ASP .NET Web Developer s Guide - Mesbah Ahmed, Chris Garrett

650 Chapter 13 • Creating a Message Board with ADO and XML

other pages, there is a validation control for every text box to make sure the user enters the required information. Let’s take a look at the code-behind for this form in Figure 13.72.

Figure 13.72 The Code-Behind (Createboard.aspx.vb)

Private Sub Page_Load(ByVal sender As System.Object, _ ByVal e As System.EventArgs) Handles MyBase.Load 'only logged-in admins can enter this page

If Me.IsLoggedIn = False Then

Response.Redirect("default.aspx")

ElseIf Me.CurrentUser.IsAdmin = False Then

Response.Redirect("default.aspx")

End If

End Sub

Private Sub btnCreate_Click(ByVal sender As System.Object, _ ByVal e As System.EventArgs) Handles btnCreate.Click

If Me.IsValid = True Then

'create the new board

dotBoardObjects.Board.CreateBoard(txtBoardName.Text, _ txtBoardDescription.Text, _

Me.CurrentUser)

Response.Redirect("default.aspx")

End If

End Sub

Like every other admin page so far, this page guarantees that the current user is a logged-in administrator, and if not, redirects to the default page. After the user has entered the required information to create a board and clicks the Create Board button, the btnCreate_Click method is called. First, the method checks to make sure the page is valid, then it creates the board based on the values the administrator entered. Finally, it redirects the administrator back to the default page so he can see his newly created board.

The last things an administrator should be able to do are delete Boards, Threads, and Posts.This functionality can be placed on the appropriate pages

www.syngress.com

where this information is actually displayed.What we will do is next to every Board,Thread, and Post we will place an HtmlAnchor control next to each item that will point to an .aspx page named delete[type of object to delete].aspx. For instance, deleting Boards will link to deleteBoard.aspx. Let’s go over the three places in our code that need to change because of this new feature in Figures 13.73, 13.74, and 13.75.

Figure 13.73 The DisplayBoard Method Changes (Default.aspx.vb)

Dim fields(1) As Object fields(0) = myBoard.Name fields(1) = myBoard.Description If Me.IsLoggedIn = True Then

If Me.CurrentUser.IsAdmin = True Then

fields(1) &= "<br><br><a href='deleteBoard.aspx?boardName=" & _ myBoard.Name & "'>>>delete</a>"

End If

End If

Figure 13.74 The Page_Load Method Changes (Board.aspx.vb)

Dim fields(3) As Object

fields(0) = "BoardId=" & boardId & _ "&ThreadId=" & myThread.ID.ToString()

fields(1) = myThread.Subject If Me.IsLoggedIn = True Then

If Me.CurrentUser.IsAdmin = True Then

fields(1) &= "<br><br><a href='deleteThread.aspx?" & _ "boardName=" & mBoard.Name & _

"&threadId=" & myThread.ID.ToString() & _ "'>>>delete</a>"

End If

End If

www.syngress.com

652 Chapter 13 • Creating a Message Board with ADO and XML

Figure 13.75 The Page_Load Method Changes (Thread.aspx.vb)

Dim fields(5) As Object fields(0) = myPost.ID fields(1) = myPost.Subject fields(2) = myPost.Body

If Me.IsLoggedIn = True Then

If Me.IsLoggedIn = True Then

fields(2) &= "<br><br><a href='deletePost.aspx?" & _ "boardName=" & myBoard.Name & _

"&threadId=" & myThread.ID.ToString() & _ "&postId=" & myPost.ID.ToString() & _ "'>>>delete</a>"

End If

End If

You can see that all of these changes is very similar. Each gets slightly more complicated as you get further down the object hierarchy; you need to pass more information to get a reference to the correct objects. Now all we need to do is create the three pages that will handle deleting our objects. All three are very similar, and are shown in the following figures, Figures 13.76, 13.77, and 13.78.

Figure 13.76 DeleteBoard.aspx.vb

Private Sub Page_Load(ByVal sender As System.Object, _

ByVal e As System.EventArgs) Handles MyBase.Load

If Me.IsLoggedIn = True Then

If Me.CurrentUser.IsAdmin = True Then

Dim boardName As String

boardName = Request.QueryString.Item("boardName") Dim myBoard As dotBoardObjects.board

myBoard = New dotBoardObjects.board(boardName) myBoard.Delete(Me.CurrentUser)

End If

End If

Continued

www.syngress.com

Figure 13.76 Continued

Response.Redirect("default.aspx")

End Sub

Figure 13.77 DeleteThread.aspx.vb

Private Sub Page_Load(ByVal sender As System.Object, _

ByVal e As System.EventArgs) Handles MyBase.Load

If Me.IsLoggedIn = True Then

If Me.CurrentUser.IsAdmin = True Then

Dim boardName As String

Dim threadId As Long

boardName = Request.QueryString.Item("boardName") threadId = CLng(Request.QueryString.Item("threadId"))

Dim myBoard As dotBoardObjects.board

myBoard = New dotBoardObjects.board(boardName) Dim myThread As dotBoardObjects.thread myThread = myBoard.ChildThread(threadId)

myBoard.DeleteThread(myThread, Me.CurrentUser) End If

End If

Response.Redirect("default.aspx")

End Sub

Figure 13.78 DeletePost.aspx.vb

Private Sub Page_Load(ByVal sender As System.Object, _

ByVal e As System.EventArgs) Handles MyBase.Load

If Me.IsLoggedIn = True Then

If Me.CurrentUser.IsAdmin = True Then

Dim boardName As String

Continued

www.syngress.com

654 Chapter 13 • Creating a Message Board with ADO and XML

Figure 13.78 Continued

Dim threadId As Long

Dim postId As Long

boardName = Request.QueryString.Item("boardName") threadId = CLng(Request.QueryString.Item("threadId")) postId = CLng(Request.QueryString.Item("postId"))

Dim myBoard As dotBoardObjects.board

myBoard = New dotBoardObjects.board(boardName) Dim myThread As dotBoardObjects.thread myThread = myBoard.ChildThread(threadId)

Dim myPost As dotBoardObjects.Post myPost = myThread.ChildPost(postId)

myBoard.DeletePost(myThread, myPost, Me.CurrentUser) End If

End If

Response.Redirect("default.aspx")

End Sub

A lot of code, for sure, but it should all be relatively easy to follow. Each page retrieves the objects necessary to delete whatever it is trying to delete, then calls the appropriate delete method on the board object.When it finishes, each one redirects the user back to the default page. If the person accessing this page is neither logged in nor an admin, it does nothing but the final redirect.You don’t want anyone who is not an admin deleting your boards, so even on pages in which the user never sees the UI, it’s still a good idea to perform every security check necessary.

The final administrative interface we need to create is to give the Administrators the ability to edit posts, in the case of offensive or undesired language that doesn’t necessarily need to be deleted. First, we’ll need to add another button to the view thread page right next to the Delete button. See Figure 13.79 for the changes.

www.syngress.com

Figure 13.79 Page_Load Changes (Thread.aspx.vb)

If Me.IsLoggedIn = True Then

If Me.IsLoggedIn = True Then

fields(2) &= "<br><br><a href='deletePost.aspx?" & _ "boardName=" & myBoard.Name & _

"&threadId=" & myThread.ID.ToString() & _ "&postId=" & myPost.ID.ToString() & _ "'>>>delete</a>"

fields(2) &= "   " & _ "<a href='editPost.aspx?" & _ "boardName=" & myBoard.Name & _

"&threadId=" & myThread.ID.ToString() & _ "&postId=" & myPost.ID.ToString() & _ "'>>>edit</a>"

End If

End If

All that has changed is a new HTML anchor tag is added that points to a new page called editPost.aspx. Let’s take a look at this page and examine what controls are on it (see Figure 13.80).

Figure 13.80 editPost.aspx

www.syngress.com

656 Chapter 13 • Creating a Message Board with ADO and XML

You should notice that this page looks very similar to the create post page. In fact, it is nearly identical — so identical that we could have reused the same page instead of creating the new one.The only reason we aren’t using the create post page is for the sake of simplicity; there’s no need to complicate pages we have already finished for new functionality. All we need to do now is take a look at the code-behind page in Figure 13.81.

Figure 13.81 The Code-Behind (editPost.aspx)

Public Class editPost

Inherits FormBase

Private mBoard As dotBoardObjects.Board

Private mThread As dotBoardObjects.Thread

Private mBoardName As String

Private mThreadID As Long

Private mPostID As Long

Private mPost As dotBoardObjects.Post

Private Sub Page_Load(ByVal sender As System.Object, _ ByVal e As System.EventArgs) Handles MyBase.Load 'only logged in users are allow in this page

If Me.IsLoggedIn = False Then

Response.Redirect("default.aspx")

ElseIf Me.CurrentUser.IsAdmin = False Then

Response.Redirect("default.aspx")

End If

mBoardName = Request.Item("boardName")

mThreadID = CLng(Request.Item("threadId"))

mPostID = CLng(Request.Item("postId"))

mBoard = New dotBoardObjects.board(mBoardName) mThread = mBoard.ChildThread(mThreadID)

mPost = mThread.ChildPost(mPostID)

Continued

www.syngress.com

Figure 13.81 Continued

lblHeaderBoard.Text = mBoard.Name lblHeaderThread.Text = mThread.Subject

If Not Me.IsPostBack Then txtSubject.Text = mPost.Subject txtMessage.Text = mPost.Body

End If

Me.ApplyStyles(Me.Controls)

End Sub

Private Sub btnEditPost_Click(ByVal sender As System.Object, _ ByVal e As System.EventArgs) Handles btnEditPost.Click

If Me.IsValid Then

mPost.Subject = txtSubject.Text mPost.Body = txtMessage.Text mPost.Update(Me.CurrentUser)

Response.Redirect("thread.aspx?boardID=" & _ mBoard.Name & "&threadId=" & _ mThread.ID.ToString())

End If

End Sub

End Class

You should immediately notice how similar the code-behind of the edit post page is to create post page. Again, we could have used the same page, but to keep things simple we’re using two separate pages.The Page_Load method first checks to make sure there is a logged in user, and that the user is an administrator. Next, it gets a reference to the appropriate Board,Thread, and Post objects, and fills the label and text box controls on the page with values.The btnEditPost_Click method makes sure the page is valid, then sets the values on the Post object, commits it to the database, and redirects to the thread view page so the user can see the changes.

www.syngress.com

658 Chapter 13 • Creating a Message Board with ADO and XML

Summary

Our message board is 100 percent complete and ready for use.We have analyzed our message board and created a solution to fit with all our requirements. Our message board is an Object-Oriented application that is scalable, maintainable, and well-defined.We have created all the necessary classes to maintain our data and the relationships between our data through the use of custom list objects and classes.We also have a built-in security model where every action that requires administrative access is checked before the requestor is allowed to perform the operation.

Our User Interface is somewhat extensible in that it dynamically applies styles to multiple types of WebControls that we defined using CSS and an XML document. Each Web Form we created inherits the FormBase class, which allows all our Web Forms to have access to a few common methods and properties, in addition to the System.Web.UI.Page methods and properties. Our User Interface contains all the necessary interfaces to browse through Boards,Threads, and Messages, as well as interfaces to administer users, and those that contain interfaces to create and delete Boards,Threads, and Messages.

All in all we have a functioning message board that could be placed anywhere and run on top of SQL Server or MS Access. It was accomplished in an ObjectOriented manner and hopefully by now you understand the use for designing OO applications.We have also separated the UI and UI logic from the actual “business rules” applied to our objects. If we wanted, we could take our dotBoardObject class library and put a Windows Form front end on it, a Web Service front end on it, or even attach a Console Application front end. All because we kept our UI completely separate from our implementation.

Solutions Fast Track

Setting Up the Database

;Analyze your data and create the tables necessary to represent the solution to our problem. Make sure you have broken down each piece of data into the smallest possible representation of that data. For instance, you wouldn’t want to have a field in your database for the user’s full name; instead, you would want first and last name fields.

www.syngress.com

;Analyze your data and create the relationships necessary between the different sets of data.

Designing Your Application

;Analyze your data and find a way to fit it into an Object-Oriented environment. Many times you can use the analysis you performed while building your database in this step.

;Map the fields in the database to appropriate fields in each object.

;Analyze our solution and determine the types of methods each of our objects will contain.You need to provide interfaces to modify, add, and delete every relationship and field in each of your objects.

Designing the User Interface

;Analyze what type of actions our users will need to perform, then create the necessary Web Forms.

;Analyze what type of actions our administrators will need to perform and create the necessary Web Forms.

Setting Up General Functions

;Create the FormBase class that contains all the necessary properties and methods our Web Forms will need to hold. Determine what functionality you need shared throughout every Web Form and build it into this class.

Building the Log-In Interface

;Create the user area user control. Place this control on every Web Form so each form can have a reference to the currently logged in user.

;Create the registration page, which allows users to register for your message board.

www.syngress.com