<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>
<%
' *** Logout the current user.
MM_Logout = CStr(Request.ServerVariables("URL")) & "?MM_Logoutnow=1"
If (CStr(Request("MM_Logoutnow")) = "1") Then
  Session.Contents.Remove("MM_Username")
  Session.Contents.Remove("MM_Fullname")
  Session.Contents.Remove("MM_EmailAdd")
  Session.Contents.Remove("MM_UserAuthorization")
  Session.Contents.Remove("MM_UID")
  MM_logoutRedirectPage = "index.asp"
  ' redirect with URL parameters (remove the "MM_Logoutnow" query param).
  if (MM_logoutRedirectPage = "") Then MM_logoutRedirectPage = CStr(Request.ServerVariables("URL"))
  If (InStr(1, UC_redirectPage, "?", vbTextCompare) = 0 And Request.QueryString <> "") Then
    MM_newQS = "?"
    For Each Item In Request.QueryString
      If (Item <> "MM_Logoutnow") Then
        If (Len(MM_newQS) > 1) Then MM_newQS = MM_newQS & "&"
        MM_newQS = MM_newQS & Item & "=" & Server.URLencode(Request.QueryString(Item))
      End If
    Next
    if (Len(MM_newQS) > 1) Then MM_logoutRedirectPage = MM_logoutRedirectPage & MM_newQS
  End If
  Response.Redirect(MM_logoutRedirectPage)
End If
%>
<!--#include file="Connections/Forum.asp" -->
<%
' *** Restrict Access To Page: Grant or deny access to this page
MM_authorizedUsers="0,5,10,50"
MM_authFailedURL="index.asp?Error=Levels"
MM_grantAccess=false
If Session("MM_Username") <> "" Then
  If (false Or CStr(Session("MM_UserAuthorization"))="") Or _
         (InStr(1,MM_authorizedUsers,Session("MM_UserAuthorization"))>=1) Then
    MM_grantAccess = true
  End If
End If
If Not MM_grantAccess Then
  MM_qsChar = "?"
  If (InStr(1,MM_authFailedURL,"?") >= 1) Then MM_qsChar = "&"
  MM_referrer = Request.ServerVariables("URL")
  if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?" & Request.QueryString()
  MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" & Server.URLEncode(MM_referrer)
  Response.Redirect(MM_authFailedURL)
End If
%>
<%
Dim MM_editAction
MM_editAction = CStr(Request.ServerVariables("SCRIPT_NAME"))
If (Request.QueryString <> "") Then
  MM_editAction = MM_editAction & "?" & Server.HTMLEncode(Request.QueryString)
End If

' boolean to abort record edit
Dim MM_abortEdit
MM_abortEdit = false
%>
<%
' IIf implementation
Function MM_IIf(condition, ifTrue, ifFalse)
  If condition = "" Then
    MM_IIf = ifFalse
  Else
    MM_IIf = ifTrue
  End If
End Function
%>
<%
If (CStr(Request("MM_insert")) = "form2") Then
  If (Not MM_abortEdit) Then
    ' execute the insert
    Dim MM_editCmd

    Set MM_editCmd = Server.CreateObject ("ADODB.Command")
    MM_editCmd.ActiveConnection = MM_Forum_STRING
    MM_editCmd.CommandText = "INSERT INTO hcforum.topics (TopicHeader, Topic, CatID, UID, TopicDate) VALUES (?, ?, ?, ?, ?)" 
    MM_editCmd.Prepared = true
    MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param1", 201, 1, 55, Request.Form("txtTopicHeader")) ' adLongVarChar
    MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param2", 201, 1, -1, Request.Form("txtTopic")) ' adLongVarChar
    MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param3", 5, 1, -1, MM_IIF(Request.Form("txtCatID"), Request.Form("txtCatID"), null)) ' adDouble
    MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param4", 5, 1, -1, MM_IIF(Request.Form("txtUID"), Request.Form("txtUID"), null)) ' adDouble
    MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param5", 135, 1, -1, MM_IIF(Request.Form("txtDate"), Request.Form("txtDate"), null)) ' adDBTimeStamp
    MM_editCmd.Execute
    MM_editCmd.ActiveConnection.Close

    ' append the query string to the redirect URL
    Dim MM_editRedirectUrl
    MM_editRedirectUrl = "index.asp"
    If (Request.QueryString <> "") Then
      If (InStr(1, MM_editRedirectUrl, "?", vbTextCompare) = 0) Then
        MM_editRedirectUrl = MM_editRedirectUrl & "?" & Request.QueryString
      Else
        MM_editRedirectUrl = MM_editRedirectUrl & "&" & Request.QueryString
      End If
    End If
    Response.Redirect(MM_editRedirectUrl)
  End If
End If
%>
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString <> "" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request.QueryString)
MM_valUsername = CStr(Request.Form("txtUsername"))
If MM_valUsername <> "" Then
  Dim MM_fldUserAuthorization
  Dim MM_redirectLoginSuccess
  Dim MM_redirectLoginFailed
  Dim MM_loginSQL
  Dim MM_rsUser
  Dim MM_rsUser_cmd
  
  MM_fldUserAuthorization = "AccessID"
  MM_redirectLoginSuccess = "index.asp"
  MM_redirectLoginFailed = "index.asp?Error=InvUID"

  MM_loginSQL = "SELECT UID, Username, Password, FirstName, Surname, EmailAddress, ActivationKey"
  If MM_fldUserAuthorization <> "" Then MM_loginSQL = MM_loginSQL & "," & MM_fldUserAuthorization
  MM_loginSQL = MM_loginSQL & " FROM hcforum.users WHERE Username = ? AND Password = ?"
  Set MM_rsUser_cmd = Server.CreateObject ("ADODB.Command")
  MM_rsUser_cmd.ActiveConnection = MM_Forum_STRING
  MM_rsUser_cmd.CommandText = MM_loginSQL
  MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param1", 200, 1, 100, MM_valUsername) ' adVarChar
  MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param2", 200, 1, 100, Request.Form("txtPassword")) ' adVarChar
  MM_rsUser_cmd.Prepared = true
  Set MM_rsUser = MM_rsUser_cmd.Execute

  If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then 
    ' username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername
	Session("MM_FullName") = MM_rsUser.Fields.Item("FirstName").Value + " " + MM_rsUser.Fields.Item("Surname").Value
	Session("MM_EmailAdd") = MM_rsUser.Fields.Item("EmailAddress").Value
	Session("MM_UID") = MM_rsUser.Fields.Item("UID").Value

    If (MM_fldUserAuthorization <> "") AND (MM_rsUser.Fields.Item("ActivationKey").Value = "") Then
      Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
    Else
      Session("MM_UserAuthorization") = "#"
    End If
    if CStr(Request.QueryString("accessdenied")) <> "" And true Then
      MM_redirectLoginSuccess = Request.QueryString("accessdenied")
    End If
    MM_rsUser.Close
    Response.Redirect(MM_redirectLoginSuccess)
  End If
  MM_rsUser.Close
  Response.Redirect(MM_redirectLoginFailed)
End If
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>| The Glass Forum | Powered By Hayden Craft |</title>
<link href="styles/style.css" rel="stylesheet" type="text/css" />
</head>

<body>
<table width="800" height="334" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF" class="main_border">
  <tr>
    <td width="450" height="100" background="_images/header_bg.jpg"><img src="_images/header.jpg" alt="Hayden Craft" width="450" height="100" border="0" /></td>
    <td width="348" align="center" valign="middle" background="_images/header_bg.jpg"><%= Advert %></td>
  </tr>
  <tr>
    <td height="24" colspan="2" align="center" class="nav_bar"><a href="index.asp">| Forum Home |</a><a href="http://www.haydencraft.co.za">| Our Home Page |</a><a href="http://www.haydencraft.co.za/contacts.htm">| Contact Us |</a></td>
  </tr>
  <tr>
    <td height="179" colspan="2" valign="top"><table width="100%" height="289" border="0" class="main_border">
      <tr>
        <td height="15" align="left" valign="top" class="SidebarItems"><div align="center" class="Header">Welcome to The Glass Forum</div></td>
      </tr>
      <tr>
        <td height="24" align="center" valign="top">
		<% If Session("MM_Username") = "" Then %>
		<form id="form1" name="form1" method="POST" action="<%=MM_LoginAction%>">
            Username: 
            <input name="txtUsername" type="text" class="box_text" id="txtUsername" />
             Password:  
             <input name="txtPassword" type="password" class="box_text" id="txtPassword" />
             <br />
             <input name="Submit" type="submit" class="box_text" value="Login" />
              <br />
              [<a href="forgotpassword.asp">Forgot my password</a>]
        [<a href="register.asp">Register</a>] 
        </form>
You	are welcome to view this forum. If you wish to post a comment or start a new topic, you will be required to log in first.<br />
If you do not yet have a username and password, please <a href="register.asp">click here</a> to register. <%Else%>
You are logged in as <%= Session("MM_FullName") %>. [<a href="<%= MM_Logout %>">Logout</a>]
<%End If%></td>
        </tr>
      <tr>
        <td height="236" align="left" valign="top"><table width="100%" height="228" border="1" cellpadding="0" cellspacing="0" bordercolor="#FFFFFF" bgcolor="#FFFFFF" class="main_border">
          <tr>
            <td height="13"><div align="center" class="whats_hot">The Glass Forum </div></td>
            </tr>
		
          <tr>
            <td height="15" align="center" valign="middle" class="Category_Red">Post a new topic <span class="discount_text"></span></td>
            </tr>
          
          
		  <tr>
            <td height="183" align="center" valign="top" bgcolor="#CCCCCC"><form id="form2" name="form2" method="POST" action="<%=MM_editAction%>">
              <table width="403" height="26" border="0" cellpadding="0" cellspacing="0">
                <tr>
                  <td width="73" height="13">Topic Subject </td>
                  <td width="330"><input name="txtTopicHeader" type="text" class="box_text" id="txtTopicHeader" size="55" maxlength="55" /></td>
                </tr>
                <tr>
                  <td>Topic</td>
                  <td><textarea name="txtTopic" cols="52" rows="10" class="box_text" id="txtTopic"></textarea></td>
                </tr>
                <tr>
                  <td><input name="Submit2" type="reset" class="box_text" value="Reset" /></td>
                  <td><input name="Submit3" type="submit" class="box_text" value="Submit" />
                    <input name="txtCatID" type="hidden" id="txtCatID" value="<%= Request.QueryString("Cat") %>" />
                    <input name="txtUID" type="hidden" id="txtUID" value="<%= Session("MM_UID") %>" />
                    <input name="txtDate" type="hidden" id="txtDate" value="<%= Date() & " " & Time() %>" /></td>
                </tr>
              </table>
              
              <input type="hidden" name="MM_insert" value="form2">
            </form>            </td>
            </tr>
		  
        </table></td>
      </tr>
    </table></td>
  </tr>
  <tr>
    <td height="26" colspan="2" align="right" valign="top"><p class="footer">&copy;  2006 Hayden Craft<br />
      Proudly designed by Brendan Hayden </p></td>
  </tr>
</table>
</body>
</html>