issue-verification-token.asp

/asp/include/issue-verification-token.asp

http://loginsystem-rd.googlecode.com/
ASP | 167 lines | 117 code | 7 blank | 43 comment | 21 complexity | 2795d4a77690fb6741f7b15a4e697c5f MD5 | raw file

<%

'* alpha 0.5a debug

'* $Id: issue-verification-token.asp 356 2010-05-23 03:06:55Z rdivilbiss $

'*******************************************************************************************************************

'* Page Name: Issue Verification Token

'* On Entry: None

'* Input   : userid, email

'* Output  : new verification token emailed to account owner

'* On Exit : message

'******************************************************************************************************************

' no browser caching of this page !! to be used on all pages

Response.Expires=-1

Response.ExpiresAbsolute = Now() - 1



' do not allow proxy servers to cache this page !! to be used on all pages

Response.AddHeader "pragma","no-cache"

Response.CacheControl="private"

Response.CacheControl="no-cache"

Response.CacheControl="no-store"

'*******************************************************************************************************************

'* Diminsion all page variables and initialize default values

'*******************************************************************************************************************

Dim userid, name, email, id, locked, token, dateLocked, mailBody, cmdTxt, message, dbMsg



userid=""

name=""

email=""

id=""

locked=""

token=""

dateLocked=""

mailBody=""

cmdTxt=""

message = lg_phrase_issue_new_token

name=""

dbMsg=""

if lg_debug Then dbMsg = "DEBUG BEGIN<br />" & vbLF End If



'*******************************************************************************************************************

'* If SSL required and not using SSL, redirect to https

'*******************************************************************************************************************

If lg_useSSL and NOT Request.ServerVariables("SERVER_PORT_SECURE")="1" Then

	Response.Redirect("https://" & lg_domain & lg_loginPath & lg_filename)

End If



'*******************************************************************************************************************

'* If the form was posted, process the form

'*******************************************************************************************************************

If LCase(Request.ServerVariables("HTTP_METHOD")) = "post" Then

	if lg_debug Then dbMsg = "METHOD=POST<br />" & vbLF End If

	message=""

	userid = getField("userid,rXsafepq")

	email = getField("email,rXemail")

	if lg_debug Then dbMsg = "userid = "& userid &"<br />" & vbLF End If

	if lg_debug Then dbMsg = "email = "& email &"<br />" & vbLF End If

	'*****************************************************************************

	'* Check for required fields

	'*****************************************************************************

	If userid="" Then

		message = lg_phrase_userid_empty

		if lg_debug Then dbMsg = "message = "& message &"<br />" & vbLF End If

	End If

	If email="" Then

		message = lg_phrase_email_empty

		if lg_debug Then dbMsg = "message = "& message &"<br />" & vbLF End If

	End If

	If message="" Then

		'*******************************************************************************************************************

		'* If all required fields exist, verify there is a valid account and it is locked

		'* The account is locked when a peron registers. The account must still be locked in order to

		'* receive a new verification token.

		'*******************************************************************************************************************

		if lg_debug Then dbMsg = "All required fields, process form<br />" & vbLF End If

		If lg_database="access" Then

			cmdTxt = "SELECT [id], [userid], [name], [email], [locked] FROM users WHERE ([userid]=?) AND ([email]=?);"

		Else

			cmdTxt = "SELECT id, userid, name, email, locked FROM users WHERE (userid=?) AND (email=?);"

		End If		

		openCommand lg_term_command_string,lg_term_issue_verification_token&" 1"

		addParam "@u",adVarChar,adParamInput,CLng(Len(userid)),userid,lg_term_issue_verification_token&" 2"

		addParam "@e",adVarChar,adParamInput,CLng(Len(email)),email,lg_term_issue_verification_token&" 3"

		getRS db_rs, cmdTxt,lg_term_issue_verification_token&" 4"

		If Not(db_rs.bof AND db_rs.eof) Then

			id = db_rs("id")

			locked = db_rs("locked")

			name = db_rs("name")

			if lg_debug Then dbMsg = "db ID = "& id &"<br />" & vbLF End If

			if lg_debug Then dbMsg = "db Locked = "& locked &"<br />" & vbLF End If

			if lg_debug Then dbMsg = "db Name = "& name &"<br />" & vbLF End If

			If locked<>"1" Then

				'*****************************************************************************

				'* The account was not locked. Can not issue a token.

				'*****************************************************************************

				message = lg_phrase_issue_new_token_error & " 1"

				if lg_debug Then dbMsg = "message = "& message &"<br />" & vbLF End If

			End If

		Else

			'*****************************************************************************

			'* No account matching the posted information

			'*****************************************************************************

			message = lg_phrase_no_matching_registration

			if lg_debug Then dbMsg = "message = "& message &"<br />" & vbLF End If

		End If

		closeRS

		closeCommand

	End If

	If message="" Then

		'*******************************************************************************************************************

		'* We have a valid, locked account, issue a new token and update the user table

		'*******************************************************************************************************************

		locked="1"

		dateLocked = dbNow

		token = Left(HashEncode(getGUID),40)

		if lg_debug Then dbMsg = "Valid and locked account. Issue token. Update table.<br />" & vbLF End If

		if lg_debug Then dbMsg = "Locked = "& locked &"<br />" & vbLF End If

		if lg_debug Then dbMsg = "dateLocked = "& dateLocked &"<br />" & vbLF End If

		if lg_debug Then dbMsg = "token = "& token &"<br />" & vbLF End If

		If lg_database="access" Then

			cmdTxt = "UPDATE users SET [token] = ?, [locked] = ?, [dateLocked] = ? WHERE ([id]=?);"

		Else

			cmdTxt = "UPDATE users SET token = ?, locked = ?, dateLocked = ? WHERE (id=?);"

		End If		

		openCommand lg_term_command_string,lg_term_issue_verification_token&" 5"

		addParam "@token",adVarChar,adParamInput,CLng(40),token,lg_term_issue_verification_token&" 6"

		addParam "@locked",adVarChar,adParamInput,CLng(1),locked,lg_term_issue_verification_token&" 7"

		addParam "@dateLocked",adDate,adParamInput,CLng(8),dateLocked,lg_term_issue_verification_token&" 8"

		addParam "@id",adInteger,adParamInput,CLng(4),CInt(id),lg_term_issue_verification_token&" 9"

		execCmd cmdTxt

		if lg_debug Then dbMsg = "numAffected = "& numAffected &"<br />" & vbLF End If

		If numAffected = 1 Then

			'*******************************************************************************************************************

			'* We updated the record, so send verification email with new account unlock token to user

			'*******************************************************************************************************************

			message = lg_phrase_issue_new_token_success

			if lg_debug Then dbMsg = "message = "& message &"<br />" & vbLF End If

			

			mailBody = mailBody & "<!DOCTYPE HTML PUBLIC ""-//W3C//DTD HTML 4.0 Transitional//EN"">"

			mailBody = mailBody & "<HTML><HEAD><META http-equiv=Content-Type content=""text/html; charset=us-ascii"">"

			mailBody = mailBody & "</HEAD><BODY><DIV><FONT face=Arial size=2>"& lg_phrase_registration_mail0 &"<br /><br />"

			mailBody = mailBody & lg_term_to &" "& name & "<br /><br />"

			mailBody = mailBody & lg_phrase_registration_mail1 &" "& lg_domain &". " & lg_phrase_registration_mail2 & "<br />"

			mailBody = mailBody & lg_phrase_registration_mail3 & ".<br /><br />"

			mailBody = mailBody & "<a href=""http://" & lg_domain & lg_loginPath & lg_verify_page & "?token=" & token & "&id=1"">"& lg_phrase_registration_mail4 &"</a><br /><br />"

			mailBody = mailBody & lg_phrase_registration_mail5 & lg_domain & lg_loginPath & lg_verify_page & "<br />"

			mailBody = mailBody & lg_phrase_registration_mail6 & "<br /><br />"

			mailBody = mailBody & token & "<br /><br />"

			mailBody = mailBody & lg_phrase_registration_mail7 & "<br />"

			mailBody = mailBody & "this link: <a href=""http://" & lg_domain & lg_loginPath & lg_register_delete_page & "?email="& email &""">"& lg_term_remove_registration &"</a><br /><br />"

			mailBody = mailBody & lg_phrase_registration_mail9 & lg_domain & lg_contact_form & """>"& lg_phrase_contact_webmaster &"</a><br /><br />"

			mailBody = mailBody & lg_copyright &"<br />"

			mailBody = mailBody & "</FONT></DIV></BODY></HTML>"

			if lg_debug Then dbMsg = "mailBody = "& mailBody &"<br />" & vbLF End If

			

			sendmail lg_webmaster_email, email, lg_term_new & " " & lg_term_register_confirmation, mailBody

			sendmail lg_webmaster_email, lg_webmaster_email, lg_phrase_attention_webmaster &" "&lg_term_new & " " & lg_term_register_confirmation, mailBody

			

			if lg_debug Then dbMsg = dbMsg & "Email notifications sent.<br />" & vbLF End If

		Else

			'*****************************************************************************

			'* There was an error updating the record and no new token was issued.

			'*****************************************************************************

			message = lg_phrase_issue_new_token_error & " 2"

			if lg_debug Then dbMsg = "message = "& message &"<br />" & vbLF End If

		End If

	End If

End If

%>