<% @ Language=VBScript %> <% Response.Buffer = True%> <% '*********************************************************** 'Added by John Hinner on 3-24-2006 'This is the algorithm used to convert the initial typed passwrod into 'an encrypted version during the users first login session. This algorithm 'was obtained off of google the day before. '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Function encrypt_it(cleartext) dim x, y, abfrom, abto encrypt_it="": ABFrom = "" For x = 0 To 25: ABFrom = ABFrom & Chr(65 + x): Next For x = 0 To 25: ABFrom = ABFrom & Chr(97 + x): Next For x = 0 To 9: ABFrom = ABFrom & CStr(x): Next abto = Mid(abfrom, 14, Len(abfrom) - 13) & Left(abfrom, 13) For x=1 to Len(cleartext): y = InStr(abfrom, Mid(cleartext, x, 1)) If y = 0 Then encrypt_it = encrypt_it & Mid(cleartext, x, 1) Else encrypt_it = encrypt_it & Mid(abto, y, 1) End If Next End Function '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ %> <% Dim strSQL, message, encryptpass ' This line was changed/updated by John Hinner on 3-24-06 encryptpass = SQLFixTicks(encrypt_it(Trim(Request.Form("txtPASS")))) strSQL = "Select * from [USERS] where [USERNAME]= '" & SQLFixTicks(Trim(Request.Form("txtUSER"))) & "' and [PASSWORD]= '" & encryptpass & "'" Set rsChk = Server.CreateObject("ADODB.RecordSet") dbConn.Open rsChk.Open strSQL, dbConn ', adOpenKeyset, adLockOptimistic 'validate that the username/password combo exists before sending them to the main menu.... If rsChk.EOF then message = "Username and password combination does not exist.
Please click the BACK button to reenter your username and password." Response.Clear Response.Redirect "error.asp?mess=" + Server.URLEncode(message) Response.End Else 'valid username/password... 'need to check to see if this is a first time login. 'If so, then force them to the Change Password page... If CBool(Cint(rsChk.Fields("CHANGE_PWD").value)) <> False then 'first time user has logged in... 'set the session variables for now... GetUserInfo Session.Contents("PASSWORDACCESS") = True Session.Contents("USER") = rsChk.Fields("username").value Session.Contents("PWD") = rsChk.Fields("password").value 'send them to the change password page... message = "This is your first login. Please change your default password to ensure complete system security." Response.Clear Response.Redirect "change_password.asp?mess=" + Server.URLEncode (message) Response.end rsChk.Close Set rsChk = Nothing dbConn.Close Set dbConn = Nothing Else Session.Contents("PASSWORDACCESS") = True Session.Contents("USER") = Trim(Request.Form("txtUSER")) ' This line was changed/updated by John Hinner on 3-24-06 Session.Contents("PWD") = encrypt_it(Trim(Request.Form("txtPASS"))) End If End If GetUserInfo If CBool(Cint(rsChk.Fields("ADMIN").value)) <> False Then Session.Contents("ADMIN_ACCESS") = True Response.Clear Response.Redirect "../admin/admin_main.asp" Response.end Else Session.Contents("ADMIN_ACCESS") = False Response.Clear Response.Redirect "mainmenu.asp" Response.end End If rsChk.Close Set rsChk = Nothing dbConn.Close Set dbConn = Nothing %> <% Function GetUserInfo() Set rsUSER = Server.CreateObject("ADODB.RecordSet") 'get the user's information from the dbNVS database... strSQL = "Select [USER_ID] from [FACULTY] where [LOGIN_ID]= '" & Request.Form("txtUSER") & "'" dbNVS.Open rsUSER.Open strSQL, dbNVS, adOpenKeyset ', adLockOptimistic If not rsUSER.EOF then rsUSER.MoveFirst 'set the USER_ID session variable for usage... Session.Contents("USER_ID") = rsUSER.Fields("USER_ID").Value Else message = "The username given does not exist in the faculty database.
Please contact the Faculty Voting and Nominating Committee to resolve your problem.
Please click the BACK button to return to the login screen." Response.Clear Response.Redirect "error.asp?mess=" + Server.URLEncode(message) Response.End End if 'Error Handling in a small way... If Err.Number > 0 then 'something is wrong... message = "A system error occured with the function GetUserInfo." + _ "
Please contact the Nominations and Election Committee to resolve this problem." + _ "
Please click the back button." Response.Clear Response.Redirect "error.asp?mess=" + Server.URLEncode(message) Response.End End if rsUSER.Close Set rsUSER = Nothing dbNVS.Close Set dbNVS = Nothing End Function %> <% Response.End %>