using System; using System.Data; using System.Configuration; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Web.UI.HtmlControls; using System.Collections; public partial class _Default : System.Web.UI.Page { string uid = "-2"; string curID = "-2"; string error = ""; string oldComment = ""; string fullPath = ""; string fileLoc = ""; /** * This is called when the page request is made. * This will replace contentRating, vote, and displayComment * tags if they exist. */ protected void Page_Init(object sender, EventArgs e) { if (FindControl("config") != null) { fileLoc = ((Label)FindControl("config")).Text; ((Label)FindControl("config")).Text = ""; } fullPath = Request.ServerVariables.Get("PATH_TRANSLATED"); fullPath = fullPath.Substring(0, fullPath.LastIndexOf("\\") + 1); //load the config. file Hashtable hash; hash = tools.parser.hashXML(fullPath + fileLoc); string dataPath = fullPath + fileLoc; dataPath = dataPath.Replace("/", "\\"); dataPath = dataPath.Substring(0, dataPath.LastIndexOf("\\") + 1); dataPath += tools.parser.getVariable("//", hash, false); if (Request.RequestType == "POST") { string curID = Request.Form["curID"]; string vote = Request.Form["vote[]"]; string uid = Request.Form["uid"]; string action = Request.Form["action"]; string comment = Request.Form["comment"]; if (vote != null) { string[] voteParts = vote.Split(','); int voteNum = -1; for (int i = 0; i < voteParts.Length; i++) { try { if (Convert.ToInt32(voteParts[i]) > 0 && Convert.ToInt32(voteParts[i]) < 11) { voteNum = Convert.ToInt32(voteParts[i]); } } catch { } } if (voteNum != -1 && curID != null) { addVote(voteNum, Request.UserHostAddress, curID, dataPath); } } if (action == "delete" && uid != null) { deleteComment(uid, dataPath); } if (comment != null && uid != null) { if (comment.Trim().Length > 0) { error = postComment(comment, uid, curID, dataPath); if (error != "") { this.uid = uid; this.curID = curID; this.oldComment = comment; } } } } else if (Request.RequestType == "GET") { if (Request.QueryString["uid"] != null) { this.uid = Request.QueryString["uid"]; if (Request.QueryString["curID"] != null) { this.curID = Request.QueryString["curID"]; } } } if (FindControl("contentRating") != null) { ((Label)FindControl("contentRating")).Text = displayRating(dataPath, ((Label)FindControl("contentRating")).Text); } if (FindControl("vote") != null) { ((Label)FindControl("vote")).Text = displayVoteForm(dataPath, ((Label)FindControl("vote")).Text, Request.UserHostAddress); } if (FindControl("displayComments") != null) { ((Label)FindControl("displayComments")).Text = displayCommments(((Label)FindControl("displayComments")).Text, dataPath, Request.UserHostAddress); } } /** * Adds the comment to the data file if it is a valid comment * @comment the comment to be added * @uid the unique id of the comment being commented on * @curID the current ID of the page beign commented on * @data the location of the data file where comments are stored * @return any errors if applicable */ public string postComment(string comment, string uid, string curID, string data) { //first, validate the comment--it must be standard XHTML, and //cannot have any of our tags in it(comment, uid, etc.) string comments = "" + comment + ""; comment = comment.Replace(" ", " "); comment = comment.Replace("\r\n", "
"); System.IO.StringReader stream = new System.IO.StringReader(comments); try { System.Xml.XmlReader reader = System.Xml.XmlReader.Create(stream); while (reader.Read()) { ; } } catch { return "not valid xhtml"; } if (comment.Contains("")) { return "comments are not allowed to contain \"<comment>\" tags"; } else if (comment.Contains("")) { return "comments are not allowed to contain \"<uid>\" tags"; } else if (comment.Contains("]]>")) { return "comments are not allowed to contain CDATA tags"; } else if (comment.Contains("name=\"curLoc\"")) { return "comments are not allowed to contain <a name=\"curLoc\"/> tags"; } //no we're commenting on something that already exists--find it //and append the comment if (Convert.ToInt32(uid) >= 0) { System.IO.StreamReader stream2 = new System.IO.StreamReader(data); string result = stream2.ReadToEnd(); stream2.Close(); int oldID = Convert.ToInt32(tools.parser.subParse(result, "curID=\"", "\"")); result = result.Replace("", ""); string needle = "" + uid + ""; string part1 = result.Substring(0, result.IndexOf(needle) + needle.Length) + "\r\n"; string part2 = result.Substring(part1.Length); int count = 0; while (true) { if (part2.IndexOf("") > 0 && part2.IndexOf("") < part2.IndexOf("") && (part2.IndexOf("") < part2.IndexOf("") && part2.IndexOf("") > 0)) { part1 += part2.Substring(0, part2.IndexOf("") + 11); part2 = result.Substring(part1.Length); count++; } else { if (count == 0) { break; } part1 += part2.Substring(0, part2.IndexOf("") + 12); part2 = result.Substring(part1.Length); count--; } } string tabs = "\t"; while (part2.StartsWith("\t")) { tabs += "\t"; part2 = part2.Substring(1); } part2 = tabs.Substring(1) + part2; string addPart = tabs + "\r\n"; addPart += tabs + "\t\r\n"; addPart += tabs + "\t" + --oldID + "\r\n"; addPart += tabs + "\r\n"; string finalResult = part1 + addPart + part2; System.IO.StreamWriter writer = new System.IO.StreamWriter(data); writer.Write(finalResult); writer.Flush(); writer.Close(); } else if (Convert.ToInt32(uid) == -2) { System.IO.StreamReader stream2 = new System.IO.StreamReader(data); string result = stream2.ReadToEnd(); stream2.Close(); int oldID = Convert.ToInt32(tools.parser.subParse(result, "curID=\"", "\"")); int newID = oldID + 2; result = result.Replace("", ""); string subsection = result.Substring(result.IndexOf("")); string newSection = subsection.Replace("-2", "" + oldID + ""); string commentData = "\t\r\n"; commentData += "\t\t\t\r\n"; commentData += "\t\t\t" + ++oldID + "\r\n"; commentData += "\t\t\r\n\t"; newSection += commentData; result = result.Replace(subsection, newSection); System.IO.StreamWriter writer = new System.IO.StreamWriter(data); writer.Write(result); writer.Flush(); writer.Close(); } else if (Convert.ToInt32(uid) == -1) { System.IO.StreamReader stream2 = new System.IO.StreamReader(data); string result = stream2.ReadToEnd(); stream2.Close(); int oldID = Convert.ToInt32(tools.parser.subParse(result, "curID=\"", "\"")); int newID = oldID + 2; result = result.Replace("", ""); string commentData = "\t\r\n"; commentData += "\t\t" + oldID + "\r\n"; commentData += "\t\t\r\n"; commentData += "\t\t\t\r\n"; commentData += "\t\t\t" + ++oldID + "\r\n"; commentData += "\t\t\r\n"; commentData += "\t\r\n"; commentData += ""; result = result.Replace("", commentData); System.IO.StreamWriter writer = new System.IO.StreamWriter(data); writer.Write(result); writer.Flush(); writer.Close(); } return ""; } /** * Deletes the comment with the given unique ID * @uid the unique ID of the comment to be deleted * @data the location of the XML data file */ public void deleteComment(string uid, string data) { System.IO.StreamReader stream = new System.IO.StreamReader(data); string result = stream.ReadToEnd(); string needle = "" + uid + ""; string part1 = result.Substring(0, result.IndexOf(needle)); string trim = part1; while (trim.IndexOf("") >= 0) { trim = trim.Substring(trim.IndexOf("") + 1); } trim = "<" + trim + ""; part1 += ""; part1 = part1.Substring(0, part1.IndexOf(trim)); string part2 = result.Substring(part1.Length); int depth = 0; while (true) { if ((part2.IndexOf("") < part2.IndexOf("")) && part2.IndexOf("") >= 0) { depth++; part2 = part2.Substring(part2.IndexOf("") + 9); } else { depth--; part2 = part2.Substring(part2.IndexOf("") + 10); if (depth == 0) { break; } } } stream.Close(); System.IO.StreamWriter writer = new System.IO.StreamWriter(data); writer.Write(part1 + part2); writer.Flush(); writer.Close(); } /** * displays the comments for the current page * @param curID = the page ID of the current page * @param data the data storage file * @param ip the ip address of the current user */ public string displayCommments(string curID, string data, string ip) { Hashtable hash; hash = tools.parser.hashXML(fullPath + fileLoc); string pageLayout = tools.parser.getVariable("//", hash, false); string commentLayout = tools.parser.getVariable("//", hash, false); string addButton = tools.parser.getVariable("//", hash, false); string deleteButton = tools.parser.getVariable("//", hash, false); hash = tools.parser.hashXML(data); string pageXML = tools.parser.getVariable("", "")); } catch { } if ((!this.curID.Equals(this.uid)) && ("" + uid).Equals(this.uid)) { string form = this.error + "
"; form += "
"; form += ""; form += ""; form += ""; form += addButton.Replace("", "").Replace("
", ""); form += ""; pageLayout = pageLayout.Replace("#add", form); } else { string firstButton = "
"; firstButton += ""; firstButton += ""; firstButton += addButton.Replace("", "").Replace("
", ""); firstButton += ""; pageLayout = pageLayout.Replace("#add", firstButton); } pageLayout = pageLayout.Replace("#displayRating", displayRating(data, curID)); pageLayout = pageLayout.Replace("#voteRating", displayVoteForm(data, curID, ip)); if (pageXML.IndexOf("") < 0) { pageLayout = pageLayout.Replace("#comments", ""); return pageLayout; } pageXML = tools.parser.getVariable("") >= 0) { string oldNeedle = pageXML.Substring(0, pageXML.IndexOf("") + 10); while (oldNeedle.IndexOf("") >= 0) { oldNeedle = oldNeedle.Substring(oldNeedle.IndexOf("") + 1); } oldNeedle = "<" + oldNeedle; int curUID = Convert.ToInt32(tools.parser.subParse(oldNeedle, "", "")); string stringID = "" + curUID; string shinyNeedle; if ((!this.curID.Equals(this.uid)) && stringID.Equals(this.uid)) { string form = this.error + "
"; form += "
"; form += ""; form += ""; form += ""; form += addButton.Replace("", "").Replace("
", ""); form += ""; shinyNeedle = "" + commentLayout.Replace("#add", form) + ""; } else { string curAdd = "
"; curAdd += ""; curAdd += addButton.Replace("", "").Replace("
", ""); curAdd += ""; shinyNeedle = "" + commentLayout.Replace("#add", curAdd) + ""; } string curDel = "
"; curDel += ""; curDel += ""; curDel += deleteButton.Replace("", "").Replace("
", ""); curDel += ""; shinyNeedle = shinyNeedle.Replace("#delete", curDel); string subComments = "ERROR"; if (oldNeedle.IndexOf("") > 0) { subComments = oldNeedle.Substring(oldNeedle.IndexOf("")); string temp = subComments; while (temp.IndexOf("") > 0) { temp = temp.Substring(temp.IndexOf("") + 15); } temp += "#END"; subComments += "#END"; subComments = subComments.Substring(0, subComments.IndexOf(temp)); } if (subComments == "ERROR") { subComments = ""; } string mainComment = tools.parser.subParse(oldNeedle, "", ""); shinyNeedle = shinyNeedle.Replace("#comments", subComments); shinyNeedle = shinyNeedle.Replace("#comment", mainComment); pageXML = pageXML.Replace(oldNeedle, shinyNeedle); } pageXML = pageXML.Replace("", ""); pageXML = pageXML.Replace("", ""); pageLayout = pageLayout.Replace("#comments", pageXML); return pageLayout; } /** * Adds the given vote to the page, and adds the ip and a current * timestamp into the log file to avoid abuse * @param voteNum the vote number * @param ip the ip address of the current user * @param curID the id of the page * @param dataPath the xml file where the data is stored */ public void addVote(int voteNum, string ip, string curID, string dataPath) { System.IO.StreamReader stream = new System.IO.StreamReader(dataPath); string result = stream.ReadToEnd(); string needle = tools.parser.subParse(result, ""); if (needle != "ERROR") { string shinyNeedle = needle.Replace("", "\r\n\t\t"); int oldTotal = Convert.ToInt32(tools.parser.subParse(shinyNeedle, "total=\"", "\"")); int oldVotes = Convert.ToInt32(tools.parser.subParse(shinyNeedle, "votes=\"", "\"")); shinyNeedle = shinyNeedle.Replace("total=\"" + oldTotal + "\" votes=\"" + oldVotes + "\"", "total=\"" + (oldTotal + voteNum) + "\" votes=\"" + ++oldVotes + "\""); result = result.Replace(needle, shinyNeedle); } else { needle = ""; string shinyNeedle = "\t\r\n"; shinyNeedle += "\t\t-2\r\n"; shinyNeedle += "\t\t\r\n"; shinyNeedle += "\t\r\n"; shinyNeedle += ""; result = result.Replace(needle, shinyNeedle); } stream.Close(); System.IO.StreamWriter writer = new System.IO.StreamWriter(dataPath); writer.Write(result); writer.Flush(); writer.Close(); } /** * displays the form for the current page if the * current user has not voted in 24 hours * @param layout the layout of the vote form * @param id the ID for the current page * @param ip the ip address for the current user * @return the vote form */ public string displayVoteForm(string data, string id, string ip) { Hashtable hash; hash = tools.parser.hashXML(data); string votes = tools.parser.getVariable(""); if (Convert.ToDouble(tools.parser.subParse(curVote, "time=\"", "\"")) + 1 > DateTime.UtcNow.ToOADate()) { ips.Add(tools.parser.subParse(curVote, "url=\"", "\"")); } votes = votes.Substring(votes.IndexOf("//", hash, false); voteLayout = voteLayout.Replace(""; voteLayout = voteLayout.Replace(" 0 && votes > 0) { return "" + ((int)(10 * (total * 1.0) / (votes * 1.0))) / 10.0; } else { return "0"; } } else { return "0.0"; } } }