protected void Page_Load(object sender, EventArgs e)
{
m = (Edu)Master;
if (!m.db.Connected) { error = true; message = "Cannot connect to database."; goto End; }
if (IsPostBack)
{
if (m.userLvl == Edu.Lvls.Guest) message = "Please log in to post comments.";
else
{
object[] paras = new object[5];
paras[0] = Request.QueryString["id"];
paras[1] = Session["email"];
paras[2] = Text.DeHTML(Request.Form["subject"]);
paras[3] = Text.DeHTML(Request.Form["body"]);
paras[4] = DateTime.Now;
if (m.db.NonQuery("INSERT INTO " + Globals.DbName + ".[Comment] ([article], [author], [subject], [body], [time]) VALUES (@p1, @p2, @p3, @p4, @p5)", paras))
message = "Comment inserted successfully.";
else
message = "Error occurred. Please try again.";
}
}
reader = m.db.Query("SELECT [id], [user], [time], [name], [summary], [body], [comments] FROM " + Globals.DbName + ".[Article] WHERE [id]=@p1 AND [approved]=1", Request.QueryString["id"]);
if (reader == null || !reader.HasRows) { error = true; message = "There is no such article."; goto End; }
End: ;
}
protected void Page_Load(object sender, EventArgs e)
{
m = (Edu)Master;
if (Request.QueryString["start"] != null)
if (int.TryParse(Request.QueryString["start"], out start))
{
if (start < 1) start = 1;
}
else start = 1;
if (!m.db.Connected) { error = true; message = "Cannot connect to database."; goto End; }
SqlDataReader temp = m.db.Query("SELECT COUNT(*) AS num FROM " + Globals.DbName + ".[Article] WHERE [approved]=1");
temp.Read();
num = (int)temp["num"];
temp.Close();
reader = m.db.Query(
"SELECT [id], [user], [time], [name], [summary] FROM"+
"( SELECT [id], [user], [time], [name], [summary], [approved], ROW_NUMBER() OVER (ORDER BY [time] DESC) AS rownum FROM " + Globals.DbName + ".[Article] WHERE [approved]=1 )" +
"AS temp WHERE rownum BETWEEN @p1 AND (@p1 +@p2-1)", start, perPage);
if (reader == null || !reader.HasRows) { error = true; message = "There are no articles."; goto End; }
End: ;
}
protected void Page_Load(object sender, EventArgs e)
{
m = (Edu)Master;
if (!m.db.Connected) { error = true; message = "Cannot connect to database."; goto End; }
SqlDataReader reader = m.db.Query("SELECT [id], [article], [author], [subject], [body] FROM [Comment] WHERE [id]=@p1", Request.QueryString["id"]);
if (reader == null || !reader.HasRows) { error = true; message = "There is no such comment."; goto End; }
reader.Read();
id = (int)reader["id"];
article = (int)reader["article"];
author = (string)reader["author"];
subject = (string)reader["subject"];
body = (string)reader["body"];
reader.Close();
if (m.userLvl == Edu.Lvls.Guest) { message = "Log in first."; error = true; goto End; } // not logged in
else if (m.userLvl >= Edu.Lvls.Mod) ; // mod or admin, can edit all
else if (Session["email"] == reader["author"]) ; // person who wrote the comment
else
{
SqlDataReader sqldr = m.db.Query("SELECT [user] FROM " + Globals.DbName + ".[Article] WHERE [id]=@p1", article);
sqldr.Read();
if (sqldr["user"] == Session["email"]) { sqldr.Close(); edit = false; } // writer of article where the comment is, can only delete
else { message = "You don't have the necessary level to be here."; sqldr.Close(); error = true; goto End; }
}
if (IsPostBack)
{
error = true; // 4 out of 5 possible cases
if (Request.Form["submit"] == "Edit")
if (edit)
if (m.db.NonQuery("UPDATE " + Globals.DbName + ".[Comment] SET [subject]=@p1, [body]=@p2 WHERE [id]=@p3", Text.DeHTML(Request.Form["subject"]), Text.DeHTML(Request.Form["body"]), Request.Form["id"]))
{ message = "Comment edited successfully."; error = false; }
else message = "Database error.";
else message = "You cannot edit this comment.";
else if (Request.Form["submit"] == "Delete")
if (m.db.NonQuery("UPDATE " + Globals.DbName + ".[Comment] SET [subject]='DELETED', [body]='DELETED' WHERE [id]=@p1", Request.Form["id"])) message = "Comment content deleted.";
else message = "Database error.";
goto End;
}
End: ;
}
