<% Dim objRS, objCom Dim action, appid, m, allforum allforum = Application(dbName&"foruminfo") if request.form<>"" then if not fromThisDomain("rating.asp?") then response.redirect(forumdir&"first.asp?error=referer") response.end end if Dim rating m = request.form("m") rating = request.form("rating") appid = request.form("appid") Set objPermission = new PermissionSetting With objPermission .memID = memID .appid = appid .GetPermission(true) 'rights = .post Mode = .isModerator enableRating = .enableRating isRateAllowed = .rate End With Set objPermission = nothing if isRateAllowed then set objRS = server.createobject("adodb.recordset") With objRS .open "SELECT Mem FROM pgd_messages WHERE messageID = "&Clng(m)&" AND Mem = "&Clng(memID), datastore, , , adCmdText if not (.eof and .bof) then isRateAllowed = false end if .close End With set objRS = nothing end if if not isRateAllowed then response.end set objCom = server.createobject("adodb.command") With objCom .activeConnection = datastore .commandText = dbOwnerPrefix&"spRatePost" .commandType = adCmdStoredProc .Parameters.Append .Createparameter("@RETURN_VALUE", adInteger, adParamReturnValue, 0) .Parameters.Append .Createparameter("@int_msgID", adInteger, adParamInput, 0, m) .Parameters.Append .Createparameter("@int_Mem", adInteger, adParamInput, 0, MemID) .Parameters.Append .Createparameter("@rating", adInteger, adParamInput, 0, rating) .execute , , adExecuteNoRecords End With set objCom = nothing response.write ("") else %> <%= Application(dbName&"forumtitle") %> <%= OutputCSS() %> >
<% action = request.queryString("action") appid = request.queryString("appid") m = request.queryString("m") Dim enableRating, mode, isRateAllowed, isViewAllowed Dim rateErrorMsg:rateErrorMsg = RightViolationMessage '##### Test Permission code begin Dim objPermission Set objPermission = new PermissionSetting With objPermission .memID = memID .appid = appid .GetPermission(true) Mode = .isModerator enableRating = .enableRating isRateAllowed = .rate End With Set objPermission = nothing '##### Test Permission code end isViewAllowed = false Dim iRate SELECT Case action Case "rate" if isRateAllowed then set objRS = server.createobject("adodb.recordset") With objRS .open "SELECT Mem FROM pgd_RateTrack WHERE messageID = "&Clng(m)&" AND Mem = "&Clng(memID), datastore, , , adCmdText if not (.eof and .bof) then isRateAllowed = false rateErrorMsg = rateErrorDesc end if .close .open "SELECT Mem FROM pgd_messages WHERE messageID = "&Clng(m)&" AND Mem = "&Clng(memID), datastore, , , adCmdText if not (.eof and .bof) then isRateAllowed = false rateErrorMsg = rateErrorSelfDesc end if .close End With set objRS = nothing end if %>
<% if isRateAllowed then %> > <% else %> > <% end if %>
<%= tmRateThisDesc %>
<% for iRate = 5 to 1 step -1 %> <% next %>
> (<%= (iRate-3) %>)

<% if (mode or isAdmin) then %> <% end if %>
<%= rateErrorMsg %>

<% if (mode or isAdmin) then %> <% end if %>
<% Case "view" if (mode or isAdmin) then isViewAllowed = true if isViewAllowed then Dim allRaters, iRater set objRS = server.createobject("adodb.recordset") With objRS .open "SELECT r.mem, p.login, rating FROM pgd_RateTrack r inner join pgd_members p ON p.mem = r.mem WHERE r.messageID = "&CLng(m), datastore, , , adCmdText if not (.eof and .bof) then allRaters = .getrows .close End With set objRS = nothing %>
>
<%= rateViewDesc %>
<% if isArray (allRaters) then%> <% for iRater = 0 to ubound(allRaters,2) %> <% next %> <% else %> <% end if %>
<%= allRaters(1,iRater) %>

<%= rateViewNullDesc %>


<% end if End SELECT end if %>