<% ' Fruibile - L'elemento CMS Open Source che mancava ' Copyright (C) 2002-2006 Roberto Scano ' ' Licensed under the terms of the GNU Lesser General Public License: ' http://www.opensource.org/licenses/lgpl-license.php ' ' For further information visit: ' http://www.fruibile.it/ ' ' File Author: ' Roberto Scano (mail@robertoscano.info) %> <% 'controllo sicurezza -------------- if Session("WEBGODLogin") <> "W3C_VALIDATOR" then If session("utenti")<> 1 Then response.Redirect "/backoffice/noentry.asp" end if end if '---------------------------------- 'Prevent your website from cross website attacks --------- refererUrl = Cstr(Request.ServerVariables("HTTP_REFERER")) serverName = Cstr(Request.ServerVariables("SERVER_NAME")) refererName = mid(refererUrl,8,len(serverName)) if refererName <> serverName then response.Redirect "/backoffice/noentry.asp" response.end end if '--------------------------------------------------------- %> <% percorso = " " & DICLanguage(185) & "" percorso = percorso & " / " & DICLanguage(9) lastpage = Request.ServerVariables("HTTP_REFERER") %> <% CatId = replace(Request("catid"),"'","''") strfunction = replace(Request("function"),"'","''") If Request.Form("Add") <> "" Then strfunction = "Add" %>

<%=DICLanguage(185)%>

<% if Session("supervisor") = true then aggiunta_sql = "" aggiunta_where_sql = "" else aggiunta_sql = " and office_id=" & Session("Office_ID") aggiunta_where_sql = " where office_id=" & Session("Office_ID") end if 'NUMERO MASSIMO DI RECORD PER PAGINA maxitems = cint(Application("maxitems")) ' Inizio Paging If Request.QueryString ("MOVE")="NEXT" Then CurrentPage = Request.QueryString("CurrentPage")+1 End If If Request.QueryString ("MOVE")="PREV" Then CurrentPage = Request.QueryString("CurrentPage")-1 End If If Request.QueryString ("MOVE")="" Then CurrentPage = 1 End If If Request.QueryString ("MOVE")<>"" Then CurrentPage = Request.QueryString ("MOVE") End If ' fine Paging Set rs = Server.CreateObject("ADODB.Recordset") If Request.Querystring("key") = "" Then if CMS_DB = "MYSQL" Then strSQL = "SELECT Count(*) AS records FROM " & application("prefix") & "utenti" & where_aggiunta_sql & " order by referente_nome" Set objRS3 = Conn.execute(strSQL) intrecords = cint(objRS3("records")) objRS3.close set objrs3 = nothing intPageSize = int(maxitems) intStart = currentPage*intPageSize intStart = intStart-intPageSize intPages = int(intRecords/intPageSize) +1 SQL = "SELECT * FROM " & application("prefix") & "utenti" & where_aggiunta_sql & " order by referente_nome LIMIT " & intStart & ", " & intPageSize else sql= "SELECT * FROM " & application("prefix") & "utenti" & where_aggiunta_sql & " ORDER BY referente_nome" end if Else if CMS_DB = "MYSQL" Then strSQL = "SELECT Count(*) AS records FROM " & application("prefix") & "utenti WHERE referente_nome LIKE '%" & Request.Querystring("key") & "%' or referente_email LIKE '%" & Request.Querystring("key") & "%' or userid LIKE '%" & Request.Querystring("key") & "%'" & aggiunta_sql & " ORDER BY referente_nome" Set objRS3 = Conn.execute(strSQL) intrecords = cint(objRS3("records")) objRS3.close set objrs3 = nothing intPageSize = int(maxitems) intStart = currentPage*intPageSize intStart = intStart-intPageSize intPages = int(intRecords/intPageSize) +1 SQL = "SELECT * FROM " & application("prefix") & "utenti WHERE referente_nome LIKE '%" & Request.Querystring("key") & "%' or referente_email LIKE '%" & Request.Querystring("key") & "%' or userid LIKE '%" & Request.Querystring("key") & "%'" & aggiunta_sql & " ORDER BY referente_nome LIMIT " & intStart & ", " & intPageSize else sql= "SELECT * FROM " & application("prefix") & "utenti WHERE referente_nome LIKE '%" & Request.Querystring("key") & "%' or referente_email LIKE '%" & Request.Querystring("key") & "%' or userid LIKE '%" & Request.Querystring("key") & "%'" & aggiunta_sql & " ORDER BY referente_nome" end if End If If Request.Querystring("office") <> "" Then if CMS_DB = "MYSQL" Then strSQL = "SELECT Count(*) AS records FROM " & application("prefix") & "utenti where struttura=" & request("office") & aggiunta_sql Set objRS3 = Conn.execute(strSQL) intrecords = cint(objRS3("records")) objRS3.close set objrs3 = nothing intPageSize = int(maxitems) intStart = currentPage*intPageSize intStart = intStart-intPageSize intPages = int(intRecords/intPageSize) +1 SQL = "SELECT * FROM " & application("prefix") & "utenti where struttura=" & request("office") & aggiunta_sql & " order by referente_nome LIMIT " & intStart & ", " & intPageSize else sql= "SELECT * FROM " & application("prefix") & "utenti where struttura=" & request("office") & aggiunta_sql & " ORDER BY referente_nome" end if End if If Request.Querystring("area") <> "" Then if CMS_DB = "MYSQL" Then strSQL = "SELECT Count(*) AS records FROM " & application("prefix") & "utenti where areaid=" & request("area") & aggiunta_sql Set objRS3 = Conn.execute(strSQL) intrecords = cint(objRS3("records")) objRS3.close set objrs3 = nothing intPageSize = int(maxitems) intStart = currentPage*intPageSize intStart = intStart-intPageSize intPages = int(intRecords/intPageSize) +1 SQL = "SELECT * FROM " & application("prefix") & "utenti where areaid=" & request("area") & aggiunta_sql & " order by referente_nome LIMIT " & intStart & ", " & intPageSize else sql= "SELECT * FROM " & application("prefix") & "utenti where areaid=" & request("area") & aggiunta_sql & " ORDER BY referente_nome" end if End if If Request.Querystring("admin") <> "" Then if CMS_DB = "MYSQL" Then strSQL = "SELECT Count(*) AS records FROM " & application("prefix") & "utenti where admin=" & request("admin") & aggiunta_sql Set objRS3 = Conn.execute(strSQL) intrecords = cint(objRS3("records")) objRS3.close set objrs3 = nothing intPageSize = int(maxitems) intStart = currentPage*intPageSize intStart = intStart-intPageSize intPages = int(intRecords/intPageSize) +1 SQL = "SELECT * FROM " & application("prefix") & "utenti where admin=" & request("admin") & aggiunta_sql & " order by referente_nome LIMIT " & intStart & ", " & intPageSize else sql= "SELECT * FROM " & application("prefix") & "utenti where admin=" & request("admin") & aggiunta_sql & " ORDER BY referente_nome" end if End if If CMS_DB = "SQL" or CMS_DB = "MYSQL" Then rs.CursorLocation = adUseClient End If rs.open sql, conn, adOpenStatic, adLockOptimistic if rs.EOF AND rs.BOF Then %>

<%=DICLanguage(150)%><%=DICLanguage(0)%>

" onclick="history.back()" onkeypress="history.back()"><%=DICLanguage(2)%><%=DICLanguage(0)%>

<% Else if CMS_DB = "ACCESS" or CMS_DB = "SQL" then rs.Pagesize= MaxItems rs.AbsolutePage = CurrentPage intPages = rs.PageCount intrecords = rs.recordcount end if if CMS_DB = "MYSQL" then intpages = intpages -1 end if if intpages = 0 then intpages = 1 %>

<%=IIf(intrecords > 1, replace(replace(replace(DICLanguage(187),"[N]",intrecords),"[PAG]",Currentpage),"[PAGG]", intPages), replace(replace(replace(DICLanguage(186),"[N]",intrecords),"[PAG]",Currentpage),"[PAGG]", intPages))%><%=DICLanguage(0)%>

<% setabbr = 0 while not rs.eof AND NumRows < maxitems if setabbr = 0 then setabbrtitle = " title=""" & DicLanguage(157) & """" else setabbrtitle = null end if%> <% setabbr = 1 rs.movenext NumRows = NumRows + 1 Wend %>

<%=DICLanguage(189)%>	<%=DICLanguage(360)%>	<%=DICLanguage(163)%>	<%=DICLanguage(164)%>	<%=DICLanguage(190)%>
&function=showmanu&mnu=<%=request("mnu")%>&submnu=<%=request("submnu")%>" title="<%=DICLanguage(104)%>"><%=FixString(rs("referente_nome"),"d")%>	<% select case rs("admin") case 1%> &mnu=<%=request("mnu")%>&submnu=<%=request("submnu")%>" title="<%=DICLanguage(365)%>"><%=DICLanguage(241)%> <%case 2%> &mnu=<%=request("mnu")%>&submnu=<%=request("submnu")%>" title="<%=DICLanguage(365)%>"><%=DICLanguage(361)%> <%case 3%> &mnu=<%=request("mnu")%>&submnu=<%=request("submnu")%>" title="<%=DICLanguage(365)%>"><%=DICLanguage(363)%> <%case 4%> &mnu=<%=request("mnu")%>&submnu=<%=request("submnu")%>" title="<%=DICLanguage(365)%>"><%=DICLanguage(362)%> <%case 5%> &mnu=<%=request("mnu")%>&submnu=<%=request("submnu")%>" title="<%=DICLanguage(365)%>"><%=DICLanguage(367)%> <%end select %>	<%if rs("areaid") <> 0 then strSQL = "SELECT title_" & Session("Language") & " FROM strutture where id=" & rs("areaid") Set objRS3 = Conn.execute(strSQL) title_it = objRS3("title_" & Session("Language")) objRS3.close set objrs3 = nothing %>&mnu=<%=request("mnu")%>&submnu=<%=request("submnu")%>" title="<%=DICLanguage(191)%>"><%=FixString(title_it,"d")%> <%else%>&submnu=<%=request("submnu")%>" title="<%=DICLanguage(192)%>"><%=DICLanguage(18)%><%end if%>	<%if rs("struttura") <> 0 then strSQL = "SELECT title_" & Session("Language") & " FROM strutture where id=" & rs("struttura") Set objRS3 = Conn.execute(strSQL) title_it = objRS3("title_" & Session("Language")) objRS3.close set objrs3 = nothing %>&mnu=<%=request("mnu")%>&submnu=<%=request("submnu")%>" title="<%=DICLanguage(193)%>"><%=FixString(title_it,"d")%> <%else%>&submnu=<%=request("submnu")%>" title="<%=DICLanguage(366)%>"><%=DICLanguage(18)%><%end if%>	<%if rs("lastlogin") <> 0 then%>"><%=formatdatetime(rs("lastlogin"),2) %> - <%=formatdatetime(RS("lastlogin"),3)%><%else%>><%=DICLanguage(158)%><%end if%>

<%if intrecords > maxitems then%>

<% for ia=1 to intPages if cint(ia)=cint(currentPage) then%> <%=ia%> | <%else if ia < currentPage then %> &admin=<%=request("admin")%>&office=<%=request("office")%>&area=<%=request("area")%>&mnu=<%=request("mnu")%>&submnu=<%=request("submnu")%>" title="<%=replace(replace(DICLanguage(114),"[N]", ia),"[TOT]",intpages)%>"><%=ia%> <% else%> &admin=<%=request("admin")%>&office=<%=request("office")%>&area=<%=request("area")%>&mnu=<%=request("mnu")%>&submnu=<%=request("submnu")%>" title="<%=replace(replace(DICLanguage(115),"[N]", ia),"[TOT]",intpages)%>"><%=ia%> <%end if%><%if ia <> intpages then%> | <%end if%> <%end if next%>

<%end if%> <% rs.Close set rs=nothing End If 'Recordcount=0 %>