Discusion Board

<%@ page import="java.sql.*" %> <%@ page import="convertutil.*" %> <%@ page import="java.sql.Timestamp"%> <%@ page import="java.text.SimpleDateFormat"%> <%@ page import="java.text.DateFormat"%> <%@ include file="config.inc.jsp"%> <% Connection connection = null; Statement statement = null; Statement statement2 = null; ResultSet rs = null; ResultSet rs2 = null; ResultSet rsAdmin = null; boolean adminResult = false; %> Discusion Board <%@ include file="style.jsp"%>

<%@ include file="header.jsp"%> "); out.println(""); out.println(""); } rs.close(); %>

<% try { Class.forName("com.mysql.jdbc.Driver").newInstance(); connection = DriverManager.getConnection(connectionURL, user, pass); statement = connection.createStatement(); statement2 = connection.createStatement(); java.util.Date today = new java.util.Date(); String currenttime = String.valueOf(today.getTime()); String lid = ""; String topicno = request.getParameter("topic"); String action= ""; DateFormat df = null; Date datetime = null; //=========================== // page no //=========================== int num=0; int eu=0,limit=0,current=0,back=0,next=0; int start=0; int l,i; rs = statement.executeQuery("SELECT count(*) FROM posts WHERE tid="+ topicno); if (rs.next() == true) { num = rs.getInt("count(*)"); } if (request.getParameter("start") != null) { start = Integer.parseInt(request.getParameter("start")); } eu = (start - 0); limit = 10; // No of records to be shown per page. current = eu + limit; back = eu - limit; next = eu + limit; if (next > num) { next = num; } //=========================== // Param Action //=========================== %> <%@ include file="member.jsp"%> <%@ include file="adminfunc.jsp"%> <% if (request.getParameter("action") != null) { action = request.getParameter("action"); rs = statement.executeQuery("SELECT lid,l_email FROM loginuser WHERE l_username='" + currentUser + "'"); if (rs.next()) { String lemail = rs.getString("l_email"); lid = rs.getString("lid"); if (action.equals("Reply")) { ConvertText conText= new ConvertText(); String subject = request.getParameter("topicno"); String message = request.getParameter("message"); df = new SimpleDateFormat("yyyy-MM-dd HH:mm"); String lastposter = df.format(today) + " by " + currentUser; statement.executeUpdate("UPDATE topic SET lastposter='" + lastposter +"' WHERE tid='"+ topicno + "'"); message = conText.ereg_replace("\\\\","\\\\\\\\",message); message = conText.ereg_replace("\\'","\\\\'",message); String insertSQL = "INSERT INTO posts VALUES(null,'" + subject + "','" + message + "','" + topicno + "','" + lid + "','" + currenttime + "')"; statement.execute(insertSQL); //add stars statement.executeUpdate("UPDATE loginuser SET stars=stars+1 WHERE lid="+ lid); statement.executeUpdate("UPDATE topic SET replies=replies+1 WHERE tid="+ topicno); rs = statement.executeQuery("SELECT l.*,t.*,p.* FROM loginuser l, topic t, posts p WHERE t.tid=" + topicno + " AND t.lid=l.lid"); String topictext = ""; if (rs.next() == true) { topictext = rs.getString("t.topic"); } //sendmail String mailposter = currentUser; String mailposteremail = lemail; String maildate = df.format(today); String mailstatus = "Post by "; String mailtopic = topictext; String mailmsg = message; %> <%@ include file="sendmail.jsp"%> <% response.sendRedirect("post.jsp?topic=" + topicno); } else if (action.equals("delete")) { String postno = request.getParameter("post"); rs = statement2.executeQuery("SELECT admin FROM loginuser WHERE l_username='" + currentUser + "'"); if (rs.next()) { if (rs.getInt("admin") == 1) { //remove star if post delete //statement.executeUpdate("UPDATE loginuser SET stars=-1 WHERE lid="+ lid); statement.executeUpdate("UPDATE loginuser SET stars=stars-1 WHERE lid=(SELECT DISTINCT lid FROM posts WHERE pid='"+ postno+"')"); statement.executeUpdate("UPDATE topic SET replies=replies-1 WHERE tid=" + topicno); String deleteSQL = "DELETE FROM posts WHERE pid ='" + postno + "'"; statement.execute(deleteSQL); String countpost = "SELECT count(*) FROM posts WHERE tid='" + topicno + "'"; rs = statement.executeQuery(countpost); if (rs.next()) { if (rs.getInt("count(*)") == 0) { deleteSQL = "DELETE FROM topic WHERE tid ='" + topicno + "'"; statement.execute(deleteSQL); response.sendRedirect("forum.jsp"); } else { response.sendRedirect("post.jsp?topic=" + topicno); } }//rs.next out.println("Deleted!"); } else { out.println("Only admin can delete post!"); } }//got user }//action else { response.sendRedirect("error_page.jsp"); } } else { response.sendRedirect("error_loginfirst.jsp"); }//lid true }//action not null statement.executeUpdate("UPDATE topic SET views=views+1 WHERE tid=" + topicno); rsAdmin = statement.executeQuery("Select l.*,u.* from loginuser l,usergroup u WHERE l.admin=u.aid AND l.l_username='" + currentUser + "'"); if(rsAdmin.next()) { if(rsAdmin.getString("u.aid").equals("1")) adminResult = true; else adminResult = false; } rs = statement.executeQuery("SELECT l.*,t.*,p.* FROM loginuser l, topic t, posts p WHERE t.tid=" + topicno + " AND t.lid=l.lid"); String topictext = ""; if (rs.next() == true) { topictext = rs.getString("t.topic"); } rs = statement.executeQuery("SELECT l.*,p.* FROM loginuser l,posts p WHERE p.tid=" + topicno + " AND p.lid = l.lid ORDER BY p.pid LIMIT " + start + "," + next); %> <% String messagetext=""; String style="odd1"; int count=1+start; while (rs.next()) { if (count % 2 ==0) { style ="even1"; } else { style ="odd1"; } df = new SimpleDateFormat("yyyy-MM-dd HH:mm"); datetime = new Date(Long.parseLong(rs.getString("p.date"))); out.println(""); out.println(""); messagetext = rs.getString("p.message"); ConvertText2 conText2= new ConvertText2(); String quotename = conText2.getValue("\\[quote=\\w*\\]", messagetext); if (quotename.equals("false")) { messagetext = messagetext.replaceAll("\\[quote\\]","

Topic: <% out.println(topictext); %>

.:HOME:.

"+ df.format(datetime) +"

#"+ count++ +"

"+rs.getString("l.l_name")); %> <%@ include file="stars.jsp"%> <% if (rs.getString("l.photo").length() != 0) { out.println("

"); } out.println("

Posts : " + rs.getString("l.stars")); df = new SimpleDateFormat("yyyy-MM-dd"); datetime = new Date(Long.parseLong(rs.getString("l.date_reg"))); out.println("
Reg Date : " + df.format(datetime) + "

"); messagetext = messagetext.replaceAll("\\[/quote\\]","

"); } else { quotename = quotename.replaceAll("\\[quote=",""); quotename = quotename.replaceAll("\\]",""); messagetext = messagetext.replaceAll("\\[quote=\\w*\\]","

Original Posted by "+quotename+"
"); messagetext = messagetext.replaceAll("\\[/quote\\]","

"); } messagetext = messagetext.replaceAll("\n","
"); out.println("

"+messagetext+"

"); if(adminResult) { out.println(" $\"edit\"$ "); out.println(" $\"delete\"$ "); out.println(" $\"quote\"$ "); } else { if(rs.getString("l.l_username").equals(currentUser)) { out.println(" $\"edit\"$ "); out.println(" $\"quote\"$ "); } else { out.println(" $\"quote\"$ "); out.print(" "); } } out.println("

<% if (num>10) { %> <%@ include file="pagenopost.jsp"%> <% } %>

<% if (currentUser.length() != 0) { %> <% }//user haven't login %>

<%@ include file="footer.jsp"%>

<% } catch (SQLException ex) { // handle any errors System.out.println("SQLException: " + ex.getMessage()); System.out.println("SQLState: " + ex.getSQLState()); System.out.println("VendorError: " + ex.getErrorCode()); } %>