<%@ LANGUAGE="VBSCRIPT" %> <%Response.Buffer=TRUE%> <% If Session("userAdmin") = 0 or IsNull(Session("userAdmin")) = True then Response.Redirect"default.asp" End If function fieldReplace(item) item = replace(item, " ", "  ") item = replace(item, "'", "''") item = replace(item, "%", "%") item = replace(item, vbcrlf, "
") fieldReplace = item end function Dim mode Dim strUserName Dim userID Dim rsPostNews Dim strSQL If Request.querystring("mode") = "post" then %>
Heading:
Content:
<% End If %> <% If Request.querystring("mode") = "postdb" then strUserName = Session("userName") strHeading = Request.Form("txtHeading") strContent = Request.Form("txtContent") strHeading = fieldReplace(strHeading) strContent = fieldReplace(strContent) Set rsPostNews = Server.CreateObject("ADODB.Recordset") strSQL = "INSERT INTO tblnews (heading,content,postedby,[Timestamp])VALUES('" & strHeading & "','" & strContent & "','" & strUserName & "','" & date() & "')" rsPostNews = adoCon.Execute(strSQL) Set rsPostNews = Nothing Set adoCon = Nothing Response.Redirect"news.asp?mode=listnews" End If If Request.querystring("mode") = "delete" then strID = request.querystring("ID") Set rsDeleteNews = Server.CreateObject("ADODB.Recordset") strSQL = "DELETE FROM tblnews WHERE ID =" & strID rsDeleteNews = adoCon.Execute(strSQL) Set rsDeleteNews = Nothing Set adoCon = Nothing Response.Redirect"news.asp?mode=listnews" End If %> <% If Request.querystring("mode") = "listnews" then Set rsNewsAdmin = Server.CreateObject("ADODB.Recordset") strSQL = "SELECT heading, ID, Timestamp, postedby FROM tblnews ORDER BY ID" rsNewsAdmin.Open strSQL, adoCon %> <% Response.Write ("") Dim strBGColor strBGColor = "#EEEEEE" Do While NOT rsNewsAdmin.EOF if strBGColor = "#EEEEEE" Then strBGColor = "#D7D7D7" Else strBGColor = "#EEEEEE" %> ") Response.Write ("") Response.Write ("") rsNewsAdmin.MoveNext Loop Response.Write ("
Heading
Delete News
Edit News
Date Posted
Posted By
<% Response.Write (rsNewsAdmin("heading")) Response.Write ("
") Response.Write ("Delete News") Response.Write ("
Edit News
") Response.Write (rsNewsAdmin("Timestamp")) Response.Write ("
") Response.Write (rsNewsAdmin("postedby")) Response.Write ("


Post News Here") Set rsNewsAdmin = Nothing Set adoCon = Nothing End If %> <% If Request.querystring("mode") = "edit" then strID = request.querystring("ID") Set rsEditNews = Server.CreateObject("ADODB.Recordset") strEditSQL = "SELECT heading, content FROM tblnews WHERE ID= " & strID rsEditNews.Open strEditSQL, adoCon %>
Heading:
Content:
<% Set adoCon = Nothing Set rsEditNews = Nothing End If %> <% If Request.querystring("mode") = "updatedb" then strUserName = Session("userName") strHeading = Request.Form("txtHeading") strContent = Request.Form("txtContent") strID = Request.Form("txtID") strHeading = fieldReplace(strHeading) strContent = fieldReplace(strContent) Set rsUpdateNews = Server.CreateObject("ADODB.Recordset") strSQL = "UPDATE tblnews SET tblnews.heading='" & strHeading & "',tblnews.content='" & strContent & "',tblnews.postedby='" & strUserName & "',tblnews.Timestamp='" & date() & "' WHERE ID =" & strID rsUpdateNews = adoCon.Execute(strSQL) Set rsUpdateNews = Nothing Set adoCon = Nothing Response.Redirect"news.asp?mode=listnews" End If %> <% If Request.querystring("mode") = "view" then userAdmin = Session("userAdmin") Set rsSettings = Server.CreateObject("ADODB.Recordset") strSettingsSQL = "SELECT shownum,contentbgcolor,infobgcolor,infotextcolor,bordercolor,headbgcolor FROM tblsettings" rsSettings.Open strSettingsSQL, adoCon Set rsViewNews = Server.CreateObject("ADODB.Recordset") strViewSQL = "SELECT TOP " & rsSettings("shownum") & " heading, [ID], [Timestamp], postedby, content FROM tblnews ORDER BY [ID] DESC" rsViewNews.Open strViewSQL, adoCon %> <% Do While NOT rsViewNews.EOF %>
style='border-collapse:collapse;'>
style='font-family:verdana;font-weight:bold;font-size:8pt;'> <%Response.Write (rsViewNews("heading"))%>
> <%Response.Write (rsViewNews("content"))%>
>> <%Response.Write (rsViewNews("timestamp"))%> >>Posted by   <%Response.Write (rsViewNews("postedby"))%>   

<% rsViewNews.MoveNext Loop Set rsViweNews = Nothing Set rsSettings = Nothing Set adoCon = Nothing End If %> <% If Request.querystring("mode") = "add" then Set rsAdmin = Server.CreateObject("ADODB.Recordset") strUserName = Request.Form("txtUserName") strPassword = Request.Form("txtPassword") strUserName = fieldReplace(strUserName) strPassword = fieldReplace(strPassword) strSQL = "INSERT INTO tblusers (username,password,[Timestamp]) VALUES('" & strUserName & "', '" & strPassword & "','" & date() & "')" strSQLCheck = "SELECT username from tblusers where username = '" & strUserName & "'" Set rsAdminCheck = adoCon.Execute(strSQLCheck) If strUserName = "" then Response.Redirect"news.asp?mode=adduserblank" Else If strPassword = "" then Response.Redirect"news.asp?mode=adduserblank" Else If Not rsAdminCheck.EOF then Response.Redirect"news.asp?mode=addusertaken" Set rsAdminCheck = Nothing Set adoCon = Nothing End If End If End If rsAdmin.Open strSQL, adoCon Set rsAdmin = Nothing Set adoCon = Nothing Response.Redirect"news.asp?mode=listusers" End If %> <% If Request.querystring("mode") = "adduser" then %> <% Response.Write ("

") Response.Write ("
") Response.Write ("") Response.Write ("") Response.Write ("") Response.Write ("
UserName:  
Password:  
Confirm Password:  
") Response.Write ("
") Response.Write ("
") End If %> <% If Request.querystring("mode") = "adduserblank" then %> <% Response.Write ("Please enter a username/password

") Response.Write ("
") Response.Write ("
") Response.Write ("") Response.Write ("") Response.Write ("") Response.Write ("
UserName:  
Password:  
Confirm Password:  
") Response.Write ("
") Response.Write ("
") End If %> <% If Request.querystring("mode") = "addusertaken" then %> <% Response.Write ("Username is already in use.

") Response.Write ("
") Response.Write ("
") Response.Write ("") Response.Write ("") Response.Write ("") Response.Write ("
UserName:  
Password:  
Confirm Password:  
") Response.Write ("
") Response.Write ("
") End If %> <% If Request.querystring("mode") = "listusers" then Set rsUserAdmin = Server.CreateObject("ADODB.Recordset") strSQL = "SELECT username, ID FROM tblusers ORDER BY username" rsUserAdmin.Open strSQL, adoCon %> <% Response.Write ("") strBGColor = "#EEEEEE" Do While NOT rsUserAdmin.EOF if strBGColor = "#EEEEEE" Then strBGColor = "#D7D7D7" Else strBGColor = "#EEEEEE" %> ") Response.Write ("") rsUserAdmin.MoveNext Loop Response.Write ("
UserName
Delete User
Change Password
<% Response.Write (rsUserAdmin("username")) Response.Write ("
Delete User
Change Password
") Set rsUSerAdmin = Nothing Set adoCon = Nothing End If %> <% If Request.querystring("mode") = "deleteuser" then userID = Request.querystring("ID") Set rsAdmin = Server.CreateObject("ADODB.Recordset") strSQL = "DELETE FROM tblusers WHERE ID =" & userID rsAdmin.Open strSQL, adoCon Set rsAdmin = Nothing Set adoCon = Nothing Response.Redirect"news.asp?mode=listusers" End If %> <% If Request.querystring("mode") = "change" then %> <% userID = Request.querystring("ID") Response.Write ("
") Response.Write ("
Change Password

") Response.Write ("") Response.Write ("


") Response.Write ("") Response.Write ("
") Response.Write ("
") End If %> <% If Request.querystring("mode") = "changepassword" then Set rsAdmin = Server.CreateObject("ADODB.Recordset") strUserID = Request.Form("txtID") strPassword = Request.Form("txtPassword") strPassword = fieldReplace(strPassword) If strPassword = "" then Response.Redirect "news.asp?mode=blank&ID=" & strUserID & "" End If strSQL = "UPDATE tblusers SET tblusers.password='" & strPassword & "' WHERE ID =" & strUserID rsAdmin.Open strSQL, adoCon Set rsAdmin = Nothing Set adoCon = Nothing Response.Redirect"news.asp?mode=listusers" End If %> <% If Request.querystring("mode") = "blank" then %> <% userID = Request.querystring("ID") Response.Write ("Please enter a password") Response.Write ("
") Response.Write ("
Change Password

") Response.Write ("") Response.Write ("


") Response.Write ("") Response.Write ("
") Response.Write ("
") End If %> <% If Request.querystring("mode") = "settings" then %> <% Set rsSettings = Server.CreateObject("ADODB.Recordset") strSettingsSQL = "SELECT shownum,contentbgcolor,infobgcolor,infotextcolor,bordercolor,headbgcolor FROM tblsettings" rsSettings.Open strSettingsSQL, adoCon Response.Write ("
") Response.Write ("
News Display Settings

") Response.Write ("") Response.Write ("") Response.Write ("") Response.Write ("") Response.Write ("") Response.Write ("") Response.Write ("
# of News Entries to Show
Border Color Pick Color
Header Background Color Pick Color
Content Background Color Pick Color
News Information Background Color Pick Color
News Information Color Pick Color
") Response.Write ("") Response.Write ("
") Response.Write ("
") Set rsSettings = Nothing Set adoCon = Nothing End If %> <% If Request.querystring("mode") = "settingsdb" then Set rsSettings = Server.CreateObject("ADODB.Recordset") strShowNum = Request.Form("txtShowNum") strHeaderBgColor = Request.Form("txtHeaderBgColor") strContentBgColor = Request.Form("txtContentBgColor") strBorderColor = Request.Form("txtBorderColor") strInfoBgColor = Request.Form("txtInfoBgColor") strInfoTextColor = Request.Form("txtInfoTextColor") strSQL = "UPDATE tblsettings SET tblsettings.shownum='" & strShowNum & "', tblsettings.headbgcolor='" & strHeaderBgColor & "',tblsettings.contentbgcolor='" & strContentBgColor & "',tblsettings.bordercolor='" & strBorderColor & "',tblsettings.infobgcolor='" & strInfoBgColor & "',tblsettings.infotextcolor='" & strInfoTextColor & "'" rsSettings.Open strSQL, adoCon Set rsSettings = Nothing Set adoCon = Nothing Response.Redirect"news.asp?mode=settings" End If %> <% If Request.querystring("mode") = "logout" then Session("userAdmin") = False %>

You have been logged out.


User name:
Password:
           
<% End If %>