<% @ Language=VBScript %> <% Option Explicit %> <% '**************************************************************************************** '** Copyright Notice '** '** Web Wiz Guide - Web Wiz Forums '** '** Copyright 2001-2004 Bruce Corkhill All Rights Reserved. '** '** This program is free software; you can modify (at your own risk) any part of it '** under the terms of the License that accompanies this software and use it both '** privately and commercially. '** '** All copyright notices must remain in tacked in the scripts and the '** outputted HTML. '** '** You may use parts of this program in your own private work, but you may NOT '** redistribute, repackage, or sell the whole or any part of this program even '** if it is modified or reverse engineered in whole or in part without express '** permission from the author. '** '** You may not pass the whole or any part of this application off as your own work. '** '** All links to Web Wiz Guide and powered by logo's must remain unchanged and in place '** and must remain visible when the pages are viewed unless permission is first granted '** by the copyright holder. '** '** This program is distributed in the hope that it will be useful, '** but WITHOUT ANY WARRANTY; without even the implied warranty of '** MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR ANY OTHER '** WARRANTIES WHETHER EXPRESSED OR IMPLIED. '** '** You should have received a copy of the License along with this program; '** if not, write to:- Web Wiz Guide, PO Box 4982, Bournemouth, BH8 8XP, United Kingdom. '** '** '** No official support is available for this program but you may post support questions at: - '** http://www.webwizguide.info/forum '** '** Support questions are NOT answered by e-mail ever! '** '** For correspondence or non support questions contact: - '** info@webwizguide.info '** '** or at: - '** '** Web Wiz Guide, PO Box 4982, Bournemouth, BH8 8XP, United Kingdom '** '**************************************************************************************** Response.Buffer = True 'Make sure this page is not cached Response.Expires = -1 Response.ExpiresAbsolute = Now() - 2 Response.AddHeader "pragma","no-cache" Response.AddHeader "cache-control","private" Response.CacheControl = "No-Store" 'Dimension variables Dim strUsername 'Holds the users username Dim strPassword 'Holds the usres password Dim blnAutoLogin 'Holds whether the user wnats to be automactically logged in Dim lngUserID 'Holds the users Id number Dim strUserCode 'Holds the users ID code Dim intForumID 'Holds the forum ID Dim lngLoopCounter 'Holds the loop counter Dim blnIncorrectLogin 'Set to true if login is incorrect Dim blnSecurityCodeOK 'Set to false if the security is not OK Dim strReferer 'Holds the page to return to 'Intialise variables blnAutoLogin = false blnIncorrectLogin = false blnSecurityCodeOK = true 'read in the forum ID number If isNumeric(Request.QueryString("FID")) Then intForumID = CInt(Request.QueryString("FID")) Else intForumID = 0 End If 'Read in the users details from the form strUsername = Trim(Mid(Request.Form("name"), 1, 15)) strPassword = LCase(Trim(Mid(Request.Form("password"), 1, 15))) blnAutoLogin = CBool(Request.Form("AutoLogin")) 'Take out parts of the username that are not permitted strUsername = Replace(strUsername, "password", "", 1, -1, 1) strUsername = Replace(strUsername, "salt", "", 1, -1, 1) strUsername = Replace(strUsername, "author", "", 1, -1, 1) strUsername = Replace(strUsername, "code", "", 1, -1, 1) strUsername = Replace(strUsername, "username", "", 1, -1, 1) 'Replace harmful SQL quotation marks with doubles strUsername = formatSQLInput(strUsername) 'If a username has been entered check that the password is correct If (strUsername <> "" AND Request.Form("QUIK") = false) OR (Request.Form("QUIK") AND blnLongSecurityCode = false AND strUsername <> "") Then 'Check the users session ID for security from hackers if the user code has been disabled If blnLongSecurityCode = False Then Call checkSessionID(Request.Form("sessionID")) 'Check security code to pervent hackers If Session("lngSecurityCode") <> Trim(Mid(Request.Form("securityCode"), 1, 6)) AND blnLongSecurityCode Then blnSecurityCodeOK = False 'Read the various forums from the database 'Initalise the strSQL variable with an SQL statement to query the database strSQL = "SELECT " & strDbTable & "Author.Password, " & strDbTable & "Author.Salt, " & strDbTable & "Author.Author_ID, " & strDbTable & "Author.User_code " strSQL = strSQL & "FROM " & strDbTable & "Author " strSQL = strSQL & "WHERE " & strDbTable & "Author.Username = '" & strUsername & "';" 'Query the database rsCommon.Open strSQL, adoCon 'If no record is returned then the login is incorrect If rsCommon.EOF Then blnIncorrectLogin = true 'If the query has returned a value to the recordset then check the password is correct If NOT rsCommon.EOF AND blnSecurityCodeOK Then 'Only encrypt password if this is enabled If blnEncryptedPasswords Then 'Encrypt password so we can check it against the encypted password in the database 'Read in the salt strPassword = strPassword & rsCommon("Salt") 'Encrypt the entered password strPassword = HashEncode(strPassword) End If 'Check the encrypted password is correct, if it is get the user ID and set a cookie If strPassword = rsCommon("Password") Then 'Read in the users ID number and whether they want to be automactically logged in when they return to the forum lngUserID = CLng(rsCommon("Author_ID")) strUserCode = rsCommon("User_code") 'Write a cookie with the User ID number so the user logged in throughout the forum 'Write the cookie with the name Forum containing the value UserID number Response.Cookies(strCookieName)("UID") = strUserCode 'Write a cookie saying if the user is browsing anonymously, 1 = Anonymous, 0 = Shown If CBool(Request.Form("NS")) = False Then Response.Cookies(strCookieName)("NS") = "1" 'Anonymous Else Response.Cookies(strCookieName)("NS") = "0" 'Shown End If 'If the user has selected to be remebered when they next login then set the expiry date for the cookie for 1 year If blnAutoLogin = True Then 'Set the expiry date for 1 year 'If no expiry date is set the cookie is deleted from the users system 20 minutes after they leave the forum Response.Cookies(strCookieName).Expires = DateAdd("yyyy", 1, Now()) End If 'Reset Server Objects rsCommon.Close Set rsCommon = Nothing adoCon.Close Set adoCon = Nothing 'Go to the login test to make sure the user has cookies enabled on their browser 'If this is a redierect form the email notify unsubscribe page to get the user to log in then redirct back there If Request.QueryString("M") = "Unsubscribe" Then Response.Redirect("login_user_test.asp?TID=" & Request.QueryString("TID") & "&FID=" & intForumID & "&M=Unsubscribe") 'Redirect the user back to the forum they have just come from ElseIf intForumID > 0 Then Response.Redirect("login_user_test.asp?FID=" & intForumID) 'Return to forum homepage Else Response.Redirect("login_user_test.asp") End If 'Else the login was incorrect Else blnIncorrectLogin = true End If End If 'Reset Server Objects rsCommon.Close End If 'If not quick login empty variables If Request.Form("QUIK") OR blnSecurityCodeOK = false Then strUsername = Replace(strUsername, "''", "'") strPassword = Replace(strPassword, "''", "'") Else strUsername = "" strPassword = "" End If 'Create security code If blnLongSecurityCode Then 'Initliase variable Session("lngSecurityCode") = "" 'Create a new session security code For lngLoopCounter = 1 to 6 'Randomise the system timer Randomize Timer 'Place the random number onto the end of teh security code session variable Session("lngSecurityCode") = Session("lngSecurityCode") & CStr(CInt(Rnd * 9)) Next End If %> Login Member
<% = strTxtLoginUser %>
 <% = strMainForumName %><% = strNavSpacer %><% = strTxtLoginUser %>

<% 'Reset Server Objects Set rsCommon = Nothing adoCon.Close Set adoCon = Nothing 'If the user has unsuccesfully tried logging in before then display a password incorrect error If blnIncorrectLogin OR blnSecurityCodeOK = False Then %>
<% 'If the login has failed If blnIncorrectLogin Then Response.Write(strTxtSorryUsernamePasswordIncorrect & "
" & strTxtPleaseTryAgain & "

") 'If the security code is incorrect If blnSecurityCodeOK = False Then Response.Write(Replace(strTxtSecurityCodeDidNotMatch, "\n\n", "
") & "

") %>
<% End If %> " onSubmit="return CheckForm();" onReset="return confirm('<% = strResetFormConfirm %>');">
<% 'If the image security codeis enabled then show this in the form If blnLongSecurityCode Then %> <% End If %>
<% = strTxtLoginUser %>
*<% = strTxtRequiredFields %>
<% = strTxtUsername %>*
<% = strTxtPassword %>* <% 'If email activation is enabled then also show the forgotten password link If blnEmail = True Then %> <% = strTxtClickHereForgottenPass %><% End If %>
<% = strTxtAutoLogin %> <% = strTxtYes %>  <% = strTxtNo %>
<% = strTxtAddMToActiveUsersList %> <% = strTxtYes %>  <% = strTxtNo %>
<% = strTxtSecurityCodeConfirmation %>
<% = strTxtUniqueSecurityCode %>
<% = strTxtCookiesMustBeEnabled %>
<% = strTxtConfirmSecurityCode %>
<% = strTxtEnter6DigitCode %>


<% = strClickHereIfNotRegistered %>


<% '***** START WARNING - REMOVAL OR MODIFICATION OF THIS CODE WILL VIOLATE THE LICENSE AGREEMENT ****** If blnLCode = True Then If blnTextLinks = True Then Response.Write("Powered by Web Wiz Forums version " & strVersion & "") Else Response.Write("") End If Response.Write("
Copyright ©2001-2004 Web Wiz Guide") End If '***** END WARNING - REMOVAL OR MODIFICATION OF THIS CODE WILL VIOLATE THE LICENSE AGREEMENT ****** 'Display the process time If blnShowProcessTime Then Response.Write "

" & strTxtThisPageWasGeneratedIn & " " & FormatNumber(Timer() - dblStartTime, 4) & " " & strTxtSeconds & "" %>
<% 'If the user has unsuccesfully tried logging in before then display a password incorrect error If blnIncorrectLogin Then Response.Write("") End If 'If the security code did not match If blnSecurityCodeOK = False Then Response.Write("") End If %>