<%
Dim objRS, objCom
Dim action, appid, m, allforum
allforum = Application(dbName&"foruminfo")
if request.form<>"" then
if not fromThisDomain("rating.asp?") then
response.redirect(forumdir&"first.asp?error=referer")
response.end
end if
Dim rating
m = request.form("m")
rating = request.form("rating")
appid = request.form("appid")
Set objPermission = new PermissionSetting
With objPermission
.memID = memID
.appid = appid
.GetPermission(true)
'rights = .post
Mode = .isModerator
enableRating = .enableRating
isRateAllowed = .rate
End With
Set objPermission = nothing
if isRateAllowed then
set objRS = server.createobject("adodb.recordset")
With objRS
.open "SELECT Mem FROM pgd_messages WHERE messageID = "&Clng(m)&" AND Mem = "&Clng(memID), datastore, , , adCmdText
if not (.eof and .bof) then
isRateAllowed = false
end if
.close
End With
set objRS = nothing
end if
if not isRateAllowed then response.end
set objCom = server.createobject("adodb.command")
With objCom
.activeConnection = datastore
.commandText = dbOwnerPrefix&"spRatePost"
.commandType = adCmdStoredProc
.Parameters.Append .Createparameter("@RETURN_VALUE", adInteger, adParamReturnValue, 0)
.Parameters.Append .Createparameter("@int_msgID", adInteger, adParamInput, 0, m)
.Parameters.Append .Createparameter("@int_Mem", adInteger, adParamInput, 0, MemID)
.Parameters.Append .Createparameter("@rating", adInteger, adParamInput, 0, rating)
.execute , , adExecuteNoRecords
End With
set objCom = nothing
response.write ("")
else
%>
<%= Application(dbName&"forumtitle") %>
<%= OutputCSS() %>
>
<%
action = request.queryString("action")
appid = request.queryString("appid")
m = request.queryString("m")
Dim enableRating, mode, isRateAllowed, isViewAllowed
Dim rateErrorMsg:rateErrorMsg = RightViolationMessage
'##### Test Permission code begin
Dim objPermission
Set objPermission = new PermissionSetting
With objPermission
.memID = memID
.appid = appid
.GetPermission(true)
Mode = .isModerator
enableRating = .enableRating
isRateAllowed = .rate
End With
Set objPermission = nothing
'##### Test Permission code end
isViewAllowed = false
Dim iRate
SELECT Case action
Case "rate"
if isRateAllowed then
set objRS = server.createobject("adodb.recordset")
With objRS
.open "SELECT Mem FROM pgd_RateTrack WHERE messageID = "&Clng(m)&" AND Mem = "&Clng(memID), datastore, , , adCmdText
if not (.eof and .bof) then
isRateAllowed = false
rateErrorMsg = rateErrorDesc
end if
.close
.open "SELECT Mem FROM pgd_messages WHERE messageID = "&Clng(m)&" AND Mem = "&Clng(memID), datastore, , , adCmdText
if not (.eof and .bof) then
isRateAllowed = false
rateErrorMsg = rateErrorSelfDesc
end if
.close
End With
set objRS = nothing
end if
%>
<%= tmRateThisDesc %>
<%
Case "view"
if (mode or isAdmin) then isViewAllowed = true
if isViewAllowed then
Dim allRaters, iRater
set objRS = server.createobject("adodb.recordset")
With objRS
.open "SELECT r.mem, p.login, rating FROM pgd_RateTrack r inner join pgd_members p ON p.mem = r.mem WHERE r.messageID = "&CLng(m), datastore, , , adCmdText
if not (.eof and .bof) then allRaters = .getrows
.close
End With
set objRS = nothing
%>
<%= rateViewDesc %>
>
<% if isArray (allRaters) then%>
<% for iRater = 0 to ubound(allRaters,2) %>
+3) %>.gif)