<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>
<%
' *** Restrict Access To Page: Grant or deny access to this page
MM_authorizedUsers="0,5,10,50"
MM_authorizedAdmin="0,5"
MM_authFailedURL="index.asp?Error=Levels"
MM_grantAccess=false
MM_IsAdmin=false
If Session("MM_Username") <> "" Then
  If (false Or CStr(Session("MM_UserAuthorization"))="") Or _
         (InStr(1,MM_authorizedUsers,Session("MM_UserAuthorization"))>=1) Then
    MM_grantAccess = true
  End If
End If
If Session("MM_Username") <> "" Then
  If (false Or CStr(Session("MM_UserAuthorization"))="") Or _
         (InStr(1,MM_authorizedAdmin,Session("MM_UserAuthorization"))>=1) Then
    MM_IsAdmin = true
  End If
End If
%>

<%
' *** Logout the current user.
MM_Logout = CStr(Request.ServerVariables("URL")) & "?MM_Logoutnow=1"
If (CStr(Request("MM_Logoutnow")) = "1") Then
  Session.Contents.Remove("MM_Username")
  Session.Contents.Remove("MM_Fullname")
  Session.Contents.Remove("MM_EmailAdd")
  Session.Contents.Remove("MM_UserAuthorization")
  Session.Contents.Remove("MM_UID")
  MM_logoutRedirectPage = "index.asp"
  ' redirect with URL parameters (remove the "MM_Logoutnow" query param).
  if (MM_logoutRedirectPage = "") Then MM_logoutRedirectPage = CStr(Request.ServerVariables("URL"))
  If (InStr(1, UC_redirectPage, "?", vbTextCompare) = 0 And Request.QueryString <> "") Then
    MM_newQS = "?"
    For Each Item In Request.QueryString
      If (Item <> "MM_Logoutnow") Then
        If (Len(MM_newQS) > 1) Then MM_newQS = MM_newQS & "&"
        MM_newQS = MM_newQS & Item & "=" & Server.URLencode(Request.QueryString(Item))
      End If
    Next
    if (Len(MM_newQS) > 1) Then MM_logoutRedirectPage = MM_logoutRedirectPage & MM_newQS
  End If
  Response.Redirect(MM_logoutRedirectPage)
End If
%>
<!--#include file="Connections/Forum.asp" -->
<%
Dim MM_editAction
MM_editAction = CStr(Request.ServerVariables("SCRIPT_NAME"))
If (Request.QueryString <> "") Then
  MM_editAction = MM_editAction & "?" & Server.HTMLEncode(Request.QueryString)
End If

' boolean to abort record edit
Dim MM_abortEdit
MM_abortEdit = false
%>
<%
' IIf implementation
Function MM_IIf(condition, ifTrue, ifFalse)
  If condition = "" Then
    MM_IIf = ifFalse
  Else
    MM_IIf = ifTrue
  End If
End Function
%>
<%
If (CStr(Request("MM_insert")) = "form2") Then
  If (Not MM_abortEdit) Then
    ' execute the insert
    Dim MM_editCmd

    Set MM_editCmd = Server.CreateObject ("ADODB.Command")
    MM_editCmd.ActiveConnection = MM_Forum_STRING
    MM_editCmd.CommandText = "INSERT INTO hcforum.comments (Comment, UID, CommentDate, TopicID) VALUES ('" & Request.Form("txtComment") & "', '" & Request.Form("txtUID") & "', NOW(), '" & Request.Form("txtTopicID") & "')" 
    MM_editCmd.Prepared = true
 
    MM_editCmd.Execute
    MM_editCmd.ActiveConnection.Close

    ' append the query string to the redirect URL
    Dim MM_editRedirectUrl
    MM_editRedirectUrl = "topic_view.asp"
    If (Request.QueryString <> "") Then
      If (InStr(1, MM_editRedirectUrl, "?", vbTextCompare) = 0) Then
        MM_editRedirectUrl = MM_editRedirectUrl & "?" & Request.QueryString
      Else
        MM_editRedirectUrl = MM_editRedirectUrl & "&" & Request.QueryString
      End If
    End If
    Response.Redirect(MM_editRedirectUrl)
  End If
End If
%>
<%
Dim Topic__MMColParam
Topic__MMColParam = "0"
If (Request.QueryString("ID") <> "") Then 
  Topic__MMColParam = Request.QueryString("ID")
End If
%>
<%
Dim Topic
Dim Topic_cmd
Dim Topic_numRows

Set Topic_cmd = Server.CreateObject ("ADODB.Command")
Topic_cmd.ActiveConnection = MM_Forum_STRING
Topic_cmd.CommandText = "UPDATE hcforum.topics SET ViewCount = ViewCount + 1 WHERE TopicID = " & Topic__MMColParam
Topic_cmd.Prepared = true
Topic_cmd.Execute

Topic_cmd.ActiveConnection = MM_Forum_STRING
Topic_cmd.CommandText = "SELECT a.*, b.FirstName, b.Surname, b.EmailAddress, c.AccessLevel FROM hcforum.topics a LEFT JOIN users b ON a.UID = b.UID LEFT JOIN accesslevels c ON b.AccessID = c.AccessID WHERE a.TopicID = ?" 
Topic_cmd.Prepared = true
Topic_cmd.Parameters.Append Topic_cmd.CreateParameter("param1", 5, 1, -1, Topic__MMColParam) ' adDouble

Set Topic = Topic_cmd.Execute
Topic_numRows = 0
%>
<%
Dim Comments__MMColParam
Comments__MMColParam = "1"
If (Request.QueryString("ID") <> "") Then 
  Comments__MMColParam = Request.QueryString("ID")
End If
%>
<%
Dim Comments
Dim Comments_cmd
Dim Comments_numRows

Set Comments_cmd = Server.CreateObject ("ADODB.Command")
Comments_cmd.ActiveConnection = MM_Forum_STRING
Comments_cmd.CommandText = "SELECT a.*, b.FirstName, b.Surname, b.EmailAddress, c.AccessLevel FROM hcforum.comments a  LEFT JOIN users b ON a.UID = b.UID LEFT JOIN accesslevels c ON b.AccessID = c.AccessID WHERE TopicID = ? ORDER BY CommentDate ASC" 
Comments_cmd.Prepared = true
Comments_cmd.Parameters.Append Comments_cmd.CreateParameter("param1", 5, 1, -1, Comments__MMColParam) ' adDouble

Set Comments = Comments_cmd.Execute
Comments_numRows = 0
%>
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString <> "" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request.QueryString)
MM_valUsername = CStr(Request.Form("txtUsername"))
If MM_valUsername <> "" Then
  Dim MM_fldUserAuthorization
  Dim MM_redirectLoginSuccess
  Dim MM_redirectLoginFailed
  Dim MM_loginSQL
  Dim MM_rsUser
  Dim MM_rsUser_cmd
  
  MM_fldUserAuthorization = "AccessID"
  MM_redirectLoginSuccess = "index.asp"
  MM_redirectLoginFailed = "index.asp?Error=InvUID"

  MM_loginSQL = "SELECT UID, Username, Password, FirstName, Surname, EmailAddress, ActivationKey"
  If MM_fldUserAuthorization <> "" Then MM_loginSQL = MM_loginSQL & "," & MM_fldUserAuthorization
  MM_loginSQL = MM_loginSQL & " FROM hcforum.users WHERE Username = ? AND Password = ?"
  Set MM_rsUser_cmd = Server.CreateObject ("ADODB.Command")
  MM_rsUser_cmd.ActiveConnection = MM_Forum_STRING
  MM_rsUser_cmd.CommandText = MM_loginSQL
  MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param1", 200, 1, 100, MM_valUsername) ' adVarChar
  MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param2", 200, 1, 100, Request.Form("txtPassword")) ' adVarChar
  MM_rsUser_cmd.Prepared = true
  Set MM_rsUser = MM_rsUser_cmd.Execute

  If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then 
    ' username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername
	Session("MM_FullName") = MM_rsUser.Fields.Item("FirstName").Value + " " + MM_rsUser.Fields.Item("Surname").Value
	Session("MM_EmailAdd") = MM_rsUser.Fields.Item("EmailAddress").Value
	Session("MM_UID") = MM_rsUser.Fields.Item("UID").Value

    If (MM_fldUserAuthorization <> "") AND (MM_rsUser.Fields.Item("ActivationKey").Value = "") Then
      Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
    Else
      Session("MM_UserAuthorization") = "#"
    End If
    if CStr(Request.QueryString("accessdenied")) <> "" And true Then
      MM_redirectLoginSuccess = Request.QueryString("accessdenied")
    End If
    MM_rsUser.Close
    Response.Redirect(MM_redirectLoginSuccess)
  End If
  MM_rsUser.Close
  Response.Redirect(MM_redirectLoginFailed)
End If
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>| The Glass Forum | Powered By Hayden Craft |</title>
<link href="styles/style.css" rel="stylesheet" type="text/css" />
</head>

<body>
<table width="800" height="334" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF" class="main_border">
  <tr>
    <td width="450" height="100" background="_images/header_bg.jpg"><img src="_images/header.jpg" alt="Hayden Craft" width="450" height="100" border="0" /></td>
    <td width="348" align="center" valign="middle" background="_images/header_bg.jpg"><%= Advert %></td>
  </tr>
  <tr>
    <td height="24" colspan="2" align="center" class="nav_bar"><a href="index.asp">| Forum Home |</a><a href="http://www.haydencraft.co.za">| Our Home Page |</a><a href="http://www.haydencraft.co.za/contacts.htm">| Contact Us |</a></td>
  </tr>
  <tr>
    <td height="179" colspan="2" valign="top"><table width="100%" height="289" border="0" class="main_border">
      <tr>
        <td height="15" align="left" valign="top" class="SidebarItems"><div align="center" class="Header">Welcome to The Glass Forum</div></td>
      </tr>
      <tr>
        <td height="24" align="center" valign="top">
		<% If Session("MM_Username") = "" Then %>
		<form id="form1" name="form1" method="POST" action="<%=MM_LoginAction%>">
            Username: 
            <input name="txtUsername" type="text" class="box_text" id="txtUsername" />
             Password:  
             <input name="txtPassword" type="password" class="box_text" id="txtPassword" />
             <br />
             <input name="Submit" type="submit" class="box_text" value="Login" />
              <br />
              [<a href="forgotpassword.asp">Forgot my password</a>]
        [<a href="register.asp">Register</a>] 
        </form>
You	are welcome to view this forum. If you wish to post a comment or start a new topic, you will be required to log in first.<br />
If you do not yet have a username and password, please <a href="register.asp">click here</a> to register. <%Else%>
You are logged in as <%= Session("MM_FullName") %>. [<a href="<%= MM_Logout %>">Logout</a>]
<%End If%></td>
        </tr>
      <tr>
        <td height="236" align="left" valign="top">
		<table width="100%" height="30" border="1" cellpadding="0" cellspacing="0" bordercolor="#FFFFFF" bgcolor="#FFFFFF" class="main_border">
          <tr>
            <td height="15" colspan="2"><div align="center" class="whats_hot">The Glass Forum </div></td>
            </tr>
		
          <tr>
            <td height="5" colspan="2" align="center" valign="middle" class="Category_Red">Viewing Topic [<%=(Topic.Fields.Item("TopicID").Value)%>] <%If (Session("MM_UID") = Topic.Fields.Item("UID").Value) Or (MM_IsAdmin) Then Response.Write("[<a href=""adminrequest.asp?Del=1&ID=" & Topic.Fields.Item("TopicID").Value & """>Request this topic to be deleted</a>]") %> </td>
            </tr>
         </table> 
         <table width="100%" height="181" border="1" cellpadding="0" cellspacing="0" bordercolor="#FFFFFF" bgcolor="#FFFFFF" class="main_border"> 
		  <tr>
            <td width="18%" rowspan="2" align="left" valign="top" bgcolor="#CCCCCC"><p><strong><%=(Topic.Fields.Item("FirstName").Value)%>&nbsp;<%=(Topic.Fields.Item("Surname").Value)%></strong><br />
              <%=(Topic.Fields.Item("AccessLevel").Value)%></p>
              <p>Posted:&nbsp;<%=FormatDateTime((Topic.Fields.Item("TopicDate").Value), 1)%>&nbsp;[<%=FormatDateTime((Topic.Fields.Item("TopicDate").Value), 4)%>]</p></td>
            <td width="82%" height="15" align="left" valign="top" bgcolor="#CCCCCC"><strong><%=(Topic.Fields.Item("TopicHeader").Value)%></strong></td>
		  </tr>
		  <tr>
		    <td height="67" align="left" valign="top" bgcolor="#CCCCCC"><%=Replace(Topic.Fields.Item("Topic").Value, vbCrLf, "<br />")%></td>
		  </tr>
		  <% 'Loop through all the comments here....
		  If (Session("MM_UserAuthorization") <> "#") AND (Session("MM_Username") <> "") Then
		  
		  Do While NOT Comments.EOF AND NOT Comments.BOF
		    If Comments.Fields.Item("CommentDate").Value = "" Or ISNULL(Comments.Fields.Item("CommentDate").Value) Then
			  CommentDate = "Unknown"
			Else
			  CommentDate = FormatDateTime(Comments.Fields.Item("CommentDate").Value, 1) & "&nbsp;[" & FormatDateTime(Comments.Fields.Item("CommentDate").Value, 4) & "]"
			End If
		  %>
		  <tr>
		    <td height="78" align="left" valign="top" bgcolor="#E0E0E0"><p><strong><%=(Comments.Fields.Item("FirstName").Value)%>&nbsp;<%=(Comments.Fields.Item("Surname").Value)%></strong><br />
		      <%=(Comments.Fields.Item("AccessLevel").Value)%></p>
		      <p>Posted:&nbsp;<%= CommentDate%></p></td>
		    <td align="left" valign="top" bgcolor="#E0E0E0"><%=Replace(Comments.Fields.Item("Comment").Value, vbCrLf, "<br />")%></td>
		  </tr>
		  <%
		  	Comments.MoveNext
		  Loop
		  Else
		  %>
		  <tr>
		    <td height="15" colspan="2" align="center" valign="top" bgcolor="#E0E0E0">Please login or activate your account to view the comments on this topic.</td>
		  </tr>
		  <% End If %>
        </table>
		<% If (MM_grantAccess) Then %>
		  <form id="form2" name="form2" method="POST" action="<%=MM_editAction%>">
		  <table width="382" height="140" border="0" align="center" cellpadding="0" cellspacing="0">
            <tr>
              <td width="48" height="107" valign="top">Comment</td>
              <td width="334"><textarea name="txtComment" cols="50" rows="10" class="box_text" id="txtComment"></textarea>
                <input name="txtUID" type="hidden" id="txtUID" value="<%= Session("MM_UID") %>" />
                <input name="txtDate" type="hidden" id="txtDate" value="<%= Date() & " " & Time() %>" />
                <input name="txtTopicID" type="hidden" id="txtTopicID" value="<%= Request.QueryString("ID") %>" /></td>
            </tr>
            <tr>
              <td><input name="Submit3" type="reset" class="box_text" value="Reset" /></td>
              <td><input name="Submit2" type="submit" class="box_text" value="Submit" /></td>
            </tr>
          </table>
		
          <input type="hidden" name="MM_insert" value="form2">
          </form><% End If %>		</td>
      </tr>
    </table></td>
  </tr>
  <tr>
    <td height="26" colspan="2" align="right" valign="top"><p class="footer">&copy;  2006 Hayden Craft<br />
      Proudly designed by Brendan Hayden </p></td>
  </tr>
</table>
</body>
</html>
<%
Topic.Close()
Set Topic = Nothing
%>
<%
Comments.Close()
Set Comments = Nothing
%>