Room for a View

<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%> <% Dim rs_news__MMColParam rs_news__MMColParam = "yes" If (Request("MM_EmptyValue") <> "") Then rs_news__MMColParam = Request("MM_EmptyValue") End If %> <% Dim rs_news Dim rs_news_numRows Set rs_news = Server.CreateObject("ADODB.Recordset") rs_news.ActiveConnection = MM_conn_roomview_STRING rs_news.Source = "SELECT * FROM NewsArticles WHERE newsHomepage = '" + Replace(rs_news__MMColParam, "'", "''") + "' ORDER BY newsDate ASC" rs_news.CursorType = 0 rs_news.CursorLocation = 2 rs_news.LockType = 1 rs_news.Open() rs_news_numRows = 0 %> <% Dim MM_paramName %> <% ' *** Validate request to log in to this site. MM_LoginAction = Request.ServerVariables("URL") If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Request.QueryString MM_valUsername=CStr(Request.Form("Username")) If MM_valUsername <> "" Then MM_fldUserAuthorization="userSecurity" MM_redirectLoginSuccess="trade/default.asp" MM_redirectLoginFailed="../trade/loginfail.asp" MM_flag="ADODB.Recordset" set MM_rsUser = Server.CreateObject(MM_flag) MM_rsUser.ActiveConnection = MM_conn_roomview_STRING MM_rsUser.Source = "SELECT userUsername, userPassword" If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization MM_rsUser.Source = MM_rsUser.Source & " FROM TradeUsers WHERE userUsername='" & Replace(MM_valUsername,"'","''") &"' AND userPassword='" & Replace(Request.Form("Password"),"'","''") & "'" MM_rsUser.CursorType = 0 MM_rsUser.CursorLocation = 2 MM_rsUser.LockType = 3 MM_rsUser.Open If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then ' username and password match - this is a valid user Session("MM_Username") = MM_valUsername If (MM_fldUserAuthorization <> "") Then Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value) Else Session("MM_UserAuthorization") = "" End If if CStr(Request.QueryString("accessdenied")) <> "" And false Then MM_redirectLoginSuccess = Request.QueryString("accessdenied") End If MM_rsUser.Close Response.Redirect(MM_redirectLoginSuccess) End If MM_rsUser.Close Response.Redirect(MM_redirectLoginFailed) End If %> <% ' *** Go To Record and Move To Record: create strings for maintaining URL and Form parameters Dim MM_keepNone Dim MM_keepURL Dim MM_keepForm Dim MM_keepBoth Dim MM_removeList Dim MM_item Dim MM_nextItem ' create the list of parameters which should not be maintained MM_removeList = "&index=" If (MM_paramName <> "") Then MM_removeList = MM_removeList & "&" & MM_paramName & "=" End If MM_keepURL="" MM_keepForm="" MM_keepBoth="" MM_keepNone="" ' add the URL parameters to the MM_keepURL string For Each MM_item In Request.QueryString MM_nextItem = "&" & MM_item & "=" If (InStr(1,MM_removeList,MM_nextItem,1) = 0) Then MM_keepURL = MM_keepURL & MM_nextItem & Server.URLencode(Request.QueryString(MM_item)) End If Next ' add the Form variables to the MM_keepForm string For Each MM_item In Request.Form MM_nextItem = "&" & MM_item & "=" If (InStr(1,MM_removeList,MM_nextItem,1) = 0) Then MM_keepForm = MM_keepForm & MM_nextItem & Server.URLencode(Request.Form(MM_item)) End If Next ' create the Form + URL string and remove the intial '&' from each of the strings MM_keepBoth = MM_keepURL & MM_keepForm If (MM_keepBoth <> "") Then MM_keepBoth = Right(MM_keepBoth, Len(MM_keepBoth) - 1) End If If (MM_keepURL <> "") Then MM_keepURL = Right(MM_keepURL, Len(MM_keepURL) - 1) End If If (MM_keepForm <> "") Then MM_keepForm = Right(MM_keepForm, Len(MM_keepForm) - 1) End If ' a utility function used for adding additional parameters to these strings Function MM_joinChar(firstItem) If (firstItem <> "") Then MM_joinChar = "&" Else MM_joinChar = "" End If End Function %> Room for a View