Ejemplo n.º 1
0
 protected void Page_Load(object sender, EventArgs e)
 {
     m = (Edu)Master;
     if (!m.db.Connected) { error = true; message = "Cannot connect to database."; goto End; }
     if (IsPostBack)
     {
         if (m.userLvl == Edu.Lvls.Guest) message = "Please log in to post comments.";
         else
         {
             object[] paras = new object[5];
             paras[0] = Request.QueryString["id"];
             paras[1] = Session["email"];
             paras[2] = Text.DeHTML(Request.Form["subject"]);
             paras[3] = Text.DeHTML(Request.Form["body"]);
             paras[4] = DateTime.Now;
             if (m.db.NonQuery("INSERT INTO " + Globals.DbName + ".[Comment] ([article], [author], [subject], [body], [time]) VALUES (@p1, @p2, @p3, @p4, @p5)", paras))
                 message = "Comment inserted successfully.";
             else
                 message = "Error occurred. Please try again.";
         }
     }
     reader = m.db.Query("SELECT [id], [user], [time], [name], [summary], [body], [comments] FROM " + Globals.DbName + ".[Article] WHERE [id]=@p1 AND [approved]=1", Request.QueryString["id"]);
     if (reader == null || !reader.HasRows) { error = true; message = "There is no such article."; goto End; }
     End: ;
 }
Ejemplo n.º 2
0
 protected void Page_Load(object sender, EventArgs e)
 {
     m = (Edu)Master;
     if (Request.QueryString["start"] != null)
         if (int.TryParse(Request.QueryString["start"], out start))
         {
             if (start < 1) start = 1;
         }
         else start = 1;
     if (!m.db.Connected) { error = true; message = "Cannot connect to database."; goto End; }
     SqlDataReader temp = m.db.Query("SELECT COUNT(*) AS num FROM " + Globals.DbName + ".[Article] WHERE [approved]=1");
     temp.Read();
     num = (int)temp["num"];
     temp.Close();
     reader = m.db.Query(
         "SELECT [id], [user], [time], [name], [summary] FROM"+
         "( SELECT [id], [user], [time], [name], [summary], [approved], ROW_NUMBER() OVER (ORDER BY [time] DESC) AS rownum FROM " + Globals.DbName + ".[Article] WHERE [approved]=1 )" +
         "AS temp WHERE rownum BETWEEN @p1 AND (@p1 +@p2-1)", start, perPage);
     if (reader == null || !reader.HasRows) { error = true; message = "There are no articles."; goto End; }
     End: ;
 }
Ejemplo n.º 3
0
 protected void Page_Load(object sender, EventArgs e)
 {
     m = (Edu)Master;
     if (!m.db.Connected) { error = true; message = "Cannot connect to database."; goto End; }
     SqlDataReader reader = m.db.Query("SELECT [id], [article], [author], [subject], [body] FROM [Comment] WHERE [id]=@p1", Request.QueryString["id"]);
     if (reader == null || !reader.HasRows) { error = true; message = "There is no such comment."; goto End; }
     reader.Read();
     id = (int)reader["id"];
     article = (int)reader["article"];
     author = (string)reader["author"];
     subject = (string)reader["subject"];
     body = (string)reader["body"];
     reader.Close();
     if (m.userLvl == Edu.Lvls.Guest) { message = "Log in first."; error = true; goto End; } // not logged in
     else if (m.userLvl >= Edu.Lvls.Mod) ; // mod or admin, can edit all
     else if (Session["email"] == reader["author"]) ; // person who wrote the comment
     else
     {
         SqlDataReader sqldr = m.db.Query("SELECT [user] FROM " + Globals.DbName + ".[Article] WHERE [id]=@p1", article);
         sqldr.Read();
         if (sqldr["user"] == Session["email"]) { sqldr.Close(); edit = false; } // writer of article where the comment is, can only delete
         else { message = "You don't have the necessary level to be here."; sqldr.Close(); error = true; goto End; }
     }
     if (IsPostBack)
     {
         error = true; // 4 out of 5 possible cases
         if (Request.Form["submit"] == "Edit")
             if (edit)
                 if (m.db.NonQuery("UPDATE " + Globals.DbName + ".[Comment] SET [subject]=@p1, [body]=@p2 WHERE [id]=@p3", Text.DeHTML(Request.Form["subject"]), Text.DeHTML(Request.Form["body"]), Request.Form["id"]))
                 { message = "Comment edited successfully."; error = false; }
                 else message = "Database error.";
             else message = "You cannot edit this comment.";
         else if (Request.Form["submit"] == "Delete")
             if (m.db.NonQuery("UPDATE " + Globals.DbName + ".[Comment] SET [subject]='DELETED', [body]='DELETED' WHERE [id]=@p1", Request.Form["id"])) message = "Comment content deleted.";
             else message = "Database error.";
         goto End;
     }
     End: ;
 }