<%
ProcessForumPage True
%>
<%
'== BEGIN MAIN =================================================================
Sub Main()
' Message parameters
Dim iForumId, iThreadId, iThreadParent, iThreadLevel
Dim sSubject, sMessage, bNotify, bUSAddress, IP_ADDRESS, Octet_Zero
Dim sName, sEmail ' User Info from Cookies
Dim iNewMessageId ' Id of the message we're adding
Select Case Request.QueryString("action")
Case "save"
' Retrieve parameters
iForumId = Request.Form("forum_id")
iThreadId = Request.Form("thread_id")
iThreadParent = Request.Form("thread_parent")
iThreadLevel = Request.Form("thread_level")
sName = Request.Form("name")
sEmail = Request.Form("email")
sSubject = Request.Form("subject")
sMessage = Request.Form("message")
bNotify = Request.Form("notify")
' New Spam Checks *******************************************************************
IP_ADDRESS = Request.ServerVariables("REMOTE_ADDR")
Octet_Zero = Left(IP_Address, (InStr(IP_Address, ".")))
'APPEND POSTERS IP ADDRESS TO THE MESSAGE
sMessage = sMessage & vbCrLf & vbCrLf & "Posted from: " & IP_ADDRESS
bUSAddress = False
if ( InStr("24.63.64.65.66.67.68.69.70.71.72.73.74.75.76.196.198.199.204.205.206.207.208.209.216.", Octet_Zero) > 0 ) then
bUSAddress = True
end if
'TEST AND BLOCK POSTS ORIGINATING FROM SPECIFIC PROBLEM IP ADDRESSES **********************************
if (IP_Address = "65.110.59.70") then
bUSAddress = False
end if
if (IP_Address = "66.232.113.200") then
bUSAddress = False
end if
if (IP_Address = "66.232.101.20") then
bUSAddress = False
end if
if (IP_Address = "66.232.102.40") then
bUSAddress = False
end if
' TEST NAME FIELD FOR UNWANTED CHARACTERS ***************************************************
' Prevent any post that contains 'pussy' in the NAME field
if ( InStr(UCase(sName), "PUSSY") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'vicodin' in the NAME field
if ( InStr(UCase(sName), "VICODIN") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'freeslots' in the NAME field
if ( InStr(UCase(sName), "FREESLOTS") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'poker' in the NAME field
if ( InStr(UCase(sName), "POKER") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'links' in the NAME field
if ( InStr(UCase(sName), "LINKS") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'sex' in the NAME field
if ( InStr(UCase(sName), "SEX") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'diet' in the NAME field
if ( InStr(UCase(sName), "DIET") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'skyros' in the NAME field
if ( InStr(UCase(sName), "SKYROS") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'shit' in the NAME field
if ( InStr(UCase(sName), "SHIT") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'viagra' in the NAME field
if ( InStr(UCase(sName), "VIAGRA") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'fuck' in the NAME field
if ( InStr(UCase(sName), "FUCK") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'phentermine' in the NAME field
if ( InStr(UCase(sName), "PHENTERMINE") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'cialis' in the NAME field
if ( InStr(UCase(sName), "CIALIS") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'hydrocodone' in the NAME field
if ( InStr(UCase(sName), "HYDROCODONE") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'tit' in the NAME field
if ( InStr(UCase(sName), "TIT") > 0 ) then
bUSAddress = False
end if
' TEST EMAIL FIELD FOR UNWANTED CHARACTERS ***************************************************
' Prevent any post that has '.info' in the EMAIL Field
if ( InStr(UCase(sEmail), ".INFO") > 0 ) then
bUSAddress = False
end if
' Prevent any post that has '.RU' in the EMAIL Field
if ( InStr(UCase(sEmail), ".ru") > 0 ) then
bUSAddress = False
end if
' Prevent any post that has '.BE' in the EMAIL Field
if ( InStr(UCase(sEmail), ".be") > 0 ) then
bUSAddress = False
end if
' Prevent any post that has '.IT' in the EMAIL Field
if ( InStr(UCase(sEmail), ".it") > 0 ) then
bUSAddress = False
end if
' Prevent any post that has 'PARTYPOKER.' in the EMAIL Field
if ( InStr(UCase(sEmail), "partypoker.") > 0 ) then
bUSAddress = False
end if
' Prevent any post that has 'FREESLOTS.' in the EMAIL Field
if ( InStr(UCase(sEmail), "freeslots.") > 0 ) then
bUSAddress = False
end if
' TEST SUBJECT FIELD FOR UNWANTED CHARACTERS ***************************************************
' Prevent any post that contains 'shit' in the SUBJECT field
if ( InStr(UCase(sSubject), "SHIT") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'phentermine' in the SUBJECT field
if ( InStr(UCase(sSubject), "PHENTERMINE") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'cialis' in the SUBJECT field
if ( InStr(UCase(sSubject), "CIALIS") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'viagra' in the SUBJECT field
if ( InStr(UCase(sSubject), "VIAGRA") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'ringtone' in the SUBJECT field
if ( InStr(UCase(sSubject), "RINGTONE") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'hydrocodone' in the SUBJECT field
if ( InStr(UCase(sSubject), "HYDROCODONE") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'tit' in the SUBJECT field
if ( InStr(UCase(sSubject), "TIT") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'vicodin' in the SUBJECT field
if ( InStr(UCase(sSubject), "VICODIN") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'diet' in the SUBJECT field
if ( InStr(UCase(sSubject), "DIET") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'freeslots' in the SUBJECT field
if ( InStr(UCase(sSubject), "FREESLOTS") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'poker' in the SUBJECT field
if ( InStr(UCase(sSubject), "POKER") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'sex' in the SUBJECT field
if ( InStr(UCase(sSubject), "SEX") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'links' in the SUBJECT field
if ( InStr(UCase(sSubject), "LINKS") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'pussy' in the SUBJECT field
if ( InStr(UCase(sSubject), "PUSSY") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'skyros' in the SUBJECT field
if ( InStr(UCase(sSubject), "SKYROS") > 0 ) then
bUSAddress = False
end if
' TEST MESSAGE FIELD FOR UNWANTED CHARACTERS ***************************************************
' Prevent any post that contains 'shit' in the MESSAGE field
if ( InStr(UCase(sMessage), "SHIT") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'viagra' in the MESSAGE field
if ( InStr(UCase(sMessage), "VIAGRA") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'phentermine' in the MESSAGE field
if ( InStr(UCase(sMessage), "PHENTERMINE") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'http' in the MESSAGE field
if ( InStr(UCase(sMessage), "HTTP") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'Mortgage' in the MESSAGE field
if ( InStr(UCase(sMessage), "MORTGAGE") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'das' in the MESSAGE field
if ( InStr(UCase(sMessage), "DAS") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'taras' in the MESSAGE field
if ( InStr(UCase(sMessage), "TARAS") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'Greatwork!' in the MESSAGE field
if ( InStr(UCase(sMessage), "GREATWORK!") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'e-gold' in the MESSAGE field
if ( InStr(UCase(sMessage), "E-GOLD") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'Welldone!' in the MESSAGE field
if ( InStr(UCase(sMessage), "WELLDONE!") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'Test' in the MESSAGE field
if ( InStr(UCase(sMessage), "TEST") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'Hello world' in the MESSAGE field
if ( InStr(UCase(sMessage), "HELLO WORLD") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'href' in the MESSAGE field
if ( InStr(UCase(sMessage), "HREF") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'Nicesite!' in the MESSAGE field
if ( InStr(UCase(sMessage), "NICESITE!") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'cialis' in the MESSAGE field
if ( InStr(UCase(sMessage), "CIALIS") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'fuck' in the MESSAGE field
if ( InStr(UCase(sMessage), "FUCK") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'hydrocodone' in the MESSAGE field
if ( InStr(UCase(sMessage), "HYDROCODONE") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'tit' in the MESSAGE field
if ( InStr(UCase(sMessage), "TIT") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'diet' in the MESSAGE field
if ( InStr(UCase(sMessage), "DIET") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'links' in the MESSAGE field
if ( InStr(UCase(sMessage), "LINKS") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'vicodin' in the MESSAGE field
if ( InStr(UCase(sMessage), "VICODIN") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'freeslots' in the MESSAGE field
if ( InStr(UCase(sMessage), "FREESLOTS") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'poker' in the MESSAGE field
if ( InStr(UCase(sMessage), "POKER") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'sex' in the MESSAGE field
if ( InStr(UCase(sMessage), "SEX") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'pussy' in the MESSAGE field
if ( InStr(UCase(sMessage), "PUSSY") > 0 ) then
bUSAddress = False
end if
' Prevent any post that contains 'skyros' in the MESSAGE field
if ( InStr(UCase(sMessage), "SKYROS") > 0 ) then
bUSAddress = False
end if
' END OF TESTS ************************************************************************************
'Remove This Feature ***************** Spam Gateway
If bNotify = "yes" Then
bNotify = True
Else
bNotify = False
End If
' Validate Input
If InputIsValid("save", iForumId, iThreadId, iThreadParent, iThreadLevel, sName, sSubject, sMessage) Then
' Insert the New Message
' ************************** New Spam Checks
if bUSAddress then
iNewMessageId = InsertRecord(iForumId, iThreadId, iThreadParent, iThreadLevel, sName, sEmail, bNotify, sSubject, sMessage)
end if
' Show The Thanks Page
ShowThanks iNewMessageId, iThreadParent, iForumId, sName, sEmail
' Send Email Notification
'********************* No Longer send email bc this a gateway for spammers
'SendEmailNotification iNewMessageId, iThreadId, sEmail
Else
ShowForm iForumId, iThreadId, iThreadParent, iThreadLevel, sName, sEmail, sSubject, sMessage
End If
Case Else
' Retrieve Parameters
iForumId = Request.QueryString("fid")
iThreadId = Request.QueryString("tid")
iThreadParent = Request.QueryString("pid")
iThreadLevel = Request.QueryString("level")
sName = Request.Cookies("name")
sEmail = Request.Cookies("email")
sSubject = Request.QueryString("subject")
'sMessage = Request.Form("message")
If Len(sSubject) <> 0 And Left(sSubject, 3) <> "Re:" Then
If Len(sSubject) > 46 Then ' If Re: won't fit!
sSubject = "Re: " & Left(sSubject, 43) & "..."
Else
sSubject = "Re: " & sSubject
End If
End If
If InputIsValid("post", iForumId, iThreadId, iThreadParent, iThreadLevel, sName, sSubject, sMessage) Then
ShowForm iForumId, iThreadId, iThreadParent, iThreadLevel, sName, sEmail, sSubject, sMessage
Else
' A message should have been displayed by the validation routine so we do nothing!
End If
End Select
End Sub 'Main
'== END MAIN ===================================================================
%>
<%
'== BEGIN SUBS & FUNCTIONS =====================================================
Function InputIsValid(strSituation, iForumId, iThreadId, iThreadParent, iThreadLevel, sName, sSubject, sMessage)
Dim bEverythingIsCool
bEverythingIsCool = True
'Validate info
If IsNumeric(iForumId) Then
If iForumId <> 0 Then
iForumId = CLng(iForumId)
Else
WriteLine "You aren't in an active forum! "
bEverythingIsCool = False
End If
Else
WriteLine "You aren't in an active forum! "
bEverythingIsCool = False
End If
If IsNumeric(iThreadId) And IsNumeric(iThreadParent) And IsNumeric(iThreadLevel) Then
iThreadId = CLng(iThreadId)
iThreadParent = CLng(iThreadParent)
If iThreadLevel = 0 Then iThreadLevel = 1
iThreadLevel = CLng(iThreadLevel)
Else
WriteLine "Invalid thread information! "
bEverythingIsCool = False
End If
' Do our additional checks if we're about to save!
If strSituation = "save" Then
If Len(sName) = 0 Then
WriteLine "Name can't be empty! "
bEverythingIsCool = False
End If
If Len(sSubject) = 0 Then
WriteLine "Subject can't be empty! "
bEverythingIsCool = False
End If
If Len(sMessage) = 0 Then
WriteLine "Message can't be empty! "
bEverythingIsCool = False
End If
End If
InputIsValid = bEverythingIsCool
End Function ' InputIsValid
Sub ShowForm(forum_id, thread_id, thread_parent, thread_level, name, email, subject, message)
%>
<% If thread_parent <> 0 Then %>
Back to the Message
<% End If %>
Back to the Folder
<%
End Sub ' ShowForm
Function InsertRecord(forum_id, thread_id, thread_parent, thread_level, author, email, notify, subject, body)
Dim objRSInsert
Dim dTimeStamp
Dim iNewMessageId
dTimeStamp = Now()
Set objRSInsert = Server.CreateObject("ADODB.RecordSet")
' Access likes #'s, SQL doesn't
objRSInsert.Open "SELECT * FROM messages WHERE message_timestamp=" & DB_DATE_DELIMITER & FormatTimestampDB(dTimeStamp) & DB_DATE_DELIMITER & ";", cnnForumDC, adOpenDynamic, adLockPessimistic
objRSInsert.AddNew
objRSInsert.Fields("message_timestamp") = dTimeStamp
objRSInsert.Fields("forum_id") = forum_id
objRSInsert.Fields("thread_id") = thread_id
objRSInsert.Fields("thread_parent") = thread_parent
objRSInsert.Fields("thread_level") = thread_level
objRSInsert.Fields("message_author") = author
If email <> "" Then objRSInsert.Fields("message_author_email") = email
objRSInsert.Fields("message_author_notify") = notify
objRSInsert.Fields("message_subject") = subject
objRSInsert.Fields("message_body") = body
objRSInsert.Update
' Doesn't work with Access!
'objRSInsert.Fields("thread_id") = objRSInsert.Fields("message_id")
'objRSInsert.Update
objRSInsert.Requery ' To be sure we have the message_id back from the DB.
objRSInsert.MoveFirst
iNewMessageId = objRSInsert.Fields("message_id")
If thread_id = 0 Then
objRSInsert.Fields("thread_id") = iNewMessageId
objRSInsert.Update
End If
objRSInsert.Close
Set objRSInsert = Nothing
InsertRecord = iNewMessageId
End Function 'InsertRecord
Sub SendEmailNotification(iNewMessageId, iThreadId, sPostersEmail)
' DB object var for email notification
Dim objNotifyRS
Dim strSQL
' Make sure emailing is enabled
If SEND_EMAIL Then
' Send Email notify if author has requested it
' thread_id = 0 -> this is the first post in thread -> no one to notify
If iThreadId <> 0 Then
strSQL = "SELECT DISTINCT message_author_email FROM messages WHERE "
strSQL = strSQL & "message_id <> " & iNewMessageId & " AND "
strSQL = strSQL & "thread_id = " & iThreadId & " AND "
strSQL = strSQL & "message_author_notify <> 0 AND "
strSQL = strSQL & "message_author_email <> '' AND "
strSQL = strSQL & "message_author_email <> '" & sPostersEmail & "';"
Set objNotifyRS = GetRecordset(strSQL)
If Not objNotifyRS.EOF Then
objNotifyRS.MoveFirst
Do While Not objNotifyRS.EOF
SendEmail _
"AHS Alumni ", _
objNotifyRS.Fields("message_author_email").Value, _
"A new message has been posted!", _
"A new message has been posted in a thread you asked us watch for you on ASP 101's " & _
"discussion forum. You can find the forum at http://www.asp101.com/forum. For " & _
"your convenience, the address of the new message is " & _
"http://www.asp101.com/forum/display_message.asp?mid=" & iNewMessageId & "."
objNotifyRS.MoveNext
Loop
End If
objNotifyRS.Close
Set objNotifyRS = Nothing
End If
End If
End Sub 'SendEmailNotification
Sub ShowThanks(iNewMessageId, iThreadParent, iForumId, sName, sEmail)
Response.Write "Thank you for your post! You are invited to visit each forum! " & vbCrLf
Response.Write " " & vbCrLf
If IsNull(Request.Cookies("name")) Or Len(Request.Cookies("name")) = 0 Then
Response.Write "For your convenience, we can save your name and e-mail to a cookie on your "
Response.Write "machine so you won't need to enter them the next time you post a message. Click "
Response.Write "here to save this information now.
" & vbCrLf
End If
Response.Write "View Your Message " & vbCrLf
If iThreadParent <> 0 Then
Response.Write "Back to the Message " & vbCrLf
End If
Response.Write "Back to the Folder " & vbCrLf
End Sub 'ShowThanks
'== END SUBS & FUNCTIONS =======================================================
%>