<%
dim server_id, one_space, txt_comment, str_posters_name, str_posters_ip
dim bit_dont_show, not_banned, nmb_comments, random_number, banned
'Response.Write("Request.ServerVariables(""HTTP_X_FORWARDED_FOR"")=["&Request.ServerVariables("HTTP_X_FORWARDED_FOR")&"]")
' each form passess a query string which is the ID to edit
server_id = Request.QueryString("server_id")
'trim and make sure the text is not too long
txt_comment = SafeLength(Trim(Request.Form("txt_comment")))
'strip all html tags that are not welcomed
txt_comment = striphtml(txt_comment)
'check for links and insert a hrefs
txt_comment = httplink(txt_comment)
txt_comment = ftplink(txt_comment)
'does an auto ( insert) line return
txt_comment = Replace(txt_comment,chr(13)," ")
if Len(txt_comment) > 2000 then
'don't let really dumb ppl get away with junk, 4000 chr
'should be enough for serious feedback
txt_comment = Left(txt_comment,1997) & "... message has been cut short by LvL admin."
end if
str_posters_name = Trim(Request.Form("str_posters_name"))
if str_posters_name = "" then
str_posters_name = "not entered"
else
'do a quick security check or 2
'stops ANY html in names
str_posters_name = replace(str_posters_name,"<","<")
str_posters_name = replace(str_posters_name,">",">")
if Len(str_posters_name) > 32 then
str_posters_name = Left(str_posters_name,29) & "..."
end if
end if
'use this to help track of idiots
str_posters_ip = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
if str_posters_ip = "" then
str_posters_ip = Request.ServerVariables("REMOTE_ADDR")
end if
'add dates like this so we don't get confused along the way
datestamp = DatePart("d",date) & " " & MonthName(DatePart("m",date),true) & " " & DatePart("yyyy",date) & " " & time
'by make sure we show the feedback
bit_dont_show = 0
'do a simple check to stop no data or bad data being processed
if (txt_comment = "") then
%>
You have forgotten to enter a comment - man, you are thick!, it said required.
Try the back button on your browser.
<%
else
set tigCON = Server.CreateObject("ADODB.Connection")
tigCON.Open(DSN)
query = "select id as banned_id, datestamp "
query = query & "from q3a_banned "
query = query & "where str_banned_ip = '" & str_posters_ip & "'"
'Response.Write("query(banned)=[" & query & "] ")
set tigRS = tigCON.Execute(query)
'here we check to see if they are banned
if tigRS.EOF then
not_banned = true
'Response.Write("not_banned(EOF)=[" & not_banned & "] ")
elseif tigRS("banned_id") > 0 then
'they must be banned
banned = true
date_banned = tigRS("datestamp")
'Response.Write("not_banned(RS)=[" & not_banned & "] ")
end if
if debug then
Response.Write("not_banned=[" & not_banned & "] ")
end if
tigRS.close
if not_banned then
query = "select count(id) as number from server_comments where server_id = " & server_id & " and bit_dont_show = 0"
'Response.Write("Query = [" & query & "] ")
set tigRS = tigCON.Execute(query)
if tigRS.EOF then
nmb_comments = 0
else
nmb_comments = tigRS("number")
end if
nmb_comments = Cint(nmb_comments) + 1
'Response.Write("nmb_comments=[" & nmb_comments & "] ")
tigRS.close
' Create SQL query
query = "INSERT INTO server_comments "
query = query & "(server_id, txt_comment, str_posters_name, str_posters_ip, datestamp, bit_dont_show) "
query = query & "VALUES (" & server_id & ","
query = query & "'" & SQLsafe(txt_comment) & "', "
query = query & "'" & SQLsafe(str_posters_name) & "', "
query = query & "'" & SQLsafe(str_posters_ip) & "', "
query = query & "'" & datestamp & "', "
query = query & bit_dont_show & ")"
'debug = true
if debug then
response.write("query =[" & query & "] ")
end if
tigCON.Execute(query)
query = "update server_info set comments = " & nmb_comments & " where id = " & server_id
'set tigRS to execute the query
tigCON.Execute(query)
' response.write("Query = [" & query & "] " & nl)
tigCON.close
Randomize
'do this so no-one will whinge about not seeing their post
random_number = Int((10) * Rnd)
'send them back to comments so they can see they where posted
Response.Redirect("servercomments.asp?id=" & server_id & "&clearall=" & random_number)
end if
end if
'they are a naughty person and can't be posted, tell them so
if banned then
%>
Your comment could not be added as your ip <%=str_posters_ip%> was banned on the <%=funkydate(date_banned)%>.
If you feel there has been a mistake, please get in touch LvL and quote your ip
number (<%=str_posters_ip%>) and the reason why you feel this information could be wrong.
![[ comments ]](images/t_comments.gif){kind=small}