|
<% '############################################################################## '# webboard.asp Version : 1.0a # '# Public : Mr.Burin Rujjanapan e-mail : webmaster@thaiall.com # '# Last Modified : 2549-02-17 # '# Created : 2549-02-06 # '# Required : boardx.mdb # '# Download : http://www.thaiall.com/asp # '############################################################################## admin_password = "p" title = "โปรแกรมกระดานข่าว สำหรับนักเรียน และครู (Webboard for Students)" maxofall = 10 tbwidth = "width=780 align=center " tbwidthdata = "width=760 align=center " bg1 = "#ddffdd" bg2 = "#ffffdd" db = "boardx.mdb" '================================================ if len(request.querystring("page")) > 0 then page = request.querystring("page") else page = 1 dim connect, rs, sql, max, i, tots, maxofall set connect = server.createobject("ADODB.Connection") set rs = server.createobject("ADODB.recordset") connect.open("DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath(db)) if request.form("process") = "User Edit" and session("uid") = "admin" then useredit if request.form("process") = "AddTopic" then addtopic if request.form("process") = "Sign In" and len(request.form("uid")) > 1 then signin if request.form("process") = "Sign Up" then signup if request.form("process") = "Change Information" and len(session("uid")) > 1 then changeinformation if request.querystring("process") = "Delete" and session("uid") = "admin" then deletetopic if request.querystring("process") = "SignUp" then signup if request.querystring("process") = "Info" then info if request.querystring("process") = "Help" then help if request.querystring("process") = "Users" then users if request.querystring("process") = "DeleteUser" and session("uid") = "admin" then deleteuser if request.querystring("process") = "SignOut" then session("uid") = "" response.write("<meta http-equiv=refresh content='0;url=?'>") response.write("<a href=?>Please wait or click here</a>") else header headeru %> <table <%=tbwidth %> border=0 cellpadding=0 cellspacing=0><tr><td> <% if (request.querystring("max") = 0) then max = maxofall else max = request.querystring("max") if len(request.querystring("qid")) > 0 then sql = "select * from questions where qid=" & request.querystring("qid") rs.open sql,connect,3,3 tots = rs.recordcount if tots > 0 then response.write("<table " & tbwidth &" border=0 cellpadding=0 cellspacing=0 bgcolor=#444444>") response.write("<tr><td width=50 align=right><font color=white size=4>หัวข้อ :</td><td bgcolor=#ffffdd><font color=blue size=4>"&rs("qshort")&"</font></td></tr></table>") response.write("<table width=100% border=0 cellpadding=0 cellspacing=0 bgcolor=#ffffdd><tr><td width=5></td><td colspan=2 bgcolor=white>") response.write("<table width=100% height=100% border=0 cellpadding=1 cellspacing=1 bgcolor=#dddddd><td bgcolor=white><font size=4><ul><pre>") response.write(rs("qdetail")&"</pre></ul></td></table>") response.write("</td></tr>") response.write("<tr bgcolor=#808080><td colspan=3 align=right><font color=white>Posted : "& rs("qdate")) if (session("uid") = "admin") then response.write(" [ <a href=?process=Delete&qid=" & request.querystring("qid") &">del</a> ]") response.write("</td></tr></table>") cntread = rs("cntread") + 1 rs.close sql = "select * from answers where qid=" & request.querystring("qid") & " order by aid desc" rs.open sql,connect,3,3 tots = rs.recordcount i = 1 do while not rs.eof and i <= max response.write("<table " & tbwidth & "><tr bgcolor=#dddddd><td width=5>::</td><td>"& rs("ashort") & "<font color=gray> (" & rs("adate")&" : "& rs("aowner") ) if (session("uid") = "admin") then response.write(" : <a href=?process=Delete&qid=" & request.querystring("qid") &"&aid=" & rs("aid") &">del</a>") response.write(")</font></td></tr><tr bgcolor=#ffffdd><td bgcolor=white> </td><td>") response.write("<pre>" & rs("adetail")&"</pre></td></tr></table>") rs.movenext i = i + 1 loop if (session("read") <> request.querystring("qid")) then sql = "update questions set cntread = " & cntread &" where qid = "& request.querystring("qid") connect.execute(sql) end if session("read") = request.querystring("qid") else response.write("<br>ขอโทษ และโปรดติดต่อเจ้าหน้าที่ ที่เกี่ยวข้อง<br>เพราะไม่พบข้อมูลที่ท่านต้องการ") response.write("<br>เหตุการณ์แบบนี้ไม่น่าเกิดขึ้น .. ข้อมูลที่ท่านต้องการอาจหมดอายุ") end if else sql = "select * from queswrite order by qid desc" displaynews end if response.write("</td></tr></table>") footer end if '================================================ sub displaynews set rs = server.createobject("ADODB.recordset") rs.open sql,connect,1,3 tots = rs.recordcount if tots > 0 then tpage = tots / max if (tots mod max) > 0 then tpage = tpage + 1 response.write("<table " & tbwidth &" bgcolor=#dddddd border=0 cellspacing=0 cellpadding=0>") response.write("<form action=?>") response.write("<td>Page : ") getkey = request.querystring("q") for n = 1 to tpage response.write(" <a href='?page=" & n) response.write("'>" & n & "</a> | ") next response.write("Total Topics : " & tots) response.write("</td><td align=right>Topic Search <input name=q value='"& getkey &"'><input type=submit value=go>") response.write("</td></form></table>") i = 1 j = 1 response.write("<table " & tbwidthdata & ">") bg = bg1 do while not rs.eof and (j <= max or len(getkey) > 0) q = 0 if len(getkey) > 0 and instr(lcase(rs("qshort")),lcase(getkey)) > 0 then q = 1 if len(getkey) > 0 and instr(lcase(rs("qdetail")),lcase(getkey)) > 0 then q = 1 if (len(getkey) > 0 and q = 1) or (q = 0 and len(getkey) = 0) then if (i <= (page * max) and i > (page - 1) * max) or (q = 1) then if (bg = bg1) then bg = bg2 else bg = bg1 response.write("<tr bgcolor=" & bg & "><td>:: <a href=?qid="&rs("qid")&">") response.write(rs("qshort")&"</a></td><td>") if (len(session("uid")) > 0 and rs("qowner") <> "admin") then response.write("<a href=?process=Users&uid="&rs("qowner")&">" &rs("qowner")& "</a>") else response.write(rs("qowner")) response.write("</td><td><font color=gray>" & rs("qdate") & "</font></td><td><font color=red>r:" & rs("cntread") & "</font>") response.write(" <font color=brown>w:" & rs("cntwrite") & "</font></td></tr>") j = j + 1 end if end if i = i + 1 rs.movenext loop response.write("</table>") if (j = 1) then response.write("<center>Not Found") else response.write(" :: ยังไม่มีข้อมูลในฐานข้อมูล<br>") end if end sub '================================================ sub mainnews max = maxofall sql = "select * from questions order by qid desc " displaynews end sub '================================================ sub signin if (request.form("uid") = "admin" and request.form("upassword") = admin_password) then session("uid") = "admin" else sql = "select * from users where uid = '"& request.form("uid") &"' and upassword = '"&request.form("upassword") &"'" rs.open sql,connect,1,3 tots = rs.recordcount if tots > 0 then session("uid") = request.form("uid") end if end sub '================================================ sub header %> <html><head><title><%=title %></title> <meta http-equiv=content-type content="text/html; charset=windows-874"> <style type="text/css"> body,td{scrollbar-base-color:red;scrollbar-arrow-color:white;font-family:microsoft sans serif;font-size:10pt;color:black;} a:link{COLOR:#0000ff;TEXT-DECORATION:none;font-family:microsoft sans serif;} a:visited{COLOR:#000080;TEXT-DECORATION:none;font-family:microsoft sans serif;} a:hover{COLOR:#008080;TEXT-DECORATION:underline;font-family:microsoft sans serif;} input{background:#ddffff;COLOR:black;font-family:microsoft sans serif;} textarea{background:#ddffff;COLOR:black;font-family:microsoft sans serif;} </style> </head><body topmargin=0 leftmargin=0> <table <%=tbwidth %> border=0 bgcolor=black cellpadding=0 cellspacing=0> <tr bgcolor=#444444><td width=70% ><font color=#aaaaaa><%=title %> </td><td width=30% align=right><font color=gray> <a href=?><font color=#ddffdd>Home</font></a> | <a href=?process=SignUp><font color=#ddffdd>Sign Up</font></a> | <a href=?process=Help><font color=#ddffdd>Help</font></a> <% if (session("uid") = "admin") then %> | <a href=?process=Users><font color=#ddffdd>Users</font></a> <% end if %> </td></tr></table> <% end sub '================================================ sub headeru %> <table <%=tbwidth %> border=0 bgcolor=#666666 cellpadding=0 cellspacing=0> <tr><form action='' method=post name=login><td><font color=white face=fixedsys> <% if (len(session("uid")) > 0) then response.write("Username : " & session("uid")) if (session("uid") <> "admin") then response.write(" [ <a href=?process=Info><font color=#ffdddd>User Information</font></a> ]") response.write("</td><td color=#ddffff align=right><a href=?process=SignOut><font color=yellow>Sign Out</font></a>") else %> Username : <input name=uid size=10> Password : <input name=upassword type=password size=10> <input type=submit name=process value='Sign In'> <% end if response.write("</td></form></tr></table>") end sub '================================================ sub footer connect.close set rs = nothing set connect = nothing if (len(session("uid")) <> 0) then %> <table <%=tbwidth %> border=0><td width=5 bgcolor=#aaaaaa></td><td bgcolor=#dddddd> <form action='' method=post><input type=hidden name=process value=AddTopic> <% if (request.querystring("qid") = 0) then t = "เพิ่มกระทู้ใหม่" else t = "ตอบกระทู้นี้" response.write("<b>" & t & "</b>") %> <br><input name=qshort size=40> <input type=submit value=ส่งความคิดเห็น> <br><textarea name=qdetail cols=70 rows=5 wrap=off></textarea> </form> </td><td width=5 bgcolor=#aaaaaa></td></table> <hr <%=tbwidth %> color=gray> <% end if response.write("</body></html>") end sub '================================================ sub deletetopic if (len(request.querystring("qid")) > 1) then if (request.querystring("aid") > 0) then sql = "delete from answers where aid = "& request.querystring("aid") & " and qid = "& request.querystring("qid") connect.execute(sql) response.write("<meta http-equiv=refresh content='0;url=?qid="& request.querystring("qid") &"'>") else sql = "delete from answers where qid = "& request.querystring("qid") connect.execute(sql) sql = "delete from questions where qid = "& request.querystring("qid") connect.execute(sql) response.write("<meta http-equiv=refresh content='0;url=?'>") end if response.write("<a href=?>Please wait or click here</a>") response.end end if end sub '================================================ sub addtopic if (len(session("uid")) > 1 and len(request.form("qshort")) > 2 and len(request.form("qdetail")) > 2) then if (request.querystring("qid") > 0) then sql = "insert into answers (qid,adate,ashort,adetail,aowner) values (" sql = sql & request.querystring("qid") & ",'" & now() & "','"& request.form("qshort") &"','" & request.form("qdetail") &"','"& session("uid") &"')" else sql = "insert into questions (qdate,qshort,qdetail,qowner) values ('" sql = sql & now() & "','"& request.form("qshort") &"','" & request.form("qdetail") &"','"& session("uid") &"')" end if connect.execute(sql) response.write("<meta http-equiv=refresh content='0;url=?" & request.querystring &"'>") response.write("<a href=?>Please wait or click here</a>") response.end end if end sub '================================================ sub member_listing response.write("<b>Administration</b><br>Page : ") max = maxofall sql = "select * from questions order by qid desc " rs.open sql,connect,1,3 tots = rs.recordcount for i = 1 to 10 response.write(i & " ") next response.write("<br>") if tots > 0 then i = 1 do while not rs.eof and i <= max response.write("<a href=?edit="&rs("qid")&">edit</a> <a href=?del="&rs("qid")&">del</a> ") response.write(" :: <a href=?qid="&rs("qid")&">") response.write(rs("qshort")&"</a> : "& rs("qowner") &" <font color=gray>" & rs("qdate") & "</font><br>") rs.movenext i = i + 1 loop else response.write(" :: ยังไม่มีข้อมูลในฐานข้อมูล<br>") end if response.end end sub '================================================ sub signup header if (request.form("process") = "Sign Up" and _ request.form("uid") <> "admin" and _ len(request.form("uid")) > 1 and _ len(request.form("upassword")) > 1 and _ len(request.form("udetail")) > 1 and _ request.form("upassword") = request.form("upassworda")) then sql = "select * from users where uid = '"& request.form("uid") &"'" rs.open sql,connect,3,3 tots = rs.recordcount if (tots > 0) then response.write("<center>มีคนใช้ " & request.form("uid") & " ไปแล้ว<br>") response.write("Click <a href=?process=SignUp>Back</a> เพื่อเลือกชื่อใหม่") response.end end if sql = "insert into users (udate,uid,upassword,udetail) values ('" sql = sql & now() & "','"& request.form("uid") &"','" & request.form("upassword") &"','"& request.form("udetail") &"')" connect.execute(sql) response.write("<meta http-equiv=refresh content='0;url=?'>") response.write("<a href=?>Please wait or click here</a>") session("uid") = request.form("uid") else %><table bgcolor=#ffffdd><form action=? method=post name=signup> <tr><td colspan=2 bgcolor=#ffffaa align=center><font size=6 face=impact>SIGN UP</font></td></tr> <tr><td>User Name</td><td><input name=uid> เช่น romeo</td></tr> <tr><td>Password</td><td><input name=upassword type=password> เช่น superman</td></tr> <tr><td>Password(again)</td><td><input name=upassworda type=password> เช่น superman</td></tr> <tr><td>Detail<br>เช่น อีเมล ที่อยู่ หรือหน่วยงาน</td><td><textarea name=udetail rows=10 cols=60></textarea></td></tr> <tr><td colspan=2 bgcolor=#ffffaa align=center><input type=submit name=process value='Sign Up'> <br>สมัครแล้วใช้งานได้เลย ไม่มีการ confirm ผ่าน email หรือตรวจสอบใด ๆ อีก <br>แต่ท่านต้องกรอกข้อมูล 4 ช่องด้านบนให้ครบถ้วน .. เท่านั้น </td></tr></form></table> <% end if response.end end sub '================================================ sub deleteuser header sql = "select * from users where uid = '"& request.querystring("uid") &"'" rs.open sql,connect,3,3 tots = rs.recordcount if (tots = 0) then response.write("<center>ไม่พบข้อมูลที่ต้องการลบ<br>Click <a href=?process=Users>Back</a>") response.end end if sql = "delete from users where uid = '"& request.querystring("uid") & "'" connect.execute(sql) sql = "delete from questions where qowner = '"& request.querystring("uid") & "'" connect.execute(sql) sql = "delete from answers where aowner = '"& request.querystring("uid") & "'" connect.execute(sql) response.write("<meta http-equiv=refresh content='0;url=?process=Users'>") response.write("<a href=?process=Users>Please wait or click here</a>") response.end end sub '================================================ sub users header headeru if (len(request.querystring("uid")) > 0) then sql = "select * from users where uid = '"& request.querystring("uid") &"'" else sql = "select * from users order by udate desc" end if rs.open sql,connect,3,3 response.write("<table width=600 align=center><td>") do while not rs.eof response.write("<b>" & rs("uid") & "</b> " &rs("udate")) if (len(request.querystring("uid")) = 0) then response.write(" [ <a href=?process=DeleteUser&uid="& rs("uid") & ">del</a> : ") response.write("<a href=?process=Users&uid="& rs("uid") & ">edit</a> ]") end if if (len(request.querystring("uid")) > 0) then if (session("uid") = "admin") then response.write("<form action='' method=post name=useredit><b>Edit</b><br><input type=hidden name=eid value=" & request.querystring("uid") & ">") response.write("<textarea name=udetail cols=80 rows=10>" & rs("udetail")) response.write("</textarea><br><input type=submit name=process value='User Edit'></form>") else response.write("<ul><pre>" & rs("udetail")) response.write("</pre></ul>") end if end if rs.movenext i = i + 1 response.write("<br>") loop response.write("</td></table>") response.end end sub '================================================ sub useredit if (len(request.form("udetail")) > 0 and len(request.form("eid")) > 0) then sql = "update users set udetail = '" & request.form("udetail") &"' where uid = '"& request.form("eid") & "'" connect.execute(sql) end if response.write("<meta http-equiv=refresh content='0;url=?'>") response.write("<a href=?>Please wait or click here</a>") response.end end sub '================================================ sub info header sql = "select * from users where uid = '"& session("uid") &"'" rs.open sql,connect,3,3 tots = rs.recordcount if (tots = 0) then response.write("ปัญหานี้ไม่น่าเกิดขึ้น<br>Click <a href=?>Back</a>") response.end end if %><table bgcolor=#ffffdd><form action=? method=post> <tr><td colspan=2 bgcolor=#ffdddd align=center><font size=6 face=impact>USER INFORMATION</font></td></tr> <tr><td>User Name</td><td><font size=6><%=rs("uid") %></font></td></tr> <tr bgcolor=#ddffdd><td>Old Password</td><td><input name=upassword type=password> ถ้าต้องการแก้ไขข้อมูลต้องกรอกรหัสเดิมให้ถูกต้อง</td></tr> <tr><td>Detail<br>เช่น อีเมล ที่อยู่ หรือหน่วยงาน</td><td><textarea name=udetail rows=10 cols=60><%=rs("udetail") %></textarea></td></tr> <tr bgcolor=#ddffff><td>New Password</td><td><input name=npassword type=password> ถ้าไม่เปลี่ยนรหัสผ่าน ไม่ต้องกรอก</td></tr> <tr bgcolor=#ddffff><td>New Password(again)</td><td><input name=npassworda type=password> ถ้าไม่เปลี่ยนรหัสผ่าน ไม่ต้องกรอก</td></tr> <tr><td colspan=2 bgcolor=#ffdddd align=center><input type=submit name=process value='Change Information'> </td></tr></form></table> <% response.end end sub '================================================ sub changeinformation header sql = "select * from users where uid = '"& session("uid") &"' and upassword = '"& request.form("upassword") & "'" rs.open sql,connect,3,3 tots = rs.recordcount if (tots = 0) then response.write("<center>ไม่สามารถตรวจสอบข้อมูลของท่าน .. อีกครั้ง<br>ท่านอาจพิมพ์รหัสผ่านเดิมไม่ถูกต้อง<br>Click <a href=?>Back</a>") response.end end if if (request.form("npassword") <> request.form("npassworda") or len(request.form("npassword")) < 1) then sql = "update users set udetail = '" & request.form("udetail") &"' where uid = '"& session("uid") & "' and upassword = '"& request.form("upassword") & "'" else sql = "update users set udetail = '" & request.form("udetail") &"', upassword = '"& request.form("npassword") &"' where uid = '"& session("uid") & "' and upassword = '"& request.form("upassword") & "'" end if connect.execute(sql) response.write("<meta http-equiv=refresh content='0;url=?'>") response.write("<a href=?>Please wait or click here</a>") response.end end sub '================================================ sub help header headeru %> <ol><font size=6>FAQs : Frequently Asked Questions</font> <li><b>รหัสสำหรับทดสอบ ใช้งาน หรือ ดูแลระบบ</b> <dd>user: admin password: p <dd>user: cpsc password: cpsc <dd>user: bio password: bio <li><b>โปรแกรมชุดนี้มีแฟ้มเกี่ยวข้อง 2 แฟ้ม</b> <dd>1. webboard.asp ซึ่งถูกเปลี่ยนชื่อเป็นอะไรก็ได้เช่น default.asp หรือ index.asp เป็นต้น <dd>2. boardx.mdb ทำหน้าที่ เก็บข้อมูล และเปลี่ยนชื่อเป็นอะไรก็ได้ แต่ต้องเข้าไปแก้ webboard.asp ด้วย <li><b>ความสามารถของโปรแกรม</b> <dd>- มีระบบสมาชิก ที่ได้สิทธิการเป็นสมาชิกทันที โดยไม่ต้องยืนยัน <dd>- ลบสมาชิก แล้วจะลบกระทู้ทั้งหมดของสมาชิก <dd>- admin ลบสมาชิก กระทู้ส่วนตอบ และกระทู้ส่วนคำถาม ได้ <dd>- สืบค้นกระทู้ จากหัวข้อ และรายละเอียดได้ <dd>- แสดงจำนวนผู้อ่าน และเขียน แต่ละกระทู้ <li><b>Download แฟ้มข้อมูลมาทดสอบ</b> <dd>- <a href=http://www.thaiall.com/asp/boardx.mdb>http://www.thaiall.com/asp/boardx.mdb</a> 100 KB <dd>- <a href=http://thaiall.thailandhosting.net/asp/boardx.mdb>http://thaiall.thailandhosting.net/asp/boardx.mdb</a> 100 KB <dd>- <a href=http://www.yonok.ac.th/burin/boardx/boardx.mdb>http://www.yonok.ac.th/burin/boardx/boardx.mdb</a> 100 KB <li><b>ทดสอบโปรแกรมแบบ Online</b> <dd>- <a href=http://www.yonok.ac.th/burin/boardx/webboard.asp>http://www.yonok.ac.th/burin/boardx/webboard.asp</a> <dd>- <a href=http://thaiall.thailandhosting.net/asp/webboard.asp>thaiall.thailandhosting.net/asp/webboard.asp</a> <li><b>รุ่นปัจจุบันเป็นรุ่นใด</b> <dd>รุ่น 1.0a </ol> <% response.end end sub '================================================ %> |