%
'**** Module: Registration
'**** Page: login.asp
'**** Author: Stephen Takakuwa
'**** Date: July 6, 1998
'**** Description: This is the login page.
'**** It can be reached from default.asp.
'**** It contains links to getAccountDD.asp
'**** login.asp (on FORM submit)
'**** schelp.html
'**** recallLostPasswordDD.asp
'**** mailto:info@eline.com.
'**** This page allows users to set discussion prefrences
'**** Revisions:
%>
<%
'**** replace single quotes
function EscSingleQuotes (temp)
EscSingleQuotes = Replace(temp,"'","''")
end function
Dim errorString
'**** sends user to default.asp to check for existing session and an existing cookie
if Request.QueryString("FormMode")="" then
Response.Redirect "default.asp"
end if
Set smarty = openDB()
'**** on a form submit or a form pass(from default.asp)
if Request.QueryString("FormMode")="submit" OR Request.QueryString("FormMode")="pass" then
if Request.QueryString("FormMode")="submit" then
userName=EscSingleQuotes(Request.Form("USER_NAME"))
password=EscSingleQuotes(Request.Form("PASSWORD"))
else '**** passed the cookie test on index.asp
'**** grab md9 coded password from cookie, and other info
userName = Request.Cookies("SmartConf")("USER_NAME")
MD9Password = Request.Cookies("SmartConf")("MD5_PASSWORD")
javaChat = Request.Cookies("SmartConf")("JAVA_CHAT")
password = "temppass"
end if
'****If no other errors to this point, is the username in database?
if (strComp(errorString,"")=0) then
sqlstr="SELECT PASSWORD, USERNAME, USER_ID, FIRST_NAME, LAST_NAME, ACCESS_LEVEL, TOAD_STATUS FROM PERSONAL_INFO WHERE LOWER(USERNAME) = '"&LCase(userName)&"'"
Set record = smarty.Execute(sqlstr)
if NOT(record.BOF AND record.EOF) AND Request.QueryString("FormMode")="submit" then
userID=record("USER_ID")
'**** This scrambles the password for saving in the personal_info table
'**** The userID number is the random start number
temp=cStr(userID)
start=int(Mid(temp,Len(temp),1))+1
do while start>Len(password)
start=start-Len(password)
loop
MD9password=""
for i = start to Len(password)
MD9password=MD9password&Len(Asc(Mid(password,i,1)))&Asc(Mid(password,i,1))
next
for i = 1 to start-1
MD9password=MD9password+cStr(Len(Asc(Mid(password,i,1))))+cStr(Asc(Mid(password,i,1)))
next
'**** End of password scramble
end if
if (record.BOF And record.EOF) then
errorString=errorString+"Username not found.
"
elseif (not(strComp(MD9password,record("PASSWORD"))=0)) then
errorString=errorString+"
Username found in records, but password doesn't match.
If you've forgotten your password, you can have it resent to your email address.
"
else
'****if user is toad, sudden death
toadStatus=record("TOAD_STATUS")
if (toadStatus = 1000) then '****Question here TOAD? I do a redirect to login.asp. Should be a KILL?
record.close
closeDB(smarty)
Set record = Nothing
Response.Redirect "login.asp?FormMode=bounce"
'****Could do a abandon of session: Session.Abandon
end if
'****Set all session vars
Session("sessionID")=Session.SessionID()
Session("userName")=record("USERNAME")
Session("userID")=record("USER_ID")
Session("firstName")=record("FIRST_NAME")
Session("lastName")=record("LAST_NAME")
Session("accessLevel")=record("ACCESS_LEVEL")
Session("toadStatus")=record("TOAD_STATUS")
sqlstr="SELECT PRIVACY_ID FROM PRIVACY_USERS WHERE USER_ID="&Session("userID")&" AND PRIVACY_ID=9"
Set reek=smarty.Execute(sqlstr)
If reek.BOF AND reek.EOF then
Session("iMessage")=0
else
Session("iMessage")=1
end if
'****Kill older sessions of same user and other sessions with same sessionID
sqlstr="DELETE FROM TRACKING WHERE USER_ID="&Session("userID")&" OR SESSION_ID='"&Session("sessionID")&"'"
smarty.Execute(sqlstr)
'****Grab and save session ID
currentDate=Date()
currentTime=Time()
sqlstr="INSERT INTO TRACKING (SESSION_ID, USER_ID, LAST_TOUCH) VALUES ('"&Session("sessionID")&"',"&Session("userID")&",'"¤tDate&" "¤tTime&"')"
smarty.Execute sqlstr
sqlstr="UPDATE PERSONAL_INFO SET EXPIRE_EMAIL=0, LAST_LOGIN='"¤tDate&" "¤tTime&"' WHERE USER_ID="&Session("userID")
smarty.Execute sqlstr
if (strComp(Request.Form("REMEMBER"),"ON")=0) then
Response.Cookies("SmartConf")("USER_NAME")= Session("userName")
Response.Cookies("SmartConf")("MD5_PASSWORD")= MD9password
Response.Cookies("SmartConf")("JAVA_CHAT")= javaChat
Response.Cookies("SmartConf").Expires= dateAdd("m",24,Date()) ''''2 years
end if
if (strComp(javaChat,"ON")=0) then
javaStatus = 1
else
javaStatus = 0
end if
sqlstr="INSERT INTO LOGIN_LOG (USER_ID, WHEN_LOGGED_IN, JAVA_STATUS, MD5, USER_NAME_REMEMBER) VALUES "
sqlstr=sqlstr+"("&Session("userID")&",'"¤tDate&" "¤tTime&"',"&javaStatus&",'"&MD9password&"','"&Session("userName")&"')"
smarty.Execute sqlstr
'****forward to next page: my_home_page
' if (strComp(javaChat,"ON")<>0) then
sqlstr="UPDATE TRACKING SET JAVA_CHAT_ENABLED=0 WHERE SESSION_ID='"&Session("sessionID")&"'"
smarty.Execute sqlstr
record.close
closeDB(smarty)
Set record = Nothing
Response.Redirect "myHomePage.asp"
' else
' sqlstr="UPDATE TRACKING SET JAVA_CHAT_ENABLED=1 WHERE SESSION_ID='"&Session("sessionID")&"'"
' smarty.Execute sqlstr
' if (Session("accessLevel") = 1000) then
' record.close
' closeDB(smarty)
' Set record = Nothing
' Response.Redirect"http://chat.smartconf.com/index.ihtml?P=005&A=z"
' else
' record.close
' closeDB(smarty)
' Set record = Nothing
' Response.Redirect"http://chat.smartconf.com/index.ihtml?P=005"
' end if
' end if
end if
end if
end if
%>
Login Page - Davey D
<%
nav_bar_public()
if (Request.QueryString("FormMode")="submit") then
Response.Write("Oops! A few problems were found with the information you entered:
")
Response.Write("")
Response.Write("Please try re-entering you information below.
")
end if
if (Request.QueryString("FormMode")="bounce") then
Response.Write("Oops! A problem has occured:
")
Response.Write("")
Response.Write("The cookie your computer contains no longer refers to a valid account")
Response.Write("If you have a valid account, please enter and check the 'Remember' box.
")
end if
if (Request.QueryString("FormMode")="loginSent") then
Response.Write("The login information required for entrance to the SmartConf system have been sent to your ")
Response.Write("email address. Check your standard email mailbox for your recovered username and password. ")
Response.Write("Enter the information on this page and click 'login'.")
end if
%>