Modify the online auction site (Section 26.4) to include a feature that allows users to sell items. Write a document named sell.asp that allows users to auction items. The user enters an item’s information (e.g., price, description, etc.) in a form and submits it. Post the contents to dosell.asp, which inserts the information into the AuctionItems table of the DeitelAuc- tions.mdb database and redirects the user to bookitems.asp. Write dosell.asp. Next, modify the auction site to ensure that users are logged in before allowing them to sell an item. Modify index.asp (Fig. 26.12), login.asp (Fig. 26.21) and checklogin.asp (Fig. 26.22) as follows: If a user is not logged in when the Sell an Item link is clicked, redirect the user to login.asp. Once the user has successfully logged in, redirec

What will be an ideal response?

```
1 <% @LANGUAGE = VBSCRIPT %>
2 <% Option Explicit %>
3
4 <% ' sell.asp %>
5
6
7
8
9
10 Sell an Item
11
12
13
14
15

Please enter the following information:

17
18
19
20
21
22
23
24
25
51
52
53
54
59
60
61
62
63
64
68
69
70
71
75
76
77
78
82
83
84
85
93
94

Which book would you like to sell:	26 27 <% Dim connection, query, data 28 29 Set connection = Server.CreateObject( "ADODB.Connection" ) 30 Set data = Server.CreateObject( "ADODB.RecordSet" ) 31 32 Call connection.Open( "DeitelAuctions" ) 33 34 query = "SELECT * FROM Products" 35 36 Call data.Open( query, connection ) 37 38 %> 49 50
Enter a display title for your book:	55 (For example: Brand New C++ How To Program!) 56 57 58
Your starting price: $	65 66 SIZE = "25"> 67
Briefly describe the state of your book:	72 73 SIZE = "100"> 74
What payment type would you prefer:	79 80 SIZE = "50"> 81
	86 87 Click Submit to sell your item: 88 89 90 91 92

96 Home
97
98
99 <% @LANGUAGE = VBSCRIPT %>
100 <% Option Explicit %>
101
102 <% ' dosell.asp %>
103
104 <% Dim connection, query, data, ItemNumber, insert
105
106 Set connection = Server.CreateObject( "ADODB.Connection" )
107 Set data = Server.CreateObject( "ADODB.RecordSet" )
108
109 Call connection.Open( "DeitelAuctions" )
110
111 query = "SELECT Max( ItemNumber ) As M FROM AuctionItems"
112
113 Call data.Open( query, connection )
114
115 ItemNumber = data( "M" ) + 1
116
117 Call data.Close()
118
119 insert = _
120 "INSERT INTO AuctionItems " & _
121 "(ItemNumber, Display, Seller, Ends, " & _
122 "CurrentPrice, State, ProductNumber, " & _
123 "PaymentType) " & _
124 "VALUES (" & _
125 ItemNumber & ", '" & Request( "Display" )& _
126 "', '" & Session( "UserName" ) & "', #" & Date() & _
127 "#, " & Request( "CurrentPrice" ) & ", '" & _
128 Request( "State" ) & "', " & _
129 Request( "ProductNumber" ) & ", '" & _
130 Request( "PaymentType" ) & "')"
131
132 Call connection.Execute( insert )
133 Call connection.Close()
134
135 Call Response.Redirect( "bookitems.asp" )
136 %>
137 <% @LANGUAGE = VBSCRIPT %>
138 <% Option Explicit %>
139
140 <% ' index.asp %>
141
142
143
144
145
146 Deitel Auctions
147
148
149
150
151 <% =Date() %>
152
153

Welcome to Deitel Auctions
154

155

Categories:
156

157
158 <% 'A list of auction Categories %>
159

Books

Cyberclassrooms
162

Training Seats
164

Miscellaneous

167

168 All our auction items end at midnight on the same day
169 they are posted. Bid Now!
170

171
172 <% ' Save where the user came from in the "from" session
173 ' variable. Because we have several register links
174 ' in the site, we can use this variable to provide links
175 ' in the registration pages, depending on where the
176 ' user came from.
177 Session( "from" ) = "home" %>
178
179 <% ' Provide a link to register a new user %>
180
181 Register
182
183 <% ' *************************************************
184 If Not Session( "LoggedIn" ) Then
185 %>
186 Login
187 <% End If
188 If Session( "LoggedIn" ) Then
189 %> Logout
190 <% End If
191 ' ************************************************* %>
192
193
194 <% ' Link to winning bids %>
195
196 Yesterday's Winning Bids!
197

198
199 <% ' **********************************************
200 Dim s
201 If Session( "LoggedIn" ) Then
202 s = "sell.asp"
203 Else
204 s = "login.asp?proceedTo=sell.asp"
205 End If
206
207 ' Link to the Selling page
208 %>
209 <% ' ************************************************ %>
210 Sell an item
211
212
213
214
215 <% @LANGUAGE = VBSCRIPT %>
216 <% Option Explicit %>
217
218 <% ' login.asp %>
219
220
221
222
223
224 Login
225
226
227
228
229

Please Log In

User Name:	236 237
Password:	243 244 SIZE = "25"> 245
	250 251 252

230 <% ' Form to post the login data %>
231

256
257 <% ' *******************************************
258 ' Note that setting Session( "from" ) was deleted from
259 ' here. We now set Session( "from" ) other pages as well
260 ' to distinguish different login cases:
261 ' Is it a bidding login, or a selling login?
262 ' ********************************************
263 %>
264
265
266 <% ' *********************************************
267 If Request( "proceedTo" ) = "sell.asp" Then
268 Session( "from" ) = "selling_login"
269 End If
270 Session( "proceedTo" ) = Request( "proceedTo" )
271 ' *********************************************
272
273 ' Provide a link to register a new user %>
274

Do you not have an account?
275 Register

276
277
278 <% @LANGUAGE = VBSCRIPT %>
279 <% Option Explicit %>
280
281 <% ' checklogin.asp %>
282 <%
283 Dim connection, check, data
284
285 ' Open a database connection
286 Set connection = Server.CreateObject( "ADODB.Connection" )
287 Call connection.Open( "DeitelAuctions" )
288
289 ' Build the SQL query
290 check = "SELECT * FROM Members WHERE UserName = '" _
291 & CStr( Request( "UserName" ) ) & "'" _
292 & " AND Password = '" _
293 & CStr( Request( "Password" ) ) & "'"
294
295 ' Open the record set
296 Set data = Server.CreateObject( "ADODB.RecordSet" )
297 Call data.Open( check, connection )
298 On Error Resume Next
299
300 If data.EOF Then
301
302 ' The user's login is incorrect
303 Call data.Close()
304 Call connection.Close()
305 Call Response.Redirect( "badlogin.asp" )
306 Else
307
308 ' The user's login is correct
309 Session( "UserName" ) = Request( "UserName" )
310 Session( "LoggedIn" ) = True
311 Call data.Close()
312 Call connection.Close()
313 ' **********************************************
314 Call Response.Redirect( Session( "proceedTo" ) )
315 ' **********************************************
316 End If
317 %>
318
319
320
321
322 Confirm Bid
323
324
325
326

Thanks. You are the high bidder now!

327
328
329 Home
330 Back to Book Items
331
332 Logout
333
334
335
336
337 <% @LANGUAGE = VBSCRIPT %>
338 <% Option Explicit %>
339
340 <% ' badlogin.asp %>
341
342
343
344
345
346 Login Failure
347
348
349
350

Invalid username or password.

351
352
353 Try Again
354 Home
355
356 <% ' **************************************************
357 If Session( "from" ) = "bidding_login" Then %>
358 359 "itemdata.asp?ItemNumber=<% =Session( "ItemNumber" ) %>">
360 Back to Item Description
361
362 <% End If
363 ' ****************************************************** %>
364
365
366 <% ' Provide a link to register a new user %>
367

368

Do you not have an account?
369 Register
370

371
372
373 <% @LANGUAGE = VBSCRIPT %>
374 <% Option Explicit %>
375
376 <% ' newmember.asp %>
377
378
379
380
381
382 New Member
383
384
385
386

Welcome New Member!

Choose your user name:	394 395
Choose your password:	401 402 SIZE = "25"> 403
	409 410 411

387
388 <% ' Form to get username and password %>
389
415
416 Home
417
418 <% ' If the user came to this page from the bidding login
419 ' process, provide an additional link to the item
420 ' description page.
421 ' ******************************************
422 If Session( "from" ) = "bidding_login" Then
423 ' ****************************************** %>
424 425 "itemdata.asp?ItemNumber=<% = Session( "ItemNumber" ) %>">
426 Back to Item Description
427 <% End If %>
428
429
430
431 <% @LANGUAGE = VBSCRIPT %>
432 <% Option Explicit %>
433
434 <% ' taken.asp %>
435
436
437
438
439
440 In use
441
442
443
444 <% ' Print a message and provide navigation links. %>
445