<% @ Language=VBScript %> <% Response.Buffer = True %> <% '*********************************************************** 'Added by John Hinner on 3-26-2006 'This is the algorithm used to convert the initial typed passwrod into 'an encrypted version if the user chooses to change their password. 'This algorithm was obtained off of google the day before. '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Function encrypt_it(cleartext) dim x, y, abfrom, abto encrypt_it="": ABFrom = "" For x = 0 To 25: ABFrom = ABFrom & Chr(65 + x): Next For x = 0 To 25: ABFrom = ABFrom & Chr(97 + x): Next For x = 0 To 9: ABFrom = ABFrom & CStr(x): Next abto = Mid(abfrom, 14, Len(abfrom) - 13) & Left(abfrom, 13) For x=1 to Len(cleartext): y = InStr(abfrom, Mid(cleartext, x, 1)) If y = 0 Then encrypt_it = encrypt_it & Mid(cleartext, x, 1) Else encrypt_it = encrypt_it & Mid(abto, y, 1) End If Next End Function '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ %> <% '~~~~~~~~~~~~~~~~~~~~~~~~~ If ValidFields Then SavePass Response.Clear Response.Redirect "check_login.asp" Response.End End if '~~~~~~~~~~~~~~~~~~~~~~~~~ Function SavePass()%> <% 'On Error Resume Next Dim strSQL Dim message strSQL = "Update [USERS] Set" ' This line was changed/updated by John Hinner on 3-26-06 strSQL = strSQL + " [PASSWORD]= '" + encrypt_it(Trim(Request.Form("txtNEWPASS"))) + "'," strSQL = strSQL + " [CHANGE_PWD]= " + Cstr(CInt(False)) strSQL = strSQL + " WHERE [USERNAME]= '" + Trim(Request.Form("txtUSER")) + "'" ' This line was changed/updated by John Hinner from the old password to user ID on 3-30-06 strSQL = strSQL + " AND [ID]= " + Trim(Request.Form("txtSNCID")) + ";" Set cmdUSER = Server.CreateObject("ADODB.Command") dbConn.Open cmdUSER.ActiveConnection = dbConn dbConn.BeginTrans cmdUSER.CommandText = strSQL cmdUSER.Execute 'if an error occurs do not let any database updating occur... If Err.Number <> 0 then dbConn.RollBack message = "An internal system error has occurred.
Error Number: " + Err.Number + "
Error Desc: " + Err.Description + "
Please contact the Facluty Voting and Nominating Committee to resolve this problem.
Please click the BACK button to get to the site navigation bar." Response.Clear Response.Redirect "error.asp?mess=" + Server.URLEncode(message) Response.End End If 'everything went ok, change the database... dbConn.CommitTrans 'update the session variables... ' This line was changed/updated by John Hinner on 3-26-06 Session.Contents("PWD") = encrypt_it(Request.Form("txtNEWPASS")) Session.Contents("PASSWORDACCESS") = True Set cmdUSER = Nothing dbConn.Close Set dbConn = Nothing End Function Function ValidFields ()%> <% ValidFields = False Dim strSQL Dim message 'The database calls were changed from old password to snc ID on 3-30-06 by John Hinner ' strSQL = "Select * from [USERS] where [USERNAME]= '" & Trim(Request.Form("txtUSER")) & "' and [PASSWORD]= '" & Trim(Request.Form("txtOLDPASS")) & "'" strSQL = "Select * from [USERS] where [USERNAME]= '" & Trim(Request.Form("txtUSER")) & "' and [ID]= " & Trim(Request.Form("txtSNCID")) & ";" Set rsChk = Server.CreateObject("ADODB.RecordSet") dbConn.Open rsChk.Open strSQL, dbConn ', adOpenKeyset, adLockOptimistic If rsChk.EOF then 'The message was changed by John Hinner on 3-30-06 message = "The old Username / SNC ID combination does not exist.
Please click the BACK button to re-enter your username and password." Response.Clear Response.Redirect "error.asp?mess=" + Server.URLEncode(message) Response.End End if rsChk.Close Set rsChk = Nothing dbConn.Close Set dbConn = Nothing ' This is where the encrypted password is checked for consistency and that is follow predefined parameters ' The following was changed by John Hinner on 3-26-06 If encrypt_it(Trim(Request.Form("txtNEWPASS"))) <> encrypt_it(Trim(Request.Form("txtCONPASS"))) then message = "You did not confirm your new password correctly.
Please ensure that you enter the new password in both
the 'New Password' and 'Confirm Password' boxes correctly.
Please click the BACK button to re-enter your new password." Response.Clear Response.Redirect "error.asp?mess=" + Server.URLEncode(message) Response.End End if If encrypt_it(Trim(Request.Form("txtNEWPASS"))) = "" then message = "You must enter a new password.
Please ensure that you enter the new password in both
the 'New Password' and 'Confirm Password' boxes correctly.
Please click the BACK button to re-enter your new password." Response.Clear Response.Redirect "error.asp?mess=" + Server.URLEncode(message) Response.End End if If encrypt_it(Trim(Request.Form("txtCONPASS"))) = "" then message = "You must enter a new password in the 'Confirm Password' box.
Please ensure that you enter the new password in both
the 'New Password' and 'Confirm Password' boxes correctly.
Please click the BACK button to re-enter your new password." Response.Clear Response.Redirect "error.asp?mess=" + Server.URLEncode(message) Response.End End if If Len(encrypt_it(Trim(Request.Form("txtNEWPASS")))) < 5 then message ="Your password must be at least 5 characters long.
Please ensure that you enter the new password in both
the 'New Password' and 'Confirm Password' boxes correctly.
Please click the BACK button to re-enter your new password." Response.Clear Response.Redirect "error.asp?mess=" + Server.URLEncode(message) Response.End End if If Len(encrypt_it(Trim(Request.Form("txtNEWPASS")))) > 15 then message = "Your password may only be a maximum of 15 characters long.
Please ensure that you enter the new password in both
the 'New Password' and 'Confirm Password' boxes correctly.
Please click the BACK button to re-enter your new password." Response.Clear Response.Redirect "error.asp?mess=" + Server.URLEncode(message) Response.End End if '*****end of John's changes********************************************************************** ValidFields = True End Function %> <% Response.End %>