<!--#INCLUDE FILE="inc/db_inc.asp"-->
<!--#INCLUDE FILE="inc/md5_inc.asp"-->
<!--#INCLUDE FILE="inc/char_inc.asp"-->
<!--#INCLUDE FILE="inc/uploadfile_inc.asp"-->
<!--#INCLUDE FILE="header.asp"-->
<%
dim ip, strip, killip
dim StrSql, toptext, rs, rs2, StrHtml, StrHtml2, error, sex, avatar, err, userid, threadid
dim formdata, formsize, divider, bcrlf, filesize

StrHtml = loadtemplate("htmltop")
StrHtml = Replace(StrHtml, "{pagetitle}", loadtemplate("newthreadtitle"))
StrHtml = Replace(StrHtml, "{forumtitle}", boardtitle)
response.write StrHtml
' 短消息提示
response.write pmpopwin
StrHtml = loadtemplate("pagetitle")
if request.cookies("sf")("username") = "" then
	toptext = loadtemplate("toptextguest")
else
	toptext = loadtemplate("toptextuser")
end if
toptext = toptext & loadtemplate("toptext")
StrHtml = Replace(StrHtml, "{top_text}", toptext)
StrHtml = Replace(StrHtml, "{username}", request.cookies("sf")("username"))
response.write StrHtml

' 論壇關(guān)閉
StrSql = "select * from sf_setup"
Set rs2 = Conn.Execute(StrSql)
if rs2("forumclose") = 1 then
StrHtml = loadtemplate("error")
StrHtml = Replace(StrHtml, "{error_text}", rs2("forumclosehint"))
response.write StrHtml
response.end
end if	

' 禁止IP訪問
if rs2("killip") = 1 then
	userip = cstr(request.ServerVariables("REMOTE_ADDR"))
	killiplist = rs2("killiplist")
	if killiplist <> "" and userip <> "" then
		killip = split(killiplist, "|")
		struserip = split(userip, ".")
		i = 0
		do until i > ubound(killip)
			strkillip = split(killip(i), ".")
			bolkill = true
			if (struserip(0) <> strkillip(0)) and (strkillip(0) <> "*") then bolkill = false
			if (struserip(1) <> strkillip(1)) and (strkillip(1) <> "*") then bolkill = false
			if (struserip(2) <> strkillip(2)) and (strkillip(2) <> "*") then bolkill = false
			if (struserip(3) <> strkillip(3)) and (strkillip(3) <> "*") then bolkill = false
			if bolkill then
				StrHtml = loadtemplate("error")
				StrHtml = Replace(StrHtml, "{error_text}", rs2("killiphint"))
				response.write StrHtml
				Response.End
			end if
			i = i + 1
		loop
	end if
end if

' 檢測forumid是否合法
err = false
forumid = ChkSql(request("forumid"))
if not IsNumeric(forumid) then
	err = true
else
	StrSql = "select sf_forum.forumid, sf_forum.title, sf_forum.allowposting, sf_forum.allowuploadfile, sf_forum.onlyuser, sf_forum.onlymember, sf_forum.memberlist, sf_forum.cateid, sf_cate.cateid, sf_cate.catetitle from sf_forum left join sf_cate on sf_forum.cateid = sf_cate.cateid where forumid = " & forumid
	Set rs2 = Conn.Execute(StrSql)
	if rs2.bof or rs2.eof then
		err = true
	else
		forumtitle = rs2("title")
		cateid = rs2("cateid")
		catetitle = rs2("catetitle")
		allowpost = rs2("allowposting")
		allowuploadfile = rs2("allowuploadfile")
		onlymember = rs2("onlymember")
		memberlist = rs2("memberlist")
		if onlymember = 1 then
			if not IsMember(forumid, memberlist) then error = error & "<br><li>" & loadtemplate("err_member")
			StrSql = "select password, userid from sf_user where username = '" & ChkSql(request.cookies("sf")("username")) & "'"
			Set rs2 = Conn.Execute(StrSql)
			if rs2.bof or rs2.eof then
				error = error & "<br><li>" & loadtemplate("err_chkpassword")
			else
				if request.cookies("sf")("password") <> rs2("password") then error = error & loadtemplate("err_chkpassword")
			end if
		end if
	end if
end if
if err then error = error & "<br><li>" & loadtemplate("err_forumnotexist")
if allowpost = 0 then error = error & "<br><li>" & loadtemplate("err_post")

' 如果有錯誤則提示
if error <> "" then
	StrHtml = loadtemplate("error")
	StrHtml = Replace(StrHtml, "{error_text}", error)
	response.write StrHtml
	response.end
end if

StrHtml = loadtemplate("pagepath")
StrHtml = Replace(StrHtml, "{path_text}", "<a href=""index.asp"">" & boardtitle & "</a> &raquo; <a href=""showcate.asp?cateid=" & cateid & """>" & catetitle & "</a> &raquo; <a href=""showforum.asp?forumid=" & forumid & """>" & forumtitle & "</a> &raquo; " & loadtemplate("newthreadtitle"))
response.write StrHtml

if request.cookies("sf")("username") = "" or request.cookies("sf")("password") = "" then
	StrHtml = loadtemplate("error")
	StrHtml = Replace(StrHtml, "{error_text}", loadtemplate("err_unregistered"))
	response.write StrHtml
	response.end		
end if

usergroup = 0
StrSql = "select password, userid, usergroup from sf_user where username = '" & ChkSql(request.cookies("sf")("username")) & "'"
Set rs2 = Conn.Execute(StrSql)
err = false
if rs2.bof or rs2.eof then
	err = true
else
	if request.cookies("sf")("password") <> rs2("password") then
		err = true
	else
		userid = rs2("userid")
		usergroup = rs2("usergroup")
		StrSql = "update sf_user set lastactivity = '" & now() & "' where userid = " & userid
		Conn.Execute(StrSql)
	end if
end if

if usergroup > 1 then
	StrHtml = loadtemplate("err_posttime")
	StrHtml = Replace(StrHtml, "{posttime}", PostTime - DateDiff("s",Session("LastPostTime"),now()))
	if DateDiff("s",Session("LastPostTime"),now()) < posttime then
		error = "<br><li>" & StrHtml
		StrHtml = Replace(loadtemplate("error"), "{error_text}", error)
		response.write StrHtml
		response.end
	end if
end if

if err then
	StrHtml = loadtemplate("error")
	StrHtml = Replace(StrHtml, "{error_text}", loadtemplate("err_chkpassword"))
	response.write StrHtml
	response.end
end if
%>
<!--#INCLUDE FILE="inc/btn.js"-->
<%
step = ChkSql(request("step"))
select case step
case "2"
		formsize = request.totalbytes
		formdata = request.binaryread(formsize)
		bcrlf = chrb(13) & chrb(10)
		divider = leftb(formdata, instrb(formdata, bcrlf) - 1)
		filesize = 0