ASP Confirmation Page

[brandy.ziemann]

I have several forms which worked fine but after our
server people installed a bunch of security patches it
broke my asp code (so they tell me). I want to switch
these forms over to the Front Page Form handler. It SEEMS
that Front Page will not let me use asp/shtm pages. (I
have server side includes and need to use those types of
pages).

The page is www.hecksprinting.com/dana/login_request2.asp

If anyone is savy with asp code, maybe you can tell me
why my original pages stopped working after these patches
were installed. It will still burn the info to the
database, but will not send out the email.


<!-- #include file="adovb.inc" -->
<!-- #include file="OrdersConnection.asp" -->
<%
'Debug
'For I = 0 To Session.Contents.Count
'Response.Write Session.Contents.Key(I)
& " = " & Session.Contents.Item(I) & "<br>"
'Next

' Open the database connection
dbconn.Open

' Build the query to "burn" all the shipping,
comment,
' and credit card database into each order record
Dim query

' Base query
query = "UPDATE Orders SET "

' Contact information
query = query & "UserName ='" & Session
("UserName") & "', "
query = query & "Contact_firstName ='" & Session
("Contact_firstName") & "', "
query = query & "Contact_MidName ='" & Session
("Contact_MidName") & "', "
query = query & "Contact_lastName ='" & Session
("Contact_lastName") & "', "
query = query & "Contact_division ='" & Session
("Contact_Division") & "', "
query = query & "Contact_entity ='" & Session
("Contact_Entity") & "', "
query = query & "Contact_address ='" & Session
("Contact_Address") & "', "
query = query & "Contact_city ='" & Session
("Contact_City") & "', "
query = query & "Contact_state ='" & Session
("Contact_State") & "', "
query = query & "Contact_zip ='" & Session
("Contact_Zip") & "', "
query = query & "Contact_country ='" & Session
("Contact_Country") & "', "
query = query & "Contact_phonename ='" & Session
("Contact_Phonename") & "', "
query = query & "Contact_phone ='" & Session
("Contact_Phone") & "', "
query = query & "Contact_ext ='" & Session
("Contact_Ext") & "', "
query = query & "Contact_phonename2 ='" & Session
("Contact_Phonename2") & "', "
query = query & "Contact_phone2 ='" & Session
("Contact_Phone2") & "', "
query = query & "Contact_email ='" & Session
("Contact_Email") & "', "

' Shipping information
query = query & "Ship_firstName = '" & Session
("Ship_firstName") & "', "
query = query & "Ship_midName = '" & Session
("Ship_midName") & "', "
query = query & "Ship_lastName = '" & Session
("Ship_lastName") & "', "
query = query & "Ship_division = '" & Session
("Ship_division") & "', "
query = query & "Ship_entity = '" & Session
("Ship_entity") & "', "
query = query & "Ship_address = '" & Session
("Ship_address") & "', "
query = query & "Ship_city = '" & Session
("Ship_city") & "', "
query = query & "Ship_state = '" & Session
("Ship_state") & "', "
query = query & "Ship_zip = '" & Session
("Ship_zip") & "', "
query = query & "Ship_country = '" & Session
("Ship_country") & "', "
query = query & "Via = '" & Session("Via") & "', "
query = query & "ViaOth = '" & Session("ViaOth")
& "', "

' Credit Card information
query = query & "CardName = '" & Session
("CardName") & "', "
query = query & "CardType = '" & Session
("CardType") & "', "
query = query & "CardNumber = '" & Session
("CardNumber") & "', "
query = query & "CardMonth = '" & Session
("CardMonth") & "', "
query = query & "CardYear = '" & Session
("CardYear") & "', "

' Comments
' The comments need to be filtered a little,
certain characters
' can cause problems with the SQL Query
Dim comments
comments = Session("Comments")
comments = Replace(comments, "'", "`")
comments = Replace(comments, Chr(34), "`")

query = query & "Comments = '" & comments & "'"







' Update all the records created by this session
query = query & " WHERE OrderID IN ("

Dim idList, idListArray, i, length, idListString
idList = Session("ORDER_ID_LIST")
idListArray = Split(idList, ",")

length = UBound(idListArray)
length = length - 1

For i = 0 To length
idListString = idListString & idListArray
(i)
If i <> length Then
idListString = idListString & ", "
End If
Next

' Finish the query
query = query & idListString & ")"

' Debug
'Response.Write query

' Execute the query
dbconn.Execute query

' Create and send a notification message
' Read the template into a body variable
Dim sBody, fso, templateFile, templateFileName

templateFileName = Server.MapPath
("./EmailTemplate.htm")

Set fso = Server.CreateObject
("Scripting.FileSystemObject")
Set templateFile = fspenTextFile
(templateFileName, 1)

sBody = templateFile.ReadAll

' Clean up the FileSystemObject and TextStream
templateFile.Close
Set fso = Nothing
Set templateFile = Nothing

' Replace template items in the body with actual
data
' Contact information
sBody = Replace(sBody, "%Contact_FirstName",
Session("Contact_firstName") )
sBody = Replace(sBody, "%Contact_MidName", Session
("Contact_midName") )
sBody = Replace(sBody, "%Contact_LastName",
Session("Contact_lastName") )
sBody = Replace(sBody, "%Contact_Division",
Session("Contact_Division") )
sBody = Replace(sBody, "%Contact_Entity", Session
("Contact_Entity") )
sBody = Replace(sBody, "%Contact_Address", Session
("Contact_Address") )
sBody = Replace(sBody, "%Contact_City", Session
("Contact_City") )
sBody = Replace(sBody, "%Contact_State", Session
("Contact_State") )
sBody = Replace(sBody, "%Contact_Zip", Session
("Contact_Zip") )
sBody = Replace(sBody, "%Contact_Country", Session
("Contact_country") )
sBody = Replace(sBody, "%Contact_PhName", Session
("Contact_Phonename") )
sBody = Replace(sBody, "%Contact_Phone", Session
("Contact_Phone") )
sBody = Replace(sBody, "%Contact_Ext", Session
("Contact_Ext") )
sBody = Replace(sBody, "%Contact_PhNm2", Session
("Contact_Phonename2") )
sBody = Replace(sBody, "%Contact_Phn2", Session
("Contact_Phone2") )
sBody = Replace(sBody, "%Contact_Email", Session
("Contact_Email") )
sBody = Replace(sBody, "%Contact_Contact", Session
("Contact_Contact") )

' Shipping Information
sBody = Replace(sBody, "%Ship_FirstName", Session
("Ship_firstName") )
sBody = Replace(sBody, "%Ship_MidName", Session
("Ship_midName") )
sBody = Replace(sBody, "%Ship_LastName", Session
("Ship_lastName") )
sBody = Replace(sBody, "%Ship_Division", Session
("Ship_division") )
sBody = Replace(sBody, "%Ship_Entity", Session
("Ship_entity") )
sBody = Replace(sBody, "%Ship_Address", Session
("Ship_address") )
sBody = Replace(sBody, "%Ship_City", Session
("Ship_city") )
sBody = Replace(sBody, "%Ship_State", Session
("Ship_state") )
sBody = Replace(sBody, "%Ship_Zip", Session
("Ship_zip") )
sBody = Replace(sBody, "%Ship_Country", Session
("Ship_country") )
sBody = Replace(sBody, "%Ship_Via", Session
("Via") )
sBody = Replace(sBody, "%Ship_Other", Session
("ViaOth") )

' Comments
sBody = Replace(sBody, "%Comments", Session
("Comments") )

' Credit Card Info
sBody = Replace(sBody, "%Credit_Card_Name",
Session("CardName") )
sBody = Replace(sBody, "%Credit_Card_Type",
Session("CardType") )
sBody = Replace(sBody, "%Credit_Card_Number",
Session("CardNumber") )
sBody = Replace(sBody, "%Credit_Card_Exp_Month ",
Session("CardMonth") )
sBody = Replace(sBody, "%Credit_Card_Exp_Year",
Session("CardYear") )

' Construct a string that has the html to display
the order items
Dim itemBody, rsItems
query = "SELECT * FROM Orders WHERE OrderID IN ("
& idListString & ")"
Set rsItems = Server.CreateObject
("ADODB.Recordset")
rsItems.Open query, dbconn

Do While Not rsItems.EOF
itemBody = itemBody & "<tr><td>"
itemBody = itemBody & "<font size=1
face=Arial, Helvetica>"
itemBody = itemBody & rsItems.Fields
("Item1") & "<br>"
itemBody = itemBody & rsItems.Fields
("Item2") & "<br>"
itemBody = itemBody & rsItems.Fields
("Item3") & "<br>"
itemBody = itemBody & rsItems.Fields
("Item4") & "<br>"
itemBody = itemBody & rsItems.Fields
("Item5") & "<br>"
itemBody = itemBody & rsItems.Fields
("Item6") & "<br>"
itemBody = itemBody & rsItems.Fields
("Item7") & "<br>"
itemBody = itemBody & rsItems.Fields
("Item8") & "<br>"
itemBody = itemBody & rsItems.Fields
("Item9") & "<br>"
itemBody = itemBody & rsItems.Fields
("Item10") & "<br>"
itemBody = itemBody & rsItems.Fields
("Item11") & "<br>"
itemBody = itemBody & rsItems.Fields
("Item12") & "<br>"
itemBody = itemBody & rsItems.Fields
("Item13") & "<br>"
itemBody = itemBody & rsItems.Fields
("Item14") & "<br>"
itemBody = itemBody & rsItems.Fields
("Item15") & "<br>"
itemBody = itemBody & rsItems.Fields
("Item16") & "<br>"
itemBody = itemBody & rsItems.Fields
("Item17") & "<br>"
itemBody = itemBody & rsItems.Fields
("Item18") & "<br>"

itemBody = itemBody & rsItems.Fields
("Item19") & "<br>"
itemBody = itemBody & rsItems.Fields
("ItemComments") & "<br>"
itemBody = itemBody & "</font>"
itemBody = itemBody & "</td><td>"
itemBody = itemBody & "<font size=1
face=Arial, Helvetica>"
itemBody = itemBody & rsItems.Fields
("FirstName") & "&nbsp;" & rsItems.Fields("midName")
& "&nbsp;" & rsItems.Fields("LastName") & "<br>"
itemBody = itemBody & rsItems.Fields
("Title") & "<br>"
itemBody = itemBody & rsItems.Fields
("Title2") & "<br>"
itemBody = itemBody & rsItems.Fields
("Division") & "<br>"
itemBody = itemBody & rsItems.Fields
("Entity") & "<br>"
itemBody = itemBody & rsItems.Fields
("Address") & "<br>"
itemBody = itemBody & rsItems.Fields
("City") & "&nbsp;" & rsItems.Fields("State") & "&nbsp" &
rsItems.Fields("Zip") & "<br>"
itemBody = itemBody & rsItems.Fields
("Address2") & "<br>"
itemBody = itemBody & rsItems.Fields
("City2") & "&nbsp;" & rsItems.Fields("State2") & "&nbsp"
& rsItems.Fields("Zip2") & "<br>"
itemBody = itemBody & rsItems.Fields
("Country") & "<br>"
itemBody = itemBody & rsItems.Fields
("Phonename") & "&nbsp" & rsItems.Fields("Phone")
& "&nbsp;" & rsItems.Fields("Ext") & "<br>"
itemBody = itemBody & rsItems.Fields
("Phonename2") & "&nbsp" & rsItems.Fields("Phone2")
& "<br>"
itemBody = itemBody & rsItems.Fields
("Phonename3") & "&nbsp" & rsItems.Fields("Phone3")
& "<br>"
itemBody = itemBody & rsItems.Fields
("Phonename4") & "&nbsp" & rsItems.Fields("Phone4")
& "<br>"
itemBody = itemBody & rsItems.Fields
("Email")
itemBody = itemBody & "</font>"
itemBody = itemBody & "</td></tr>"


rsItems.MoveNext
Loop

rsItems.Close
Set rsItems = Nothing

sBody = Replace(sBody, "%Ordered_Items", itemBody)

' Create the email object
Dim msg
Set msg = Server.CreateObject("CDO.Message")
msg.HTMLBody = sBody
msg.To = "<[email protected]>"
msg.CC = "<" & Session("Contact_Email") & ">"
msg.Subject = "Dana Stationery Store Order from "
& Session("Contact_firstName") & " " & Session
("Contact_lastName")
msg.From = "<[email protected]>"

msg.Send

' Clean up
dbconn.Close

Set dbconn = nothing

' Clear out the session state
Session.Contents.RemoveAll

%>
<html>
<head><title>Order complete</title></head>
<body>
<table border="0" cellpadding="2" width="500"
bgcolor="#FFFFFF" height="174">
<tr>
<td align="center" nowrap height="12"><font
face="Verdana, Arial, Helvetica"
color="#FFFFFF">.</font></td>
</tr>
<tr>
<td align="center" nowrap
height="12"><b><font face="Lucida Handwriting, Verdana,
Arial, Helvetica" color="#0EA2DB" size="5">Thank
You!</font></b></td>
</tr>
<tr>
<td align="center" nowrap height="18">
<p align="center"><font
color="#FFFFFF"><font face="Arial, Helvetica"
color="#FF0000" size="2"><b>Your
order has been
submitted.</b></font></font></td>
</tr>
<tr>
<td align="center" nowrap
height="18"><b><font face="Verdana, Arial, Helvetica">An
email of your order has been send to
you.</font></b></td>
</tr>
<tr>
<td align="center" nowrap
height="18"><b><font face="Verdana, Arial, Helvetica">You
will receive your Acrobat &quot;.pdf&quot;
proofs</font></b></td>
</tr>
<tr>
<td align="center" nowrap
height="18"><b><font face="Verdana, Arial,
Helvetica">within
1-2 days on personalized
items.</font></b></td>
</tr>
</table>
<p>&nbsp;</p>
</body>
</html>