<%
'##############################################################################
'# webboard.asp Version : 1.0a #
'# Public : Mr.Burin Rujjanapan e-mail : webmaster@thaiall.com #
'# Last Modified : 2549-02-17 #
'# Created : 2549-02-06 #
'# Required : boardx.mdb #
'# Download : http://www.thaiall.com/asp #
'##############################################################################
admin_password = "p"
title = "โปรแกรมกระดานข่าว สำหรับนักเรียน และครู (Webboard for Students)"
maxofall = 10
tbwidth = "width=780 align=center "
tbwidthdata = "width=760 align=center "
bg1 = "#ddffdd"
bg2 = "#ffffdd"
db = "boardx.mdb"
'================================================
if len(request.querystring("page")) > 0 then page = request.querystring("page") else page = 1
dim connect, rs, sql, max, i, tots, maxofall
set connect = server.createobject("ADODB.Connection")
set rs = server.createobject("ADODB.recordset")
connect.open("DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath(db))
if request.form("process") = "User Edit" and session("uid") = "admin" then useredit
if request.form("process") = "AddTopic" then addtopic
if request.form("process") = "Sign In" and len(request.form("uid")) > 1 then signin
if request.form("process") = "Sign Up" then signup
if request.form("process") = "Change Information" and len(session("uid")) > 1 then changeinformation
if request.querystring("process") = "Delete" and session("uid") = "admin" then deletetopic
if request.querystring("process") = "SignUp" then signup
if request.querystring("process") = "Info" then info
if request.querystring("process") = "Help" then help
if request.querystring("process") = "Users" then users
if request.querystring("process") = "DeleteUser" and session("uid") = "admin" then deleteuser
if request.querystring("process") = "SignOut" then
session("uid") = ""
response.write("<meta http-equiv=refresh content='0;url=?'>")
response.write("<a href=?>Please wait or click here</a>")
else
header
headeru
%>
<table <%=tbwidth %> border=0 cellpadding=0 cellspacing=0><tr><td>
<%
if (request.querystring("max") = 0) then max = maxofall else max = request.querystring("max")
if len(request.querystring("qid")) > 0 then
sql = "select * from questions where qid=" & request.querystring("qid")
rs.open sql,connect,3,3
tots = rs.recordcount
if tots > 0 then
response.write("<table " & tbwidth &" border=0 cellpadding=0 cellspacing=0 bgcolor=#444444>")
response.write("<tr><td width=50 align=right><font color=white size=4>หัวข้อ :</td><td bgcolor=#ffffdd><font color=blue size=4>"&rs("qshort")&"</font></td></tr></table>")
response.write("<table width=100% border=0 cellpadding=0 cellspacing=0 bgcolor=#ffffdd><tr><td width=5></td><td colspan=2 bgcolor=white>")
response.write("<table width=100% height=100% border=0 cellpadding=1 cellspacing=1 bgcolor=#dddddd><td bgcolor=white><font size=4><ul><pre>")
response.write(rs("qdetail")&"</pre></ul></td></table>")
response.write("</td></tr>")
response.write("<tr bgcolor=#808080><td colspan=3 align=right><font color=white>Posted : "& rs("qdate"))
if (session("uid") = "admin") then response.write(" [ <a href=?process=Delete&qid=" & request.querystring("qid") &">del</a> ]")
response.write("</td></tr></table>")
cntread = rs("cntread") + 1
rs.close
sql = "select * from answers where qid=" & request.querystring("qid") & " order by aid desc"
rs.open sql,connect,3,3
tots = rs.recordcount
i = 1
do while not rs.eof and i <= max
response.write("<table " & tbwidth & "><tr bgcolor=#dddddd><td width=5>::</td><td>"& rs("ashort") & "<font color=gray> (" & rs("adate")&" : "& rs("aowner") )
if (session("uid") = "admin") then response.write(" : <a href=?process=Delete&qid=" & request.querystring("qid") &"&aid=" & rs("aid") &">del</a>")
response.write(")</font></td></tr><tr bgcolor=#ffffdd><td bgcolor=white> </td><td>")
response.write("<pre>" & rs("adetail")&"</pre></td></tr></table>")
rs.movenext
i = i + 1
loop
if (session("read") <> request.querystring("qid")) then
sql = "update questions set cntread = " & cntread &" where qid = "& request.querystring("qid")
connect.execute(sql)
end if
session("read") = request.querystring("qid")
else
response.write("<br>ขอโทษ และโปรดติดต่อเจ้าหน้าที่ ที่เกี่ยวข้อง<br>เพราะไม่พบข้อมูลที่ท่านต้องการ")
response.write("<br>เหตุการณ์แบบนี้ไม่น่าเกิดขึ้น .. ข้อมูลที่ท่านต้องการอาจหมดอายุ")
end if
else
sql = "select * from queswrite order by qid desc"
displaynews
end if
response.write("</td></tr></table>")
footer
end if
'================================================
sub displaynews
set rs = server.createobject("ADODB.recordset")
rs.open sql,connect,1,3
tots = rs.recordcount
if tots > 0 then
tpage = tots / max
if (tots mod max) > 0 then tpage = tpage + 1
response.write("<table " & tbwidth &" bgcolor=#dddddd border=0 cellspacing=0 cellpadding=0>")
response.write("<form action=?>")
response.write("<td>Page : ")
getkey = request.querystring("q")
for n = 1 to tpage
response.write(" <a href='?page=" & n)
response.write("'>" & n & "</a> | ")
next
response.write("Total Topics : " & tots)
response.write("</td><td align=right>Topic Search <input name=q value='"& getkey &"'><input type=submit value=go>")
response.write("</td></form></table>")
i = 1
j = 1
response.write("<table " & tbwidthdata & ">")
bg = bg1
do while not rs.eof and (j <= max or len(getkey) > 0)
q = 0
if len(getkey) > 0 and instr(lcase(rs("qshort")),lcase(getkey)) > 0 then q = 1
if len(getkey) > 0 and instr(lcase(rs("qdetail")),lcase(getkey)) > 0 then q = 1
if (len(getkey) > 0 and q = 1) or (q = 0 and len(getkey) = 0) then
if (i <= (page * max) and i > (page - 1) * max) or (q = 1) then
if (bg = bg1) then bg = bg2 else bg = bg1
response.write("<tr bgcolor=" & bg & "><td>:: <a href=?qid="&rs("qid")&">")
response.write(rs("qshort")&"</a></td><td>")
if (len(session("uid")) > 0 and rs("qowner") <> "admin") then response.write("<a href=?process=Users&uid="&rs("qowner")&">" &rs("qowner")& "</a>") else response.write(rs("qowner"))
response.write("</td><td><font color=gray>" & rs("qdate") & "</font></td><td><font color=red>r:" & rs("cntread") & "</font>")
response.write(" <font color=brown>w:" & rs("cntwrite") & "</font></td></tr>")
j = j + 1
end if
end if
i = i + 1
rs.movenext
loop
response.write("</table>")
if (j = 1) then response.write("<center>Not Found")
else
response.write(" :: ยังไม่มีข้อมูลในฐานข้อมูล<br>")
end if
end sub
'================================================
sub mainnews
max = maxofall
sql = "select * from questions order by qid desc "
displaynews
end sub
'================================================
sub signin
if (request.form("uid") = "admin" and request.form("upassword") = admin_password) then
session("uid") = "admin"
else
sql = "select * from users where uid = '"& request.form("uid") &"' and upassword = '"&request.form("upassword") &"'"
rs.open sql,connect,1,3
tots = rs.recordcount
if tots > 0 then session("uid") = request.form("uid")
end if
end sub
'================================================
sub header %>
<html><head><title><%=title %></title>
<meta http-equiv=content-type content="text/html; charset=windows-874">
<style type="text/css">
body,td{scrollbar-base-color:red;scrollbar-arrow-color:white;font-family:microsoft sans serif;font-size:10pt;color:black;}
a:link{COLOR:#0000ff;TEXT-DECORATION:none;font-family:microsoft sans serif;}
a:visited{COLOR:#000080;TEXT-DECORATION:none;font-family:microsoft sans serif;}
a:hover{COLOR:#008080;TEXT-DECORATION:underline;font-family:microsoft sans serif;}
input{background:#ddffff;COLOR:black;font-family:microsoft sans serif;}
textarea{background:#ddffff;COLOR:black;font-family:microsoft sans serif;}
</style>
</head><body topmargin=0 leftmargin=0>
<table <%=tbwidth %> border=0 bgcolor=black cellpadding=0 cellspacing=0>
<tr bgcolor=#444444><td width=70% ><font color=#aaaaaa><%=title %>
</td><td width=30% align=right><font color=gray>
<a href=?><font color=#ddffdd>Home</font></a> |
<a href=?process=SignUp><font color=#ddffdd>Sign Up</font></a> |
<a href=?process=Help><font color=#ddffdd>Help</font></a>
<% if (session("uid") = "admin") then %>
| <a href=?process=Users><font color=#ddffdd>Users</font></a>
<% end if %>
</td></tr></table>
<%
end sub
'================================================
sub headeru %>
<table <%=tbwidth %> border=0 bgcolor=#666666 cellpadding=0 cellspacing=0>
<tr><form action='' method=post name=login><td><font color=white face=fixedsys>
<%
if (len(session("uid")) > 0) then
response.write("Username : " & session("uid"))
if (session("uid") <> "admin") then response.write(" [ <a href=?process=Info><font color=#ffdddd>User Information</font></a> ]")
response.write("</td><td color=#ddffff align=right><a href=?process=SignOut><font color=yellow>Sign Out</font></a>")
else %>
Username : <input name=uid size=10>
Password : <input name=upassword type=password size=10>
<input type=submit name=process value='Sign In'>
<% end if
response.write("</td></form></tr></table>")
end sub
'================================================
sub footer
connect.close
set rs = nothing
set connect = nothing
if (len(session("uid")) <> 0) then %>
<table <%=tbwidth %> border=0><td width=5 bgcolor=#aaaaaa></td><td bgcolor=#dddddd>
<form action='' method=post><input type=hidden name=process value=AddTopic>
<%
if (request.querystring("qid") = 0) then t = "เพิ่มกระทู้ใหม่" else t = "ตอบกระทู้นี้"
response.write("<b>" & t & "</b>")
%>
<br><input name=qshort size=40> <input type=submit value=ส่งความคิดเห็น>
<br><textarea name=qdetail cols=70 rows=5 wrap=off></textarea>
</form>
</td><td width=5 bgcolor=#aaaaaa></td></table>
<hr <%=tbwidth %> color=gray>
<% end if
response.write("</body></html>")
end sub
'================================================
sub deletetopic
if (len(request.querystring("qid")) > 1) then
if (request.querystring("aid") > 0) then
sql = "delete from answers where aid = "& request.querystring("aid") & " and qid = "& request.querystring("qid")
connect.execute(sql)
response.write("<meta http-equiv=refresh content='0;url=?qid="& request.querystring("qid") &"'>")
else
sql = "delete from answers where qid = "& request.querystring("qid")
connect.execute(sql)
sql = "delete from questions where qid = "& request.querystring("qid")
connect.execute(sql)
response.write("<meta http-equiv=refresh content='0;url=?'>")
end if
response.write("<a href=?>Please wait or click here</a>")
response.end
end if
end sub
'================================================
sub addtopic
if (len(session("uid")) > 1 and len(request.form("qshort")) > 2 and len(request.form("qdetail")) > 2) then
if (request.querystring("qid") > 0) then
sql = "insert into answers (qid,adate,ashort,adetail,aowner) values ("
sql = sql & request.querystring("qid") & ",'" & now() & "','"& request.form("qshort") &"','" & request.form("qdetail") &"','"& session("uid") &"')"
else
sql = "insert into questions (qdate,qshort,qdetail,qowner) values ('"
sql = sql & now() & "','"& request.form("qshort") &"','" & request.form("qdetail") &"','"& session("uid") &"')"
end if
connect.execute(sql)
response.write("<meta http-equiv=refresh content='0;url=?" & request.querystring &"'>")
response.write("<a href=?>Please wait or click here</a>")
response.end
end if
end sub
'================================================
sub member_listing
response.write("<b>Administration</b><br>Page : ")
max = maxofall
sql = "select * from questions order by qid desc "
rs.open sql,connect,1,3
tots = rs.recordcount
for i = 1 to 10
response.write(i & " ")
next
response.write("<br>")
if tots > 0 then
i = 1
do while not rs.eof and i <= max
response.write("<a href=?edit="&rs("qid")&">edit</a> <a href=?del="&rs("qid")&">del</a> ")
response.write(" :: <a href=?qid="&rs("qid")&">")
response.write(rs("qshort")&"</a> : "& rs("qowner") &" <font color=gray>" & rs("qdate") & "</font><br>")
rs.movenext
i = i + 1
loop
else
response.write(" :: ยังไม่มีข้อมูลในฐานข้อมูล<br>")
end if
response.end
end sub
'================================================
sub signup
header
if (request.form("process") = "Sign Up" and _
request.form("uid") <> "admin" and _
len(request.form("uid")) > 1 and _
len(request.form("upassword")) > 1 and _
len(request.form("udetail")) > 1 and _
request.form("upassword") = request.form("upassworda")) then
sql = "select * from users where uid = '"& request.form("uid") &"'"
rs.open sql,connect,3,3
tots = rs.recordcount
if (tots > 0) then
response.write("<center>มีคนใช้ " & request.form("uid") & " ไปแล้ว<br>")
response.write("Click <a href=?process=SignUp>Back</a> เพื่อเลือกชื่อใหม่")
response.end
end if
sql = "insert into users (udate,uid,upassword,udetail) values ('"
sql = sql & now() & "','"& request.form("uid") &"','" & request.form("upassword") &"','"& request.form("udetail") &"')"
connect.execute(sql)
response.write("<meta http-equiv=refresh content='0;url=?'>")
response.write("<a href=?>Please wait or click here</a>")
session("uid") = request.form("uid")
else
%><table bgcolor=#ffffdd><form action=? method=post name=signup>
<tr><td colspan=2 bgcolor=#ffffaa align=center><font size=6 face=impact>SIGN UP</font></td></tr>
<tr><td>User Name</td><td><input name=uid> เช่น romeo</td></tr>
<tr><td>Password</td><td><input name=upassword type=password> เช่น superman</td></tr>
<tr><td>Password(again)</td><td><input name=upassworda type=password> เช่น superman</td></tr>
<tr><td>Detail<br>เช่น อีเมล ที่อยู่ หรือหน่วยงาน</td><td><textarea name=udetail rows=10 cols=60></textarea></td></tr>
<tr><td colspan=2 bgcolor=#ffffaa align=center><input type=submit name=process value='Sign Up'>
<br>สมัครแล้วใช้งานได้เลย ไม่มีการ confirm ผ่าน email หรือตรวจสอบใด ๆ อีก
<br>แต่ท่านต้องกรอกข้อมูล 4 ช่องด้านบนให้ครบถ้วน .. เท่านั้น
</td></tr></form></table>
<% end if
response.end
end sub
'================================================
sub deleteuser
header
sql = "select * from users where uid = '"& request.querystring("uid") &"'"
rs.open sql,connect,3,3
tots = rs.recordcount
if (tots = 0) then
response.write("<center>ไม่พบข้อมูลที่ต้องการลบ<br>Click <a href=?process=Users>Back</a>")
response.end
end if
sql = "delete from users where uid = '"& request.querystring("uid") & "'"
connect.execute(sql)
sql = "delete from questions where qowner = '"& request.querystring("uid") & "'"
connect.execute(sql)
sql = "delete from answers where aowner = '"& request.querystring("uid") & "'"
connect.execute(sql)
response.write("<meta http-equiv=refresh content='0;url=?process=Users'>")
response.write("<a href=?process=Users>Please wait or click here</a>")
response.end
end sub
'================================================
sub users
header
headeru
if (len(request.querystring("uid")) > 0) then
sql = "select * from users where uid = '"& request.querystring("uid") &"'"
else
sql = "select * from users order by udate desc"
end if
rs.open sql,connect,3,3
response.write("<table width=600 align=center><td>")
do while not rs.eof
response.write("<b>" & rs("uid") & "</b> " &rs("udate"))
if (len(request.querystring("uid")) = 0) then
response.write(" [ <a href=?process=DeleteUser&uid="& rs("uid") & ">del</a> : ")
response.write("<a href=?process=Users&uid="& rs("uid") & ">edit</a> ]")
end if
if (len(request.querystring("uid")) > 0) then
if (session("uid") = "admin") then
response.write("<form action='' method=post name=useredit><b>Edit</b><br><input type=hidden name=eid value=" & request.querystring("uid") & ">")
response.write("<textarea name=udetail cols=80 rows=10>" & rs("udetail"))
response.write("</textarea><br><input type=submit name=process value='User Edit'></form>")
else
response.write("<ul><pre>" & rs("udetail"))
response.write("</pre></ul>")
end if
end if
rs.movenext
i = i + 1
response.write("<br>")
loop
response.write("</td></table>")
response.end
end sub
'================================================
sub useredit
if (len(request.form("udetail")) > 0 and len(request.form("eid")) > 0) then
sql = "update users set udetail = '" & request.form("udetail") &"' where uid = '"& request.form("eid") & "'"
connect.execute(sql)
end if
response.write("<meta http-equiv=refresh content='0;url=?'>")
response.write("<a href=?>Please wait or click here</a>")
response.end
end sub
'================================================
sub info
header
sql = "select * from users where uid = '"& session("uid") &"'"
rs.open sql,connect,3,3
tots = rs.recordcount
if (tots = 0) then
response.write("ปัญหานี้ไม่น่าเกิดขึ้น<br>Click <a href=?>Back</a>")
response.end
end if
%><table bgcolor=#ffffdd><form action=? method=post>
<tr><td colspan=2 bgcolor=#ffdddd align=center><font size=6 face=impact>USER INFORMATION</font></td></tr>
<tr><td>User Name</td><td><font size=6><%=rs("uid") %></font></td></tr>
<tr bgcolor=#ddffdd><td>Old Password</td><td><input name=upassword type=password> ถ้าต้องการแก้ไขข้อมูลต้องกรอกรหัสเดิมให้ถูกต้อง</td></tr>
<tr><td>Detail<br>เช่น อีเมล ที่อยู่ หรือหน่วยงาน</td><td><textarea name=udetail rows=10 cols=60><%=rs("udetail") %></textarea></td></tr>
<tr bgcolor=#ddffff><td>New Password</td><td><input name=npassword type=password> ถ้าไม่เปลี่ยนรหัสผ่าน ไม่ต้องกรอก</td></tr>
<tr bgcolor=#ddffff><td>New Password(again)</td><td><input name=npassworda type=password> ถ้าไม่เปลี่ยนรหัสผ่าน ไม่ต้องกรอก</td></tr>
<tr><td colspan=2 bgcolor=#ffdddd align=center><input type=submit name=process value='Change Information'>
</td></tr></form></table>
<%
response.end
end sub
'================================================
sub changeinformation
header
sql = "select * from users where uid = '"& session("uid") &"' and upassword = '"& request.form("upassword") & "'"
rs.open sql,connect,3,3
tots = rs.recordcount
if (tots = 0) then
response.write("<center>ไม่สามารถตรวจสอบข้อมูลของท่าน .. อีกครั้ง<br>ท่านอาจพิมพ์รหัสผ่านเดิมไม่ถูกต้อง<br>Click <a href=?>Back</a>")
response.end
end if
if (request.form("npassword") <> request.form("npassworda") or len(request.form("npassword")) < 1) then
sql = "update users set udetail = '" & request.form("udetail") &"' where uid = '"& session("uid") & "' and upassword = '"& request.form("upassword") & "'"
else
sql = "update users set udetail = '" & request.form("udetail") &"', upassword = '"& request.form("npassword") &"' where uid = '"& session("uid") & "' and upassword = '"& request.form("upassword") & "'"
end if
connect.execute(sql)
response.write("<meta http-equiv=refresh content='0;url=?'>")
response.write("<a href=?>Please wait or click here</a>")
response.end
end sub
'================================================
sub help
header
headeru %>
<ol><font size=6>FAQs : Frequently Asked Questions</font>
<li><b>รหัสสำหรับทดสอบ ใช้งาน หรือ ดูแลระบบ</b>
<dd>user: admin password: p
<dd>user: cpsc password: cpsc
<dd>user: bio password: bio
<li><b>โปรแกรมชุดนี้มีแฟ้มเกี่ยวข้อง 2 แฟ้ม</b>
<dd>1. webboard.asp ซึ่งถูกเปลี่ยนชื่อเป็นอะไรก็ได้เช่น default.asp หรือ index.asp เป็นต้น
<dd>2. boardx.mdb ทำหน้าที่ เก็บข้อมูล และเปลี่ยนชื่อเป็นอะไรก็ได้ แต่ต้องเข้าไปแก้ webboard.asp ด้วย
<li><b>ความสามารถของโปรแกรม</b>
<dd>- มีระบบสมาชิก ที่ได้สิทธิการเป็นสมาชิกทันที โดยไม่ต้องยืนยัน
<dd>- ลบสมาชิก แล้วจะลบกระทู้ทั้งหมดของสมาชิก
<dd>- admin ลบสมาชิก กระทู้ส่วนตอบ และกระทู้ส่วนคำถาม ได้
<dd>- สืบค้นกระทู้ จากหัวข้อ และรายละเอียดได้
<dd>- แสดงจำนวนผู้อ่าน และเขียน แต่ละกระทู้
<li><b>Download แฟ้มข้อมูลมาทดสอบ</b>
<dd>- <a href=http://www.thaiall.com/asp/boardx.mdb>http://www.thaiall.com/asp/boardx.mdb</a> 100 KB
<dd>- <a href=http://thaiall.thailandhosting.net/asp/boardx.mdb>http://thaiall.thailandhosting.net/asp/boardx.mdb</a> 100 KB
<dd>- <a href=http://www.yonok.ac.th/burin/boardx/boardx.mdb>http://www.yonok.ac.th/burin/boardx/boardx.mdb</a> 100 KB
<li><b>ทดสอบโปรแกรมแบบ Online</b>
<dd>- <a href=http://www.yonok.ac.th/burin/boardx/webboard.asp>http://www.yonok.ac.th/burin/boardx/webboard.asp</a>
<dd>- <a href=http://thaiall.thailandhosting.net/asp/webboard.asp>thaiall.thailandhosting.net/asp/webboard.asp</a>
<li><b>รุ่นปัจจุบันเป็นรุ่นใด</b>
<dd>รุ่น 1.0a
</ol>
<% response.end
end sub
'================================================
%>