<%@ LANGUAGE = "VBScript" %> <% Option Explicit %> <% Response.Buffer = True %> <% Response.Expires = -1 %> <% Response.CacheControl = "Public" %> <% '**************************************************************************************** '** Copyright Notice '** '** iPortalX.com '** '** Copyright 2001-2003 Drew Gauderman All Rights Reserved. '** '** This program is a paid software; you can modify (at your own risk) any part of it '** under the terms of the License that accompanies this software and use it both '** privately and commercially. '** '** All copyright notices must remain in tacked in the scripts and the '** outputted HTML. '** '** You may NOT use parts of this program in your own private work, and you may NOT '** redistribute, repackage, or sell the whole or any part of this program even '** if it is modified or reverse engineered in whole or in part without express '** permission from the author. '** '** You may not pass the whole or any part of this application off as your own work. '** '** All links to iPortalX.com and powered by logo's (if any) must remain unchanged and in place '** and must remain visible when the pages are viewed unless permission is first granted '** by the copyright holder. '** '** This program is distributed in the hope that it will be useful, '** but WITHOUT ANY WARRANTY; without even the implied warranty of '** MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR ANY OTHER '** WARRANTIES WHETHER EXPRESSED OR IMPLIED. '** '** Support is for those that have purchased it. Post support questions at: - '** http://www.iportalx.com/forum '** '** Support questions are NOT answered by e-mail ever! '** '** For correspondence or non support questions contact: - '** support@iportalx.com '** '**************************************************************************************** Dim strMode Dim intGuestBookID Dim strInputName Dim strInputCountry Dim strInputEmail Dim strInputURL Dim strInputComments Dim strBadWord Dim strBadWordReplace Dim blnEmailSent Dim strEmailSubject Dim strEmailMessage Dim blnSecurityCodeOK Dim blnBannedIP If bannedIP() Then Set rsCommon = Nothing adoCon.Close Set adoCon = Nothing Response.Redirect("forum/insufficient_permission.asp?M=IP") End If blnSecurityCodeOK = True strMode = Request.Form("mode") If strMode = "" Then strMode = Request.QueryString("Mode") intGuestBookID = Clng(Request.Form("GuestBookID")) If intGuestBookID = 0 Then intGuestBookID = Clng(Request.QueryString("GuestBookID")) '****************************************** '*** Check security code *** '****************************************** '****************************************** '*** Check the session ID *** '****************************************** If strMode = "Add" Then Call checkSessionID(Request.Form("sessionID")) If Session("lngSecurityCode") <> Trim(Mid(Request.Form("securityCode"), 1, 6)) Then 'Set the security code OK variable to false blnSecurityCodeOK = False End If End If strInputName = Request.Form("Name") strInputCountry = Request.Form("Country") strInputEmail = Request.Form("Email") strInputURL = Request.Form("URL") strInputComments = Request.Form("message") strInputComments = FormatPost(strInputComments) strInputComments = FormatForumCodes(strInputComments) strInputComments = checkHTML(strInputComments) strInputURL = removeAllTags(strInputURL) strInputURL = formatInput(strInputURL) strInputName = removeAllTags(strInputName) strInputName = formatInput(strInputName) strInputName = formatSQLInput(strInputName) strInputEmail = removeAllTags(strInputEmail) strInputEmail = formatInput(strInputEmail) strInputEmail = formatSQLInput(strInputEmail) strInputURL = Replace(strInputURL, "http://", "", 1, -1, 1) strInputURL = "http://" & strInputURL strInputURL = formatLink(strInputURL) strSQL = "SELECT " & strDbTable & "Smut.* FROM " & strDbTable & "Smut" 'Open the recordset rsCommon.Open strSQL, adoCon Do While NOT rsCommon.EOF strBadWord = rsCommon("Smut") strBadWordReplace = rsCommon("Word_replace") strInputName = Replace(strInputName, strBadWord, strBadWordReplace, 1, -1, 1) strInputComments = Replace(strInputComments, strBadWord, strBadWordReplace, 1, -1, 1) rsCommon.MoveNext Loop rsCommon.Close If strMode = "Add" AND blnSecurityCodeOK Then Session("lngSecurityCode") = null strSQL = "SELECT " & strDbTable & "GuestBook.* FROM " & strDbTable & "GuestBook;" rsCommon.Open strSQL, adoCon, 3, 3 rsCommon.AddNew rsCommon.Fields("Name") = strInputName rsCommon.Fields("Country") = strInputCountry rsCommon.Fields("Email") = strInputEmail If blnGuestbookWebsiteField Then rsCommon.Fields("Site") = strInputURL rsCommon.Fields("Comments") = strInputComments rsCommon.Fields("IP") = getIP() rsCommon.Update rsCommon.Requery rsCommon.Close If blnEmail AND blnGuestBookNotification Then strEmailSubject = "A guestbook item has been submitted!" strEmailMessage = "Hello," & vbCrLf & "Someone has signed your guestbook!" & vbCrLf & vbCrLf strEmailMessage = strEmailMessage & "Name: " & strInputName & vbCrLf strEmailMessage = strEmailMessage & "Country: " & strInputCountry & vbCrLf strEmailMessage = strEmailMessage & "Comments: " & vbCrLf & strInputComments & vbCrLf strEmailMessage = strEmailMessage & strWebsiteURL & "/guestbook.asp" blnEmailSent = SendMail(strEmailMessage, strWebsiteName, strForumEmailAddress, strWebsiteName, strForumEmailAddress, strEmailSubject, strMailComponent, False) End If ElseIf strMode = "Edit" Then If blnAdmin = False Then If blnModerator = False Then Set rsCommon = Nothing adoCon.Close Set adoCon = Nothing Response.Redirect("forum/insufficient_permission.asp?Redirect=" & RedirectOmitPath("Redirect", True)) End If End If strSQL = "SELECT " & strDbTable & "GuestBook.* FROM " & strDbTable & "GuestBook " strSQL = strSQL & "WHERE " & strDbTable & "Guestbook.Guestbook_ID = " & intGuestBookID & ";" rsCommon.Open strSQL, adoCon, 3, 3 rsCommon.Fields("Name") = strInputName rsCommon.Fields("Country") = strInputCountry rsCommon.Fields("Email") = strInputEmail rsCommon.Fields("Site") = strInputURL rsCommon.Fields("Comments") = strInputComments rsCommon.Update rsCommon.Requery rsCommon.Close ElseIf strMode = "Delete" Then If blnAdmin = False Then If blnModerator = False Then Set rsCommon = Nothing adoCon.Close Set adoCon = Nothing Response.Redirect("forum/insufficient_permission.asp?Redirect=" & RedirectOmitPath("Redirect", True)) End If End If strSQL = "DELETE FROM " & strDBTable & "GuestBook WHERE Guestbook_ID = " & intGuestBookID & ";" adoCon.Execute(strSQL) Set rsCommon = Nothing adoCon.Close Set adoCon = Nothing Response.Redirect("guestbook.asp?PagePosition=" & Request.QueryString("PN")) End If %> Guestbook
<% = strWebsiteName %> : Sign Guestbook



<% If blnSecurityCodeOK = False AND strMode = "Add" Then Response.Write(Replace(strTxtSecurityCodeDidNotMatch, "\n\n", "
")) ElseIf strMode = "Add" Then Response.Write(vbCrLf & strTxtGuestbookNotice1) ElseIf strMode = "Edit" Then Response.Write(vbCrLf & strTxtGuestbookNotice2) ElseIf strMode = "Delete" Then Response.Write(vbCrLf & strTxtGuestbookNotice3) End If %>

<% = strTxtBacktoHome %> | "><% = strTxtBackToGuestbook %>
<% Set rsCommon = Nothing adoCon.Close Set adoCon = Nothing %>