<%
'#################################################################################
'## Snitz Forums 2000 v3.4.06
'#################################################################################
'## Copyright (C) 2000-06 Michael Anderson, Pierre Gorissen,
'## Huw Reddick and Richard Kinser
'##
'## This program is free software; you can redistribute it and/or
'## modify it under the terms of the GNU General Public License
'## as published by the Free Software Foundation; either version 2
'## of the License, or (at your option) any later version.
'##
'## All copyright notices regarding Snitz Forums 2000
'## must remain intact in the scripts and in the outputted HTML
'## The "powered by" text/logo with a link back to
'## http://forum.snitz.com in the footer of the pages MUST
'## remain visible when the pages are viewed on the internet or intranet.
'##
'## This program is distributed in the hope that it will be useful,
'## but WITHOUT ANY WARRANTY; without even the implied warranty of
'## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
'## GNU General Public License for more details.
'##
'## You should have received a copy of the GNU General Public License
'## along with this program; if not, write to the Free Software
'## Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
'##
'## Support can be obtained from our support forums at:
'## http://forum.snitz.com
'##
'## Correspondence and Marketing Questions can be sent to:
'## manderson@snitz.com
'##
'#################################################################################
%>
<%
if Session(strCookieURL & "Approval") <> "15916941253" then
scriptname = split(request.servervariables("SCRIPT_NAME"),"/")
Response.Redirect "admin_login_short.asp?target=" & scriptname(ubound(scriptname))
end if
strRqMethod = trim(chkString(Request.QueryString("method"),"SQLString"))
intUsernameID = trim(chkString(Request.QueryString("N_ID"),"SQLString"))
if intUsernameID <> "" then
if isNumeric(intUsernameID) <> True then intUsernameID = "0"
end if
strPageSize = 10
mypage = trim(chkString(request("whichpage"),"SQLString"))
if ((mypage = "") or (IsNumeric(mypage) = FALSE)) then mypage = 1
mypage = cLng(mypage)
Response.Write " " & vbNewLine
Select Case strRqMethod
Case "Add"
if Request.Form("Method_Type") = "Write_Configuration" then
Err_Msg = ""
if not IsValidString(trim(Request.Form("strUserName"))) then
Err_Msg = Err_Msg & "
None of the following characters can be used in the username !#$%^&*()=+{}[]|\;:/?>,<'
"
end if
txtUserName = chkString(Request.Form("strUserName"),"SQLString")
if txtUserName = " " then
Err_Msg = Err_Msg & "
You Must Enter a UserName to filter.
"
end if
if (Instr(txtUserName, " ") > 0 ) then
Err_Msg = Err_Msg & "
Two or more consecutive spaces are not allowed in the UserName.
"
end if
if Err_Msg = "" then
'## Forum_SQL - Do DB Update
strSql = "INSERT INTO " & strFilterTablePrefix & "NAMEFILTER ("
strSql = strSql & "N_NAME"
strSql = strSql & ") VALUES ("
strSql = strSql & "'" & txtUserName & "'"
strSql = strSql & ")"
my_Conn.Execute (strSql),,adCmdText + adExecuteNoRecords
Application.Lock
Application(strCookieURL & "STRFILTERUSERNAMES") = ""
Application.UnLock
Response.Write "
" & vbNewLine
else
Response.Write " " & vbNewLine
end if
Case "Edit"
if Request.Form("Method_Type") = "Write_Configuration" then
Err_Msg = ""
if not IsValidString(trim(Request.Form("strUserName"))) then
Err_Msg = Err_Msg & "
None of the following characters can be used in the username !#$%^&*()=+{}[]|\;:/?>,<'
"
end if
txtUserName = chkString(Request.Form("strUserName"),"SQLString")
if txtUserName = " " then
Err_Msg = Err_Msg & "
You Must Enter a UserName.
"
end if
if (Instr(txtUserName, " ") > 0 ) then
Err_Msg = Err_Msg & "
Two or more consecutive spaces are not allowed in the UserName.
"
end if
if Err_Msg = "" then
'## Forum_SQL - Do DB Update
strSql = "UPDATE " & strFilterTablePrefix & "NAMEFILTER "
strSql = strSql & " SET N_NAME = '" & txtUserName & "'"
strSql = strSql & " WHERE N_ID = " & Request.Form("N_ID")
my_Conn.Execute (strSql),,adCmdText + adExecuteNoRecords
Application.Lock
Application(strCookieURL & "STRFILTERUSERNAMES") = ""
Application.UnLock
Response.Write "
" & vbNewLine
end if
Case Else
'## Forum_SQL - Get UserNames from DB
strSql = "SELECT N_ID, N_NAME "
strSql2 = " FROM " & strFilterTablePrefix & "NAMEFILTER "
strSql3 = " ORDER BY N_NAME ASC "
if strDBType = "mysql" then 'MySql specific code
if mypage > 1 then
OffSet = cLng((mypage - 1) * strPageSize)
strSql4 = " LIMIT " & OffSet & ", " & strPageSize & " "
end if
'## Forum_SQL - Get the total pagecount
strSql1 = "SELECT COUNT(N_ID) AS PAGECOUNT "
set rsCount = my_Conn.Execute(strSql1 & strSql2)
iPageTotal = rsCount(0).value
rsCount.close
set rsCount = nothing
If iPageTotal > 0 then
maxpages = (iPageTotal \ strPageSize )
if iPageTotal mod strPageSize <> 0 then
maxpages = maxpages + 1
end if
if iPageTotal < (strPageSize + 1) then
intGetRows = iPageTotal
elseif (mypage * strPageSize) > iPageTotal then
intGetRows = strPageSize - ((mypage * strPageSize) - iPageTotal)
else
intGetRows = strPageSize
end if
else
iPageTotal = 0
maxpages = 0
end if
if iPageTotal > 0 then
set rs = Server.CreateObject("ADODB.Recordset")
rs.open strSql & strSql2 & strSql3 & strSql4, my_Conn, adOpenForwardOnly, adLockReadOnly, adCmdText
arrUsernameData = rs.GetRows(intGetRows)
iUsernameCount = UBound(arrUsernameData, 2)
rs.close
set rs = nothing
else
iUsernameCount = ""
end if
else 'end MySql specific code
set rs = Server.CreateObject("ADODB.Recordset")
rs.cachesize = strPageSize
rs.open strSql & strSql2 & strSql3, my_Conn, adOpenStatic
If not (rs.EOF or rs.BOF) then
rs.movefirst
rs.pagesize = strPageSize
rs.absolutepage = mypage '**
maxpages = cLng(rs.pagecount)
arrUsernameData = rs.GetRows(strPageSize)
iUsernameCount = UBound(arrUsernameData, 2)
else
iUsernameCount = ""
end if
rs.Close
set rs = nothing
end if
Response.Write "
UserName Filter Configuration
" & vbNewLine
Response.Write " " & vbNewLine
End Select
WriteFooterShort
Response.End
sub DropDownPaging()
if maxpages > 1 then
if mypage = "" then
pge = 1
else
pge = mypage
end if
Response.Write "
" & vbNewLine & _
" Pageof " & maxpages & "
" & vbNewLine
end if
end sub
Function IsValidString(sValidate)
Dim sInvalidChars
Dim bTemp
Dim i
' Disallowed characters
sInvalidChars = "!#$%^&*()=+{}[]|\;:/?>,<'"
for i = 1 To Len(sInvalidChars)
if InStr(sValidate, Mid(sInvalidChars, i, 1)) > 0 then bTemp = True
if bTemp then Exit For
next
for i = 1 to Len(sValidate)
if Asc(Mid(sValidate, i, 1)) = 160 then bTemp = True
if bTemp then Exit For
next
' extra checks
' no two consecutive dots or spaces
if not bTemp then
bTemp = InStr(sValidate, "..") > 0
end if
if not bTemp then
bTemp = InStr(sValidate, " ") > 0
end if
if not bTemp then
bTemp = (len(sValidate) <> len(Trim(sValidate)))
end if 'Addition for leading and trailing spaces
' if any of the above are true, invalid string
IsValidString = Not bTemp
End Function
%>