Login

<% dim feedback, problem, name, doWhat if Request.ServerVariables("REQUEST_METHOD") = "POST" then dim conn, rs, sql set conn = Server.CreateObject("ADODB.Connection") conn.Open connectionStr set rs = Server.CreateObject("ADODB.RecordSet") if MyCStr(Request.Form("doWhat")) = "login" then 'handle login dim UEmail, UPassword UEmail = left(Request.Form("UEmail"), 100) UPassword = Request.Form("UPassword") if len(UPassword) = 0 then problem = "Please enter your password" elseif len(UEmail) = 0 then problem = "Please enter your email address" else UMD5Password = calcMD5(UPassword) sql = "SELECT * FROM [User] WHERE UEmail='" & SQLencode(UEmail) & "' AND UPassword='" & UMD5Password & "'" rs.Open sql, conn, adOpenKeyset, adLockOptimistic if rs.EOF then problem = "Your email address and/or password are not correct" else if rs("UAuthenticated") = 0 then problem = "Your account is not activated yet, please click on the link in the email you received." elseif rs("UDisabled") then problem = "Your account has been disabled by an administrator." else Session("UID") = rs("UID") Session("UAdmin") = rs("UAdmin") Session("URevealUserPref") = rs("URevealUserPref") Session("URevealOrgPref") = rs("URevealOrgPref") name = rs("UFirstName") & " " & rs("ULastName") end if end if rs.Close end if elseif MyCStr(Request.Form("doWhat")) = "getpassword" then 'handle forgotten password dim requestorEmail, newPassword requestorEmail = Request.Form("RequestorEmail") if Len(requestorEmail) < 6 then problem = "Please enter email address" else sql = "SELECT UPassword FROM [User] WHERE UEmail='" & SQLencode(requestorEmail) & "';" rs.Open sql, conn, adOpenKeyset, adLockOptimistic if not rs.EOF then newPassword = generateRandomString On Error Resume Next dim email Set email = CreateObject("CDONTS.NewMail") with email .From = emailSender .To = requestorEmail .Subject = "MAIC Lessons Learned - New Password" .BodyFormat = 0 .MailFormat = 0 .Body = "" & vbNewLine & _ "

Your new password is: " & newPassword & ".

" & vbNewline & _ "

You can change this password by clicking the ""EDIT PROFILE"" option after you log in.

" & _ "" .Send End with Set email = Nothing On Error Goto 0 If Err.Number <> 0 then problem = "Could not generate email" else rs.Fields("UPassword").value = calcMD5(newPassword) rs.Update feedback = "Your account was found and a new password will be sent to your email address (" & RequestorEmail & ") shortly. Return to login page." End If else problem = "No account corresponds to your email address (" & requestorEmail & ")" end if rs.Close end if else problem = "Error processing form" end if rs = null conn.Close conn = null if len(problem) > 0 then feedback = "Your request could not be processed: " & problem & ". Please go back and try again." end if if len(feedback) > 0 then %>
<%=feedback%>
<% else response.redirect "loggedin.asp?NAME=" & Server.URLEncode(name) end if else %>
">
Your Email Address
Password
    
If you do not have an account, click here to get one.
Forgot your password?
Your Email Address
 
A new password will be emailed to the address provided.
<% end if %>