<% If Request("SubmitReply") = "Submit Reply" OR Request("SubmitMessage") = "Post Message" then If NOT session("discussionlogin") Then res = validate If NOT res="" Then Response.Redirect "error.asp?message=" & res Else res = validateloginuser If NOT res="" Then Response.Redirect "error.asp?message=" & res End if End if If NOT session("discussionlogin") Then res = login( request("email"), request("password"),false ) If NOT res="" Then Response.Redirect "error.asp?message=" & res End if Function isBlank(Value) if isNull(Value) then bAns = true else bAns = trim(Value) = "" end if isBlank = bAns end function Function FixNull(Value) if isNull(Value) then sAns = "" else sAns = trim(Value) end if FixNull = sAns end function Function prepStringForSQL(sValue) Dim sAns sAns = Replace(sValue, Chr(39), "''") sAns = "'" & sAns & "'" prepStringForSQL = sAns End Function function ReplaceComments(sInput) dim sAns sAns = replace(sInput, " ", "  ") sAns = replace(sAns, chr(34), """) sAns = replace(sAns, "", "-->") ReplaceComments = sAns end function function HTMLFormat(sInput) dim sAns sAns = replace(sInput, " ", "  ") sAns = replace(sAns, chr(34), """) sIllStart = "<" & chr(37) sIllEnd = chr(37) & ">" if instr(sAns, sIllStart) > 0 or instr(sAns, sIllEnd) > 0 then sAns = replace(sAns, "<" & chr(37), "") sAns = replace(sAns, chr(37) & ">", "") bIllegal = true end if sAns = replace(sAns, ">", ">") sAns = replace(sAns, "<", "<") sAns = replace(sAns, vbcrlf, "
") HTMLFormat = sAns end function if Request("SubmitMessage") <> "" then bNew = true if request("SubmitReply") <> "" or request("Reply") <> "" then bReply = true if request("ApplyMessage") <> "" then bApply = true bValid = bNew or bReply or bApply if bApply then sName = request("AuthorName") sEmail = request("AuthorEmail") sCatid = request("catid") bAddNew = request("MessageType") = "New" If bAddNew then sTopic = prepStringForSQL(Request("Topic")) & "," sName = prepStringForSQL(sName) & "," sEmail= prepStringForSQL(sEmail) & "," sComments = ReplaceComments(Request("Message")) sComments = prepStringForSQL(sComments) sSQL = "INSERT INTO FORUM_MESSAGES (category,AUTHORNAME,AUTHOREMAIL,TOPIC,COMMENTS) VALUES (" & sCatid & "," & sName & sEmail & sTopic & sComments & ")" conn.execute sSQL sSQL = "UPDATE FORUM_MESSAGES SET THREADPARENT = ID WHERE THREADPARENT = 0" conn.execute sSQL userupdate() Else sOrigAuthor = Request("OrigAuthor") if sOrigAuthor = "" then sOrigAuthor = Request.QueryString("OrigAuthor") iThread = Request("ThreadID") iParent = Request("ParentID") sName = prepStringForSQL(sName) & "," sEmail= prepStringForSQL(sEmail) & "," sTopic = prepStringForSQL(Request("Topic")) & "," sComments = prepStringForSQL(Request("Message")) if iThread = 0 then iThread = iParent sSQL = "INSERT INTO FORUM_MESSAGES (category,PARENTMESSAGE,THREADPARENT,AUTHORNAME,AUTHOREMAIL,TOPIC,COMMENTS) VALUES (" & sCatid & "," & iParent & "," & iThread & "," & sName & sEmail & sTopic & sComments & ")" conn.execute sSQL cmd.CommandText = "LASTMESSAGE" cmd.CommandType = 4 set rs = cmd.Execute sID = rs("ID") rs.close sSQL = "UPDATE FORUM_MESSAGES SET REPLYCOUNT = REPLYCOUNT + 1, LASTTHREADPOST = NOW() WHERE ID = " & iThread conn.execute sSQL notifyMail request("ParentID"),request("ThreadID"),request("AuthorName"),request("Topic"),request("Message"),request("AuthorEmail") userupdate() End if 'bAddNew %> <% response.redirect "default.asp" end if 'bApply %> <%=sitename%>: Preview Message <%=meta%> <% searchbox loginform if not bValid then response.write "You cannot navigate to this page without entering a forum message. Please " response.write "return to the forum index and try again." response.end end if 'Write to db and redirect home. response.write "" if bReply then ParentID = Request("ParentID") ThreadID = request("ThreadID") sOrigAuthor = request("OrigAuthor") end if sTopic = request("Topic") if sOrigAuthor = "" then sOrigAuthor = request.QueryString("OrigAuthor") sOrigMessage = HTMLFormat(Request("Message")) %>
Preview Message

Please review your post. If everything is OK, click Submit below. Otherwise, click the Back button on your browser to make corrections.

<% if bReply Then %> <% end if %> "> "> "> >
<%= sTopic %>
<%= sOrigMessage %>


<% if bIllegal then %> Your message was altered to delete the ASP delimiters <<%= chr(37) %> and <%= chr(37) %>>

<% end if %> <% Function validate dim message message = "" if Instr(1, request("email"), "@", 1) =0 then message="Incorrect E-mail address." if instr(1,request("email"),".",1) =0 then message="Incorrect E-mail address." Select Case "" case request("email") message="You must provide your Email." case request("password") If NOT session("discussionlogin") Then message="You must provide your password." End if case request("topic") message="You must provide some topic/brief description." case request("message") message="You forgot provide any message!" End select If int(request("catid"))<1 then message="Please choose a category!" If message = "" then validate = "" Else message = message & "
" validate = message End If End Function Function validateloginuser dim message message = "" Select Case "" case request("topic") message="You must provide some topic/brief description." case request("message") message="You forgot provide any message!" End select If int(request("catid"))<1 then message="Please choose a category!" If message = "" then validateloginuser = "" Else message = message & "
" validateloginuser = message End If End Function Function userupdate() 'On error resume next ''''''''''''''''''''''''''''' Set dbConn = Server.CreateObject("ADODB.Connection") Set rs2 = Server.CreateObject("ADODB.Recordset") mySQL = "Select * from users where email='" & session("useremail") & "';" dbConn.Open session("constr") rs2.Open mySQL, dbConn ,1,3 rs2("lastpost") = now() rs2("totalpost") = rs2("totalpost") + 1 rs2.Update rs2.close mySQL = "SELECT * FROM category where id=" & int(request("catid")) rs2.Open mySQL, dbConn ,1,3 rs2("lastpost") = now() rs2("posts") = rs2("posts") + 1 rs2.Update rs2.close Set rs2 = Nothing Set dbConn = Nothing End Function %>