<% @ Language=VBScript %> <% Option Explicit %> <% '**************************************************************************************** '** Copyright Notice '** '** Web Wiz Guide - Web Wiz Forums '** '** Copyright 2001-2004 Bruce Corkhill All Rights Reserved. '** '** This program is free software; you can modify (at your own risk) any part of it '** under the terms of the License that accompanies this software and use it both '** privately and commercially. '** '** All copyright notices must remain in tacked in the scripts and the '** outputted HTML. '** '** You may use parts of this program in your own private work, but you may NOT '** redistribute, repackage, or sell the whole or any part of this program even '** if it is modified or reverse engineered in whole or in part without express '** permission from the author. '** '** You may not pass the whole or any part of this application off as your own work. '** '** All links to Web Wiz Guide and powered by logo's must remain unchanged and in place '** and must remain visible when the pages are viewed unless permission is first granted '** by the copyright holder. '** '** This program is distributed in the hope that it will be useful, '** but WITHOUT ANY WARRANTY; without even the implied warranty of '** MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR ANY OTHER '** WARRANTIES WHETHER EXPRESSED OR IMPLIED. '** '** You should have received a copy of the License along with this program; '** if not, write to:- Web Wiz Guide, PO Box 4982, Bournemouth, BH8 8XP, United Kingdom. '** '** '** No official support is available for this program but you may post support questions at: - '** http://www.webwizguide.info/forum '** '** Support questions are NOT answered by e-mail ever! '** '** For correspondence or non support questions contact: - '** info@webwizguide.info '** '** or at: - '** '** Web Wiz Guide, PO Box 4982, Bournemouth, BH8 8XP, United Kingdom '** '**************************************************************************************** Response.Buffer = True 'Dimension variables Dim objCDOMail 'Holds the CDO mail object Dim objJMail 'Holds the Jmail object Dim strUsername 'Holds the users username Dim strPassword 'Holds the usres password Dim strEmailAddress 'Holds the users e-mail address Dim strReturnPage 'Holds the page to return to Dim blnInvalidUsername 'Set to true if the username entered does not exsit Dim blnInvalidEmail 'Set to true if the user has not given there e-mail address Dim blnEmailSent 'Set to true if the e-mail has been sent Dim strEmailBody 'Holds the body of the e-mail message Dim strSubject 'Holds the subject of the e-mail Dim strSalt 'Holds the salt value for the password Dim strEncyptedPassword 'Holds the encrypted password Dim strUserCode 'Holds the user code for the user 'Intialise variables blnInvalidUsername = False blnInvalidEmail = False blnEmailSent = False 'If e-mail notify is not turned on then close the window If blnEmail = False Then 'Clean up Set rsCommon = Nothing adoCon.Close Set adoCon = Nothing 'Redirect Response.Redirect "default.asp" End If 'Read in the users details from the form strUsername = Trim(Mid(Request.Form("name"), 1, 15)) strEmailAddress = Trim(Mid(Request.Form("email"), 1, 60)) 'Take out parts of the username that are not permitted strUsername = disallowedMemberNames(strUserName) 'Replace harmful SQL quotation marks with doubles strUsername = formatSQLInput(strUsername) strEmailAddress = formatSQLInput(strEmailAddress) 'Remove single quotes as they should not be in email addresses strEmailAddress = Replace(strEmailAddress, "'", "", 1, -1, 1) 'If a username has been entered check that the password is correct If NOT strUsername = "" Then 'Initalise the strSQL variable with an SQL statement to query the database strSQL = "SELECT " & strDbTable & "Author.Username, " & strDbTable & "Author.Password, " & strDbTable & "Author.User_code, " & strDbTable & "Author.Salt, " & strDbTable & "Author.Author_email " strSQL = strSQL & "FROM " & strDbTable & "Author " strSQL = strSQL & "WHERE " & strDbTable & "Author.Username = '" & strUsername & "' AND " & strDbTable & "Author.Author_email = '" & strEmailAddress & "';" 'Set the cursor type property of the record set to Dynamic so we can navigate through the record set rsCommon.CursorType = 2 'Set the Lock Type for the records so that the record set is only locked when it is updated rsCommon.LockType = 3 'Query the database rsCommon.Open strSQL, adoCon 'If the query has returned a value to the recordset then generate new password and send it to the user in an email If NOT rsCommon.EOF Then 'Read in the users email address from the recordset strEmailAddress = rsCommon("Author_email") 'If there is a password in the db to send to change the password and email the user If NOT strEmailAddress = "" Then 'Genrate a new user code for the user strUserCode = userCode(rsCommon("Username")) 'Generate a new password using an 8 character long hex values strPassword = hexValue(8) 'If pass is to be encrypted then do so If blnEncryptedPasswords Then 'Create a salt value for the new password strSalt = getSalt(8) 'Concatenate salt value to the password strEncyptedPassword = LCase(strPassword) & strSalt 'Encrypt the password strEncyptedPassword = HashEncode(strEncyptedPassword) 'Else the password is not to be encrypted Else strEncyptedPassword = LCase(strPassword) End If 'Save new password back to the database with the salt rsCommon.Fields("Password") = strEncyptedPassword rsCommon.Fields("Salt") = strSalt rsCommon.Fields("User_code") = strUserCode 'Update the database with the new password rsCommon.Update 'Initailise the e-mail body variable with the body of the e-mail strEmailBody = strTxtHi strEmailBody = strEmailBody & vbCrLf & vbCrLf & strTxtEmailPasswordRequest & " " & strMainForumName & "." strEmailBody = strEmailBody & vbCrLf & vbCrLf & strTxtEmailPasswordRequest2 & " " & strPassword strEmailBody = strEmailBody & vbCrLf & vbCrLf & strTxtEmailPasswordRequest3 'strEmailBody = strEmailBody & vbCrLf & vbCrLf & " " & strForumPath 'Initalise the subject of the e-mail strSubject = strTxtForumLostPasswordRequest 'Send the e-mail using the Send Mail function created on the send_mail_function.inc file blnEmailSent = SendMail(strEmailBody, decodeString(strUsername), decodeString(strEmailAddress), strWebsiteName, decodeString(strForumEmailAddress), strSubject, strMailComponent, false) Else 'Set the Invalid e-mail variable to True blnInvalidEmail = True End If Else 'Set the Invalid username variable to True blnInvalidUsername = True End If 'Clean up rsCommon.Close End If 'Reset Server Objects Set rsCommon = Nothing adoCon.Close Set adoCon = Nothing %> Forgotten Password
<% = strTxtForgottenPassword %>

<% 'If the user has entered a username that does not exsit then display an error message If blnInvalidUsername = True Then %>
<% = strTxtNoRecordOfUsername %>
<% = strTxtPleaseTryAgain %>
<% 'If there is no e-mail address for the user then display an error message ElseIf blnInvalidEmail = True Then %>

<% = strTxtNoEmailAddressInProfile %>

<% = strTxtReregisterForForum %>


<% 'If the password has been e-mailed to the user then let them know ElseIf blnEmailSent = True Then %>
<% = strTxtPasswordEmailToYou %>


<% Else %>
<% = strTxtPleaseEnterYourUsername %>
<% End If If blnInvalidEmail = False AND blnEmailSent = False Then %>

<% = strTxtUsername %>:  
<% = strTxtEmail %>:  
 
<% = strTxtValidEmailRequired %>
<% End If %>
<% = strTxtCloseWindow %>

<% '***** START WARNING - REMOVAL OR MODIFICATION OF THIS CODE WILL VIOLATE THE LICENSE AGREEMENT ****** If blnLCode = True Then If blnTextLinks = True Then Response.Write("Powered by Web Wiz Forums version " & strVersion & "") Else Response.Write("") End If Response.Write("
Copyright ©2001-2004 Web Wiz Guide") End If '***** END WARNING - REMOVAL OR MODIFICATION OF THIS CODE WILL VIOLATE THE LICENSE AGREEMENT ****** %>