<% Function MakeHTMLValue(szVal) Dim i Dim szRet for i = 1 to Len(szVal) ch = Mid(szVal, i, 1) if ch = " " Then szRet = szRet & "%20" elseif ch = "&" Then szRet = szRet & "%26" elseif ch = "#" Then szRet = szRet & "%23" elseif ch = """" Then szRet = szRet & "%22" elseif ch = ";" Then szRet = szRet & "%3B" elseif ch = ":" Then szRet = szRet & "%3A" elseif ch = "'" Then szRet = szRet & "%27" else szRet = szRet & Mid(szVal, i, 1) end if next MakeHTMLValue = szRet End Function Function VerifyText(szVal) Dim i Dim szRet szRet = 1 for i = 1 to Len(szVal) ch = Ucase(Mid(szVal, i, 1)) If ch<"A" Or ch>"Z" Then if ch<"0" or ch>"9" Then szRet=0 end if End if next VerifyText = szRet End Function If Request.TotalBytes > 0 Then ' Data odeslana metodou POST SesID = Request.Form("SesID") SesUser = Request.Form("SesUser") SesIP = Request.ServerVariables("REMOTE_HOST") Status = Request.Form("Status") ' Login or Show RetDoc = Request.Form("RetDoc") If IsNull(RetDoc) Or RetDoc="" Then RetDoc="../Welcome.htm" LogUser = Request.Form("LogUser") LogPwd = Request.Form("LogPwd") Else ' Data odeslana metodou GET nebo volanim SesID = Request.QueryString("SesID") SesUser = Request.QueryString("SesUser") SesIP = Request.ServerVariables("REMOTE_HOST") Status = Request.QueryString("Status") RetDoc = Request.QueryString("RetDoc") If IsNull(RetDoc) Or RetDoc="" Then RetDoc="../Welcome.htm" LogUser = Request.QueryString("LogUser") LogPwd = Request.QueryString("LogPwd") End If Session.timeout = 1 If IsObject(Session("INEERTOP_conn")) Then Set conn = Session("INEERTOP_conn") Else Set conn = Server.CreateObject("ADODB.Connection") ' Open database with DSN conn.open "IneerDB", "webuser", "webdir" Set Session("INEERTOP_conn") = conn End If Prava = 0 SOS = "" JeOpenRS = 0 JeOpenRM = 0 JeOpenRMA = 0 If (Not IsNull(SesID)) And (Not SesID="") then sql = "SELECT Sessions.* FROM Sessions WHERE (((Sessions.SID)=" & SesID & "));" Set rs = Server.CreateObject("ADODB.Recordset") rs.Open sql, conn, 3, 3 JeOpenRS = 1 if rs.EOF then SOS=SOS & "
Error - Not existing session number: " & SesID & "" else if (Not Ucase(SesUser)=Ucase(rs.Fields("SUserName").Value)) Or (Not SesIP=rs.Fields("SIP").Value) then SOS=SOS & "
Error - Session identification failture" else If (0=rs.Fields("SActive").Value) Or (DateDiff("n",rs.Fields("SLastTime").Value,Now())>60) Then SOS=SOS & "
Error - Session timeout" Else Prava = rs.Fields("SGroup").Value rs.Fields("SLastTime").Value = Now() rs.Update rs.Requery End If end if end if If Not SOS="" Then SesID = "" SesUser = "" End If Else sql = "SELECT Sessions.* FROM Sessions;" Set rs = Server.CreateObject("ADODB.Recordset") rs.Open sql, conn, 3, 3 JeOpenRS = 1 End If If (Not IsNull(LogUser)) And (Not LogUser="") Then If IsNull(LogPwd) Or LogPwd="" Then SOS=SOS & "
Error - Password not written" Else sql = "SELECT Users.* FROM Users WHERE (((Users.UserName)='" & LogUser & "'));" Set ru = Server.CreateObject("ADODB.Recordset") ru.Open sql, conn, 3, 3 JeOpenRU = 1 If ru.EOF Then SOS=SOS & "
Error - Unknown user: " & LogUser & "" Else If (Not LogPwd=ru.Fields("UPassword").Value) Or (Not Len(LogPwd)=Len(ru.Fields("UPassword").Value)) Then SOS=SOS & "
Error - Wrong password: " & LogPwd & "" Else If (Not ru.Fields("UISC").Value=True) Then SOS=SOS & "
Error - User is not ISC Member!" Else SOS = "" Prava=ru.Fields("UGroup").Value If (Not IsNull(SesID)) And (Not SesID="") Then rs.Fields("SActive").Value = 0 rs.Update rs.Requery End If SesUser = LogUser rs.AddNew rs.Fields("SUserName").Value = LogUser rs.Fields("SGroup").Value = ru.Fields("UGroup").Value rs.Fields("SIP").Value = SesIP rs.Update rs.Requery sql = "SELECT Sessions.* FROM Sessions WHERE (((Sessions.SUserName)='" & SesUser & "') AND ((Sessions.SIP)='" & SesIP & "')) ORDER BY Sessions.SStartTime DESC;" Set rs = Server.CreateObject("ADODB.Recordset") rs.Open sql, conn, 3, 3 SesID = rs.Fields("SID").Value JeOpenRS = 1 End If End If End If End If End If If IsNull(Status) Or Status="" Then SOS=SOS & "
Error - Unknown request: " & Status & "" End If If not JeOpenRU=1 Then sql = "SELECT Users.* FROM Users WHERE (((Users.UserName)='" & SesUser & "'));" Set ru = Server.CreateObject("ADODB.Recordset") ru.Open sql, conn, 3, 3 JeOpenRU = 1 If ru.EOF then SOS=SOS & "
Error - Not existing user: " & SesUser & "" End If End If If Not SOS="" Then %>

An Error accured: <%=SOS%>


<% Response.End Else S = ru.Fields("UFirstName").Value & " " & ru.Fields("UMiddleName").Value & " " & UCase(ru.Fields("USurname").Value) End If %> <% sql = "SELECT Users.*, Message.* FROM Users RIGHT JOIN Message ON Users.UserName = Message.MUser WHERE (((Message.MDateTo)>=getdate()) AND ((Message.MActive)=1) AND ((Message.MMaster)=0)) ORDER BY Message.MDateFrom DESC , Message.MDateTo DESC;" Set rm = Server.CreateObject("ADODB.Recordset") rm.Open sql, conn, 3, 3 JeOpenRM = 1 If rm.EOF Then %> <% Else do while not rm.EOF SU = "" SU = SU & rm.Fields("UFirstName").Value & " " & rm.Fields("UMiddleName").Value & " " & UCase(rm.Fields("USurname").Value) SU = SU & "" If (Prava=2) Or (UCase(SesUser)=UCase(rm.Fields("MUser").Value)) Then SA = "NewMessage.asp?MMaster=" & rm.Fields("MMaster").Value & "&MID=" & rm.Fields("MID").Value & "&SesID=" & SesID & "&SesUser=" & SesUser& "&Status=Login&RetDoc=" & MakeHTMLValue(RetDoc) Else SA = "NewMessage.asp?MMaster=" & rm.Fields("MMaster").Value & "&MID=" & rm.Fields("MID").Value & "&SesID=" & SesID & "&SesUser=" & SesUser& "&Status=Show&RetDoc=" & MakeHTMLValue(RetDoc) End If SM = rm.Fields("MText").Value If Len(SM) > 250 Then N = InStr(250, SM, " ") If N > 0 Then SM = Left(SM, N) & "..." Else SM = SM & "" End If End If %> <% sql = "SELECT Users.*, Message.* FROM Users RIGHT JOIN Message ON Users.UserName = Message.MUser WHERE (((Message.MMaster)=" & rm.Fields("MID").Value & ") AND ((Message.MActive)=1)) ORDER BY Message.MDateFrom DESC , Message.MDateTo DESC;" Set rma = Server.CreateObject("ADODB.Recordset") rma.Open sql, conn, 3, 3 JeOpenRMA = 1 Do while not rma.EOF SU = "" SU = SU & rma.Fields("UFirstName").Value & " " & rma.Fields("UMiddleName").Value & " " & UCase(rma.Fields("USurname").Value) SU = SU & "" If (Prava=2) Or (UCase(SesUser)=UCase(rma.Fields("MUser").Value)) Then SA = "NewMessage.asp?MMaster=" & rma.Fields("MMaster").Value & "&MID=" & rma.Fields("MID").Value & "&SesID=" & SesID & "&SesUser=" & SesUser& "&Status=Login&RetDoc=" & MakeHTMLValue(RetDoc) Else SA = "NewMessage.asp?MMaster=" & rma.Fields("MMaster").Value & "&MID=" & rma.Fields("MID").Value & "&SesID=" & SesID & "&SesUser=" & SesUser& "&Status=Show&RetDoc=" & MakeHTMLValue(RetDoc) End If SM = rma.Fields("MText").Value If Len(SM) > 250 Then N = InStr(250, SM, " ") If N > 0 Then SM = Left(SM, N) & "..." Else SM = SM & "" End If End If %> <% rma.MoveNext loop rm.MoveNext loop End If If JeOpenRS Then rs.close Set rs = nothing End If If JeOpenRU Then ru.close Set ru = nothing End If If JeOpenRM Then rm.close Set rm = nothing End If If JeOpenRMA Then rma.close Set rma = nothing End If %>
ICEE - ISC Communication system
Current User: <%=S%>
No messages vailable!
<%=rm.Fields("MDateFrom").Value%> Full text <%=rm.Fields("MTitle").Value%>
<%=SM%>
By: <%=SU%>, valid to: <%=rm.Fields("MDateTo").Value%>
" Action="NewMessage.asp" METHOD=POST> ">
Answer Full text <%=rma.Fields("MTitle").Value%>
<%=SM%>
By: <%=SU%>, <%=rma.Fields("MDateFrom").Value%>

Output from iNEER web system prepared on: <%=Now()%>