<%@ Language=VBScript %>
<%
strConnection = "Provider=MSDataShape;DRIVER={Microsoft Access Driver (*.mdb)};DBQ=" & server.mappath("db\argonavis.mdb") & ";UID=;PWD="
strLeftWrapper="["
strRightWrapper="]"
Const LOGIN_HARDCODED = 0
Const LOGIN_TABLE = 1
Const ADVSECURITY_ALL = 0
Const ADVSECURITY_VIEW_OWN = 1
Const ADVSECURITY_EDIT_OWN = 2
Const ADVSECURITY_NONE = 3
Const ACCESS_LEVEL_ADMIN = "Admin"
Const ACCESS_LEVEL_USER = "User"
Const ACCESS_LEVEL_GUEST = "Guest"
cLoginMethod = 0
cUserName = "argonavis"
cPassword = "argonavis"
cLoginTable = "[]"
cUserNameField = ""
cPasswordField = ""
cAdminUserID = ""
Dim strMessage, strUsername, strPassword, strChecked
'On Error Resume Next
If Request("btnSubmit") = "Login" Then
If Request("remember_password") = "1" Then
Response.Cookies("username") = Request("username")
Response.Cookies("username").Expires = DateAdd("y", 1, Now())
Response.Cookies("password") = Request("password")
Response.Cookies("password").Expires = DateAdd("y", 1, Now())
strChecked = " checked"
Else
Response.Cookies("username") = ""
Response.Cookies("password") = ""
strChecked = ""
End If
if cLoginMethod = LOGIN_HARDCODED then
' username and password are hardcoded
If StrComp(cPassword, Request("password"), vbBinaryCompare) = 0 _
and StrComp(cUserName, Request("username"), vbBinaryCompare) = 0 Then
Session("UserID") = Request("username")
Session("AccessLevel")=ACCESS_LEVEL_USER
Response.Redirect Replace("menu.asp", "%20", " ")
Else
strMessage = "Invalid Login"
Session.Abandon
End If
else
' username and password are stored in the database
Set rs = server.CreateObject("ADODB.Recordset")
set dbConnection = server.CreateObject("ADODB.Connection")
dbConnection.ConnectionString = strConnection
dbConnection.Open
Call ReportError
strUsername = Replace(Trim(Request("username")),"'","''")
strPassword = Replace(Trim(Request("password")),"'","''")
Set rsTemp = server.CreateObject("ADODB.Recordset")
rsTemp.open "select * from " & cLoginTable & " where 1=0", dbConnection
if IfNeedQuotes(rsTemp(cUserNameField).Type)="True" _
then strUsername = "'" & strUsername & "'"
if IfNeedQuotes(rsTemp(cPasswordField).Type)="True" _
then strPassword = "'" & strPassword & "'"
strSQL = "select * from " & cLoginTable & " where " & AddWrappers(cUserNameField) & _
"=" & strUsername & " and " & AddWrappers(cPasswordField) & _
"=" & strPassword
rs.open strSQL, dbConnection
Call ReportError
If Not rs.EOF Then
Session("UserID") = Request("username")
Session("AccessLevel") = ACCESS_LEVEL_USER
if Request("username")=cAdminUserID then _
Session("AccessLevel") = ACCESS_LEVEL_ADMIN
Response.Redirect Replace("menu.asp", "%20", " ")
Else
strMessage = "Invalid Login"
Session.Abandon
End If
end if
Else
strChecked = " checked"
End If
If Request("username") <> "" Then
strUsername = Request("username")
Else
strUsername = Request.Cookies("username")
End If
If Request("password") <> "" Then
strPassword = Request("password")
Else
strPassword = Request.Cookies("password")
End If
%>
Login
<%
Function HTMLEncode(str)
if str="" or IsNull(str) then
HTMLEncode=""
else
HTMLEncode = Server.HTMLEncode(str)
end if
End Function
sub ReportError
if Err.number<>0 then
%>
<%
Response.End
end if
end sub
function AddWrappers(strName)
if (InStr(1, strConnection, "Microsoft Access")>1 or isnumeric(strName) or InStr(strName, " ")>0 or InStr(strName, "'")>0 or InStr(strName, "_")>0 or InStr(strName, "-")>0 or InStr(strName, "#")>0 or InStr(strName, ")")>0 or InStr(strName, "(")>0 or InStr(strName, "/")>0) and Left(strName,1)<>strLeftWrapper then
AddWrappers = strLeftWrapper + strName + strRightWrapper
else
AddWrappers = strName
end if
end function
function IfNeedQuotes(nType)
if nType = 203 or nType = 8 or nType = 129 or nType = 130 or _
nType = 7 or nType = 133 or nType = 134 or nType = 135 or _
nType = 201 or nType = 205 or nType = 200 or nType = 202 or nType=72 then
IfNeedQuotes="True"
else
IfNeedQuotes="False"
end if
end function
%>