<% Option Explicit %> <% '**************************************************************************************** '** Copyright Notice '** '** Web Wiz Guide - Web Wiz Guestbook '** http://www.webwizguestbook.com '** '** Copyright 2001-2006 Bruce Corkhill All Rights Reserved. '** '** This program is free software; you can modify (at your own risk) any part of it '** under the terms of the License that accompanies this software and use it both '** privately and commercially. '** '** All copyright notices must remain in tacked in the scripts and the '** outputted HTML. '** '** You may use parts of this program in your own private work, but you may NOT '** redistribute, repackage, or sell the whole or any part of this program even '** if it is modified or reverse engineered in whole or in part without express '** permission from the author. '** '** You may not pass the whole or any part of this application off as your own work. '** '** All links to Web Wiz Guide and powered by logo's must remain unchanged and in place '** and must remain visible when the pages are viewed unless permission is first granted '** by the copyright holder. '** '** This program is distributed in the hope that it will be useful, '** but WITHOUT ANY WARRANTY; without even the implied warranty of '** MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR ANY OTHER '** WARRANTIES WHETHER EXPRESSED OR IMPLIED. '** '** You should have received a copy of the License along with this program; '** if not, write to:- Web Wiz Guide, PO Box 4982, Bournemouth, BH8 8XP, United Kingdom. '** '** '** No official support is available for this program but you may post support questions at: - '** http://www.webwizguide.info/forum '** '** Support questions are NOT answered by e-mail ever! '** '** For correspondence or non support questions contact: - '** info@webwizguide.info '** '** or at: - '** '** Web Wiz Guide, PO Box 4982, Bournemouth, BH8 8XP, United Kingdom '** '**************************************************************************************** Dim strUserName 'Holds the user name Dim strUserPassword 'Holds the user password Dim strPassword 'Holds the users password Dim strEncyptedPassword 'Holds the encrypted password 'Initalise the strUserName variable strUserName = Request.Form("txtUserName") strPassword = Request.Form("txtUserPass") 'Check form input strUserName = Replace(strUserName, "'", "", 1, -1, 1) 'Initalise the strSQL variable with an SQL statement to query the database strSQL = "SELECT " & strDbTable & "Configuration.Password, " & strDbTable & "Configuration.Username " strSQL = strSQL & "FROM " & strDbTable & "Configuration " strSQL = strSQL & "WHERE " & strDbTable & "Configuration.Username ='" & strUserName & "'" 'Query the database rsCommon.Open strSQL, adoCon 'If the recordset finds a record for the username entered then read in the password for the user If NOT rsCommon.EOF Then 'Encrpt password 'Concatenate salt value to the password strEncyptedPassword = strPassword & strSalt 'Re-Genreate encypted password with new salt value strEncyptedPassword = HashEncode(strEncyptedPassword) 'Read in the password for the user from the database If strEncyptedPassword = rsCommon("Password") Then 'If the password is correct then set the session variable to True Session("blnIsUserGood") = True 'Reset Server Variables rsCommon.Close Set rsCommon = Nothing adoCon.Close Set adoCon = Nothing 'Redirect to the admin menu page Response.Redirect"admin_menu.asp" End If End If 'Reset Server Variables rsCommon.Close Set rsCommon = Nothing adoCon.Close Set adoCon = Nothing 'If the script is still running then the user must not be authorised Session("blnIsUserGood") = False 'Redirect to the unautorised user page Response.Redirect"unauthorised_user_page.htm" %>