Easy Guestbook with ASP
4.05/5 (8 votes)
Jul 12, 2004
2 min read
330866
Easy Guestbook with ASP and MS Access
- ASP guestbook full sourcecode download (offsite download - GPL licence)
Introduction - An Easy ASP Guestbook with Web-based Administration
Here we start out with a simple "settings" file, named settings.asp. This file will be included on each page, and will contain the basic settings for this guestbook.
Since the password (logincode) is NOT in the database, you can leave the database in the webroot with a mappath statement to make the install easier. However, the best place for the database is outside of your webroot, in which case you would want to change the database_path string to your full path ("C:\inetpub\database\post.mdb" for example)
There is also an important settings to allow html, or not. Many times folks abuse a guestbook by filling it with links, and other junk. It would be a good idea to disallow html, unless you really need it.
The language setting is just a set of variables for text used within the system, for each language there is a different text that is used. Very easy to add a "new" language to the system.
Details
The login is a simple login check page, which checks the login code entered
on the form
with the one stored in the settings.asp file.
'title of your guestbook.
pagetitle = "Demo"
'language
'english = en, german = ger, french = fr
lang = "en"
'admin password
logincode = "1234"
'number of entries to show.
show_posts = "25"
'minimum length of post to be allowed.
minimum_length = 4
'set to "no" for no html, set to "yes" to allow html (not recommended!)
allow_html = "no"
'leave as is, unless you want to move your database.
database_path = Server.MapPath("post.mdb")
<%Option Explicit%>
<!-- #INCLUDE FILE="settings.asp" -->
<%
if Request.Form("mynumber") = "" then
response.redirect("login.asp?l=password_blank")
End If
'set variables from form
FormPwd = Request.Form("mynumber")
FormPwd = replace(FormPwd,"'","''")
'run login or return to login page
if formpwd = logincode then
Session("LoginID") = formpwd
else
response.redirect("login.asp?l=incorrect_login_or_password")
End if
'final redirect
response.redirect("post.asp")
%>
The login uses session variables to store the login information, so to log off we simple abandon the session. The redirect appends the date to avoid seeing a "cached" login page after being logged out. This is not a security issue, but just for convenience.
<%
session.abandon
response.redirect("post.asp?d=" & date)
%>
Now the main code is the post.asp page, this page is the same whether you are logged in as admin or just a guest visiting the page. If you are logeed in you see the same data as a guest, only you have more options available, you can delete posts, or restore deleted posts, or empty the "recycle bin" (where deleted posts are stored until you clear them out).
As you can see from the code below, we check for the loggedin session right
from the start,
then we can use this throughout the rest of the script to
display data based on your status as admin or guest.
<% option explicit %>
<head>
<!-- #INCLUDE FILE="settings.asp" -->
<%
LoggedIn = Session("loginID")
Once you are logged in you see more options available.
The file is split up into "parts" depending on what querystring is passed.
The section below checks to see if you are logged in and then check so see
if
you have attempted to empty the "deleted" items from the database.
'============Empty Deleted Items from the database============
If LoggedIn <> "" Then
if request.querystring("del") = 1 then
Set dConn = Server.CreateObject("ADODB.Connection")
dConn.Open "PROVIDER=MICROSOFT.JET.OLEDB.4.0;DATA SOURCE=" & _
database_path
mySQL = "DELETE FROM tblpost where active = 2;"
dConn.execute(mySQL)
dconn.close
set dconn = nothing
response.redirect("post.asp")
end if
end if
As you can see from the rest of the main "post" code, different items are displayed or actions performed based on being logged in or not, and if so what querystring value you have passed to the page.
'============set based on delete or undelete============
If LoggedIn <> "" Then
showdeleted = request.querystring("showdeleted")
if showdeleted = 1 then
active = 2
removetype = 1
delete_text = undelete_text
delimage = "undelete.gif"
else
active = 1
removetype = 2
delete_text = delete_text
delimage = "delete.gif"
end if
else
active = 1
end if
'============Delete/Undelete Items from the guestbook display============
remove = request.querystring("remove")
if remove = 1 then
Set dConn = Server.CreateObject("ADODB.Connection")
dConn.Open "PROVIDER=MICROSOFT.JET.OLEDB.4.0;DATA SOURCE="
& database_path
removetype = request.querystring("removetype")
mySQL = "UPDATE tblPost SET Active = " & removetype & " WHERE ID = " & _
ID & ";"
response.write "updating"
dConn.execute(mySQL)
dConn.Close
set dConn = Nothing
response.redirect("post.asp")
end if
'============End Delete Section============
Set dataRS = Server.CreateObject("ADODB.RecordSet")
dataSQL = "Select TOP " & show_posts & " message, remote_addr, sysdate, " &_
" systime, id FROM tblPost WHERE active = " & active &_
" order by sysdate DESC, systime DESC;"
'Response.Write dataSQL
'response.end
Set dConn = Server.CreateObject("ADODB.Connection")
dConn.Open "PROVIDER=MICROSOFT.JET.OLEDB.4.0;DATA SOURCE=" & database_path
dataRS.Open dataSQL, dConn, 1, 3
recordcount = dataRS.recordcount
if recordcount > 0 then
data = dataRS.GetRows()
'Data is retrieved so close all connections
dataRS.Close
Set dataRS = Nothing
dconn.close
set dconn = nothing
'Setup for array usage
iRecFirst = LBound(data, 2)
iRecLast = UBound(data, 2)
end if
'============IF IS A POST BACK============
message = trim(request.form("message"))
if request.form("ispostback") = 1 AND (len(message) > minimum_length) then
if allow_html = "no" then
message = RemoveHTMLtags(message)
else
message = PreSubmit2(message)
end if
strSQL = "tblPost"
'Open a recordset
Set cRS2 = Server.CreateObject("ADODB.recordset")
Set dConn = Server.CreateObject("ADODB.Connection")
dConn.Open "PROVIDER=MICROSOFT.JET.OLEDB.4.0;DATA SOURCE=" &_
database_path
cRS2.Open strSQL, dConn, 1,3
cRS2.AddNew
cRS2("message") = message
cRS2("sysdate") = date()
cRS2("systime") = time()
cRS2("remote_addr") = request.ServerVariables("remote_addr")
cRS2("Active") = 1
cRS2.Update
cRS2.Close
Set cRS2 = Nothing
dConn.Close
Set dConn = Nothing
response.redirect("post.asp")
end if
'============End POSTBACK Section============
%>
<title><%=pagetitle%></title>
</head>
<P style="FONT-WEIGHT: bold"><%=pagetitle%>
<table border=2 bordercolor="silver" CELLSPACING=0 CELLPADDING=4>
<form action="post.asp" method="post" name="form1" id="form1">
<tr class='smalltext'>
<td><textarea cols="50" rows="4" name="message"
style="font-family: Arial, Helvetica, sans-serif;"
class="cssborder" title="<%=add_text%>"></textarea></td>
<td nowrap><input type="submit" value="<%=add_text%>"
style="height: 50px;" class="cssborder"></td>
</tr>
<input type="hidden" name="ispostback" value="1">
</form>
</table>
<%
if recordcount > 0 then
%>
<table border="2" cellspacing="0" cellpadding="4"
bordercolor="silver" width="500">
<tr>
<th><%= message_text %></th>
<%
If LoggedIn <> "" then
%>
<th><%= delete_text %></th>
<% end if %>
</tr>
<%
' Loop through the records (second dimension of the array)
For I = iRecFirst To iRecLast
Response.Write "<tr class='smalltext'>" & _
"<td colspan='top'>" & data(0, I) & "
[" & data(3,I) & "| " & data(2, I) & " | " & data(1, I) & "]</td>"
if LoggedIn <> "" then
response.write "<td nowrap valign='top' align='center'>"
response.write "<A href='post.asp?id=" & data(4, I)
response.write "&remove=1&removetype=" & removetype
response.write "'><IMG title='" & delete_text
response.write "' src='"%20&%20delimage%20&%20"'"
response.write " border=0></A></td>"
end if
Next ' I
%>
</table>
<%
end if
If LoggedIn <> "" Then
response.write logoutlink
else
response.write loginlink
end if
'close db just in case
on error resume next
dConn.Close
Set dConn = Nothing
on error goto 0
%>
That is basically it, this is a very simple little guestbook, that should be easy to add to an site that supports ASP and MS Access database connections (No ODBC is necesary).
Enjoy!