Introduction - An Easy ASP Guestbook with Web-based Administration
Here we start out with a simple "settings" file, named settings.asp. This
file will be included on each page, and will contain the basic settings for this
guestbook.
Since the password (logincode) is NOT in the database, you can leave the
database in the webroot with a mappath statement to make the install easier.
However, the best place for the database is outside of your webroot, in which
case you would want to change the database_path string to your full path
("C:\inetpub\database\post.mdb" for example)
There is also an important settings to allow html, or not. Many times folks
abuse a guestbook by filling it with links, and other junk. It would be a good
idea to disallow html, unless you really need it.
The language setting is just a set of variables for text used within the
system, for each language there is a different text that is used. Very easy to
add a "new" language to the system.
Details
The login is a simple login check page, which checks the login code entered
on the form
with the one stored in the settings.asp file.
pagetitle = "Demo"
lang = "en"
logincode = "1234"
show_posts = "25"
minimum_length = 4
allow_html = "no"
database_path = Server.MapPath("post.mdb")
<%Option Explicit%>
-->
<%
if Request.Form("mynumber") = "" then
response.redirect("login.asp?l=password_blank")
End If
FormPwd = Request.Form("mynumber")
FormPwd = replace(FormPwd,"'","''")
if formpwd = logincode then
Session("LoginID") = formpwd
else
response.redirect("login.asp?l=incorrect_login_or_password")
End if
response.redirect("post.asp")
%>
The login uses session variables to store the login information, so to log
off we simple abandon the session. The redirect appends the date to avoid seeing
a "cached" login page after being logged out. This is not a security issue, but
just for convenience.
<%
session.abandon
response.redirect("post.asp?d=" & date)
%>
Now the main code is the post.asp page, this page is the same whether you are
logged in as admin or just a guest visiting the page. If you are logeed in you
see the same data as a guest, only you have more options available, you can
delete posts, or restore deleted posts, or empty the "recycle bin" (where
deleted posts are stored until you clear them out).
As you can see from the code below, we check for the loggedin session right
from the start,
then we can use this throughout the rest of the script to
display data based on your status as admin or guest.
<% option explicit %>
<head>
-->
<%
LoggedIn = Session("loginID")
Once you are logged in you see more options available.
The file is split up into "parts" depending on what querystring is
passed.
The section below checks to see if you are logged in and then check so see
if
you have attempted to empty the "deleted" items from the database.
If LoggedIn <> "" Then
if request.querystring("del") = 1 then
Set dConn = Server.CreateObject("ADODB.Connection")
dConn.Open "PROVIDER=MICROSOFT.JET.OLEDB.4.0;DATA SOURCE=" & _
database_path
mySQL = "DELETE FROM tblpost where active = 2;"
dConn.execute(mySQL)
dconn.close
set dconn = nothing
response.redirect("post.asp")
end if
end if
As you can see from the rest of the main "post" code, different items are
displayed or actions performed based on being logged in or not, and if so what
querystring value you have passed to the page.
If LoggedIn <> "" Then
showdeleted = request.querystring("showdeleted")
if showdeleted = 1 then
active = 2
removetype = 1
delete_text = undelete_text
delimage = "undelete.gif"
else
active = 1
removetype = 2
delete_text = delete_text
delimage = "delete.gif"
end if
else
active = 1
end if
remove = request.querystring("remove")
if remove = 1 then
Set dConn = Server.CreateObject("ADODB.Connection")
dConn.Open "PROVIDER=MICROSOFT.JET.OLEDB.4.0;DATA SOURCE="
& database_path
removetype = request.querystring("removetype")
mySQL = "UPDATE tblPost SET Active = " & removetype & " WHERE ID = " & _
ID & ";"
response.write "updating"
dConn.execute(mySQL)
dConn.Close
set dConn = Nothing
response.redirect("post.asp")
end if
Set dataRS = Server.CreateObject("ADODB.RecordSet")
dataSQL = "Select TOP " & show_posts & " message, remote_addr, sysdate, " &_
" systime, id FROM tblPost WHERE active = " & active &_
" order by sysdate DESC, systime DESC;"
Set dConn = Server.CreateObject("ADODB.Connection")
dConn.Open "PROVIDER=MICROSOFT.JET.OLEDB.4.0;DATA SOURCE=" & database_path
dataRS.Open dataSQL, dConn, 1, 3
recordcount = dataRS.recordcount
if recordcount > 0 then
data = dataRS.GetRows()
dataRS.Close
Set dataRS = Nothing
dconn.close
set dconn = nothing
iRecFirst = LBound(data, 2)
iRecLast = UBound(data, 2)
end if
message = trim(request.form("message"))
if request.form("ispostback") = 1 AND (len(message) > minimum_length) then
if allow_html = "no" then
message = RemoveHTMLtags(message)
else
message = PreSubmit2(message)
end if
strSQL = "tblPost"
Set cRS2 = Server.CreateObject("ADODB.recordset")
Set dConn = Server.CreateObject("ADODB.Connection")
dConn.Open "PROVIDER=MICROSOFT.JET.OLEDB.4.0;DATA SOURCE=" &_
database_path
cRS2.Open strSQL, dConn, 1,3
cRS2.AddNew
cRS2("message") = message
cRS2("sysdate") = date()
cRS2("systime") = time()
cRS2("remote_addr") = request.ServerVariables("remote_addr")
cRS2("Active") = 1
cRS2.Update
cRS2.Close
Set cRS2 = Nothing
dConn.Close
Set dConn = Nothing
response.redirect("post.asp")
end if
%>
<title><%=pagetitle%></title>
</head>
<P style="FONT-WEIGHT: bold"><%=pagetitle%>
<table border=2 bordercolor="silver" CELLSPACING=0 CELLPADDING=4>
<form action="post.asp" method="post" name="form1" id="form1">
<tr class='smalltext'>
<td><textarea cols="50" rows="4" name="message"
style="font-family: Arial, Helvetica, sans-serif;"
class="cssborder" title="<%=add_text%>"></textarea></td>
<td nowrap><input type="submit" value="<%=add_text%>"
style="height: 50px;" class="cssborder"></td>
</tr>
<input type="hidden" name="ispostback" value="1">
</form>
</table>
<%
if recordcount > 0 then
%>
<table border="2" cellspacing="0" cellpadding="4"
bordercolor="silver" width="500">
<tr>
<th><%= message_text %></th>
<%
If LoggedIn <> "" then
%>
<th><%= delete_text %></th>
<% end if %>
</tr>
<%
' Loop through the records (second dimension of the array)
For I = iRecFirst To iRecLast
Response.Write "<tr class='smalltext'>" & _
"<td colspan='top'>" & data(0, I) & "
[" & data(3,I) & "| " & data(2, I) & " | " & data(1, I) & "]</td>"
if LoggedIn <> "" then
response.write "<td nowrap valign='top' align='center'>"
response.write "<A href='post.asp?id=" & data(4, I)
response.write "&remove=1&removetype=" & removetype
response.write "'><IMG title='" & delete_text
response.write "' src='"%20&%20delimage%20&%20"'"
response.write " border=0></A></td>"
end if
Next ' I
%>
</table>
<%
end if
If LoggedIn <> "" Then
response.write logoutlink
else
response.write loginlink
end if
'close db just in case
on error resume next
dConn.Close
Set dConn = Nothing
on error goto 0
%>
That is basically it, this is a very simple little guestbook, that should be
easy to add to an site that supports ASP and MS Access database connections (No
ODBC is necesary).
Enjoy!