form.asp example
<!--#include virtual="/data/security.asp"-->
<!--#include virtual="/html/htmllib.asp"-->
<!--#include virtual="/html/tables.asp"-->
<!--#include file="lib.asp"-->
<%
'------------------FOR DEMO USE ONLY----------------------------------
'-------- Copyright by Artem Saveliev artem@savelev.com --------------
'---------------------------------------------------------------------
Response.Expires = -120
dim action,typeid,folderid,asofdate,fileid,published
action = Request.QueryString("action")
if action = "select" or action="new" or action="edit" then
set itemslist = CreateObject("Scripting.Dictionary")
if action="new" or action="edit" then
dim rootrs,itemslist, formtext,editing,htmlbody,plainchecked,htmlchecked
'----creating/editing non-root item, create different form depending on file type
if action="edit" then
'-- editing
editing = true
fileid = clng(Request.QueryString("folder"))
set filers = getrs("select
published,objecttype,filecatalog.filename,type,asofdate,body from
filecatalog,files,filecatalogarticles where filecatalog.fileid *=
files.recno and filecatalog.fileid *= filecatalogarticles.recno and
filecatalog.recno="&fileid & " and compid = " & session("primeid"))
typeid = filers("objecttype")
if filers("published") then published = "checked"
if typeid = 1 then
description = filers("filename")
asofdate = filers("asofdate")
elseif typeid = 3 then
description = filers("filename")
asofdate = filers("asofdate")
htmlbody = filers("body")
texttype = filers("type")
if texttype = "Plain Text" then
plainchecked = "checked"
elseif texttype = "HTML" then
htmlchecked = "checked"
end if
elseif typeid = 6 then
description = filers("filename")
end if
filers.close
set filers = nothing
itemslist.Add "tabletitle","Edit item"
fileidformelement = "<input type=hidden fileid=" & fileid & ">"
fileidtext = "&fileid=" & fileid
folderid = clng(Request.QueryString("folder"))
elseif action="new" then
'-- creating
editing = false
plainchecked = "checked"
published = "checked"
htmlchecled = ""
typeid = clng(Request.QueryString("typeid"))
folderid = clng(Request.QueryString("folder"))
itemslist.Add "tabletitle","Create new item"
end if
if typeid = 1 then
'--- File
if editing then
'--- we do not replace old file with new uploaded one when editing, just replace description and date.
formtext = "<form " & _
"action='"&Request.ServerVariables("URL")&"?action=save&folder="&folderid&"&typeid="& typeid & fileidtext &"' " & _
"method='POST' id=form1 name=form1 " & _
"onsubmit=""if (this.description.value=='') {alert('Please enter Subject');this.description.focus();return false;}"">"
else
formtext = "<form ENCTYPE='MULTIPART/FORM-DATA'"&_
"action='/fileservice/upload.asp?pgname="&Request.ServerVariables("URL")&"&key="&session("userskey")&"&category=filecatalog' " & _
"method='POST' id=form1 name=form1 " & _
"onsubmit=""if (this.description.value=='') {alert('Please enter description');this.description.focus();return false;}"">" & _
"<input type=hidden name=typeid value=1>"&_
"<input type=hidden name=action value=save>"&_
"<input type=hidden name=folder value="&folderid&">" & fileidformelement
itemslist.Add "File","<input type=file name=file>"
end if
itemslist.Add "Description","<input type=text name=description value="""&description&""" size=50 maxlength=500>"
itemslist.Add "Document Date","<input type=text name=date value='"&asofdate&"' size=10 maxlength=255"& validatedate()&">" & calendar("form1.date")
if editing then
itemslist.Add "tablefooter","<center><input
type=submit width='300pt' style='width:300pt;' value='Update'
id=submit1 name=submit1></center>"
else
itemslist.Add "tablefooter","<center><input
type=submit width='300pt' style='width:300pt;' value='Upload'
id=submit1 name=submit1></center>"
end if
elseif typeid = 3 then
'--- Text
formtext = "<form " & _
"action='"&Request.ServerVariables("URL")&"?action=save&folder="&folderid&"&typeid="& typeid & fileidtext &"' " & _
"method='POST' id=form1 name=form1 " & _
"onsubmit=""if (this.description.value=='') {alert('Please enter Subject');this.description.focus();return false;}"">"
itemslist.Add "Subject","<input type=text name=description value="""&description&""" size=50 maxlength=500>"
itemslist.Add "Document Date","<input type=text name=date value='"&asofdate&"' size=10 maxlength=255"& validatedate()&">" & calendar("form1.date")
itemslist.Add "Format","<input type=radio name=format value='Plain Text' "&plainchecked&"> Plain Text</input> <input type=radio name=format value='HTML' "&htmlchecked&"> HTML</input>"
itemslist.Add "Text","<textarea cols=80 rows=25 name=text>"&htmlbody&"</textarea>"
if editing then
itemslist.Add "tablefooter","<center><input
type=submit width='300pt' style='width:300pt;' value='Update'
id=submit1 name=submit1></center>"
else
itemslist.Add "tablefooter","<center><input type=submit width='300pt' style='width:300pt;' value='Save' id=submit1 name=submit1></center>"
end if
elseif typeid = 6 then
'--- Folder
formtext = "<form " & _
"action='"&Request.ServerVariables("URL")&"?action=save&folder="&folderid&"&typeid="& typeid & fileidtext &"' " & _
"method='POST' id=form1 name=form1 " & _
"onsubmit=""if (this.description.value=='') {alert('Please enter Folder name');this.description.focus();return false;}"">"
itemslist.Add "Folder Name","<input type=text name=description value="""&description&""" size=50 maxlength=500>"
if editing then
itemslist.Add "tablefooter","<center><input
type=submit width='300pt' style='width:300pt;' value='Update'
id=submit1 name=submit1></center>"
else
itemslist.Add "tablefooter","<center><input
type=submit width='300pt' style='width:300pt;' value='Create'
id=submit1 name=submit1></center>"
end if
end if
itemslist.Add "Publish","<input type=checkbox name=published "&published&"> This item is available for viewing"
elseif action = "select" then
'--- Selecting type of item to create
if Request.QueryString("folder") = "" then
'----selecting new root item
itemslist.Add "tabletitle","Select Item Type"
set rootrs = getrs("select * from filecatalogtypes where root = 1 and not exists(select * from filecatalog where typeid=objecttype)")
do while not rootrs.eof
itemslist.Add "<a class=wizardactive href='"&Request.ServerVariables("URL")&"?action=save&typeid="&rootrs("typeid")&"'>"&rootrs("name")&"</a>",cstr(rootrs("description"))
rootrs.movenext
loop
elseif Request.QueryString("folder") <> "" then
folderid = clng(Request.QueryString("folder"))
'----selecting new non-root item
itemslist.Add "tabletitle","Select Item Type"
set rootrs = getrs("select * from filecatalogtypes where root is null")
do while not rootrs.eof
itemslist.Add "<a class=wizardactive href='"&Request.ServerVariables("URL")&"?action=new&folder="&folderid&"&typeid="&rootrs("typeid")&"'>"&rootrs("name")&"</a>",cstr(rootrs("description"))
rootrs.movenext
loop
end if
end if
%>
<html>
<head>
<title>
<%if editing then%>
Edit Catalog Item
<%else%>
Add File Catalog Item
<%end if%>
</title>
<LINK rel="stylesheet" type="text/css" href="/html/tables.css">
<SCRIPT LANGUAGE="JavaScript" SRC="/html/calendar.js"></SCRIPT>
<!--#include virtual="/html/jsverification.asp"-->
</head>
<body>
<%call gheader(339)%>
<center><H3>
<%if editing then%>
Edit Catalog Item
<%else%>
Add File Catalog Item
<%end if%>
</H3>
<%
if folderid <> 0 then Response.Write buildtree(folderid) & "<p>"
Response.write formtext
call drawtablefromdictionary(itemslist)
Response.Write "</form>"
footer
elseif action = "save" then
'--- DHTML stipper moved to dbutils
dim skey
if Request.Form("date") <> "" then asofdate = "'"&sqlstr(Request.Form("date"))&"'" else asofdate = "null"
if Request.Form("published") <> "" then published = "1" else published = "0"
if Request.QueryString("folder") = "" then
'--- Creating root folder
typeid = clng(Request.QueryString("typeid"))
sql = "insert into filecatalog (compid,objecttype) values ("&session("primeid")&","&typeid&")"
getcon().execute(sql)
Response.Redirect "list.asp"
elseif Request.QueryString("fileid") = "" then
'--- New Item
typeid = clng(Request.QueryString("typeid"))
folderid = clng(Request.QueryString("folder"))
skey = rKeyGen(80,false)
if typeid = 1 then
'--- File
'--- Special case for file upload (GET instead of POST here)
if Request.QueryString("date") <> "" then asofdate = "'"&sqlstr(Request.QueryString("date"))&"'" else asofdate = "null"
if Request.QueryString("published") <> "" then published = "1" else published = "0"
fileid = clng(Request.QueryString("file"))
c = getrs("select count(*) from files where recno = " & fileid & " and filepath = '" & Request.QueryString("key") & "'")(0)
if c = 0 then
Response.Write "Upload service returned wrong code for the file"
Response.End
else
sql = "insert into filecatalog (fileid,filename,parentid,compid,objecttype,asofdate,published,securekey) values("&fileid&",'"&sqlstr(Request.QueryString("description"))&"',"&folderid&","&session("primeid")&","&typeid&","&asofdate&","&published&",'"&skey&"')"
getcon().execute(sql)
sql = "update files set description = '" & sqlstr(Request.QueryString("description")) & "' where recno = " & fileid
getcon().execute(sql)
Response.Redirect "list.asp?idcol=" & folderid
end if
elseif typeid = 3 then
'--- Text
'--- TODO: add link into files table, so ppl could use articles as attachments to RFP/PR
'--- TODO2: Maybe actualy store the articles as files? +less database -no search,less security for now.
set con = getcon()
set rs = Server.CreateObject("adodb.recordset")
rs.Open "select type,body from filecatalogarticles",con, 2, 3
rs.AddNew
rs("body") = cleanhtml(Request.Form("text"))
rs("type") = Request.Form("format")
rs.Update
rs.Close
rs.Open "select @@IDENTITY",con, 2, 3
fileid = rs(0)
rs.Close
con.execute("insert into filecatalog (fileid,filename,parentid,compid,objecttype,asofdate,published,securekey) values("&fileid&",'"&sqlstr(Request.Form("description"))&"',"&folderid&","&session("primeid")&","&typeid&","&asofdate&","&published&",'"&skey&"')")
rs.Open "select @@IDENTITY",con, 2, 3
fileid = rs(0)
Response.Redirect "list.asp?idcol=" & fileid
elseif typeid = 6 then
'--- Folder
sql = "insert into filecatalog (filename,parentid,compid,objecttype,published,securekey) values('"&sqlstr(Request.Form("description"))&"',"&folderid&","&session("primeid")&","&typeid&","&published&",'"&skey&"')"
getcon().execute(sql)
Response.Redirect "list.asp?idcol=" & folderid
end if
else
'-- Update Item
typeid = clng(Request.QueryString("typeid"))
folderid = clng(Request.QueryString("folder"))
if typeid = 1 or typeid = 3 then fileid = getrs("select fileid from filecatalog where recno="&folderid&" and compid="&session("primeid"))(0)
if typeid = 1 then
'--- File
sql = "update filecatalog set filename = '"&sqlstr(Request.Form("description"))&"', asofdate= "&asofdate&", published="&published&" where recno="&folderid&" and compid="&session("primeid")
getcon().execute(sql)
sql = "update files set description = '" & sqlstr(Request.Form("description")) & "' where recno = " & fileid
getcon().execute(sql)
Response.Redirect "list.asp?idcol=" & folderid
elseif typeid = 3 then
'--- Text
set con = getcon()
set rs = Server.CreateObject("adodb.recordset")
rs.Open "select type,body from filecatalogarticles where recno="&fileid,con, 2, 3
rs("body") = cleanhtml(Request.Form("text"))
rs("type") = Request.Form("format")
rs.Update
rs.Close
sql = "update filecatalog set filename = '"&sqlstr(Request.Form("description"))&"', asofdate= "&asofdate&", published="&published&" where recno="&folderid&" and compid="&session("primeid")
con.execute(sql)
Response.Redirect "list.asp?idcol=" & folderid
elseif typeid = 6 then
'--- Folder
sql = "update filecatalog set filename = '"&sqlstr(Request.Form("description"))&"', published="&published&" where recno="&folderid&" and compid="&session("primeid")
getcon().execute(sql)
Response.Redirect "list.asp?idcol=" & folderid
end if
end if
elseif action = "delete" then
dim parent
folderid = clng(Request.QueryString("folder"))
parent = getrs("select parentid from filecatalog where recno = " & folderid)(0)
sql = "delete from filecatalog where recno = " & folderid & " and compid = " & session("primeid")
getcon().execute(sql)
Response.Redirect "list.asp?idcol=" & parent
end if
%>