<%
'#################################################################################
'## Snitz Forums 2000 v3.4.07
'#################################################################################
'## Copyright (C) 2000-09 Michael Anderson, Pierre Gorissen,
'## Huw Reddick and Richard Kinser
'##
'## This program is free software; you can redistribute it and/or
'## modify it under the terms of the GNU General Public License
'## as published by the Free Software Foundation; either version 2
'## of the License, or (at your option) any later version.
'##
'## All copyright notices regarding Snitz Forums 2000
'## must remain intact in the scripts and in the outputted HTML
'## The "powered by" text/logo with a link back to
'## http://forum.snitz.com in the footer of the pages MUST
'## remain visible when the pages are viewed on the internet or intranet.
'##
'## This program is distributed in the hope that it will be useful,
'## but WITHOUT ANY WARRANTY; without even the implied warranty of
'## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
'## GNU General Public License for more details.
'##
'## You should have received a copy of the GNU General Public License
'## along with this program; if not, write to the Free Software
'## Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
'##
'## Support can be obtained from our support forums at:
'## http://forum.snitz.com
'##
'## Correspondence and Marketing Questions can be sent to:
'## manderson@snitz.com
'##
'#################################################################################
%>
<%
Response.Write " " & vbNewLine & _
" " & vbNewLine & _
" " & getCurrentIcon(strIconFolderOpen,"","") & " All Forums
" & vbNewLine & _
" " & getCurrentIcon(strIconBar,"","") & getCurrentIcon(strIconFolderOpenTopic,"","") & " Forgot your Password?
| " & vbNewLine & _
"
" & vbNewLine & _
"
" & vbNewLine
if lcase(strEmail) <> "1" then
Response.Redirect("default.asp")
end if
if Request.Form("mode") <> "DoIt" and Request.Form("mode") <> "UpdateIt" and trim(Request.QueryString("pwkey")) = "" then
call ShowForm
elseif trim(Request.QueryString("pwkey")) <> "" and Request.Form("mode") <> "UpdateIt" then
key = chkString(Request.QueryString("pwkey"),"SQLString")
'###Forum_SQL
strSql = "SELECT M_PWKEY, MEMBER_ID, M_NAME, M_EMAIL "
strSql = strSql & " FROM " & strMemberTablePrefix & "MEMBERS "
strSql = strSql & " WHERE M_PWKEY = '" & key & "'"
set rsKey = my_Conn.Execute (strSql)
if rsKey.EOF or rsKey.BOF then
'Error message to user
Response.Write " Your password key did not match!
" & vbNewLine & _
" Your password key did not match the one that we have in our database.
Please try submitting your UserName and E-mail Address again by clicking the Forgot your Password? link from the Main page of this forum.
If this problem persists, please contact the Administrator of the forums.
" & vbNewLine & _
" Back To Forum
" & vbNewLine
elseif strComp(key,rsKey("M_PWKEY")) <> 0 then
'Error message to user
Response.Write " Your password key did not match!
" & vbNewLine & _
" Your password key did not match the one that we have in our database.
Please try submitting your UserName and E-mail Address again by clicking the Forgot your Password? link from the Main page of this forum.
If this problem persists, please contact the Administrator of the forums.
" & vbNewLine & _
" Back To Forum
" & vbNewLine
else
PWMember_ID = rsKey("MEMBER_ID")
call showForm2
end if
rsKey.close
set rsKey = nothing
elseif trim(Request.Form("pwkey")) <> "" and Request.Form("mode") = "UpdateIt" then
key = chkString(Request.Form("pwkey"),"SQLString")
'###Forum_SQL
strSql = "SELECT M_PWKEY, MEMBER_ID, M_NAME, M_EMAIL "
strSql = strSql & " FROM " & strMemberTablePrefix & "MEMBERS "
strSql = strSql & " WHERE MEMBER_ID = " & cLng(Request.Form("MEMBER_ID"))
strSql = strSql & " AND M_PWKEY = '" & key & "'"
set rsKey = my_Conn.Execute (strSql)
if rsKey.EOF or rsKey.BOF then
'Error message to user
Response.Write " Your password key did not match!
" & vbNewLine & _
" Your password key did not match the one that we have in our database.
Please try submitting your UserName and E-mail Address again by clicking the Forgot your Password? link from the Main page of this forum.
If this problem persists, please contact the Administrator of the forums.
" & vbNewLine & _
" Back To Forum
" & vbNewLine
elseif strComp(key,rsKey("M_PWKEY")) <> 0 then
'Error message to user
Response.Write " Your password key did not match!
" & vbNewLine & _
" Your password key did not match the one that we have in our database.
Please try submitting your UserName and E-mail Address again by clicking the Forgot your Password? link from the Main page of this forum.
If this problem persists, please contact the Administrator of the forums.
" & vbNewLine & _
" Back To Forum
" & vbNewLine
else
if trim(Request.Form("Password")) = "" then
Err_Msg = Err_Msg & "You must choose a Password"
end if
if Len(Request.Form("Password")) > 25 then
Err_Msg = Err_Msg & "Your Password can not be greater than 25 characters"
end if
if Request.Form("Password") <> Request.Form("Password2") then
Err_Msg = Err_Msg & "Your Passwords didn't match."
end if
if Err_Msg = "" then
strEncodedPassword = sha256("" & Request.Form("Password"))
'Update the user's password
strSql = "UPDATE " & strMemberTablePrefix & "MEMBERS "
strSql = strSql & " SET M_PASSWORD = '" & chkString(strEncodedPassword,"SQLString") & "'"
strSql = strSql & ", M_PWKEY = ''"
strSql = strSql & " WHERE MEMBER_ID = " & cLng(Request.Form("MEMBER_ID"))
strSql = strSql & " AND M_PWKEY = '" & key & "'"
my_Conn.Execute (strSql),,adCmdText + adExecuteNoRecords
else
if Err_Msg <> "" then
Response.Write " There Was A Problem With Your Details
" & vbNewLine & _
" " & vbNewLine & _
" " & vbNewLine & _
" | " & vbNewLine & _
"
" & vbNewLine & _
"
" & vbNewLine & _
" Go Back To Enter Data
" & vbNewLine
rsKey.close
set rsKey = nothing
WriteFooter
Response.End
end if
end if
Response.Write " Your Password has been updated!
" & vbNewLine & _
" You may now login"
if strAuthType = "db" then Response.Write(" with your UserName and new Password")
Response.Write ".
" & vbNewLine
Response.Write " " & vbNewLine
Response.Write " Back To Forum
" & vbNewLine
end if
rsKey.close
set rsKey = nothing
else
Err_Msg = ""
if trim(Request.Form("Name")) = "" then
Err_Msg = Err_Msg & "You must enter your UserName"
end if
if trim(Request.Form("Email")) = "" then
Err_Msg = Err_Msg & "You must enter your E-mail Address"
end if
'## Forum_SQL
strSql = "SELECT MEMBER_ID, M_NAME, M_EMAIL FROM " & strMemberTablePrefix & "MEMBERS "
strSql = strSql & " WHERE M_NAME = '" & ChkString(Trim(Request.Form("Name")), "SQLString") &"'"
strSql = strSql & " AND M_EMAIL = '" & ChkString(Trim(Request.Form("Email")), "SQLString") &"'"
set rs = my_Conn.Execute (strSql)
if rs.BOF and rs.EOF then
Err_Msg = Err_Msg & "Either the UserName or the E-mail Address you entered does not exist in the database."
else
PWMember_ID = rs("MEMBER_ID")
PWMember_Name = rs("M_NAME")
PWMember_Email = rs("M_EMAIL")
end if
rs.close
set rs = nothing
if Err_Msg = "" then
pwkey = GetKey("none")
'Update the user Member Level
strSql = "UPDATE " & strMemberTablePrefix & "MEMBERS "
strSql = strSql & " SET M_PWKEY = '" & chkString(pwkey,"SQLString") & "'"
strSql = strSql & " WHERE MEMBER_ID = " & PWMember_ID
my_Conn.Execute (strSql),,adCmdText + adExecuteNoRecords
if lcase(strEmail) = "1" then
'## E-mails Message to the Author of this Reply.
strRecipientsName = PWMember_Name
strRecipients = PWMember_Email
strFrom = strSender
strFromName = strForumTitle
strsubject = strForumTitle & " - Forgot Your Password? "
strMessage = "Hello " & PWMember_Name & vbNewline & vbNewline
strMessage = strMessage & "You received this message from " & strForumTitle & " because you have completed the First Step on the ""Forgot Your Password?"" page." & vbNewline & vbNewline
strMessage = strMessage & "Please click on the link below to proceed to the next step." & vbNewline & vbNewLine
strMessage = strMessage & strForumURL & "password.asp?pwkey=" & pwkey & vbNewline & vbNewline
strMessage = strMessage & vbNewLine & "If you did not forget your password and received this e-mail in error, then you can just disregard/delete this e-mail, no further action is necessary." & vbNewLine & vbNewLine
%>
<%
end if
else
if Err_Msg <> "" then
Response.Write " There Was A Problem With Your Details
" & vbNewLine & _
" " & vbNewLine & _
" " & vbNewLine & _
" | " & vbNewLine & _
"
" & vbNewLine & _
"
" & vbNewLine & _
" Go Back To Enter Data
" & vbNewLine
WriteFooter
Response.End
end if
end if
Response.Write " Step One is Complete!
" & vbNewLine & _
" Please follow the instructions in the e-mail that has been sent to " & ChkString(PWMember_Email,"email") & " to complete the next step in this process.
" & vbNewLine
Response.Write " " & vbNewLine
Response.Write " Back To Forum
" & vbNewLine
end if
WriteFooter
Response.End
sub ShowForm()
Response.Write "
" & vbNewLine
end sub
sub ShowForm2()
Response.Write "
" & vbNewLine
end sub
%>