used after getpermission isModerator = isModerator_ End Property Public Property Get forumID forumID = forumID_ End Property End Class Class searchableForum Private finalSearchForum_ Private searchCategory_ Private searchForum_ Private searchAllForum_ Private memID_ Private appid_ Private moderatorOnly_ Private Sub Class_Initialize() searchCategory_ = "" searchForum_ = "" searchAllForum_ = "" moderatorOnly_ = false End Sub Public Property Let memID(int_memID) memID_ = int_memID End Property Public Property Let SearchType(srType) if isNumeric(srType) then searchForum_ = allforum(0,srType) appid_ = srType elseif ucase(srType) = "ALL" then searchAllForum_ = "true" else searchCategory_ = replace(srType,"cat_","")&"" end if End Property Public Property Let moderatorOnly(val) moderatorOnly_ = val end Property Public function GetSearchableForums() Dim objRS, allData:allData = "-5" If len(searchForum_)<>0 then Dim objPermission, rights, isModerator Set objPermission = new PermissionSetting With objPermission .memID = memID_ .appid = appid_ .GetPermission(false) rights = .post isModerator = .isModerator End With Set objPermission = nothing if moderatorOnly_ and isModerator then allData = searchForum_ elseif rights>0 then allData = searchForum_ end if else Dim strSQL If memID_="-1" then strSQL = "spGetGuestSearchableForums" else strSQL = "spGetSearchableForums" If moderatorOnly_ then strSQL = "spGetModeratorSearchableForums" set objRS = server.createobject("adodb.recordset") with objRS .CacheSize = 1 .open dbOwnerPrefix&strSQL&"("&memID_&", '"&searchAllForum_&"','"&searchCategory_&"')", datastore, , , adcmdStoredProc If not (.EOF or .BOF) then allData = CheckDelimitedFormat(trim(.getString(,,"",",","")),",") End if .close end with set objRS=nothing end if GetSearchableForums = allData end function End Class function fromThisDomain(pagesToCheck) ' the pages to check for are delimited by pipe. e.g. "tm.asp?|m.asp?" without quote' Dim arrPagesToCheck : arrPagesToCheck = split(pagesToCheck&"","|") Dim HTTP_Referer : HTTP_Referer = trim(lcase(request.serverVariables("http_referer"))) Dim DomainForumDir:DomainForumDir = trim(lcase(forumdir)) Dim iPages, ubPages : ubPages = ubound(arrPagesToCheck) Dim isThereAMatch : isThereAMatch = false if Application(dbName&"checkDomain")<> 1 then fromThisDomain = true exit function end if if ubPages >=0 then for iPages = 0 to ubPages if instr(1,HTTP_Referer,DomainForumDir, vbBinaryCompare)>0 and instr(1,HTTP_Referer,arrPagesToCheck(iPages), vbBinaryCompare)>0 then isThereAMatch = true exit for end if next end if fromThisDomain = isThereAMatch end function %>