<%@LANGUAGE="VBSCRIPT"%>
<%
'===============================================
' Personals System 2002
' ©2002 vSpin.net. www.vspin.net
'===============================================
' All rights reserved.
' Use of this code is covered by the terms and
' conditions in the license agreement. No
' unauthorized duplication or distribution is
' permitted. vSpin.net copyright notices must
' remain in the ASP sections of the code.
'===============================================
%>
<%
' *** Restrict Access To Page: Grant or deny access to this page
Dim MM_authorizedUsers, MM_authFailedURL, MM_grantAccess
MM_authorizedUsers=""
MM_authFailedURL="login.asp"
MM_grantAccess=false
If Session("MM_Username") <> "" Then
If (true Or CStr(Session("MM_UserAuthorization"))="") Or _
(InStr(1,MM_authorizedUsers,Session("MM_UserAuthorization"))>=1) Then
MM_grantAccess = true
End If
End If
If Not MM_grantAccess Then
MM_qsChar = "?"
If (InStr(1,MM_authFailedURL,"?") >= 1) Then MM_qsChar = "&"
MM_referrer = Request.ServerVariables("URL")
if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?" & Request.QueryString()
MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" & Server.URLEncode(MM_referrer)
Response.Redirect(MM_authFailedURL)
End If
%>
<%
Dim p_q1, p_q2, p_q3, p_q4, p_q5, p_q6, p_q7, p_q8, p_q9, p_q10, p_q11, p_q12, p_q13, p_q14, p_q15, p_q16, p_q17
Dim Session__MMColParam
Session__MMColParam= session("MM_Username")
set rsAd = Server.CreateObject("ADODB.Recordset")
rsAd.ActiveConnection = MM_conn_STRING
rsAd.Source = "SELECT p_id FROM p_ads WHERE p_user = '" + Replace(Session__MMColParam, "'", "''") + "'"
rsAd.CursorType = 0
rsAd.CursorLocation = 2
rsAd.LockType = 3
rsAd.Open()
rsAd_numRows = 0
If Not rsAd.EOF Or Not rsAd.BOF Then
Function sqlsafe(s)
pos = InStr(s, "'")
While pos > 0
s = Mid(s, 1, pos) & "'" & Mid(s, pos + 1)
pos = InStr(pos + 2, s, "'")
Wend
sqlsafe=s
End Function
If request.form("B1") = "Submit Answers" then
If request.form("p_q1") = "" AND request.form("p_q2") = "" AND request.form("p_q3") = "" AND request.form("p_q4") = "" AND request.form("p_q5") = "" AND request.form("p_q6") = "" AND request.form("p_q7") = "" AND request.form("p_q8") = "" AND request.form("p_q9") = "" AND request.form("p_q10") = "" AND request.form("p_q11") = "" AND request.form("p_q12") = "" AND request.form("p_q13") = "" AND request.form("p_q14") = "" AND request.form("p_q15") = "" AND request.form("p_q16") = "" AND request.form("p_q17") = "" Then
rsAd.close
Set rsAd = nothing
MM_conn_STRING.close
Set MM_conn_STRING = nothing
response.redirect("questions.asp?message=56")
End if
user_id = session("MM_Username")
p_q1 = request.form("p_q1")
p_q2 = request.form("p_q2")
p_q3 = request.form("p_q3")
p_q4 = request.form("p_q4")
p_q5 = request.form("p_q5")
p_q6 = request.form("p_q6")
p_q7 = request.form("p_q7")
p_q8 = request.form("p_q8")
p_q9 = request.form("p_q9")
p_q10 = request.form("p_q10")
p_q11 = request.form("p_q11")
p_q12 = request.form("p_q12")
p_q13 = request.form("p_q13")
p_q14 = request.form("p_q14")
p_q15 = request.form("p_q15")
p_q16 = request.form("p_q16")
p_q17 = request.form("p_q17")
Set Conn = Server.CreateObject("ADODB.Connection")
Conn.Open MM_conn_STRING
sql1 = "insert into p_questions (p_user, p_q1, p_q2, p_q3, p_q4, p_q5, p_q6, p_q7, p_q8, p_q9, p_q10, p_q11, p_q12, p_q13, p_q14, p_q15, p_q16, p_q17) values('"& user_id & "','"& sqlsafe(p_q1) & "','"& sqlsafe(p_q2) & "','"& sqlsafe(p_q3) & "','"& sqlsafe(p_q4) & "','"& sqlsafe(p_q5) & "','"& sqlsafe(p_q6) & "','"& sqlsafe(p_q7) & "','"& sqlsafe(p_q8) & "','"& sqlsafe(p_q9) & "','"& sqlsafe(p_q10) & "','"& sqlsafe(p_q11) & "','"& sqlsafe(p_q12) & "','"& sqlsafe(p_q13) & "','"& sqlsafe(p_q14) & "','"& sqlsafe(p_q15) & "','"& sqlsafe(p_q16) & "','"& sqlsafe(p_q17) & "')"
conn.execute(sql1)
conn.close
set conn = nothing
rsAd.close
Set rsAd = nothing
MM_conn_STRING.close
Set MM_conn_STRING = nothing
response.redirect("default.asp?message=55")
elseIf request.form("B1") = "Edit Answers" then
If request.form("p_q1") = "" AND request.form("p_q2") = "" AND request.form("p_q3") = "" AND request.form("p_q4") = "" AND request.form("p_q5") = "" AND request.form("p_q6") = "" AND request.form("p_q7") = "" AND request.form("p_q8") = "" AND request.form("p_q9") = "" AND request.form("p_q10") = "" AND request.form("p_q11") = "" AND request.form("p_q12") = "" AND request.form("p_q13") = "" AND request.form("p_q14") = "" AND request.form("p_q15") = "" AND request.form("p_q16") = "" AND request.form("p_q17") = "" Then
rsAd.close
Set rsAd = nothing
MM_conn_STRING.close
Set MM_conn_STRING = nothing
response.redirect("questions.asp?message=56")
End if
user_id = session("MM_Username")
p_q1 = request.form("p_q1")
p_q2 = request.form("p_q2")
p_q3 = request.form("p_q3")
p_q4 = request.form("p_q4")
p_q5 = request.form("p_q5")
p_q6 = request.form("p_q6")
p_q7 = request.form("p_q7")
p_q8 = request.form("p_q8")
p_q9 = request.form("p_q9")
p_q10 = request.form("p_q10")
p_q11 = request.form("p_q11")
p_q12 = request.form("p_q12")
p_q13 = request.form("p_q13")
p_q14 = request.form("p_q14")
p_q15 = request.form("p_q15")
p_q16 = request.form("p_q16")
p_q17 = request.form("p_q17")
set rsup = Server.CreateObject("ADODB.Command")
rsup.ActiveConnection = MM_conn_STRING
rsup.CommandText = "UPDATE p_questions SET p_q1 = '" + Replace(p_q1, "'", "''") + "', p_q2 = '" + Replace(p_q2, "'", "''") + "', p_q3 = '" + Replace(p_q3, "'", "''") + "', p_q4 = '" + Replace(p_q4, "'", "''") + "', p_q5 = '" + Replace(p_q5, "'", "''") + "', p_q6 = '" + Replace(p_q6, "'", "''") + "', p_q7 = '" + Replace(p_q7, "'", "''") + "', p_q8 = '" + Replace(p_q8, "'", "''") + "', p_q9 = '" + Replace(p_q9, "'", "''") + "', p_q10 = '" + Replace(p_q10, "'", "''") + "', p_q11 = '" + Replace(p_q11, "'", "''") + "', p_q12 = '" + Replace(p_q12, "'", "''") + "', p_q13 = '" + Replace(p_q13, "'", "''") + "', p_q14 = '" + Replace(p_q14, "'", "''") + "', p_q15 = '" + Replace(p_q15, "'", "''") + "', p_q16 = '" + Replace(p_q16, "'", "''") + "', p_q17 = '" + Replace(p_q17, "'", "''") + "' WHERE p_user = '" + Replace(user_id, "'", "''") + "'"
rsup.CommandType = 1
rsup.CommandTimeout = 0
rsup.Prepared = true
rsup.Execute()
set rsup = nothing
rsAd.close
Set rsAd = nothing
MM_conn_STRING.close
Set MM_conn_STRING = nothing
response.redirect("default.asp?message=57")
elseIf request.form("B1") = "Delete Questionnaire" then
user_id = session("MM_Username")
set rsDelete = Server.CreateObject("ADODB.Command")
rsDelete.ActiveConnection = MM_conn_STRING
rsDelete.CommandText = "delete from p_questions WHERE p_user='" + Replace(user_id, "'", "''") + "'"
rsDelete.CommandType = 1
rsDelete.CommandTimeout = 0
rsDelete.Prepared = true
rsDelete.Execute()
set rsDelete = nothing
rsAd.close
Set rsAd = nothing
MM_conn_STRING.close
Set MM_conn_STRING = nothing
response.redirect("default.asp?message=58")
end if
set rsQ = Server.CreateObject("ADODB.Recordset")
rsQ.ActiveConnection = MM_conn_STRING
rsQ.Source = "SELECT p_q1, p_q2, p_q3, p_q4, p_q5, p_q6, p_q7, p_q8, p_q9, p_q10, p_q11, p_q12, p_q13, p_q14, p_q15, p_q16, p_q17 FROM p_questions WHERE p_user = '" + Replace(Session__MMColParam, "'", "''") + "'"
rsQ.CursorType = 0
rsQ.CursorLocation = 2
rsQ.LockType = 3
rsQ.Open()
rsQ_numRows = 0
%>
<%
rsQ.close
set rsQ = nothing
end if
%>
<%
rsAd.close
Set rsAd = nothing
MM_conn_STRING.close
Set MM_conn_STRING = nothing
%>