-
Notifications
You must be signed in to change notification settings - Fork 0
/
script.asp
executable file
·342 lines (290 loc) · 12.6 KB
/
script.asp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
<%
'------------------------
' Initialize variables
'------------------------
dim DataConn ' Generic database connection
dim sectionWebMaster, ccWebMaster ' Webmaster email addresses
dim pageTitle ' Page title (in drop down)
'------------------------
' Initialize constants
'------------------------
NL = chr(13) & chr(10)
sectionNav = ""
sectionImg = "backgrd2.jpg"
CurrentNavPage = lcase(request.ServerVariables("PATH_INFO"))
if request.ServerVariables("QUERY_STRING") <> "" then CurrentNavPage = CurrentNavPage & "?" & request.ServerVariables("QUERY_STRING")
CurrentNavPage = lcase(CurrentNavPage)
DefaultNavPage = CurrentNavPage
ccWebMaster = ""
sectionWebMaster = getWebMaster()
'-----------------------
' Set section buttons
'-----------------------
SectionBtns = "<form><center><hr>" & NL & _
"<input type=button class=btnSetDefault name=setdefault value='Set Default' onClick=" & chr(34) & "setCookie('Page', curPage); alert('Your default page for the ' + curSection + ' section has been set to the current page.'); return false;" & chr(34) & " onMouseOver=" &chr(34)& " statmsg('Sets this as your default page for this section'); return true;" & chr(34) & "onMouseOut=" & chr(34) & "statmsg('')"& chr(34) & ">" & NL & _
"<hr><p><input type=button class=button value='Preferences' onClick=" &chr(34)& "window.location='../../preferences/content/default.asp'" &chr(34)& " onMouseOver=" &chr(34)& " statmsg('View and set your preferences'); return true;" & chr(34) & "onMouseOut=" & chr(34) & "statmsg('')"& chr(34) & " id=button1 name=button1>" & NL & _
"<p><input type=button class=button value='Quick email' onClick=" & chr(34) & "winTech=window.open('../../email.asp?editto=yes&footer=" & Server.URLEncode("INTRANET: Quick Email") & "', 'SendEmail','height=330,width=520,toolbar=0,location=0,directories=0,status=0,menubar=0,resizable=1, scrollbar=1'); return false;" & chr(34) & " onMouseOver=" &chr(34)& " statmsg('Send quick email to another Sark'); return true;" & chr(34) & "onMouseOut=" & chr(34) & "statmsg('')"& chr(34) & ">" & NL & _
"<p><input type=button class=button value='Feedback' onClick='SendFeedback()' onMouseOver=" &chr(34)& " statmsg('Send feedback email to webmaster(s).'); return true;" & chr(34) & "onMouseOut=" & chr(34) & "statmsg('')"& chr(34) & " id=button1 name=button1>" & NL & _
"</center></form>" & NL
'----------------------
' Debugging code
'----------------------
if Application("debug") then
response.write(NL & NL & "<!-- DEBUG:" & NL)
response.write("Variables:" & NL)
response.write(" Session('ID') = " & Session("ID") & NL)
response.write(" Session('Username') = '" & Session("Username") & "'" & NL)
response.write(" CurrentNavPage = '" & CurrentNavPage & "'" & NL)
' response.write("Application:" & NL)
' for each x in application.contents
' response.write(" " & lcase(x) & " = " & application(x) & NL)
' next
'
' response.write("Session:" & NL)
' for each x in session.contents
' response.write(" " & lcase(x) & " = " & session(x) & NL)
' next
'
response.write("Request.Form:" & NL)
for each x in request.form
response.write(" " & x & " = " & request.form(x) & NL)
next
response.write("Request.Querystring:" & NL)
for each x in request.querystring
response.write(" " & x & " = " & request.querystring(x) & NL)
next
response.write("Cookies:" & NL)
for each cookie in request.cookies
if not request.cookies(cookie).HasKeys then
response.write(" " & cookie & " = " & request.cookies(cookie) & NL)
else
for each key in request.cookies(cookie)
response.write(" " & cookie & " (" & key & ") = " & request.cookies(cookie)(key) & NL)
next
end if
next
response.write("-->" & NL & NL & NL)
end if
'----------------------
' Navigation builder
'----------------------
sub buildNavItem(Item, Url)
'--------------------------------------
' This routine builds the navigation
' select combo box entries
'--------------------------------------
SectionNav = SectionNav & " <option value='" & Url & "'"
Url = lcase("/" & Application("Web") & "/" & sectionDir & "/content/" & Url)
if left(CurrentNavPage, len(Url)) = Url then
SectionNav = SectionNav & " selected"
pageTitle = Item
else
'SectionNav = SectionNav & " url='" & Url & "' CurrentNavPage='" & CurrentNavPage & "' "
end if
SectionNav = SectionNav & ">" & Item & "</option>" & NL
end sub
'-------------------------------------------------------
' This procedure sets the webmaster to a lower detail
' (ex. the section web master) and copies anything in
' sectionWebMaster to ccWebMaster.
'-------------------------------------------------------
sub SetWebMaster(webmaster)
if ccWebMaster <> "" then ccWebMaster = ccWebMaster & ","
ccWebMaster = ccWebMaster & sectionWebMaster
sectionWebMaster = webmaster
end sub
'-------------------------------------------
' This procedure sends an email based
' upon parameters passed to the function.
'-------------------------------------------
sub SendMail (Subject, Recipients, CC, BodyTxt)
dim val, i, email
dim strTo, strCc
Set CDONTSmail = CreateObject("CDONTS.NewMail")
if session("Username") <> "" then CDONTSmail.From = Session("Username") & "@sark.com"
'The following line was discovered not to work on 4-6-2000
'if Session("Name") <> "" then CDONTSmail.From = Session("Name")
CDONTSmail.Subject = Subject
val = Recipients
i = InStr(val, ",")
while i > 0
email = left(val, i-1)
if InStr(email, "@") = 0 then email = email & "@sark.com"
strTo = strTo & email & ";"
val = trim(mid(val, i+1))
i = InStr(val, ",")
wend
if val <> "" then
if InStr(val, "@") = 0 then val = val & "@sark.com"
strTo = strTo & val
end if
CDONTSmail.To = strTo
val = CC
i = InStr(val, ",")
while i > 0
email = left(val, i-1)
if InStr(email, "@") = 0 then email = email & "@sark.com"
strCc = strCc & email & ";"
val = trim(mid(val, i+1))
i = InStr(val, ",")
wend
if val <> "" then
if InStr(val, "@") = 0 then val = val & "@sark.com"
strCc = strCc & val
end if
CDONTSmail.Cc = strCc
CDONTSmail.Body = BodyTxt
CDONTSmail.Send
set CDONTSmail = nothing
end sub
'------------------------------------------------------------------
' This function replaces all '+' characters in a URLEncoded string
' into the '%20' string. There have been problems when attempting to
' download a document, when its name has embedded spaces i.e. "This File.doc".
' The URLEncode method properly converts the spaces to '+' characters
' i.e. "This+File%2Edoc". However, the web server can't find the encoded document.
' The web server is able to find "This%20File%2Edoc".
'----------------------------------------------------------------
function PlusToHex(val)
PlusToHex = Replace(val, "+", "%20")
end function
'----------------------------------------------------------------------------------
' Determines if the current user is the Branch manager, in sales or an account mgr.
' If so, they have permission to use the consultant skills search page.
'----------------------------------------------------------------------------------
'function CanSearchSkills
' 'If IsNull(Session("sessCanSearchSkills")) Then
'
' sql = "SELECT e.employeeid FROM employee e, Employee_Title et " _
' & "WHERE e.Username = '" & Lcase(session("Username")) & "' AND (e.Username = 'cdolan' OR e.Username = 'kdolan') " _
' & " AND e.EmployeeTitle_ID = et.Employee_Title_ID " _
' & " AND (title_function_id IN ('A','S') OR (title_function_id ='C' AND title_level >= 5)) "
' set rs = DBQuery(sql)
'
' If Not rs.eof Then
' Session("sessCanSearchSkills")=True
' Else
' Session("sessCanSearchSkills")=False
' End If
'
' rs.close
' set rs=Nothing
' 'End If
'
' If Lcase(session("Username"))="dpodnar" Then
' Session("sessCanSearchSkills")=True ' Used for production testing
' End If
'
' CanSearchSkills = Session("sessCanSearchSkills")
'end function
'-------------------------------------
' This procedure opens the generic
' database connection as necessary.
'-------------------------------------
sub DBConnect
if isempty(DataConn) then
set DataConn = Server.CreateObject("ADODB.Connection")
DataConn.ConnectionTimeout = Application("DataConn_ConnectionTimeout")
DataConn.CommandTimeout = Application("DataConn_CommandTimeout")
DataConn.Open Application("DataConn_ConnectionString"), Application("DataConn_RuntimeUserName"), Application("DataConn_RuntimePassword")
if Application("debug") then response.write(NL & "<!-- DEBUG: Database connection opened -->" & NL)
end if
end sub
'----------------------------------------------------------
' This function strips out invalid characters that could
' disrupt the SQL statement when executing.
'----------------------------------------------------------
function Clean(val)
Clean = Replace(val, "'", "''")
end function
'-----------------------------------------------------------
' This function executes a sql query against a database,
' creating a new database connection as necessary.
' It returns a recordset object as a result of the query.
'-----------------------------------------------------------
function DBQuery(sql)
DBConnect
if Application("debug") then Response.Write(NL & "<!-- DEBUG: Executing sql = " & chr(34) & sql & chr(34) & " -->" & NL)
set DBQuery = DataConn.execute(sql)
end function
'---------------------------------------------------------------
' This function executes a sql query (once per day, per key)
' and caches it for later user (in the Application object).
' This is useful to reduce the number of database hits on
' common queries with few data updates.
'---------------------------------------------------------------
function DBCachedQuery(key, sql)
dim UpdateRecs
UpdateRecs = not (Application(key & "_date") = Date)
if UpdateRecs then
DBConnect
Set rsCustomRec = Server.CreateObject("ADODB.Recordset")
rsCustomRec.CursorLocation = adUseClient ' This is usable disconnected
rsCustomRec.Open sql, DataConn, adOpenStatic, AdLockReadOnly
rsCustomRec.ActiveConnection = Nothing ' Disconnect the Recordset
Application.Lock
Set Application(key) = rsCustomRec
Application(key & "_date") = Date
Application.Unlock
end if
Set DBCachedQuery = Application(key).Clone
end function
'--------------------------------------------
' This procedure clears a cached recordset
' from the application object.
'--------------------------------------------
sub DBClearCachedQuery(key)
Application.Lock
set Application(key) = nothing
Application(key & "_date") = ""
Application.UnLock
end sub
'---------------------------------------------
' Security functions
'---------------------------------------------
' hasRole returns true if the current user has been assigned the specified role
Function hasRole(role)
'Guest user has no rights
if isNull(Session("ID")) or Session("ID") = "" or Session("isGuest") then
hasRole = false
Exit Function
end if
'Check for webmaster (has all privileges)
sql="SELECT COUNT(*) as roleCount FROM Security_User_Roles ur, Security_Roles r " & _
"WHERE " & _
"ur.role_id = r.role_id " & _
"AND rtrim(upper(r.role_name)) = 'WEBMASTER' " & _
"AND employee_id=" & Session("ID")
set rsRole = DBQuery(sql)
if not IsNull(rsRole) and not IsNull(rsRole("roleCount")) and rsRole("roleCount") <> "" and rsRole("roleCount") > 0 then
hasRole = true
Exit Function
end if
' Check for normal grants
sql="SELECT COUNT(*) as roleCount FROM Security_User_Roles ur, Security_Roles r " & _
"WHERE " & _
"ur.role_id = r.role_id " & _
"AND rtrim(upper(r.role_name)) = '" & trim(ucase(role)) & "' " & _
"AND employee_id=" & Session("ID")
set rsRole = DBQuery(sql)
if not IsNull(rsRole) and not IsNull(rsRole("roleCount")) and rsRole("roleCount") <> "" and rsRole("roleCount") > 0 then
hasRole = true
else
hasRole = false
end if
End Function
' Returns the first user with WebMaster privileges
Function getWebMaster
sql = "SELECT username FROM Employee e, Security_User_Roles ur, Security_Roles r " & _
"WHERE e.employeeid = ur.employee_id " & _
"AND ur.role_id = r.role_id " & _
"AND upper(r.role_name)='WEBMASTER' " & _
"ORDER BY e.employeeid"
set rsWM = DBQuery(sql)
if not rsWM.eof then
getWebMaster = rsWM("username")
else
getWebMaster = ""
end if
End Function
%>