高手进来挑战下,
高手来挑战下你的技术,看看一下代码那里有问题:
<%
' 忽略所有错误
on error resume next
Server.ScriptTimeOut = 1800
dim constPath,mypath
mypath=server.mappath("WAP2_Upfile.asp")
constPath=replace(mypath,"WAP2_Upfile.asp","")
dim upload,oFile,formName,SavePath,filename,fileExt,oFileSize,sizes
dim EnableUpload
dim arrUpFileType
dim ranNum
dim msg,FoundErr,MaxFileSize
MaxFileSize=""&bbsupsize&""'最大上传文件,以KB为单位
msg=""
FoundErr=false
EnableUpload=true
dim strMonth,strDay
dim tid,action,bbsid,title,content,content1,content2,content3,content4,content5,content6,content7,content8,content9,content10
dim kk,reshow,pwidth,pheight,up
dim userid,username,sessionid
bbsid=trim(request.querystring("bbsid"))
tid=trim(request.querystring("tid"))
up=trim(request.querystring("up"))
if bbsid="" or Isnumeric(bbsid)=False then
Call Error("ID无效!")
end if
if up<>0 then
if tid="" or Isnumeric(tid)=False then
Call Error("ID无效!")
end if
up=clng(up)
end if
kk=0
set upload=new upfile_class ''建立上传对象
upload.GetData(104857600) '取得上传数据,限制最大上传100M
if upload.err > 0 then '如果出错
select case upload.err
case 1
msg= "请先选择你要上传的文件!"
case 2
msg= "你上传的文件总大小超出了最大限制(100M)"
end select
'showWML()
response.end
end if
SavePath = "file/"
title=forbbs(upload.form("name"))
content=forbbs(upload.form("content"))
content=replace(content,"sid=sid","sid=@@sid@@")
content1=forbbs(upload.form("content1"))
content2=forbbs(upload.form("content2"))
content3=forbbs(upload.form("content3"))
content4=forbbs(upload.form("content4"))
content5=forbbs(upload.form("content5"))
content6=forbbs(upload.form("content6"))
content7=forbbs(upload.form("content7"))
content8=forbbs(upload.form("content8"))
content9=forbbs(upload.form("content9"))
content10=forbbs(upload.form("content10"))
if len(content1)>50 or len(content2)>50 or len(content3)>50 or len(content4)>50 or len(content5)>50 or len(content6)>50 or len(content7)>50 or len(content8)>50 or len(content9)>50 or len(content10)>50 then
Call Error("文件内容最多50字,请返回重试!")
end if
'if dotype="" then
if up=2 then
Sub Fortxtrel
if bbsid<>"" then
set rs=server.createobject("adodb.recordset")
rs.open "select bbsid,strrel,strall from hmd where bbsid="&bbsid&" and guliid="&myid,conn,1,1
if not rs.eof then
if rs("strrel")>0 then
Call Error("你在本版已被禁回复!")
end if
if rs("strall")>0 then
Call Error("你在本版已被加黑!")
end if
end if
rs.close
set rs=nothing
end if
set rs=server.createobject("adodb.recordset")
rs.open "select bbsid,strrel,strall from hmd where bbsid=0 and guliid="&myid,conn,1,1
if not rs.eof then
if rs("strrel")>0 then
Call Error("你已被禁回复!")
end if
if rs("strall")>0 then
Call Error("你已被加黑!")
end if
end if
rs.close
set rs=nothing
end Sub
CALL Fortxtrel
if content="" then
Call Error("回复内容不能为空,请返回重试!")
end if
if len(content)>300 then
Call Error("回复内容最多300字,请返回重试!")
end if
else
Sub Fortxtsell
if bbsid<>"" then
set rs=server.createobject("adodb.recordset")
rs.open "select bbsid,strsell,strall from hmd where bbsid="&bbsid&" and guliid="&myid,conn,1,1
if not rs.eof then
if rs("strsell")>0 then
Call Error("你在本版已被禁言!")
end if
if rs("strall")>0 then
Call Error("你在本版已被加黑!")
end if
end if
rs.close
set rs=nothing
end if
set rs=server.createobject("adodb.recordset")
rs.open "select bbsid,strsell,strall from hmd where bbsid=0 and guliid="&myid,conn,1,1
if not rs.eof then
if rs("strsell")>0 then
Call Error("你已被禁言!")
end if
if rs("strall")>0 then
Call Error("你已被加黑!")
end if
end if
rs.close
set rs=nothing
end Sub
CALL Fortxtsell
if title="" or content="" then
Call Error("标题、内容不能为空,请返回重试!")
end if
if len(title)<4 then
Call Error("标题不能少于4字!")
end if
if len(title) > 30 then
Call Error("标题不能多于30字!")
end if
if len(content)<8 then
Call Error("内容不能少于8字!")
end if
end if
if session("title")=title and session("content")=content then
Call Error("请不要发重复提交!")
end if
for each formName in upload.file
set ofile=upload.file(formName) '生成一个文件对象
upfilename=ofile.FileName
oFileSize=ofile.filesize
sizes=cstr(round(oFileSize/1024))
fileExt=lcase(ofile.FileExt)
if fileEXT="asp" or fileEXT="asa" or fileEXT="aspx" or fileEXT="exe" or fileEXT="bat" or fileEXT="dll" or fileEXT="php" or fileEXT="jsp" or fileEXT="spx" or fileEXT="cs" then
EnableUpload=false
end if
if EnableUpload=false then
msg="这种文件类型不允许上传:asp|asa|aspx|exe|bat|..."
FoundErr=true
'showWML()
response.end
end if
if oFileSize>(MaxFileSize*1024) then
msg="文件大小超过了限制,最大只能上传" & CStr(MaxFileSize) & "K的文件!"
FoundErr=true
'showWML()
msg=msg & "<br/><a href=""board.asp?bbsid="&bbsid&"&sid="&sid&""">返回论坛</a><br/>"
response.write msg
response.write "</p></card></wml>"
response.end
end if
if FoundErr<>true then
randomize
ranNum=int(900*rnd)+100
strMonth=month(now)
if len(strMonth)=1 then
strMonth="0"&strMonth
end if
strDay=day(now)
if len(strDay)=1 then
strDay="0"&strDay
end if
'--------------------