<%Response.Buffer=True '##############ÄNDRA DETTA################## Losen1 = "admin" ' Adminnamn Losen2 = "fiskola" ' Adminlösenord Secure = "aloksif12" ' Ändra till valfritt. Säkrare så! '########################################## Public Function FixSQL(ByVal sString) ' As String If Len("" & sString) = 0 Then Exit Function sString = Replace(sString, "'","''") sString = Replace(sString, "\","\\") FixSQL = sString End Function Set Conn = Server.CreateObject("ADODB.Connection") Conn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath("../../bok.mdb")%> Gästboksadmin <%'########################################################################################################## '------------------------------------------------------GÄSTBOKENS ADMIN--------------------------------------------------------------------------------------- '############################################################################################################# If Request.QueryString("do") = "" Then%>
Admin:
Adminnamn:
Lösenord:
 
  Till Gästbok
<%Conn.Close:Set Conn = Nothing ElseIf Request.QueryString("do") = "check" Then If Request.Form("admin1") = Losen1 AND Request.Form("admin2") = Losen2 Then Session("gastbok") = Secure Session.TimeOut = 40 Conn.Close:Set Conn = Nothing Response.Redirect "admin.asp?do=inne" Else Conn.Close:Set Conn = Nothing Response.Redirect "admin.asp?mess=fel" End If ElseIf Request.QueryString("do") = "inne" AND Session("gastbok") = Secure Then%>
Gästbokadmin: Logga ut
<%If Request.Querystring("action")= "" AND Session("gastbok") = Secure Then%> <%Set RecSet = Server.CreateObject("ADODB.Recordset") Const gbaps1 = 15 Sidan = Request.QueryString("sida") If Sidan = "" then sida = 1 Else sida = Sidan End If With RecSet .CursorLocation = 3 .CacheSize = gbaps1 End With SQL = "Select * From gastbok Order By datum desc" RecSet.Open SQL, Conn If RecSet.EOF Then%>
Inga inlägg i gästboken!
<%Else%> Rubrik: Datum: Namn:   <%With RecSet .MoveFirst .PageSize = gbaps1 .AbsolutePage = sida End With Sidor = RecSet.PageCount Count = 0 Do While Not RecSet.EOF And Count < RecSet.PageSize %> <%=RecSet("rubrik")%> <%=FormatDateTime(RecSet("Datum"),2)%> <%=RecSet("namn")%> ">Svara ">Ändra " onClick="return confirm('Vill du verkligen ta bort <%=RecSet("rubrik")%>?');">Ta bort <%Count = Count + 1 RecSet.MoveNext Loop If Sidor > 1 Then%> <%If Sidor <> 1 Then For Sid = 1 To Sidor If (Int(Sid)) = (Int(sida)) Then%><%=Sid%><%Else%> <%=Sid%> <%End If%> <%Next%> <%End If End If%> <%RecSet.Close:Set RecSet = Nothing End If ElseIf Request.Querystring("action")= "change" AND Session("gastbok") = Secure Then Set RecSet = Conn.Execute("Select * From gastbok Where id="& FixSQL(Request.Querystring("id")))%> " name="gastbok" onSubmit="return Gb()">
Skrivet av <%=RecSet("namn")%> | <%=FormatDateTime(RecSet("datum"),2)%> (<%=FormatDateTime(RecSet("datum"),4)%>) | <%=RecSet("ip")%>
Namn:">
Rubrik:">
Email:">
Hemsida:">
Inlägg:
<%RecSet.Close:Set RecSet = Nothing Conn.Close:Set Conn = Nothing ElseIf Request.Querystring("action") = "andrat" AND Session("gastbok") = Secure Then Namn = FixSQL(Request.Form("namn")) Rubrik = FixSQL(Request.Form("rubrik")) Mail = FixSQL(Request.Form("mail")) Url = FixSQL(Request.Form("url")) Msg = FixSQL(Request.Form("msg")) Conn.execute("Update gastbok Set namn='" & Namn & "',rubrik='" & Rubrik & "',mail='" & Mail & "',url='" & Url & "',msg='" & Msg & "' Where id = "& Request.Querystring("id")) Conn.Close:Set Conn = Nothing Response.Redirect "admin.asp?do=inne" ElseIf Request.Querystring("action") = "delete" AND Session("gastbok") = Secure Then Conn.Execute("Delete * From gastbok Where id=" & FixSQL(Request.Querystring("id"))) Conn.Close:Set Conn = Nothing Response.Redirect "admin.asp?do=inne" ElseIf Request.Querystring("action") = "svara" AND Session("gastbok") = Secure Then Set RecSet = Conn.Execute("Select * From gastbok Where id=" & FixSQL(Request.Querystring("id")))%> " name="answer">
Skrivet av <%=RecSet("namn")%> | <%=FormatDateTime(RecSet("datum"),2)%> (<%=FormatDateTime(RecSet("datum"),4)%>)
<%=Replace(RecSet("msg"), vbCrLf, "
")%>
Skriv ditt svar här:
<%RecSet.Close:Set RecSet = Nothing Conn.Close:Set Conn = Nothing ElseIf Request.Querystring("action") = "svarat" AND Session("gastbok") = Secure Then Svar = FixSQL(Request.Form("svar")) Conn.Execute("Update gastbok Set Svar='"& Svar &"' Where id=" & FixSQL(Request.Querystring("id"))) Conn.Close:Set Conn = Nothing Response.Redirect "admin.asp?do=inne" End If ElseIf Request.Querystring("do") = "logut" Then Session.Abandon Conn.Close:Set Conn = Nothing Response.Redirect "admin.asp" End If%>