<% '*********************************************************************** ' System : ASPBanner Unlimited ' Author : Christopher Williams of CJWSoft www.CJWSoft.com ' ' COPYRIGHT NOTICE ' ' See attached Software License Agreement ' ' (c) Copyright 2000 - 2003 by CJWSoft. All rights reserved '*********************************************************************** %> <% '*** This include file contains the password authentication logic '*** Populating variables from the HTTP Header and the Server Status = Request("Status") Username = Replace(Request("Username"),"'","''") Password = Replace(Request("Password"),"'","''") '*** Retrieving the name of the page running and also grabbing any variables passed to it '*** So that the Password code knows what page to post the Username & Password back to '*** If you want you can set the Thispage variable to be a certain page in your web. '*** That way whatever page they logg in to they will start off at the beginning of your site '*** This is more of a preference issue on your part '*** Example Thispage = "http://www.mysite.com/main.asp" If Session("ASPBannerPasswordAccess") = "No" Then Thispage = Request.ServerVariables("script_name") Else Thispage = Request.ServerVariables("script_name") & "?" & Request.Querystring & Request.Form End If ' checks to see if login form was submitted or if a cookie exists..if so its runs the validation code If Status = "Checkem" Or (Request.Cookies("ASPBANNERCOOKIE")("KEEPMESIGNEDIN") = "True" And Session("ASPBannerPasswordAccess") <> "Yes") Then '**************************************************************************** ' The following checks for a user and if it finds one it stores all their ' information in session variables that will be available to you at all times '**************************************************************************** Err.Clear On Error Resume Next Set ConnBannerSystem = Server.CreateObject("ADODB.Connection") Set CmdCheckUser = Server.CreateObject("ADODB.Recordset") ConnBannerSystem.Open BannerConnectionString If (Request.Cookies("ASPBANNERCOOKIE")("KEEPMESIGNEDIN") = "True") And (Request.Cookies("ASPBANNERCOOKIE")("COOKIE_USERNAME") <> "") Then SQL = "SELECT First_Name, Last_Name, Username, Password, Access_Level, Notes, Admin, User_ID, Expiration_Date, Active, Email, Address, City, State_Province, Zipcode_Postal_Code, Phone, Counter, Login_Limit FROM Banner_Users WHERE (Username = '" & Request.Cookies("ASPBANNERCOOKIE")("COOKIE_USERNAME") & "')" Else SQL = "SELECT First_Name, Last_Name, Username, Password, Access_Level, Notes, Admin, User_ID, Expiration_Date, Active, Email, Address, City, State_Province, Zipcode_Postal_Code, Phone, Counter, Login_Limit FROM Banner_Users WHERE (Username = '" & Username & "') AND (Password = '" & Password & "')" End If CmdCheckUser.Open SQL, ConnBannerSystem If CmdCheckUser.EOF And CmdCheckUser.BOF Then Session("ASPBannerPasswordAccess") = "No" Response.Cookies ("ASPBANNERCOOKIE")("COOKIE_USERNAME") = "" Response.Cookies ("ASPBANNERCOOKIE")("KEEPMESIGNEDIN") = "False" Response.Cookies ("ASPBANNERCOOKIE").Expires = DATE + 90 KeepChecking = "No" Else KeepChecking = "Yes" End If If Request.Cookies("ASPBANNERCOOKIE")("KEEPMESIGNEDIN") <> "True" Then If CStr(Password) <> CStr(CmdCheckUser("Password")) Then Session("ASPBannerPasswordAccess") = "No" Response.Cookies ("ASPBANNERCOOKIE")("COOKIE_USERNAME") = "" Response.Cookies ("ASPBANNERCOOKIE")("KEEPMESIGNEDIN") = "False" Response.Cookies ("ASPBANNERCOOKIE").Expires = DATE + 90 KeepChecking = "No" Else KeepChecking = "Yes" End If End If If KeepChecking = "Yes" Then Expiration_Date = CmdCheckUser("Expiration_Date") If IsEmpty(Expiration_Date) Or IsNull(Expiration_Date) Or Expiration_Date ="" Then Expiration_Date = "Never" Else Expiration_Date = month(Expiration_Date) & "/" & day(Expiration_Date) & "/" & year(Expiration_Date) End IF Session("ASPBannerPasswordAccess") = "Yes" Session("Access_Level") = CmdCheckUser("Access_Level") Session("First_Name") = CmdCheckUser("First_Name") Session("Last_Name") = CmdCheckUser("Last_Name") Session("Company_Name") = CmdCheckUser("Company_Name") Session("Password") = CmdCheckUser("Password") Session("Username") = CmdCheckUser("Username") Session("Admin") = CmdCheckUser("Admin") Session("Active") = CmdCheckUser("Active") Session("Expiration_Date") = CmdCheckUser("Expiration_Date") Session("Email") = CmdCheckUser("Email") Session("Address") = CmdCheckUser("Address") Session("City") = CmdCheckUser("City") Session("State_Province") = CmdCheckUser("State_Province") Session("Zipcode_Postal_Code") = CmdCheckUser("Zipcode_Postal_Code") Session("Phone") = CmdCheckUser("Phone") Session("User_ID") = CmdCheckUser("User_ID") If Request("KEEPMESIGNEDIN") = "True" Then Response.Cookies ("ASPBANNERCOOKIE")("COOKIE_USERNAME") = CmdCheckUser("Username") Response.Cookies ("ASPBANNERCOOKIE")("KEEPMESIGNEDIN") = "True" Response.Cookies ("ASPBANNERCOOKIE").Expires = DATE + 90 End If If CmdCheckUser("Counter") <> "" Then Login_Count = CInt(CmdCheckUser("Counter")) Else Login_Count = 0 End IF If CmdCheckUser("Login_Limit") <> "" Then Login_Limit = CInt(CmdCheckUser("Login_Limit")) End If '************************************************************** ' The following checks for Active Status AND Expiration Date '************************************************************** User_Expired = "No" User_Not_Active = "No" If Session("Active") = "False" Then Session("ASPBannerPasswordAccess") = "No" User_Not_Active = "Yes" End If If Session("Expiration_Date") <> "Never" Then If CDATE(Expiration_Date) <= DATE Then Session("ASPBannerPasswordAccess") = "No" User_Expired = "Yes" End IF End IF '********************* '********************* '************************************************************** ' The following checks for Login_Limit '************************************************************** If Login_Limit <> "" Then If Login_Limit > 0 Then Session("ASPBannerPasswordAccess") = "Yes" Else Session("ASPBannerPasswordAccess") = "No" End If End IF '********************* '********************* End If If Session("ASPBannerPasswordAccess") = "Yes" Then Set ConnBannerSystem = Server.CreateObject("ADODB.Connection") Set CmdTrackUser = Server.CreateObject("ADODB.Recordset") ConnBannerSystem.Open BannerConnectionString SQL = "SELECT Banner_Users.* FROM Banner_Users WHERE (User_ID = " & Session("User_ID") & ")" CmdTrackUser.Open SQL, ConnBannerSystem, 1, 3 CmdTrackUser.Fields("Counter") = (Login_Count + 1) CmdTrackUser.Fields("Last_Access") = NOW If IsNumeric(Login_Limit) And Login_Limit > 0 Then New_Limit = (Cint(Login_Limit) - 1) If New_Limit = 0 Then CmdTrackUser.Fields("Active") = "0" CmdTrackUser.Fields("Login_Limit") = Null Else CmdTrackUser.Fields("Login_Limit") = New_Limit End If End If CmdTrackUser.Update End If CmdCheckUser.Close Set CmdCheckUser = Nothing ConnBannerSystem.Close Set ConnBannerSystem = Nothing '********************* '********************* End If '************************************************************** ' The following checks for proper Access for Admin Level '************************************************************** If CHECKFOR = "Admin" Then If Session("Admin") = "False" Then Session("ASPBannerPasswordAccess") = "No" Response.Cookies ("ASPBANNERCOOKIE")("COOKIE_USERNAME") = "" Response.Cookies ("ASPBANNERCOOKIE")("KEEPMESIGNEDIN") = "False" Response.Cookies ("ASPBANNERCOOKIE").Expires = DATE + 90 ShowLevelError = True End If End IF '************************************************************** ' The following checks to see if a user has been validated yet ' If not it will show the login screen '************************************************************** If Session("ASPBannerPasswordAccess") <> "Yes" Then Response.Write("") Response.Write("") If ShowLevelError = True Then Response.Write("

You do not have access to this level.

") Response.Write("

This page is level '"& CHECKFOR &"'

") End If If Session("ASPBannerPasswordAccess") = "No" And Username <> "" and Password <> "" Then Thispage = Left(Thispage,(InStr(Thispage,"Status=Checkem"))-1) Response.Write("

ACCESS DENIED

") Response.Write("

INVALID Username & Password

") ElseIf Session("ASPBannerPasswordAccess") = "No" Then Response.Write("

Please input your Username & Password

") End If If User_Not_Active = "Yes" And Username <> "" and Password <> "" Then Thispage = Left(Thispage,(InStr(Thispage,"Status=Checkem"))-1) Response.Write("

Username NO LONGER Active
OR HAS NOT BEEN APPROVED YET
PLEASE CONTACT SITE ADMINISTRATOR

") End IF If User_Expired = "Yes" And Username <> "" and Password <> "" Then Thispage = Left(Thispage,(InStr(Thispage,"Status=Checkem"))-1) Response.Write("

Username HAS EXPIRED

") End IF '******************** '******************** ' If you want to modify what the login form page looks like modify the HTML below. ' Be sure to keep the ASP variables in tact. ' Make sure that if you reference any images or links within your site that you use the entire URL like so ' Do this "http://mysite.com/images/pie.gif" don't just do this "images/mypie.gif" %>

<% =App_Name %> Login

Username
Password
Keep me signed in on this computer unless I log off.

 

What does "Keep me signed in on this computer unless I log off" do?

After you sign in, if you close your browser or after a period of inactivity, your password will expire. But for your convenience, you can choose to save your User ID and password on this computer. Your password will be saved even if you disconnect from the Internet, close your browser or turn off your computer. Your password will be saved until you explicitly log off.

As a safety measure, if you are using a public computer or shared computer, you should always log off when you are done using this system.



<% If Application("CDONTS_Installed") = true or Application("SASMTPMAIL_Installed") = true or Application("JMAIL_Installed") = true or Application("AspEmail_Installed") = true Then %> Lost Password.
Click here to retrieve it. <% End If %>




<% Response.Write("") Response.Write("") Response.End End If %>