<%
' Fruibile - L'elemento CMS Open Source che mancava
' Copyright (C) 2002-2006 Roberto Scano
'
' Licensed under the terms of the GNU Lesser General Public License:
' http://www.opensource.org/licenses/lgpl-license.php
'
' For further information visit:
' http://www.fruibile.it/
'
' File Author:
' Roberto Scano (mail@robertoscano.info)
%>
<%
'controllo sicurezza --------------
if Session("WEBGODLogin") <> "W3C_VALIDATOR" then
If session("manutenzione")<> 1 Then
response.Redirect "/backoffice/noentry.asp"
end if
end if
'----------------------------------
'Prevent your website from cross website attacks ---------
refererUrl = Cstr(Request.ServerVariables("HTTP_REFERER"))
serverName = Cstr(Request.ServerVariables("SERVER_NAME"))
refererName = mid(refererUrl,8,len(serverName))
if refererName <> serverName then
response.Redirect "/backoffice/noentry.asp"
response.end
end if
'---------------------------------------------------------
%>
<%
percorso = " " & DICLanguage(85)
%>
<%
ManuId = Trim(replace(Request("CatId"),"'","''"))
lingua = split(Session("editlanguage"),",")
if request("lastpage") <> "" then
Session("lastpage") = request("lastpage")
else
Session("lastpage") = Request.ServerVariables("HTTP_REFERER")
end if
'Imposta la funzione da utilizzare
If Request("Update") <> "" Then
strfunction = "Update"
Elseif Request("Delete") <> "" Then
strfunction = "Deletewait"
Elseif Request("Deleteok") <> "" Then
strfunction = "Delete"
Elseif Request("Add") <> "" Then
strfunction = "addmanu"
Elseif Request("Back") <> "" then
response.redirect Session("lastpage")
End If
Function DeleteManu (ManuID)
Set RSdel = Server.CreateObject("ADODB.Recordset")
sql = "DELETE FROM " & application("prefix") & "modelli_css WHERE Id = " & ManuID
SET RSdel = conn.execute(sql)
SET RSdel = nothing
Set RSdel = Server.CreateObject("ADODB.Recordset")
sql = "DELETE FROM " & application("prefix") & "modelli_css_allegati WHERE cssId = " & ManuID
SET RSdel = conn.execute(sql)
SET RSdel = nothing
End Function
Function UpdateManu (ManuID)
Dim strSQL, rs
If Request("titolo") = "" Then
UpdateManu = -1
Else
Set objRS2 = Server.CreateObject("ADODB.Recordset")
sql = "select * FROM " & application("prefix") & "modelli_css WHERE Id = " & ManuID
objRS2.open sql, conn, adOpenStatic, adLockOptimistic
If objRS2.EOF AND objRS2.BOF then
UpdateManu = -10
else
rs_titolo = "'" & FixMySQL(Request("titolo")) & "'"
rs_descrizione = "'" & FixMySQL(Request("descrizione")) & "'"
rs_type_all = "'" & FixMySQL(Request("type_all")) & "'"
rs_type_aural = "'" & FixMySQL(Request("type_aural")) & "'"
rs_type_braille = "'" & FixMySQL(Request("type_braille")) & "'"
rs_type_embossed = "'" & FixMySQL(Request("type_embossed")) & "'"
rs_type_handheld = "'" & FixMySQL(Request("type_handheld")) & "'"
rs_type_print = "'" & FixMySQL(Request("type_print")) & "'"
rs_type_projection = "'" & FixMySQL(Request("type_projection")) & "'"
rs_type_screen = "'" & FixMySQL(Request("type_screen")) & "'"
rs_type_tty = "'" & FixMySQL(Request("type_tty")) & "'"
rs_type_tv = "'" & FixMySQL(Request("type_tv")) & "'"
If lcase(Request("visibile")) = "on" Then
rs_visibile = 1
else
rs_visibile = 0
End If
rs_lastuserid = "'" & Session("WEBGODLogin") & "'"
rs_lastlogin = strDataOra
rs_lastIP = "'" & Request.ServerVariables("REMOTE_ADDR") & "'"
strSQL = "UPDATE " & application("prefix") & "modelli_css set titolo=" & rs_titolo & ", descrizione=" & rs_descrizione & ",validato=0" & ",visibile=" & rs_visibile & ",lastuserid=" & rs_lastuserid & ",lastlogin=" & rs_lastlogin & ",lastip=" & rs_lastip & " where id=" & ManuID
set rs = Conn.execute(strSQL)
set rs = nothing
For ia = 1 to cint(Application("MAXITEMS"))
upddescrizioni = null
descrizioni = null
testodescrizioni = null
for j=LBound(lingua) to UBound(lingua)
upddescrizioni = upddescrizioni & "title_" & lingua(j) & "='" & FixMySQL((Request("Bantitle_" & lingua(j)& ia))) & "',"
descrizioni = descrizioni & "title_" & lingua(j) & ","
testodescrizioni = testodescrizioni & "'" & FixMySQL((Request("Bantitle_" & lingua(j)& ia))) & "',"
next
if request("BanAlt" & ia) = "yes" then
rs_alternate = 1
else
rs_alternate = 0
end if
If len(Request("BanNew" & ia)) > 2 Then
If Request("BanDesc" & ia) <> "" Then
strSQL = "INSERT INTO " & application("prefix") & "modelli_css_allegati (cssid,mediatype,validato,posizione,alternate,comments,content," & descrizioni & "lastuserid,lastlogin,lastip) VALUES (" & manuID & "," & request("BanMed" & ia) & ",0" & "," & request("BanPos" & ia) & "," & rs_alternate & ",'" & FixMySQL(request("BanCom" & ia)) & "','" & FixMySQL(request("BanDesc" & ia)) & "'," & testodescrizioni & rs_lastuserid & "," & rs_lastlogin & "," & rs_lastip & ")"
set Oprs = conn.Execute (strSQL)
set Oprs = nothing
end if
else ' se si aggiorna....
If Request("BanDel" & ia) = "yes" Then
'Elimina il riferimento all'allegato
strSQL = "DELETE FROM " & application("prefix") & "modelli_css_allegati WHERE Id = " & Request("BanId" & ia)
set Oprs = conn.Execute (strSQL)
set Oprs = nothing
else
If Request("BanDesc" & ia) <> "" Then
strSQL = "UPDATE " & application("prefix") & "modelli_css_allegati set "& upddescrizioni & "mediatype=" & request("BanMed" & ia) & ", posizione=" & request("BanPos" & ia) & ",alternate=" & rs_alternate & ", comments='" & FixMySQL(request("BanCom" & ia)) & "', content='" & FixMySQL(request("BanDesc" & ia)) & "', validato=0,lastuserid=" & rs_lastuserid & ",lastlogin=" & rs_lastlogin & ",lastip=" & rs_lastip & " where id=" & Request("BanId" & ia)
set Oprs = conn.Execute (strSQL)
set Oprs = nothing
end if
end if
end if
next
end if
objRS2.close
set objrs2 = nothing
End If
End Function
Function AddManu (ManuID)
If Request("titolo") = "" Then
AddManu = -1
Else
Set objRS2 = Server.CreateObject("ADODB.Recordset")
sql = "select * FROM " & application("prefix") & "modelli_css WHERE titolo = '" & FixMySQL(request("Titolo")) & "'"
objRS2.open sql, conn, adOpenStatic, adLockOptimistic
If objRS2.EOF AND objRS2.BOF then
rs_titolo = "'" & FixMySQL(Request("titolo")) & "'"
rs_descrizione = "'" & FixMySQL(Request("descrizione")) & "'"
rs_type_all = "'" & FixMySQL(Request("type_all")) & "'"
rs_type_aural = "'" & FixMySQL(Request("type_aural")) & "'"
rs_type_braille = "'" & FixMySQL(Request("type_braille")) & "'"
rs_type_embossed = "'" & FixMySQL(Request("type_embossed")) & "'"
rs_type_handheld = "'" & FixMySQL(Request("type_handheld")) & "'"
rs_type_print = "'" & FixMySQL(Request("type_print")) & "'"
rs_type_projection = "'" & FixMySQL(Request("type_projection")) & "'"
rs_type_screen = "'" & FixMySQL(Request("type_screen")) & "'"
rs_type_tty = "'" & FixMySQL(Request("type_tty")) & "'"
rs_type_tv = "'" & FixMySQL(Request("type_tv")) & "'"
If lcase(Request("visibile")) = "on" Then
rs_visibile = 1
else
rs_visibile = 0
End If
rs_lastuserid = "'" & Session("WEBGODLogin") & "'"
rs_lastlogin = strDataOra
rs_lastIP = "'" & Request.ServerVariables("REMOTE_ADDR") & "'"
strSQL = "INSERT INTO " & application("prefix") & "modelli_css (titolo,descrizione,visibile,validato,lastuserid,lastlogin,lastip) VALUES (" & rs_titolo & "," & rs_descrizione & "," & rs_visibile & ",0" & "," & rs_lastuserid & "," & rs_lastlogin & "," & rs_lastip & ")"
'response.write strSQL
set rs = Conn.execute(strSQL)
set rs = nothing
sql = "select * FROM " & application("prefix") & "modelli_css WHERE titolo = " & rs_titolo & " and lastlogin=" & rs_lastlogin & aggiunta_sql
set rs = Conn.execute(SQL)
rs_bandoid = rs("id")
set rs = nothing
For ia = 1 to cint(Application("MAXITEMS"))
if request("BanAlt" & ia) = "yes" then
rs_alternate = 1
else
rs_alternate = 0
end if
upddescrizioni = null
descrizioni = null
testodescrizioni = null
for j=LBound(lingua) to UBound(lingua)
descrizioni = descrizioni & "title_" & lingua(j) & ","
testodescrizioni = testodescrizioni & "'" & FixMySQL((Request("Bantitle_" & lingua(j)& ia))) & "',"
next
If len(Request("BanNew" & ia)) > 2 Then
If Request("BanDesc" & ia) <> "" Then
strSQL = "INSERT INTO " & application("prefix") & "modelli_css_allegati (cssid,mediatype,validato,posizione,alternate,comments,content," & descrizioni & "lastuserid,lastlogin,lastip) VALUES (" & rs_bandoid & "," & request("BanMed" & ia) & ",0" & "," & request("BanPos" & ia) & "," & rs_alternate & ",'" & FixMySQL(request("BanCom" & ia)) & "','" & FixMySQL(request("BanDesc" & ia)) & "'," & testodescrizioni & rs_lastuserid & "," & rs_lastlogin & "," & rs_lastip & ")"
set Oprs = conn.Execute (strSQL)
set Oprs = nothing
end if
end if
next
else
addmanu = -10
end if
objrs2.close
Set objRS2 = nothing
end if
End Function
%>
<%=DICLanguage(85)%>
<%
if strfunction ="Deletewait" then%>
<%=replace(DICLanguage(311),"[TESTO]","'" & Request("titolo") & "'")%><%=DICLanguage(0)%> <%=DICLanguage(312)%>
<%=DICLanguage(86)%><%=DICLanguage(0)%>
<%=DICLanguage(7)%>
<%
Elseif strfunction = "Update" Then
rescode = UpdateManu(Request("CatId"))
If rescode < 0 Then
If rescode = -1 Then strError = "" & DICLanguage(11) & DICLanguage(0) & " " & DICLanguage(2) & "" & DICLanguage(0) & "
"
If rescode = -10 Then strError = "" & DICLanguage(12) & DICLanguage(0) & "
" & DICLanguage(2) & "" & DICLanguage(0) & "
"
%>
<%= strError %>
<% else %>
<%=replace(DICLanguage(89),"[MODELLO]","'" & Request("titolo") & "'")%><%=DICLanguage(0)%>
<%=DICLanguage(7)%>
<% End If
'-----------------------------------------------
' Funzione: Aggiunge nuovo record
'-----------------------------------------------
Elseif strfunction = "addmanu" Then
rescode = AddManu(ManuId)
If rescode < 0 Then
If rescode = -10 Then strError = "" & DICLanguage(15) & DICLanguage(0) & "
" & DICLanguage(2) & "" & DICLanguage(0) & "
"
If rescode = -1 Then strError = "" & DICLanguage(12) & DICLanguage(0) & " " & DICLanguage(2) & "" & DICLanguage(0) & "
"
%>
<%= strError %>
<% else %>
<%=replace(DICLanguage(91),"[MODELLO]","'" & Request("titolo") & "'")%><%=DICLanguage(0)%>
<% If Request.Form("addmore")<>"" Then %>
<% Else %>
<%=DICLanguage(7)%>
<% End If
End If
Else %>
<% End If %>