<%@LANGUAGE="VBSCRIPT"%>
<%
' *** Logout the current user.
MM_Logout = CStr(Request.ServerVariables("URL")) & "?MM_Logoutnow=1"
if (CStr(Request("MM_Logoutnow")) = "1") Then
Session.Abandon
MM_logoutRedirectPage = "default.asp"
' redirect with URL parameters (remove the "MM_Logoutnow" query param).
if (MM_logoutRedirectPage = "../../ch11/final/%22)%20Then%20MM_logoutRedirectPage%20=%20CStr(Request.ServerVariables(%22URL") Then
if (InStr(1, UC_redirectPage, "?", vbTextCompare) = 0 And Request.QueryString <> "") Then
MM_newQS = "?"
For Each Item In Request.QueryString
if (Item <> "MM_Logoutnow") Then
if (Len(MM_newQS) > 1) Then MM_newQS = MM_newQS & "&"
MM_newQS = MM_newQS & Item & "=" & Server.URLencode(Request.QueryString(Item))
End if
Next
if (Len(MM_newQS) > 1) Then MM_logoutRedirectPage = MM_logoutRedirectPage & MM_newQS
End if
Response.Redirect(MM_logoutRedirectPage)
End if
End if
%>
<%
FUNCTION AddPostNum()
if(Session("MM_Username") <> "") then commAddPostNum__CurrentUserID = Session("MM_Username")
set commAddPostNum = Server.CreateObject("ADODB.Command")
commAddPostNum.ActiveConnection = MM_connBHP_STRING
commAddPostNum.CommandText = "UPDATE tUsers SET fPostNum = fPostNum + 1 WHERE fUserID = '" + Replace(commAddPostNum__CurrentUserID, "'", "''") + "' "
commAddPostNum.CommandType = 1
commAddPostNum.CommandTimeout = 0
commAddPostNum.Prepared = true
commAddPostNum.Execute()
END FUNCTION
%>
<%
' *** Restrict Access To Page: Grant or deny access to this page
MM_authorizedUsers=""
MM_authFailedURL="../../ch11/final/login.asp"
MM_grantAccess=false
if Session("MM_Username") <> "" Then
if (true Or CStr(Session("MM_UserAuthorization"))="") Or _
(InStr(1,MM_authorizedUsers,Session("MM_UserAuthorization"))>=1) Then
MM_grantAccess = true
End if
End if
if Not MM_grantAccess Then
MM_qsChar = "?"
if (InStr(1,MM_authFailedURL,"?") >= 1) Then MM_qsChar = "&"
MM_referrer = Request.ServerVariables("URL")
if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?" & Request.QueryString()
MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" & Server.URLEncode(MM_referrer)
Response.Redirect(MM_authFailedURL)
End if
%>
<%
' *** Edit Operations: declare variables
MM_editAction = CStr(Request("URL"))
if (Request.QueryString <> "") Then
MM_editAction = MM_editAction & "?" & Request.QueryString
End if
' boolean to abort record edit
MM_abortEdit = false
' query string to execute
MM_editQuery = ""
%>
<%
' *** Insert Record: set variables
if (CStr(Request("MM_insert")) <> "") Then
MM_editConnection = MM_Myconn_STRING
MM_editTable = "tBBS"
MM_editRedirectUrl = "default.asp"
MM_fieldsStr = "fTitle|value|fContent|value|fIP|value|fPoster|value|fSubject|value"
MM_columnsStr = "fTitle|',none,''|fContent|',none,''|fIP|',none,''|fPoster|',none,''|fSubject|none,none,NULL"
' create the MM_fields and MM_columns arrays
MM_fields = Split(MM_fieldsStr, "|")
MM_columns = Split(MM_columnsStr, "|")
' set the form values
For i = LBound(MM_fields) To UBound(MM_fields) Step 2
MM_fields(i+1) = CStr(Request.Form(MM_fields(i)))
Next
' append the query string to the redirect URL
if (MM_editRedirectUrl <> "" And Request.QueryString <> "") Then
if (InStr(1, MM_editRedirectUrl, "?", vbTextCompare) = 0 And Request.QueryString <> "") Then
MM_editRedirectUrl = MM_editRedirectUrl & "?" & Request.QueryString
Else
MM_editRedirectUrl = MM_editRedirectUrl & "&" & Request.QueryString
End if
End if
End if
%>
<%
' *** Insert Record: construct a sql insert statement and execute it
if (CStr(Request("MM_insert")) <> "") Then
' create the sql insert statement
MM_tableValues = ""
MM_dbValues = ""
For i = LBound(MM_fields) To UBound(MM_fields) Step 2
FormVal = MM_fields(i+1)
MM_typeArray = Split(MM_columns(i+1),",")
Delim = MM_typeArray(0)
if (Delim = "none") Then Delim = ""
AltVal = MM_typeArray(1)
if (AltVal = "none") Then AltVal = ""
EmptyVal = MM_typeArray(2)
if (EmptyVal = "none") Then EmptyVal = ""
if (FormVal = "") Then
FormVal = EmptyVal
Else
if (AltVal <> "") Then
FormVal = AltVal
Elseif (Delim = "'") Then ' escape quotes
FormVal = "'" & Replace(FormVal,"'","''") & "'"
Else
FormVal = Delim + FormVal + Delim
End if
End if
if (i <> LBound(MM_fields)) Then
MM_tableValues = MM_tableValues & ","
MM_dbValues = MM_dbValues & ","
End if
MM_tableValues = MM_tableValues & MM_columns(i)
MM_dbValues = MM_dbValues & FormVal
Next
MM_editQuery = "insert into " & MM_editTable & " (" & MM_tableValues & ") values (" & MM_dbValues & ")"
if (Not MM_abortEdit) Then
' execute the insert
Set MM_editCmd = Server.CreateObject("ADODB.Command")
MM_editCmd.ActiveConnection = MM_editConnection
MM_editCmd.CommandText = MM_editQuery
MM_editCmd.Execute
MM_editCmd.ActiveConnection.Close
if (MM_editRedirectUrl <> "") Then
Response.Redirect(MM_editRedirectUrl)
End if
End if
End if
%>
<%
set rsSubject = Server.CreateObject("ADODB.Recordset")
rsSubject.ActiveConnection = MM_Myconn_STRING
rsSubject.Source = "SELECT * FROM tBBSSubject"
rsSubject.CursorType = 0
rsSubject.CursorLocation = 2
rsSubject.LockType = 3
rsSubject.Open()
rsSubject_numRows = 0
%>
<%
Dim rsMaster__MMColParam
rsMaster__MMColParam = "1"
if (Request.QueryString("fSubject") <> "") then rsMaster__MMColParam = Request.QueryString("fSubject")
%>
<%
set rsMaster = Server.CreateObject("ADODB.Recordset")
rsMaster.ActiveConnection = MM_Myconn_STRING
rsMaster.Source = "SELECT fUserID FROM tUsers WHERE fHost = " + Replace(rsMaster__MMColParam, "'", "''") + ""
rsMaster.CursorType = 0
rsMaster.CursorLocation = 2
rsMaster.LockType = 3
rsMaster.Open()
rsMaster_numRows = 0
%>
<%
Dim rsCurSub__MMColParam
rsCurSub__MMColParam = "1"
if (Request.QueryString("fSubject") <> "") then rsCurSub__MMColParam = Request.QueryString("fSubject")
%>
<%
set rsCurSub = Server.CreateObject("ADODB.Recordset")
rsCurSub.ActiveConnection = MM_Myconn_STRING
rsCurSub.Source = "SELECT * FROM tBBSSubject WHERE fSubject = " + Replace(rsCurSub__MMColParam, "'", "''") + ""
rsCurSub.CursorType = 0
rsCurSub.CursorLocation = 2
rsCurSub.LockType = 3
rsCurSub.Open()
rsCurSub_numRows = 0
%>
<%
Dim Repeat1__numRows
Repeat1__numRows = -1
Dim Repeat1__index
Repeat1__index = 0
rsSubject_numRows = rsSubject_numRows + Repeat1__numRows
%>
<%
Dim Repeat2__numRows
Repeat2__numRows = -1
Dim Repeat2__index
Repeat2__index = 0
rsMaster_numRows = rsMaster_numRows + Repeat2__numRows
%>
<%
' *** Go To Record and Move To Record: create strings for maintaining URL and Form parameters
' create the list of parameters which should not be maintained
MM_removeList = "&index="
if (MM_paramName <> "") Then MM_removeList = MM_removeList & "&" & MM_paramName & "="
MM_keepURL="":MM_keepForm="":MM_keepBoth="":MM_keepNone=""
' add the URL parameters to the MM_keepURL string
For Each Item In Request.QueryString
NextItem = "&" & Item & "="
if (InStr(1,MM_removeList,NextItem,1) = 0) Then
MM_keepURL = MM_keepURL & NextItem & Server.URLencode(Request.QueryString(Item))
End if
Next
' add the Form variables to the MM_keepForm string
For Each Item In Request.Form
NextItem = "&" & Item & "="
if (InStr(1,MM_removeList,NextItem,1) = 0) Then
MM_keepForm = MM_keepForm & NextItem & Server.URLencode(Request.Form(Item))
End if
Next
' create the Form + URL string and remove the intial '&' from each of the strings
MM_keepBoth = MM_keepURL & MM_keepForm
if (MM_keepBoth <> "") Then MM_keepBoth = Right(MM_keepBoth, Len(MM_keepBoth) - 1)
if (MM_keepURL <> "") Then MM_keepURL = Right(MM_keepURL, Len(MM_keepURL) - 1)
if (MM_keepForm <> "") Then MM_keepForm = Right(MM_keepForm, Len(MM_keepForm) - 1)
' a utility function used for adding additional parameters to these strings
Function MM_joinChar(firstItem)
if (firstItem <> "") Then
MM_joinChar = "&"
Else
MM_joinChar = ""
End if
End Function
%>
发布新贴