<%@ Language=VBScript %>
<% Option Explicit
'=============================
' update.asp
'
' 記事の編集/削除
'=============================
Dim Sql, mess_id, sender, sender_addr, refurl, subject, body
Dim pwd, datestr, mode, Message

' Form提出データのデコード
mess_id = Request("mess_id")
sender = Escape(Request("sender"))
sender_addr = Escape(Request("sender_addr"))
refurl = Escape(Request("refurl"))
subject = Escape(Request("subject"))
body = Escape(Request("body"))
pwd = Request("pwd")
datestr = Year(Now) & "-" & Month(Now) & "-" & Day(Now) & _
" " & Hour(Now) & ":" & Minute(Now) & ":" & Second(Now)
mode = Request("mode")

' [送信]ボタン押下ならDB更新
If Request("act") = "送信" Then

' 編集/削除要求時、記事に設定したパスワードチェック
If CheckPwd(mess_id,pwd) = False Then
Response.Write "<BODY bgcolor=""#fff8dc"">"
Response.Write "<FONT size=3 color=""#ff1493""><STRONG>" & _
"パスワードが違います</STRONG></FONT>"
Response.Write "</BODY>"
Response.End
End If

' SQL文作成
If mode = "delete" Then ' 削除時、status列を0に更新
Sql = "UPDATE tbl_article SET " & _
"status = 0 " & _
"WHERE mess_id = " & mess_id
Else
Sql = "UPDATE tbl_article SET " & _
"sender = '" & sender & "', " & _
"sender_addr = '" & sender_addr & "', " & _
"url = '" & refurl & "', " & _
"subject = '" & subject & "', " & _
"body = '" & body & "', " & _
"update_date = '" & datestr & "'" & _
"WHERE mess_id = " & mess_id
End If

If sender = "" or subject = "" or body = "" Then
Message = "投稿者名またはタイトル、本文が空です"
Else
On Error Resume Next
Err.Clear
objDBCon.Execute Sql
If Err.number <> 0 Then
Message = "エラーが起きました<BR>" & Err.description
Else
Message = "更新しました"
End If
End if
' [送信]ボタン押下以外は、編集対象記事を取得
Else
If mess_id <> "" Then
GetArticle mess_id, sender, sender_addr, _
refurl, subject, body
End If
End If

' 以下サブルーチン
'-------------------------------------------
' id で指定される記事を取得、各引数に値をセット
'-------------------------------------------
Sub GetArticle _
(ByVal id, sendr, sendr_addr, re_url, subj, bod)
Dim Query, Recset
Query = "SELECT sender, sender_addr, url, subject, body " & _
"FROM tbl_article " & _
"WHERE mess_id = " & id
Set Recset = objDBCon.Execute(Query)
sendr = Recset("sender")
sendr_addr = Recset("sender_addr")
re_url = Recset("url")
subj = Recset("subject")
bod = Recset("body")
Recset.Close
Set Recset = Nothing
End Sub

'---------------------------------------
' id で指定される記事に設定されたパスワード
' が、pw と一致しているかどうかをチェック。
' 戻り値 >> 一致: True, 不一致: False
'---------------------------------------
Function CheckPwd(id,pw)
Dim Query, Recset

CheckPwd = False
If pw = "" Then Exit Function

Query = "SELECT pwd FROM tbl_article " & _
"WHERE mess_id = " & id
Set Recset = objDBCon.Execute(Query)
If Recset(0) = pw Then
CheckPwd = True
Else
CheckPwd = False
End If
Recset.Close
Set Recset = Nothing
End Function

%>

<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=x-sjis">
<META NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
</HEAD>
<BODY bgcolor="#fff8dc">

<FONT size=4 color=#333333><STRONG>記事の編集・削除</STRONG></FONT>

<HR noshade color="#ff1493" width=140 size=5 align="left">
<FONT size=2 color="#333333">
<A href="list.asp">記事の一覧</A>
</FONT>
<HR noshade color="#333333" size=2 align="left">
<BR>
<FONT size=3 color="#ff1493"><STRONG><%=Message%></STRONG></FONT>

<FORM method=post action="update.asp" id=form1 name=form1>
<INPUT type="hidden" name="mess_id" value="<%=mess_id%>">
<TABLE>
<TR>
<TH align="left"><FONT size=3 color="#1e90ff">投稿者名</FONT>
　<TD><INPUT name="sender" value="<%=sender%>" size=50></TD>
</TR>
<TR>
<TH align="left"><FONT size=3 color="#1e90ff">E-Mail</FONT>
　<TD><INPUT name="sender_addr" value="<%=sender_addr%>" size=50></TD>
</TR>
<TR>
<TH align="left"><FONT size=3 color="#1e90ff">URL</FONT>
　<TD><INPUT name="refurl" value="<%=refurl%>" size=50></TD>
</TR>
<TR>
<TH align="left"><FONT size=3 color="#1e90ff">タイトル</FONT>
　<TD><INPUT name="subject" value="<%=subject%>" size=50></TD>
</TR>
<TR>
<TH align="left"><FONT size=3 color="#1e90ff">本文</FONT>
　<TD><TEXTAREA cols=50 rows=10 name=body>
<%=body%>
</TEXTAREA>
</TR>
<TR>
<TH align="left"><FONT size=3 color="#1e90ff">編集用パスワード</FONT>
　<TD><INPUT type="password" name="pwd" value="<%=pwd%>" size=50></TD>
</TR>
<TR>
<TH align="left"><FONT size=3 color="#1e90ff">この記事を削除</FONT>
<TD><INPUT type="checkbox" value="delete" name="mode">
</TR>
<TR>
<TH colspan=2><INPUT type="submit" name="act" value="送信">
<INPUT type="reset" value="リセット">
</TR>
</TABLE>
</FORM>
</BODY>
</HTML>