<% Dim objRS, objCon, allforum, rights, pollID, forumID, mem, mode, allowPollEdit, allowPollChange Dim pollContent, pollQuestion, oriAuthor, oriEmail, iOption, formAction Dim action, choiceID Dim strSQLGetPollContent, strSQLGetPoll Dim actionCarriedOut pollID = request("pollID") allforum = Application(dbName&"foruminfo") allowPollEdit = false allowPollChange = false actionCarriedOut = false action = request.queryString("action") choiceID = request.queryString("choiceID") formAction = request.form("action") if len(pollID) = 0 then response.redirect ("redirect.asp") strSQLGetPoll = _ "SELECT m.forumID, m.mem FROM pgd_messages m "&_ "WHERE messageID="&Clng(pollID) set objRS = server.createobject("adodb.recordset") With objRS .open strSQLGetPoll, datastore, , , adCmdText forumID = .fields(0) mem = .fields(1) .close End With set objRS = nothing Dim appid:appid = ForumIdToAppid(forumID) Dim objPermission Set objPermission = new PermissionSetting With objPermission .memID = memID .appid = appid mode = .moderator() End With Set objPermission = nothing if memID = cstr(mem) then allowPollEdit = true if mode or isAdmin then allowPollChange = true allowPollEdit = true end if if allowPollChange and action = "strip" then set objCon = server.createobject("adodb.connection") with objCon .open datastore .execute "DELETE FROM pgd_poll WHERE PollID = "&Clng(pollID)&" " &_ "DELETE FROM pgd_pollLog WHERE PollLogID = "&Clng(pollID)&" " &_ "Update pgd_messages SET isPoll=0 WHERE messageID = "&Clng(pollID), , adCmdtext + adExecuteNoRecords .close end with set objCon = nothing response.redirect (request("http_referer")) response.end end if if allowPollEdit and action = "delete" then set objCon = server.createobject("adodb.connection") with objCon .open datastore .execute "DELETE FROM pgd_poll WHERE PollID = "&Clng(pollID)&" AND ChoiceID = "&Clng(choiceID)&" " &_ "DELETE FROM pgd_pollLog WHERE PollLogID = "&Clng(pollID)&" AND ChoiceID = "&Clng(choiceID), , adCmdtext + adExecuteNoRecords .close end with set objCon = nothing response.redirect ("polledit.asp?pollID="&pollID) response.end end if if allowPollEdit and (formAction = "edit" or formAction = "add") then Dim strSQLEditAdd if formAction = "edit" then Dim editChoiceCount:editChoiceCount = request.form("counts") if not isNumeric(editChoiceCount) or editChoiceCount = "" then editChoiceCount = "0" strSQLEditAdd = "Update pgd_poll SET choice='"&SQLAccessInput(left(request.form("choice"),149))&_ "', counts = "&Clng(editChoiceCount)&" WHERE pollID="&Clng(pollID)&" AND choiceID="&Clng(request.form("choiceID")) elseif formAction = "add" then strSQLEditAdd = "DECLARE @maxchoiceID int "&_ "SELECT @maxchoiceID = max(choiceID) FROM pgd_poll WHERE pollID="&Clng(pollID)&" "&_ "SET @maxchoiceID = ISNull(@maxchoiceID,0) + 1 "&_ "Insert INTO pgd_poll (pollID, forumID, choiceID, choice) VALUES "&_ "("&Clng(pollID)&", "&Clng(forumID)&", @maxchoiceID, '"&_ SQLAccessInput(left(request.form("choice"),149))&"')" end if set objCon = server.createobject("adodb.connection") with objCon .open datastore .execute strSQLEditAdd, , adCmdtext + adExecuteNoRecords .close end with set objCon = nothing response.redirect ("polledit.asp?pollID="&pollID) end if Dim subject:subject = trim(request.form("subject")) if allowPollEdit and subject <> "" then Dim editAllowMultiple:editAllowMultiple = request.form("allowMultiple") if editAllowMultiple = "on" then editAllowMultiple = 1 else editAllowMultiple = 0 Dim strSQLChangeSubject:strSQLChangeSubject = _ "UPDATE pgd_messages SET subject='"&SQLAccessInput(SQLin(subject))&"' WHERE messageID = "&Clng(pollID)&" "&_ "UPDATE pgd_poll SET allowMultiple = "&Clng(editAllowMultiple)&" WHERE pollID="&Clng(pollID) set objCon = server.createobject("adodb.connection") with objCon .open datastore .execute strSQLChangeSubject, , adCmdtext + adExecuteNoRecords .close end with set objCon = nothing actionCarriedOut = true end if Dim strSQLGetSubjectAndAuthor:strSQLGetSubjectAndAuthor = _ "SELECT m.subject, p.login, p.Email FROM pgd_messages m "&_ "INNER JOIN (SELECT login, Email, mem FROM pgd_members) p "&_ "ON p.mem = m.mem "&_ "WHERE messageID="&Clng(pollID) set objRS = server.createobject("adodb.recordset") With objRS .open strSQLGetSubjectAndAuthor, datastore, , , adCmdText pollQuestion = SQLout(.fields(0)) oriAuthor = HTMLEncode(""&.fields(1)) oriEmail = HTMLEncode(""&.fields(2)) .close End With set objRS = nothing %> <%= Application(dbName&"forumtitle") %> <%= NoScript() %> <%= OutputCSS() %> <% if action<>"" then %> > <% else %> > <% end if %>
<% if allowPollEdit and action="" then strSQLGetPollContent = _ "SELECT ChoiceID, Choice, Counts, allowMultiple FROM pgd_poll WHERE pollID="&Clng(pollID) '==========0========1=======2 set objRS = server.createobject("adodb.recordset") With objRS .open strSQLGetPollContent, datastore, , , adCmdText if not (.eof and .bof) then pollContent = .getrows .close End With set objRS = nothing Dim allowMultiple:allowMultiple = "" if pollContent(3,0) = 1 then allowMultiple = "checked" %> <% elseif allowPollEdit and (action="edit" or action="add") then %> <% if action = "edit" then Dim editChoice, editChoiceID, editCount editChoice = "" : editChoiceID = "" : editCount = "" set objRS = server.createobject("adodb.recordset") With objRS .open "SELECT choice, choiceID, counts FROM pgd_poll WHERE pollID="&Clng(pollID)&" AND ChoiceID="&Clng(choiceID) _ , datastore, , , adCmdText editChoice = HTMLEncode(""&.fields(0)) editChoiceID = .fields(1) editCount = .fields(2) .close End With set objRS = nothing end if%> <% else %> <% end if %>
<%= tmPollEditDesc %>
valign="top" class="c2"><%= tmName %> <%=( oriAuthor &"    ( "&oriEmail&" )") %>
class="c2"> <%= pollQDesc %> > <% if actionCarriedOut then %> * <%= pollQEditSuccess %>
<% end if %> class="radiocheck">  <%= pollAllowMulDesc %>
><%= pollOptionDesc %> > <% if isArray(pollContent) then %> <% for iOption = 0 to ubound(pollContent,2)%> <% next %>
<%= iOption + 1 %>. <%= HTMLEncode(""&pollContent(1,iOption)) %> (<%= pollContent(2,iOption) %>) <%= pollEditDesc %> <% if ubound(pollContent,2) <> 0 then %> <%= pollDelDesc %> <% end if %>
<% end if %>
><%= pollOptionDesc %> >   <% if action = "edit" then %> " name="counts" class="info" value="<%= editCount %>"> <% end if %>
colspan="2" align="center" class="subhead"><%= RightViolationMessage %>

<% if action <> "add" and action <> "edit" then %> <% end if %> <% if action<>"" then %> <% end if %>