R i c k ' s C a f �

<% dim v_nom dim v_email dim v_comment dim Act dim Pos dim pos_rst dim DtDeb dim DtFin dim con dim rst dim rst1 dim rst2 dim ligne dim det const adOpenStatic = 3 const adLockReadOnly = 1 const adCmdText = 1 '########## connection string with odbc alias 'set con = Server.CreateObject("ADODB.Connection") 'con.Open ("RCAFE") '##########################" connection full path ################################################# Set con = Server.CreateObject("ADODB.Connection") con.ConnectionTimeout = 15 con.CommandTimeout = 30 path = "DBQ=" & server.MapPath("DB.mdb") con.Open "DRIVER={Microsoft Access Driver (*.mdb)};" & path '##################################################################################################### v_nom = REQUEST.FORM("t_nom") v_email = REQUEST.FORM("t_email") v_comment = REQUEST.FORM("t_comment") '############################## F I L T E R ####################################### dim occ dim v_filter_1 dim v_filter_2 v_filter_1 ="PASS" v_filter_2 ="PASS" '---------------------------------FILTER NAME-------------------------------------- occ = occ + InStr(1,v_nom,"url",1) occ = occ + InStr(1,v_nom,"/url",1) occ = occ + InStr(1,v_nom,"http://",1) occ = occ + InStr(1,v_nom,".html",1) occ = occ + InStr(1,v_nom,".htm",1) occ = occ + InStr(1,v_nom,".asp",1) occ = occ + InStr(1,v_nom,".aspx",1) occ = occ + InStr(1,v_nom,".php",1) occ = occ + InStr(1,v_nom,"href",1) '---------------------------------FILTER EMAIL------------------------------------- occ = occ + InStr(1,v_email,"url",1) occ = occ + InStr(1,v_email,"/url",1) occ = occ + InStr(1,v_email,"http://",1) occ = occ + InStr(1,v_email,".html",1) occ = occ + InStr(1,v_email,".htm",1) occ = occ + InStr(1,v_email,".asp",1) occ = occ + InStr(1,v_email,".aspx",1) occ = occ + InStr(1,v_email,".php",1) occ = occ + InStr(1,v_email,"href",1) '---------------------------------FILTER COMMENT----------------------------------- occ = occ + InStr(1,v_comment,"url",1) occ = occ + InStr(1,v_comment,"/url",1) occ = occ + InStr(1,v_comment,"http://",1) occ = occ + InStr(1,v_comment,".html",1) occ = occ + InStr(1,v_comment,".htm",1) occ = occ + InStr(1,v_comment,".asp",1) occ = occ + InStr(1,v_comment,".aspx",1) occ = occ + InStr(1,v_comment,".php",1) occ = occ + InStr(1,v_comment,"href",1) occ = occ + InStr(1,v_comment,"artsmediamag.com",1) '---------------------------------------------------------------------------------- 'IF occ <>0 THEN v_comment ="" IF occ <>0 THEN v_filter_1 ="NOPASS" '---------------------------------FILTER SCRAMBLED/FLOOD COMMENT----------------------------------- occ =0 occ = occ + InStr(1,v_comment," the ",1) occ = occ + InStr(1,v_comment," of ",1) occ = occ + InStr(1,v_comment," and ",1) occ = occ + InStr(1,v_comment," a ",1) occ = occ + InStr(1,v_comment," to ",1) occ = occ + InStr(1,v_comment," in ",1) occ = occ + InStr(1,v_comment," is ",1) occ = occ + InStr(1,v_comment," you ",1) occ = occ + InStr(1,v_comment," that ",1) occ = occ + InStr(1,v_comment," it ",1) occ = occ + InStr(1,v_comment," he ",1) occ = occ + InStr(1,v_comment," was ",1) occ = occ + InStr(1,v_comment," for ",1) occ = occ + InStr(1,v_comment," on ",1) occ = occ + InStr(1,v_comment," are ",1) occ = occ + InStr(1,v_comment," as ",1) occ = occ + InStr(1,v_comment," with ",1) occ = occ + InStr(1,v_comment," his ",1) occ = occ + InStr(1,v_comment," they ",1) occ = occ + InStr(1,v_comment," i ",1) occ = occ + InStr(1,v_comment," at ",1) occ = occ + InStr(1,v_comment," be ",1) occ = occ + InStr(1,v_comment," this ",1) occ = occ + InStr(1,v_comment," have ",1) occ = occ + InStr(1,v_comment," from ",1) occ = occ + InStr(1,v_comment," or ",1) occ = occ + InStr(1,v_comment," had ",1) occ = occ + InStr(1,v_comment," but ",1) occ = occ + InStr(1,v_comment," not ",1) occ = occ + InStr(1,v_comment," what ",1) occ = occ + InStr(1,v_comment," all ",1) occ = occ + InStr(1,v_comment," where ",1) occ = occ + InStr(1,v_comment," we ",1) occ = occ + InStr(1,v_comment," when ",1) occ = occ + InStr(1,v_comment," on ",1) IF occ=0 THEN v_filter_2 ="NOPASS" '---------------------------------------------------------------------------------- 'IF v_filter_2 = "NOPASS" and v_comment <>"" THEN response.redirect "http://www.securityfocus.com/brief/252" IF v_filter_1 = "NOPASS" THEN v_comment="" '#################################### E N D O F F I L T E R ####################" if v_nom <>"" and v_email <>"" and v_comment <>"" then v_nom = replace(v_nom, "'", "�") v_email = replace(v_email, "'", "�") v_comment = replace(v_comment, "'", "�") con.execute "INSERT INTO commentaire (nom, email, comment, date_cmt) values ( ' " & v_nom & "' , '" & v_email & "', ' " & v_comment & "', #" & date & "#) " end if strSQL="SELECT * FROM commentaire order by code_cmt" set rst = Server.CreateObject("ADODB.Recordset") %>

Of all the gin joints in all the towns in all the world, we'd like you to write in to ours...

Home | About us | Photo Gallery | Press |Contact

Posted messages :

<% rst.Open strSQL, con, adOpenStatic, adLockReadOnly, adCmdText cpt=rst.recordcount cpt_do=0 dim num_page num_page = request.querystring("g") if num_page="" then num_page = 1 do while not rst.eof ' ((num_page*3)-3) if cpt_do >= cint(num_page)-1and cpt_do <= cint(num_page)+1 then %> <% end if cpt_do=cpt_do+1 rst.movenext loop %>

<%=Replace(rst("nom"),"�", "'")%>	<%=rst("date_cmt")%>	<%=Replace(rst("email"),"�", "'")%>
<%=Replace(rst("comment"),"�", "'")%>

<%if num_page<>1 then%>

First page <%end if%> <%num=0 for i=1 to cpt step 3 num=num+1%> -<%=num%> <% next%> >> <%hh=cint(cpt / 3)+1%> <%if num_page\3+1<>hh then%> Last page <%end if%>

Post a message:
Your message :
Your Name :			( Empty fields won't be posted )
Your Email address:

� Copyright 2004 The Usual Suspects S.A. info@rickscafe.ma
248, Bd Sour Jdid. Place du jardin public. Ancienne médina. Casablanca. Morocco.Tél: +212 (0) 22 27 42 07 / 08 Fax: +212 (0) 22 48 78 84

<% rst.close set rst=nothing%>