<% Option Explicit %> <% 'Declare variables Dim adoCon 'Database Connection Variable Dim rsCommon 'Holds the common recordset Dim strCon 'Holds the Database driver and the path and name of the database Dim strSQL 'Holds the SQL query for the database Dim strSQLServerName 'Holds the name of the SQL Server Dim strSQLDBUserName 'Holds the user name (for SQL Server Authentication) Dim strSQLDBPassword 'Holds the password (for SQL Server Authentication) Dim strSQLDBName 'Holds name of a database on the server Dim strDbPathAndName 'Holds the database path and name Dim intRecordsPerPage 'Holds the number of files shown on each page Dim strBgColour 'Holds the background colour of the guestbook Dim strTextColour 'Holds the text colour of the guestbook Dim strLinkColour 'Holds the link colour of the guestbook Dim strTextType 'Holds the font type of the guestbook Dim intTextSize 'Holds the font size of the guestbook Dim strTableColour 'Holds the table colour Dim strTableBorderColour 'Holds the table border colour Dim strTableTitleColour 'Holds the table title colour Dim strVisitedLinkColour 'Holds the visited link colour of the guestbook Dim strActiveLinkColour 'Holds the active link colour of the guestbook Dim strHoverLinkColour 'Holds the active link colour of the guestbook Dim blnLCode 'set to true Dim blnEmail 'Boolean set to true if e-mail is on Dim strCode 'Holds the page code Dim strCode2 'Holds the page code Dim strWebSiteEmailAddress 'Holds the e-mail address for the web site the Guestbook is on Dim strMailComponent 'Email coponent the guestbook useses Dim strSMTPServer 'SMTP server for sending the e-mails through Dim strLoggedInUserCode 'Holds the user code of the user Dim strTitleImage 'Holds the path and name for the title image for the guestbook Dim intMsgCharNo 'Holds the number of characters allowed for the messages Dim blnCookieSet 'Set to true if cookies are to be set to stop multiple posts Dim blnIPBlocking 'Set to true if IP blooking is to be used to stop multiple posts Dim strDatabaseType 'Holds the database type Dim blnSessionCheck 'Set to true if the session ID is checked Dim blnURL 'Set to true if user can post a URL Dim blnAuthorise 'Set to true if posts are to be authorised first Dim blnSecurityImages 'Set to true if security images are enabled Dim blnEmailAddress 'Set to true if an email address can be added to the comments Dim strDBFalse 'Holds the false value for SQL queries Dim strDBTrue 'Holds the true value for SQL queries Dim strDBNoLock 'Holds if the database is locked while running the query for SQL Server Dim strRowLock 'Holds if the database row is locked while running the query for SQL Server Dim strDBTop1 'Holds the SQL limit operator (TOP 1) for SQL Server and Access Dim strDBLimit1 'Holds the SQL limit operator (LIMIT 1) for mySQL 'Initiliase varibales Const strVersion = "8.01" Const strSalt = "5CB237B1D85" Const strCodeField = "Code" 'Create database connection 'Create a connection odject Set adoCon = Server.CreateObject("ADODB.Connection") 'Link to database setup include file %><% '****************************************** '*** Database System Type **** '****************************************** 'Database Type 'strDatabaseType = "SQLServer" 'Microsoft SQL Server 2000 or 2006 'strDatabaseType = "mySQL" 'mySQL 4+ strDatabaseType = "Access" 'Microsoft Access Database (Flat database file, slowest and least secure of the 3) '****************************************** '*** Microsoft Access **** '****************************************** If strDatabaseType = "Access" Then 'Microsoft Access is a flat file database system, it suffers from slow performance, limited 'connections, and as a flat file it can be easly downloaded by a hacker if you do not secure 'the database file 'Virtual path to database strDbPathAndName = Server.MapPath("_private/donkey/donkey.mdb") 'This is the path of the database from the applications location 'Physical path to database 'strDbPathAndName = "" 'Use this if you use the physical server path, eg:- C:\Inetpub\private\WWGguestbook.mdb 'BRINKSTER USERS 'Brinkster users remove the ' single quote mark from infront of the line below and replace USERNAME with your Brinkster uersname 'strDbPathAndName = Server.MapPath("/USERNAME/db/WWGguestbook.mdb") 'PLEASE NOTE: - For extra security it is highly recommended you change the name of the database, WWGguestbook.mdb, 'to another name and then replace the WWGguestbook.mdb found above with the name you changed the forum database to. 'Database driver (Microsoft JET OLE DB driver version 4) strCon = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & strDbPathAndName 'Set true and false for db strDBFalse = "false" strDBTrue = "true" 'Set the limit operator for Access strDBTop1 = " TOP 1" End If '****************************************** '*** Microsoft SQL Server **** '****************************************** If strDatabaseType = "SQLServer" Then 'SQL Server is a high performance database server, this requires that you have installed an 'instence SQL Server 2000 or 2005 with mixed mode connection and have created a database for 'the Guestbook on the SQL Server 'Enter the details of your Microsoft SQL Server and database below strSQLServerName = "" 'Holds the name of the SQL Server (This is the name/location or IP address of the SQL Server) strSQLDBUserName = "" 'Holds the user name (for SQL Server Authentication) strSQLDBPassword = "" 'Holds the password (for SQL Server Authentication) strSQLDBName = "" 'Holds name of a database on the server 'Please note this application has been optimised for the SQL OLE DB Driver using another driver 'or system DSN to connect to the SQL Server database will course errors in the application and 'drastically reduce the performance! 'The SQLOLEDB driver offers the highest performance at this time for connecting to SQL Server databases from within ASP. 'MS SQL Server OLE Driver (If you change this string make sure you also change it in the msSQL_server_setup.asp file when creating the database) strCon = "Provider=SQLOLEDB;Server=" & strSQLServerName & ";User ID=" & strSQLDBUserName & ";Password=" & strSQLDBPassword & ";Database=" & strSQLDBName & ";" 'Set true and false for db strDBFalse = 0 strDBTrue = 1 'Set the lock variavbles for the db strDBNoLock = " WITH (NOLOCK) " strRowLock = " WITH (ROWLOCK) " 'Set the Limit opertaor for SQL Server strDBTop1 = " TOP 1" End If '****************************************** '*** mySQL Database System **** '****************************************** If strDatabaseType = "mySQL" Then 'mySQL is a free database server, it's a very fast and robust, this requires that you have 'installed an instance of mySQL 4 or higher and have created an database for the Guestbook 'on the mySQL database system 'Enter the details of your mySQL and database below strSQLServerName = "" 'Holds the name of the mySQL (This is the name/location or IP address of the mySQL) strSQLDBUserName = "" 'Holds the user name (for mySQL Authentication) strSQLDBPassword = "" 'Holds the password (for mySQL Authentication) strSQLDBName = "" 'Holds name of a database on the server 'This application requires the myODBC 3.51 driver or higher 'myODBC Driver 3.51 strCon = "Driver={MySQL ODBC 3.51 Driver};Server=" & strSQLServerName & ";User=" & strSQLDBUserName & ";Password=" & strSQLDBPassword & ";Database=" & strSQLDBName & ";Port=3306;Option=3;" 'Set true and false for db (true value is -1) strDBFalse = 0 strDBTrue = -1 'Set the limit operator strDBLimit1 = " LIMIT 1" End If 'Set up the database table name prefix '(This is useful if you are running multiple Guestbooks from one database) Const strDbTable = "tblGB" %><% 'Set the connection string to the database adoCon.connectionstring = strCon 'Set an active connection to the Connection object adoCon.Open 'Read in the Guestbook configuration 'Intialise the ADO recordset object Set rsCommon = Server.CreateObject("ADODB.Recordset") 'Initialise the SQL variable with an SQL statement to get the configuration details from the database strSQL = "SELECT " & strDbTable & "Configuration.* " & _ "From " & strDbTable & "Configuration" & strDBNoLock & " " & _ "WHERE " & strDbTable & "Configuration.ID=1;" 'Query the database rsCommon.Open strSQL, strCon 'If there is config deatils in the recordset then read them in If NOT rsCommon.EOF Then 'Read in the configuration details from the recordset strMailComponent = rsCommon("mail_component") strSMTPServer = rsCommon("mail_server") strBgColour = rsCommon("bg_colour") strTextColour = rsCommon("text_colour") strTextType = rsCommon("text_type") intTextSize = CInt(rsCommon("text_size")) strLinkColour = rsCommon("links_colour") strTableColour = rsCommon("table_colour") strTableBorderColour = rsCommon("table_border_colour") strTableTitleColour = rsCommon("table_title_colour") strVisitedLinkColour = rsCommon("visited_links_colour") strHoverLinkColour = rsCommon("active_links_colour") strWebSiteEmailAddress = rsCommon("email_address") blnLCode = CBool(rsCommon("Code")) blnEmail = CBool(rsCommon("email_notify")) intRecordsPerPage = CInt(rsCommon("Comments_per_page")) strTitleImage = rsCommon("Title_image") intMsgCharNo = rsCommon("Message_char_no") blnCookieSet = CBool(rsCommon("Cookie")) blnIPBlocking = CBool(rsCommon("IP_blocking")) blnSessionCheck = CBool(rsCommon("Session")) blnURL = CBool(rsCommon("URL")) blnAuthorise = CBool(rsCommon("Authorisation")) blnSecurityImages = CBool(rsCommon("Security_images")) blnEmailAddress = CBool(rsCommon("Email")) End If 'Close the recordset rsCommon.Close %> <% 'Set the right response content type for text/css as it has an asp extension Response.ContentType = "text/css" 'Reset Server Variables Set rsCommon = Nothing adoCon.Close Set adoCon = Nothing %> .text { font-family: <% = strTextType %>; color : <% = strTextColour %>; font-size: <% = intTextSize %>px; font-weight: normal; } .bold { font-family: <% = strTextType %>; color : <% = strTextColour %>; font-size: <% = intTextSize %>px; font-weight: bold; } .smText { font-family: <% = strTextType %>; color : <% = strTextColour %>; font-size: 10px; font-weight: normal; } .heading { font-family: <% = strTextType %>; color : <% = strTextColour %>; font-size: 19px; font-weight: bold; } a { color : <% = strLinkColour %>; font-family: <% = strTextType %>; text-decoration: underline; font-size: <% = intTextSize %>px; font-weight: normal; } a:hover { color : <% = strHoverLinkColour %>; font-family: Verdana, Arial, Helvetica, sans-serif; text-decoration : underline; font-size: <% = intTextSize %>px; font-weight: normal; } a:visited { color : <% = strVisitedLinkColour %>; font-family: <% = strTextType %>; text-decoration : underline; font-size: <% = intTextSize %>px; font-weight: normal; } a:visited:hover { color : <% = strHoverLinkColour %>; font-family: <% = strTextType %>; text-decoration : underline; font-size: <% = intTextSize %>px; font-weight: normal; } a.smLink { color : <% = strLinkColour %>; font-family: <% = strTextType %>; text-decoration: underline; font-size: 10px; font-weight: normal; } a.smLink:hover { color : <% = strHoverLinkColour %>; font-family: <% = strTextType %>; text-decoration : underline; font-size: 10px; font-weight: normal; } a.smLink:visited { color : <% = strVisitedLinkColour %>; font-family: <% = strTextType %>; text-decoration: underline; font-size: 10px; font-weight: normal; } a.smLink:visited:hover { color : <% = strHoverLinkColour %>; font-family: <% = strTextType %>; text-decoration : underline; font-size: 10px; font-weight: normal; } ul { list-style-type: square; } .WebWizRTEbutton { border: #F4F4FB 1px solid; }