<% ' Fruibile - L'elemento CMS Open Source che mancava ' Copyright (C) 2002-2006 Roberto Scano ' ' Licensed under the terms of the GNU Lesser General Public License: ' http://www.opensource.org/licenses/lgpl-license.php ' ' For further information visit: ' http://www.fruibile.it/ ' ' File Author: ' Roberto Scano (mail@robertoscano.info) %> <% 'controllo sicurezza -------------- if Session("WEBGODLogin") <> "W3C_VALIDATOR" then If session("manutenzione")<> 1 Then response.Redirect "/backoffice/noentry.asp" end if end if '---------------------------------- 'Prevent your website from cross website attacks --------- refererUrl = Cstr(Request.ServerVariables("HTTP_REFERER")) serverName = Cstr(Request.ServerVariables("SERVER_NAME")) refererName = mid(refererUrl,8,len(serverName)) if refererName <> serverName then response.Redirect "/backoffice/noentry.asp" response.end end if '--------------------------------------------------------- %> <% percorso = " " & DICLanguage(389) %> <% ManuId = Trim(replace(Request("CatId"),"'","''")) lingua = split(Session("editlanguage"),",") if request("lastpage") <> "" then Session("lastpage") = request("lastpage") else Session("lastpage") = Request.ServerVariables("HTTP_REFERER") end if 'Imposta la funzione da utilizzare If Request("Update") <> "" Then strfunction = "Update" Elseif Request("Delete") <> "" Then strfunction = "Deletewait" Elseif Request("Deleteok") <> "" Then strfunction = "Delete" Elseif Request("Add") <> "" Then strfunction = "addmanu" Elseif Request("Back") <> "" then response.redirect Session("lastpage") End If Function DeleteManu (ManuID) Set RSdel = Server.CreateObject("ADODB.Recordset") sql = "DELETE FROM " & application("prefix") & "configurazione_lingue WHERE Id = " & ManuID SET RSdel = conn.execute(sql) SET RSdel = nothing End Function Function UpdateManu (ManuID) Dim strSQL, rs If Request("lingua_int") = "" or Request("lingua") = "" Then UpdateManu = -1 Else Set objRS2 = Server.CreateObject("ADODB.Recordset") sql = "select * FROM " & application("prefix") & "configurazione_lingue WHERE Id = " & ManuID objRS2.open sql, conn, adOpenStatic, adLockOptimistic If objRS2.EOF AND objRS2.BOF then UpdateManu = -10 else 'rs_codice = "'" & FixMySQL(Request("titolo")) & "'" rs_lingua = "'" & FixMySQL(Request("lingua")) & "'" rs_lingua_int = "'" & FixMySQL(Request("lingua_int")) & "'" rs_lcidstring = "'" & FixMySQL(Request("lcidstring")) & "'" rs_charset = "'" & FixMySQL(Request("charset")) & "'" rs_langdir = "'" & FixMySQL(Request("langdir")) & "'" If lcase(Request("visibile")) = "on" Then rs_visibile = 1 else rs_visibile = 0 End If rs_lastuserid = "'" & Session("WEBGODLogin") & "'" rs_lastlogin = strDataOra rs_lastIP = "'" & Request.ServerVariables("REMOTE_ADDR") & "'" strSQL = "UPDATE " & application("prefix") & "configurazione_lingue set lingua=" & rs_lingua & ", lingua_int=" & rs_lingua_int & ", lcidstring=" & rs_lcidstring & ", charset=" & rs_charset & ", langdir=" & rs_langdir & ", visibile=" & rs_visibile & ",lastuserid=" & rs_lastuserid & ",lastlogin=" & rs_lastlogin & ",lastip=" & rs_lastip & " where id=" & ManuID 'response.write strSQL set rs = Conn.execute(strSQL) set rs = nothing end if objRS2.close set objrs2 = nothing End If End Function Function AddManu (ManuID) If Request("titolo") = "" Then AddManu = -1 Else Set objRS2 = Server.CreateObject("ADODB.Recordset") sql = "select * FROM " & application("prefix") & "configurazione_lingue WHERE titolo = '" & FixMySQL(request("Titolo")) & "'" objRS2.open sql, conn, adOpenStatic, adLockOptimistic If objRS2.EOF AND objRS2.BOF then rs_titolo = "'" & FixMySQL(Request("titolo")) & "'" rs_descrizione = "'" & FixMySQL(Request("descrizione")) & "'" rs_type_all = "'" & FixMySQL(Request("type_all")) & "'" rs_type_aural = "'" & FixMySQL(Request("type_aural")) & "'" rs_type_braille = "'" & FixMySQL(Request("type_braille")) & "'" rs_type_embossed = "'" & FixMySQL(Request("type_embossed")) & "'" rs_type_handheld = "'" & FixMySQL(Request("type_handheld")) & "'" rs_type_print = "'" & FixMySQL(Request("type_print")) & "'" rs_type_projection = "'" & FixMySQL(Request("type_projection")) & "'" rs_type_screen = "'" & FixMySQL(Request("type_screen")) & "'" rs_type_tty = "'" & FixMySQL(Request("type_tty")) & "'" rs_type_tv = "'" & FixMySQL(Request("type_tv")) & "'" If lcase(Request("visibile")) = "on" Then rs_visibile = 1 else rs_visibile = 0 End If rs_lastuserid = "'" & Session("WEBGODLogin") & "'" rs_lastlogin = strDataOra rs_lastIP = "'" & Request.ServerVariables("REMOTE_ADDR") & "'" strSQL = "INSERT INTO " & application("prefix") & "configurazione_lingue (titolo,descrizione,visibile,type_all,type_aural,type_braille,type_embossed,type_handheld,type_print,type_projection,type_screen,type_tty,type_tv,lastuserid,lastlogin,lastip) VALUES (" & rs_titolo & "," & rs_descrizione & "," & rs_visibile & "," & rs_type_all & "," & rs_type_aural & "," & rs_type_braille & "," & rs_type_embossed & "," & rs_type_handheld & "," & rs_type_print & "," & rs_type_projection & "," & rs_type_screen & "," & rs_type_tty & "," & rs_type_tv & "," & rs_lastuserid & "," & rs_lastlogin & "," & rs_lastip & ")" 'response.write strSQL set rs = Conn.execute(strSQL) set rs = nothing else addmanu = -10 end if objrs2.close Set objRS2 = nothing end if End Function %>

<%=DICLanguage(389)%>

<% if strfunction ="Deletewait" then%>

<%=replace(DICLanguage(311),"[TESTO]","'" & Request("lingua") & "'")%><%=DICLanguage(0)%> <%=DICLanguage(312)%>

<%=DICLanguage(20)%>

" class="bottone" /> " /> " /> " />

<%elseIf strfunction = "Delete" Then DeleteManu (ManuId) %>

<%=DICLanguage(390)%><%=DICLanguage(0)%>

<%=DICLanguage(7)%>

<% Elseif strfunction = "Update" Then rescode = UpdateManu(Request("CatId")) If rescode < 0 Then If rescode = -1 Then strError = "

" & DICLanguage(11) & DICLanguage(0) & " " & DICLanguage(2) & "" & DICLanguage(0) & "

" If rescode = -10 Then strError = "

" & DICLanguage(12) & DICLanguage(0) & "

" & DICLanguage(2) & "" & DICLanguage(0) & "

" %>
<%= strError %>
<% else %>

<%=replace(DICLanguage(393),"[MODELLO]","'" & Request("lingua") & "'")%><%=DICLanguage(0)%>

<%=DICLanguage(7)%>

<% End If '----------------------------------------------- ' Funzione: Aggiunge nuovo record '----------------------------------------------- Elseif strfunction = "addmanu" Then rescode = AddManu(ManuId) If rescode < 0 Then If rescode = -10 Then strError = "

" & DICLanguage(15) & DICLanguage(0) & "

" & DICLanguage(2) & "" & DICLanguage(0) & "

" If rescode = -1 Then strError = "

" & DICLanguage(12) & DICLanguage(0) & " " & DICLanguage(2) & "" & DICLanguage(0) & "

" %>
<%= strError %>
<% else %>

<%=replace(DICLanguage(395),"[MODELLO]","'" & Request("lingua") & "'")%><%=DICLanguage(0)%>

<% If Request.Form("addmore")<>"" Then %> <% Else %>

<%=DICLanguage(7)%>

<% End If End If Else %>

<%=DICLanguage(4)%> &submnu=<%=request("submnu")%>" title="<%=DICLanguage(10)%>"><%=DICLanguage(5)%><%=DICLanguage(0)%>

" onclick="history.back()" onkeypress="history.back()"><%=DICLanguage(2)%><%=DICLanguage(0)%>

<% End If %>