<%
dim id, one_space, txt_comment
dim posters_name, posters_ip, bit_dont_show
dim not_banned, nmb_comments, random_number
dim banned
'Response.Write("Request.ServerVariables(""HTTP_X_FORWARDED_FOR"")=["&Request.ServerVariables("HTTP_X_FORWARDED_FOR")&"]")
' each form passess a query string which is the ID to edit
id = Request.QueryString("id")
'trim and make sure the text is not too long
txt_comment = SafeLength(Trim(Request.Form("txt_comment")))
'strip all html tags that are not welcomed
txt_comment = striphtml(txt_comment)
'check for links and insert ahrefs
txt_comment = insertLinks(txt_comment)
'does an auto ( insert) line return
txt_comment = Replace(txt_comment,chr(13)," ")
if Len(txt_comment) > 2000 then
'don't let really dumb ppl get away with junk, 4000 chr
'should be enough for serious feedback
txt_comment = Left(txt_comment,1997) & "... message has been cut short by LvL admin."
end if
posters_name = Trim(Request.Form("posters_name"))
if posters_name = "" then
posters_name = "not entered"
else
'do a quick security check or 2
'stops ANY html in names
posters_name = replace(posters_name,"<","<")
posters_name = replace(posters_name,">",">")
if Len(posters_name) > 32 then
posters_name = Left(posters_name,29) & "..."
end if
end if
'use this to help track of idiots
posters_ip = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
if posters_ip = "" then
posters_ip = Request.ServerVariables("REMOTE_ADDR")
end if
'add dates like this so we don't get confused along the way
datestamp = DatePart("d",date) & " " & MonthName(DatePart("m",date),true) & " " & DatePart("yyyy",date) & " " & time
'by make sure we show the feedback
bit_dont_show = 0
'do a simple check to stop no data or bad data being processed
if (txt_comment = "") then
%>
You have forgotten to enter a comment - man, you are thick!, it said required.
Try the back button on your browser.
<%
else
set tigCON = Server.CreateObject("ADODB.Connection")
tigCON.Open(DSN)
query = "select id as banned_id, datestamp " & _
"from q3a_banned " & _
"where str_banned_ip = '" & posters_ip & "'"
'Response.Write("query(banned)=[" & query & "] ")
set tigRS = tigCON.Execute(query)
'here we check to see if they are banned
if tigRS.EOF then
not_banned = true
'Response.Write("not_banned(EOF)=[" & not_banned & "] ")
elseif tigRS("banned_id") > 0 then
'they must be banned
banned = true
date_banned = tigRS("datestamp")
'Response.Write("not_banned(RS)=[" & not_banned & "] ")
end if
if debug then
Response.Write("not_banned=[" & not_banned & "] ")
end if
tigRS.close
if not_banned then
query = "select count(id) as number from mods_comments where id_mod = " & id & " and dont_show = 0"
'Response.Write("Query = [" & query & "] ")
set tigRS = tigCON.Execute(query)
if tigRS.EOF then
nmb_comments = 0
else
nmb_comments = tigRS("number")
end if
nmb_comments = Cint(nmb_comments) + 1
'Response.Write("nmb_comments=[" & nmb_comments & "] ")
tigRS.close
' Create SQL query
query = "INSERT INTO mods_comments " & _
"(id_mod, comment, posters_name, posters_ip, datestamp, dont_show) " & _
"VALUES (" & id & "," & _
"'" & SQLsafe(txt_comment) & "', " & _
"'" & SQLsafe(posters_name) & "', " & _
"'" & SQLsafe(posters_ip) & "', " & _
"'" & datestamp & "', " & _
bit_dont_show & ")"
'debug response.write("query =[" & query & "] ")
tigCON.Execute(query)
query = "update mods_list set nmb_comments = " & nmb_comments & " where id = " & id
'set tigRS to execute the query
tigCON.Execute(query)
' response.write("Query = [" & query & "] " & nl)
tigCON.close
Randomize
'do this so no-one will whinge about not seeing their post
random_number = Int((10) * Rnd)
'send them back to comments so they can see they where posted
Response.Redirect("mods_comments.asp?id=" & id & "&clearall=" & random_number)
end if
end if
'they are a naughty person and can't be posted, tell them so
if banned then
%>
Your comment could not be added as your ip <%=posters_ip%> was banned on the <%=funkydate(date_banned)%>.
If you feel there has been a mistake, please get in touch LvL and quote your ip
number (<%=posters_ip%>) and the reason why you feel this information could be wrong.
![[ comments ]](images/t_comments.gif){kind=small}