I downloaded and installed code that lets me use an HTML editor on a page for employees to add news items. It works great and it allows the user to upload images after I gave proper security settings to the folder.
I am stumped. I really could use some help before I lose more hair.
This is the yahoo editor just so you can get an idea of what I am using.
[
developer.yahoo.com...]
After a few days, I decided it would be a good idea to allow certain employees with admin access to edit the postings. Otherwise, I am going into the database myself and this would be an issue when I am out sick, vacation, etc... BUT The page that edits the code will not allow me to add an image (all other features work). I've narrowed it down to what is doing it, just not sure how I need to recode this or if it needs to be nested in an if statement, etc..
Below is the code. Where there are a lot of ##### and it says "starting here and ending here" is where if I remove this I can add images again, however obviously without specifying the ID, I can't update the record. I just lost another two hairs writing this. Please help!
Imports System.Drawing
Imports System.IO
Imports System.Net.Mail
Imports System.Configuration
Imports System.Data
Imports System.Data.Sql
Imports System.Data.SqlClient
Partial Class EditContent
Inherits System.Web.UI.Page
'#################################################
Dim ConnectionString As New String(System.Configuration.ConfigurationManager.ConnectionStrings("EmployeeWebsiteSQL").ConnectionString)
Dim Connection As New System.Data.SqlClient.SqlConnection(ConnectionString)
Dim strQuery As String
Dim cmd As SqlCommand
Dim datareader1 As SqlDataReader
Dim datareader2 As SqlDataReader
Public strid
Public _Redirect As Boolean = False
Public _strJSONResponse As String = ""
Public _strPageText As String
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
MultiView1.SetActiveView(View1)
strid = Request.QueryString("id")
lblYourName.Text = ""
lblSubject.Text = ""
lblMessage.Text = ""
lblIPAddress.Text = Request.ServerVariables("REMOTE_ADDR")
'starting here###########################################################################
'###########################################################################
Dim cmsData As New DataTable
Dim cmsCt As New SqlConnection(ConnectionString)
Dim cmsAdapt As New SqlDataAdapter
Dim cmsQuery As String = "SELECT * FROM tblXYZ WHERE ID = @ID "
cmsAdapt.SelectCommand = New SqlCommand(cmsQuery, cmsCt)
cmsAdapt.SelectCommand.Parameters.Add(New SqlParameter("@ID", strid))
cmsAdapt.Fill(cmsData)
cmsCt.Close()
If cmsData.Rows.Count > 0 Then
Dim dr As DataRow = cmsData.Rows(0)
txtSubject.Text = Utils.CheckForNull_Text(dr.Item("SUBJECT"), "")
msgpost.Text = Utils.CheckForNull_Text(dr.Item("FULL_MESSAGE"), "")
txtYourName.Text = Utils.CheckForNull_Text(dr.Item("YOUR_NAME"), "")
Else
End If
'ending here###########################################################################
'########################################################################### Dim maxWidth As Long = 800
Dim maxHeight As Long = 800
If Image1.HasFile Then
Dim filepath As String = Image1.PostedFile.FileName
'Dim pat As String = "\\(?:.+)\\(.+)\.(.+)"
Dim pat As String = "\\(?:.+)\\(.+)\.(.+)"
Dim r As Regex = New Regex(pat)
'run
Dim m As Match = r.Match(filepath)
Dim file_ext As String
Dim filename As String
Dim file As String
If m.Groups.Count >= 2 Then
file_ext = m.Groups(2).Captures(0).ToString()
filename = m.Groups(1).Captures(0).ToString()
Else
Dim lngPos As Integer
lngPos = InStr(filepath, ".")
filename = Left(filepath, lngPos - 1)
file_ext = Right(filepath, filepath.Length - lngPos)
End If
file = filename & "." & file_ext
'save the file to the server
Image1.PostedFile.SaveAs(Server.MapPath(".\UploadedImages\") & file)
Dim bm As New Bitmap(Server.MapPath(".\UploadedImages\") & file)
Dim x As Int32 'variable for new width size
Dim y As Int32 'variable for new height size
If bm.Width > maxWidth Then
x = maxWidth
y = maxWidth / (bm.Width / bm.Height)
Else
x = bm.Width
y = bm.Height
End If
If y > maxHeight Then
y = maxHeight
x = maxHeight / (bm.Height / bm.Width)
End If
Dim width As Integer = Val(x) 'image width.
Dim height As Integer = Val(y) 'image height
Dim thumb As New Bitmap(width, height)
Dim g As Graphics = Graphics.FromImage(thumb)
g.InterpolationMode = Drawing2D.InterpolationMode.HighQualityBicubic
g.DrawImage(bm, New Rectangle(0, 0, width, height), New Rectangle(0, 0, bm.Width, _
bm.Height), GraphicsUnit.Pixel)
g.Dispose()
bm.Dispose()
_Redirect = True
_strJSONResponse = "{""status"":""UPLOADED"",""image_url"":""./UploadedImages/" & file & """}"
' _strJSONResponse = "{""status"":""UPLOADED"",""image_url"":""/employeewebsite2008/Toolbox/Secure/HumanResources/OurNeighborhood-pics/UploadedImages/" & file & """}"
End If
End Sub
Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click
Dim blformcomplete = True
'##############################
If txtYourName.Text = "" Then
lblYourName.Text = "*Required."
blformcomplete = False
Else
lblYourName.Text = ""
End If
'##############################
If txtSubject.Text = "" Then
lblSubject.Text = "*Required."
blformcomplete = False
Else
lblSubject.Text = ""
End If
'##############################
'##############################
If msgpost.Text = "" Then
lblMessage.Text = "*Required."
blformcomplete = False
Else
lblMessage.Text = ""
End If
'##############################
If blformcomplete = True Then
Dim strpasscode = Utils.PasswordGenerator(30)
'###########################################################################
'###########################################################################
strQuery = "Update tblXYZ set SUBJECT=@SUBJECT, FULL_MESSAGE=@FULL_MESSAGE, YOUR_NAME=@YOUR_NAME WHERE ID=@ID"
cmd = New SqlCommand(strQuery, Connection)
cmd.Parameters.Add(New SqlParameter("@ID", SqlDbType.NVarChar, 30)).Value = strid
cmd.Parameters.Add(New SqlParameter("@SUBJECT", SqlDbType.NVarChar, 200)).Value = txtSubject.Text
cmd.Parameters.Add(New SqlParameter("@FULL_MESSAGE", SqlDbType.Text)).Value = msgpost.Text
cmd.Parameters.Add(New SqlParameter("@YOUR_NAME", SqlDbType.NVarChar, 200)).Value = txtYourName.Text
Connection.Open()
cmd.ExecuteNonQuery()
Connection.Close()
MultiView1.SetActiveView(View2)
'###########################################################################
'###########################################################################
Else
End If
End Sub
Protected Sub Page_LoadComplete(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.LoadComplete
End Sub
End Class
