<% response.buffer = true %> ::Your title here::
<% 'this is the password checker: don't forget to replace the default login and password with yours =) if NOT (Session ("userAccess") = "granted") then response.write ("
") openMethod = request.form ("openMethod") login = request.form ("login") password = request.form ("password") if openMethod = "logIn" and login = "african" and password = "boerboel" then 'don't forget to replace "login" and "password" with *your* login and password values Session ("userAccess") = "granted" response.redirect ("admin.asp") End If End If %> <% if Session("userAccess") = "granted" then %> <% page = request.queryString ("page") %> <% 'setting dsn connection Set dc = Server.CreateObject("ADODB.Connection") Set rs = Server.CreateObject("ADODB.Recordset") dc.Open "DBQ=" & Server.Mappath("db\database.mdb") & ";Driver={Microsoft Access Driver (*.mdb)};" 'this function provides encoding, but since it's used in the guestbook script, < and > is no longer converted to HTML Function EncodeData(source) result1 = source result = "" for i = 1 to len(result1) resvalue="" if mid(result1,i,1)="'" then resvalue=resvalue+"''" if mid(result1,i,1)="|" then resvalue=resvalue+"¦" if mid(result1,i,1)="&" then resvalue=resvalue+"&" if mid(result1,i,1)="""" then resvalue=resvalue+""" if mid(result1,i,1)=chr(13) then resvalue=resvalue+"
" if resvalue<>"" then result = result + resvalue else result = result + Mid(result1, i, 1) next EncodeData = result End Function %> <% 'this code writes all the modifications to the database action=request.queryString("action") 'we need to know what message should we deal with msgId = request.queryString("msgId") if action="submit" or action="delete" then 'gets the data from the form userName = request.form("userName") userCity = request.form("userCity") userMail = request.form("userMail") USER_URL = request.form("USER_URL") userMessage = request.Form("userMessage") 'converts the data to HTML format using the EncodeDara function 'since DB fields can't be zero-length, in case they're empty, we'll set them to " " userName = EncodeData(userName) if NOT userCity = "" then userCity = EncodeData(userCity) else userCity = " " if NOT userMail = "" then userMail = EncodeData(userMail) else userMail = " " if NOT USER_URL = "" then USER_URL = EncodeData(USER_URL) else USER_URL = " " userMessage = EncodeData(userMessage) 'opens the database and writes data to it select case action case "delete" SQLCOMMAND = "DELETE guestbook.* FROM guestbook WHERE (id = "& msgId &");" DC.EXECUTE(SQLCOMMAND) case "submit" MYSQL = "SELECT guestbook.* FROM guestbook WHERE (id = " & msgId & ")" rs.Open MYSQL, dc, 1, 3 rs.Fields("userName") = userName rs.Fields("userMail") = userMail rs.Fields("userCity") = userCity rs.Fields("USER_URL") = USER_URL rs.Fields("userMessage") = userMessage rs.Update end select response.redirect ("admin.asp") End If %> <% action=request.queryString("action") if action="modify" then msgId = request.queryString ("msgId") MYSQL = "SELECT guestbook.* FROM guestbook WHERE (id = "& msgId &")" rs.Open MySQL, dc, 3, 1 %>
Name*:"
E-Mail:">
City:">
URL:">
Message*:
 
<% rs.Close end if %> <% MYSQL = "SELECT ID, userMail, userName, userDate, userCity, userMessage FROM guestbook ORDER by ID DESC" rs.Open MySQL, dc, 3, 1 %> <% Do While (Not rs.EOF) %> <% rs.MoveNext Loop %> <% rs.Close Set rs = Nothing dc.Close Set dc = Nothing %> <% End If %>