<%= OutputCSS() %> <% if not fromThisDomain("post.asp?") then response.redirect (forumdir&"first.asp?error=referer") response.end end if if request.form("jsenabled")="false" then response.redirect (forumdir&"first.asp") response.end end if dim searchstring,appid,SQL1,SQL, sort,forumtitle,p, tmode, embed dim forumid, datecreated,ip,subject,body,parent,action,upfile dim threadid,objRS, newID, objcon, rdcount,withdot,mysort,enter,parentL dim includemail, subscribe,lastModified, objcom, isPostAllowed, msgIcons, withsig dim maxFloodControl:maxFloodControl = Application(dbName&"maxFloodControl") Dim memberModerated,parentAuthor, adminmod dim smode, smodeRedirect:smodeRedirect = 1 isPostAllowed = true '==action== action = request.form("postingaction") '==from nonuser-intervention input== 'appid = request.form("appid") forumid = request.form("forumid") allforum = Application(dbName&"foruminfo") appid = ForumIdToAppid(forumID) forumtitle = allforum(1,appid) forumID = allforum(0,appid) ip = request.ServerVariables("REMOTE_ADDR") parent = request.form("parent") p = request.form("p") tmode = request.form("tmode") smode = request.form("smode") threadID = request.form("threadID") ' this is for reply only dateCreated = SQLNowDate() withsig = request.form("withsig") memberModerated = request.form("memberModerated") 'parentAuthor = request.form("parentAuthor") '==Form== subscribe = request("subscribe") subject = trim(request.form("subject")) body = trim(request.form("body")) upfile = CheckDelimitedFormat(request.form("upfile"),"|") msgIcons = request.form("msgIcons") embed = request.form("embed") adminmod = CheckedOrNot(request.form("adminmod")&"") if embed = "on" then if len(upfile)<>0 then Dim i, arrUpfiles:arrUpfiles=split(upfile,"|") for i = 0 to ubound(arrUpfiles) Dim fileExt:fileExt = Lcase(right(arrUpfiles(i),len(arrUpfiles(i))-instr(arrUpfiles(i),"."))) if fileExt = "gif" or fileExt = "jpg" or fileExt = "bmp" or fileExt = "png" or fileExt = "jpeg" then body = body & vbCrlf & vbCrlf & "[image]local://upfiles/" & memID & "/" & arrUpfiles(i) & "[/image]" end if next end if end if if len(subject)=0 or len(body) = 0 then response.write (emptyTextBoxWarning & "
") response.write (""&javascriptBackDesc&"") response.end end if dim rights, allforum, mode,allowpoll Dim objPermission Set objPermission = new PermissionSetting With objPermission .memID = memID .appid = appid if action="poll" then .GetPermission(true) allowpoll = .poll else .GetPermission(false) end if rights = .post Mode = .isModerator End With Set objPermission = nothing Dim isModerated:isModerated = 0 if memberModerated = "1" or allforum(23,appid) = 1 then isModerated = 1 if mode or isAdmin then maxFloodControl = 0 isModerated = 0 end if Select Case action case "reply" if not ( rights = 2 or rights = 4 ) then response.write RightViolationMessage response.end end if case "add" if rights < 3 then response.write RightViolationMessage response.end end if case "poll" if not allowpoll then isPostAllowed = false if not isPostAllowed then response.write RightViolationMessage response.end end if End Select if subscribe = "on" then subscribe = 1 else subscribe = 0 if withsig = "on" then withsig = 1 else withsig = 0 If not isGuest then lastModified = _ "%DATE%
"&HTMLEncode(""&memLogin)&"" else lastModified = "%DATE%
"&HTMLEncode(""&memLogin) end if Dim NotificationBody:NotificationBody = body '========================================================= body = SQLin(body) subject = SQLin(subject) subject = replace(subject,chr(1),"") ' safetree '========================================================= %><% '======end of common variables assignment====== dim selfMessageID, arrParent, returnedValue SELECT CASE action CASE "reply" '================================================ Set objCom = server.createobject("adodb.command") with objCom .activeconnection = datastore .commandText = dbOwnerPrefix&"spReply" .commandType = adCmdStoredProc .Parameters.Append .Createparameter("@RETURN_VALUE", adInteger, adParamReturnValue, 0 ) .Parameters.Append .Createparameter("@int_re_MsgID", adInteger, adParamInput, 0, parent) .Parameters.Append .Createparameter("@maxFloodControl", adInteger, adParamInput, 0, maxFloodControl) .Parameters.Append .Createparameter("@nv_searchstring", adVarChar, adParamInput, 150, searchstring) .Parameters.Append .Createparameter("@int_memID", adInteger, adParamInput, 0, memID) .Parameters.Append .Createparameter("@nv_subject", adVarChar, adParamInput, 255, subject) .Parameters.Append .Createparameter("@nt_body", adLongVarWChar, adParamInput, 2147483647, body) .Parameters.Append .Createparameter("@int_forumid", adInteger, adParamInput, 0, forumid) .Parameters.Append .Createparameter("@int_parent", adInteger, adParamInput, 0, parent) .Parameters.Append .Createparameter("@int_threadID", adInteger, adParamInput, 0, threadID) .Parameters.Append .Createparameter("@nv_ip", adVarChar, adParamInput, 50, ip) .Parameters.Append .Createparameter("@nv_upfile", adVarChar, adParamInput, 500, upfile) .Parameters.Append .Createparameter("@nv_emailnotify", adUnsignedTinyInt, adParamInput, 0, subscribe) .Parameters.Append .Createparameter("@nv_lastmodified", adVarChar, adParamInputOutput, 255, lastModified) .Parameters.Append .Createparameter("@int_selfmsgid", adInteger, adParamOutput, 0 ) .Parameters.Append .Createparameter("@int_msgIcons", adUnsignedTinyInt, adParamInput, 0, msgIcons ) .Parameters.Append .Createparameter("@int_withsig", adUnsignedTinyInt, adParamInput, 0, withsig ) .Parameters.Append .Createparameter("@int_ismoderated", adUnsignedTinyInt, adParamInput, 0, isModerated ) .Parameters.Append .Createparameter("@int_isFAQ", adUnsignedTinyInt, adParamInput, 0, CheckedOrNot(request.form("makeFAQ"))) .Parameters.Append .Createparameter("@int_isLocked", adUnsignedTinyInt, adParamInput, 0, CheckedOrNot(request.form("makeLock"))) .Parameters.Append .Createparameter("@int_isPin", adUnsignedTinyInt, adParamInput, 0, CheckedOrNot(request.form("makePin"))) .Parameters.Append .Createparameter("@adminmod", adUnsignedTinyInt, adParamInput, 0, adminmod) .Parameters.Append .Createparameter("@canreplylocked", adUnsignedTinyInt, adParamInput, 0, iff((isadmin or mode),1,0)) .execute , , adExecuteNoRecords selfMessageID = .Parameters("@int_selfmsgid") lastModified = .Parameters("@nv_lastmodified") returnedValue = .Parameters("@RETURN_VALUE") end with set objcom = nothing ' return value: -1 = flood control; -2 = there isn't such a message to reply to, or is locked 'If returnedValue <> -1 then If not returnedValue < 0 then ' successful reply Call CloseWin(selfMessageID&"&smode="&smode&"&tmode="&tmode&"&p="&p&"&toStyle="&request.form("toStyle")) foruminfo=Application(dbName&"foruminfo") foruminfo(3,appid)=foruminfo(3,appid)+1 foruminfo(15,appid)=datecreated foruminfo(14,appid)=lastModified Application.lock Application(dbName&"foruminfo")=foruminfo Application.unlock erase foruminfo else call ErrorTrigger(returnedValue) end if if isModerated = 0 then call SendSubscription(memLogin,selfMessageID,1,threadID, forumID,subject, NotificationBody, memID) '================================================ CASE "add", "poll" if action = "poll" then Dim arrPollOptions, numberOfOptions, iPollOption, choiceID, allowMultiple, strSQLAddPoll strSQLAddPoll = "" allowMultiple = request.form("allowMultiple") if allowMultiple = "on" then allowMultiple = 1 else allowMultiple = 0 numberOfOptions = CLng(request.form("numberOfOptions")) Redim arrPollOptions(numberOfOptions-1) for iPollOption = 1 to numberOfOptions arrPollOptions(iPollOption-1) = SQLAccessInput(trim(request.form("pollOption"&iPollOption))) next choiceID = 0 for iPollOption = 0 to ubound(arrPollOptions) if not len(arrPollOptions(iPollOption))=0 then choiceID = choiceID + 1 strSQLAddPoll = strSQLAddPoll & "INSERT INTO pgd_Poll (pollID, forumID, choiceID, choice, allowMultiple) VALUES ({selfMessageID}"&_ ", "&forumid&", "&choiceID&", '"&arrPollOptions(iPollOption)&"', "&allowMultiple&") " end if next end if Dim isPoll if action = "poll" and choiceID > 0 then isPoll = 1 else isPoll = 0 Set objCom = server.createobject("adodb.command") with objCom .activeconnection = datastore .commandText = dbOwnerPrefix&"spPost" .commandType = adCmdStoredProc .Parameters.Append .Createparameter("@RETURN_VALUE", adInteger, adParamReturnValue, 0 ) .Parameters.Append .Createparameter("@maxFloodControl", adInteger, adParamInput, 0, maxFloodControl) .Parameters.Append .Createparameter("@int_memID", adInteger, adParamInput, 0, memID) .Parameters.Append .Createparameter("@nv_subject", adVarChar, adParamInput, 255, subject) .Parameters.Append .Createparameter("@nt_body", adLongVarWChar, adParamInput, 2147483647, body) .Parameters.Append .Createparameter("@nv_searchstring", adVarChar, adParamInput, 150, searchstring) .Parameters.Append .Createparameter("@int_forumid", adInteger, adParamInput, 0, forumid) .Parameters.Append .Createparameter("@int_parent", adInteger, adParamInput, 0, parent) .Parameters.Append .Createparameter("@nv_ip", adVarChar, adParamInput, 50, ip) .Parameters.Append .Createparameter("@nv_upfile", adVarChar, adParamInput, 500, upfile) .Parameters.Append .Createparameter("@ti_Subscribe", adUnsignedTinyInt, adParamInput, 0, subscribe) .Parameters.Append .Createparameter("@nv_lastmodified", adVarChar, adParamInputOutput, 255, lastModified) .Parameters.Append .Createparameter("@int_selfmsgid", adInteger, adParamOutput, 0 ) .Parameters.Append .Createparameter("@int_isPoll", adUnsignedTinyInt, adParamInput, 0, isPoll) .Parameters.Append .Createparameter("@int_msgIcons", adUnsignedTinyInt, adParamInput, 0, msgIcons ) .Parameters.Append .Createparameter("@int_withsig", adUnsignedTinyInt, adParamInput, 0, withsig ) .Parameters.Append .Createparameter("@int_ismoderated", adUnsignedTinyInt, adParamInput, 0, isModerated ) .Parameters.Append .Createparameter("@int_isFAQ", adUnsignedTinyInt, adParamInput, 0, CheckedOrNot(request.form("makeFAQ"))) .Parameters.Append .Createparameter("@int_isLocked", adUnsignedTinyInt, adParamInput, 0, CheckedOrNot(request.form("makeLock"))) .Parameters.Append .Createparameter("@int_isPin", adUnsignedTinyInt, adParamInput, 0, CheckedOrNot(request.form("makePin"))) .execute , , adExecuteNoRecords selfMessageID = .Parameters("@int_selfmsgid") lastModified = .Parameters("@nv_lastmodified") returnedValue = .Parameters("@RETURN_VALUE") end with set objcom = nothing if action = "poll" and isPoll = 1 then Set objCon = server.createobject("adodb.connection") with objCon .open datastore .execute Replace(strSQLAddPoll,"{selfMessageID}",selfMessageID), , adCmdtext + adExecuteNoRecords .close end with set objCon = nothing ' New additions for smode processing if smode = 2 then smodeRedirect = 2 end if ' return value: -1 = flood control; 'If returnedValue <> -1 then If not returnedValue < 0 then ' successful reply Call CloseWin(appid&"&tmode=1&smode="&smodeRedirect) Dim foruminfo foruminfo=Application(dbName&"foruminfo") foruminfo(3,appid)=foruminfo(3,appid)+1 foruminfo(4,appid)=foruminfo(4,appid)+1 foruminfo(15,appid)=datecreated foruminfo(14,appid)=lastModified Application.lock Application(dbName&"foruminfo")=foruminfo Application.unlock erase foruminfo else call ErrorTrigger(returnedValue) end if if isModerated = 0 then call SendSubscription(memLogin,selfMessageID,0,selfMessageID,forumID,subject,NotificationBody, memID) '================================================ END SELECT %>