Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles
(untagged)

Easy Guestbook with ASP

0.00/5 (No votes)
11 Jul 2004 1  
Easy Guestbook with ASP and MS Access

Sample Image - asp-guestbook.gif

Introduction - An Easy ASP Guestbook with Web-based Administration

Here we start out with a simple "settings" file, named settings.asp. This file will be included on each page, and will contain the basic settings for this guestbook.

Since the password (logincode) is NOT in the database, you can leave the database in the webroot with a mappath statement to make the install easier. However, the best place for the database is outside of your webroot, in which case you would want to change the database_path string to your full path ("C:\inetpub\database\post.mdb" for example)

There is also an important settings to allow html, or not. Many times folks abuse a guestbook by filling it with links, and other junk. It would be a good idea to disallow html, unless you really need it.

The language setting is just a set of variables for text used within the system, for each language there is a different text that is used. Very easy to add a "new" language to the system.

Details

The login is a simple login check page, which checks the login code entered on the form
with the one stored in the settings.asp file.

'title of your guestbook.

pagetitle = "Demo"

'language

'english = en, german = ger, french = fr

lang = "en"

'admin password

logincode = "1234"

'number of entries to show.

show_posts = "25"

'minimum length of post to be allowed.

minimum_length = 4

'set to "no" for no html, set to "yes" to allow html (not recommended!)

allow_html = "no"

'leave as is, unless you want to move your database.

database_path = Server.MapPath("post.mdb")
<%Option Explicit%>
<!-- #INCLUDE FILE="settings.asp" -->
<%

if Request.Form("mynumber") = "" then
    response.redirect("login.asp?l=password_blank")
End If

'set variables from form

FormPwd = Request.Form("mynumber")
FormPwd = replace(FormPwd,"'","''")

'run login or return to login page

if formpwd = logincode then
    Session("LoginID") = formpwd
else
    response.redirect("login.asp?l=incorrect_login_or_password")
End if

'final redirect

response.redirect("post.asp")
%>

ASP Guestbook Login

The login uses session variables to store the login information, so to log off we simple abandon the session. The redirect appends the date to avoid seeing a "cached" login page after being logged out. This is not a security issue, but just for convenience.

<%
session.abandon 
response.redirect("post.asp?d=" & date)
%>

Now the main code is the post.asp page, this page is the same whether you are logged in as admin or just a guest visiting the page. If you are logeed in you see the same data as a guest, only you have more options available, you can delete posts, or restore deleted posts, or empty the "recycle bin" (where deleted posts are stored until you clear them out).

ASP Guestbook

As you can see from the code below, we check for the loggedin session right from the start,
then we can use this throughout the rest of the script to display data based on your status as admin or guest.

<% option explicit %>
<head>
<!-- #INCLUDE FILE="settings.asp" -->
<%
LoggedIn = Session("loginID")

Once you are logged in you see more options available.

ASP Guestbook

The file is split up into "parts" depending on what querystring is passed.

The section below checks to see if you are logged in and then check so see if
you have attempted to empty the "deleted" items from the database.

'============Empty Deleted Items from the database============

If LoggedIn <> "" Then
    if request.querystring("del") = 1 then
        Set dConn = Server.CreateObject("ADODB.Connection")
        dConn.Open "PROVIDER=MICROSOFT.JET.OLEDB.4.0;DATA SOURCE=" & _
                   database_path

        mySQL = "DELETE FROM tblpost where active = 2;"
        dConn.execute(mySQL)
        dconn.close
        set dconn = nothing
        response.redirect("post.asp")
    end if
end if

As you can see from the rest of the main "post" code, different items are displayed or actions performed based on being logged in or not, and if so what querystring value you have passed to the page.

'============set based on delete or undelete============

If LoggedIn <> "" Then
    showdeleted = request.querystring("showdeleted")
    if showdeleted = 1 then
    active = 2
    removetype = 1
    delete_text = undelete_text
    delimage = "undelete.gif"
    else
    active = 1
    removetype = 2
    delete_text = delete_text
    delimage = "delete.gif"
    end if
else
    active = 1
end if

'============Delete/Undelete Items from the guestbook display============

remove = request.querystring("remove")
if remove = 1 then
    Set dConn = Server.CreateObject("ADODB.Connection")
    dConn.Open "PROVIDER=MICROSOFT.JET.OLEDB.4.0;DATA SOURCE=" 
       & database_path

    removetype = request.querystring("removetype")
    mySQL = "UPDATE tblPost SET Active = " & removetype & " WHERE ID = " & _
            ID & ";"
    response.write "updating"
    dConn.execute(mySQL)
    dConn.Close
    set dConn = Nothing
    response.redirect("post.asp")
end if
'============End Delete Section============


Set dataRS = Server.CreateObject("ADODB.RecordSet")
dataSQL = "Select TOP " & show_posts & " message, remote_addr, sysdate, " &_
          " systime, id FROM tblPost WHERE active = " & active &_
          " order by sysdate DESC, systime DESC;"
'Response.Write dataSQL

'response.end


Set dConn = Server.CreateObject("ADODB.Connection")
dConn.Open "PROVIDER=MICROSOFT.JET.OLEDB.4.0;DATA SOURCE=" & database_path

dataRS.Open dataSQL, dConn, 1, 3
recordcount = dataRS.recordcount
if recordcount > 0 then
    data = dataRS.GetRows()
    'Data is retrieved so close all connections

    dataRS.Close
    Set dataRS = Nothing

    dconn.close
    set dconn = nothing
    'Setup for array usage

    iRecFirst   = LBound(data, 2)
    iRecLast    = UBound(data, 2)
end if

'============IF IS A POST BACK============

message = trim(request.form("message"))
if request.form("ispostback") = 1 AND (len(message) > minimum_length) then
        if allow_html = "no" then
            message = RemoveHTMLtags(message)
            else
            message = PreSubmit2(message)
        end if
    strSQL = "tblPost"
    'Open a recordset

    Set cRS2 = Server.CreateObject("ADODB.recordset")

    Set dConn = Server.CreateObject("ADODB.Connection")
    dConn.Open "PROVIDER=MICROSOFT.JET.OLEDB.4.0;DATA SOURCE=" &_
              database_path

    cRS2.Open strSQL, dConn, 1,3
    cRS2.AddNew

    cRS2("message") = message
    cRS2("sysdate") = date()
    cRS2("systime") = time()
    cRS2("remote_addr") = request.ServerVariables("remote_addr")
    cRS2("Active") = 1

    cRS2.Update
    cRS2.Close
    Set cRS2 = Nothing

    dConn.Close
    Set dConn = Nothing
    response.redirect("post.asp")
end if

'============End POSTBACK Section============

%>
<title><%=pagetitle%></title>
</head>
<P style="FONT-WEIGHT: bold"><%=pagetitle%>

<table border=2 bordercolor="silver" CELLSPACING=0 CELLPADDING=4>
<form action="post.asp" method="post" name="form1" id="form1">
    <tr class='smalltext'>
        <td><textarea cols="50" rows="4" name="message" 
             style="font-family: Arial, Helvetica, sans-serif;" 
             class="cssborder" title="<%=add_text%>"></textarea></td>
        <td nowrap><input type="submit" value="<%=add_text%>" 
          style="height: 50px;" class="cssborder"></td>
    </tr>
<input type="hidden" name="ispostback" value="1">
</form>
</table>


<%
if recordcount > 0 then
%>
<table border="2" cellspacing="0" cellpadding="4" 
        bordercolor="silver" width="500">
    <tr>
        <th><%= message_text %></th>
    <%
    If LoggedIn <> "" then
     %>
        <th><%= delete_text %></th>
    <% end if %>    
    </tr>
    <%
    ' Loop through the records (second dimension of the array)
    For I = iRecFirst To iRecLast
        Response.Write "<tr class='smalltext'>" & _
        "<td colspan='top'>" & data(0, I) & " 
[" & data(3,I) & "| " & data(2, I) & " | " & data(1, I) & "]</td>"
        if LoggedIn <> "" then
          response.write "<td nowrap valign='top' align='center'>"
          response.write "<A href='post.asp?id=" & data(4, I)
          response.write "&remove=1&removetype=" & removetype 
          response.write "'><IMG title='" & delete_text
          response.write "' src='"%20&%20delimage%20&%20"'"
          response.write " border=0></A></td>"
        end if
    Next ' I
    %>
    </table>
<%
end if

If LoggedIn <> "" Then
    response.write logoutlink
    else
    response.write loginlink
end if

'close db just in case
on error resume next
    dConn.Close
    Set dConn = Nothing
on error goto 0
%>    

That is basically it, this is a very simple little guestbook, that should be easy to add to an site that supports ASP and MS Access database connections (No ODBC is necesary).

Enjoy!

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here