<% ''''''''''''''''''''' ' Security INCLUDE file ''''''''''''''''''''' sub requestPassword( byVal MSG ) %> Ian, Joanne & Elvis's Website
   
 
" >
<%=MSG%>
username:
password:
 
 
home messages about you contact us whats new
Click to log off
<% response.End end sub function isinvited( byVal suspect_id , Con ) Set invited = Server.CreateObject("ADODB.Recordset") strSQL = "SELECT userid FROM h_guests WHERE userid = " & suspect_id invited.Open strSQL, Con If NOT ( invited.BOF AND invited.EOF ) Then isinvited = true else isinvited = false End If invited.close end function userKey = TRIM( Request.Cookies( "k" ) ) username = TRIM( Request( "username" ) ) password = TRIM( Request( "password" ) ) ' Ready Database Connection Dim Con, sConnString Set Con = Server.CreateObject("ADODB.Connection") 'sConnString = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath("\englishteeth\db\db.mdb") & ";PWD=teeth" sConnString = "DRIVER={MySQL ODBC 3.51 Driver};SERVER=localhost;DATABASE=englishteeth;UID=irobinson;PWD=N00dles;OPTION=35" Con.Open(sConnString) if userKey <> "" then divider = INSTR( userkey, "p") userID = LEFT( userKey, divider - 1 ) secretKey = RIGHT( userKey, LEN( userKey ) - divider ) Set rs = Server.CreateObject("ADODB.Recordset") strSQL = "SELECT userid, name FROM users WHERE userid = " & userID & " AND secretKey = " & secretKey rs.Open strSQL, Con If Not (rs.BOF AND rs.EOF) Then 'User Exists If isinvited( userid , Con ) Then Randomize newsecretKey = cINT(RND()*1000) strSQL = "UPDATE users SET secretKey = " & newsecretKey & " WHERE userid = " & userID Con.Execute strSQL else requestPassword "I'm afraid you aren't in on this one " & rs("name") End If Else requestPassword "You must login to access this page." End If k = "k=" & userID & "p" & newsecretKey Response.Cookies("k") = userID & "p" & newsecretKey else if username <> "" and password <> "" then Set rs = Server.CreateObject("ADODB.Recordset") strSQL = "SELECT userid, password, name FROM users WHERE username = '" & username & "'" rs.Open strSQL, Con If Not (rs.BOF AND rs.EOF) Then 'User Exists userid=rs("userid") If rs("password") <> password Then requestPassword "You did not enter a valid password." Else If isinvited( userid , Con ) Then Randomize secretKey = cINT(RND()*1000) thisLg = year(date) & "-" & month(date) & "-" & day(date) & " " & hour(time) & ":" & minute(time) & ":" & second(time) strSQL = "UPDATE users SET secretKey = " & secretKey & ", lastlogin = thislogin, thislogin = '" & thisLg & "' WHERE userid = " & userID Con.Execute strSQL else requestPassword "I'm afraid you aren't in on this one " & rs("name") End If End If Else requestPassword "You did not enter a registered user name." End If k = "k=" & userID & "p" & secretKey Response.Cookies("k") = userID & "p" & secretKey else requestPassword "You must login to access this page." end if end if %>