/beta/login.asp

http://github.com/khaneh/Orders · ASP · 246 lines · 223 code · 19 blank · 4 comment · 30 complexity · 2cad361d24ddab7961c26e128a37d3ae MD5 · raw file

  1. <%@LANGUAGE="VBSCRIPT" CODEPAGE="1256"%><% 'Response.Addheader "WWW-Authenticate", "BASIC" %>
  2. <%
  3. function sqlSafe (s)
  4. st=s
  5. st=replace(St,"'","`")
  6. st=replace(St,chr(34),"`")
  7. sqlSafe=st
  8. end function
  9. %>
  10. <HTML>
  11. <HEAD>
  12. <meta http-equiv="Content-Type" content="text/html; charset=windows-1256">
  13. <meta http-equiv="Content-Language" content="fa">
  14. <style>
  15. Table { font-family:tahoma; font-size: 9pt;}
  16. </style>
  17. <TITLE>Login </TITLE>
  18. <SCRIPT LANGUAGE="JavaScript">
  19. <!--
  20. var tempKeyBuffer;
  21. function myKeyDownHandler(){
  22. tempKeyBuffer=window.event.keyCode;
  23. }
  24. function myKeyPressHandler(){
  25. // alert (tempKeyBuffer)
  26. if (tempKeyBuffer>=65 && tempKeyBuffer<=90){
  27. window.event.keyCode=tempKeyBuffer+32;
  28. }
  29. else if(tempKeyBuffer==186){
  30. window.event.keyCode=59;
  31. }
  32. else if(tempKeyBuffer==188){
  33. window.event.keyCode=44;
  34. }
  35. else if(tempKeyBuffer==190){
  36. window.event.keyCode=46;
  37. }
  38. else if(tempKeyBuffer==191){
  39. window.event.keyCode=47;
  40. }
  41. else if(tempKeyBuffer==192){
  42. window.event.keyCode=96;
  43. }
  44. else if(tempKeyBuffer>=219 && tempKeyBuffer<=221){
  45. window.event.keyCode=tempKeyBuffer-128;
  46. }
  47. else if(tempKeyBuffer==222){
  48. window.event.keyCode=39;
  49. }
  50. }
  51. //-->
  52. </SCRIPT>
  53. </HEAD>
  54. <BODY onLoad="document.all.UserName.focus();">
  55. <%
  56. Function AscEncode(str)
  57. Dim i
  58. Dim sAscii
  59. sAscii = ""
  60. For i = 1 To Len(str)
  61. sAscii = sAscii + CStr(Hex(Asc(Mid(str, i, 1))))
  62. Next
  63. AscEncode = sAscii
  64. End Function
  65. Function ChrEncode(str)
  66. Dim i
  67. Dim sStr
  68. sStr = ""
  69. For i = 1 To Len(str) Step 2
  70. sStr = sStr + Chr(CLng("&H" & Mid(str, i, 2)))
  71. Next
  72. ChrEncode = sStr
  73. End Function
  74. function EncodeUTF8(s)
  75. dim i
  76. dim c
  77. i = 1
  78. do while i <= len(s)
  79. c = asc(mid(s,i,1))
  80. if c >= &H80 then
  81. s = left(s,i-1) + chr(&HC2 + ((c and &H40) / &H40)) + chr(c and &HBF) + mid(s,i+1)
  82. i = i + 1
  83. end if
  84. i = i + 1
  85. loop
  86. EncodeUTF8 = s
  87. end function
  88. function DecodeUTF8(s)
  89. dim i
  90. dim c
  91. dim n
  92. i = 1
  93. do while i <= len(s)
  94. c = asc(mid(s,i,1))
  95. if c and &H80 then
  96. n = 1
  97. do while i + n < len(s)
  98. if (asc(mid(s,i+n,1)) and &HC0) <> &H80 then
  99. exit do
  100. end if
  101. n = n + 1
  102. loop
  103. if n = 2 and ((c and &HE0) = &HC0) then
  104. c = asc(mid(s,i+1,1)) + &H40 * (c and &H01)
  105. else
  106. c = 191
  107. end if
  108. s = left(s,i-1) + chr(c) + mid(s,i+n)
  109. end if
  110. i = i + 1
  111. loop
  112. DecodeUTF8 = s
  113. end function
  114. a=""
  115. response.write Asc (a)
  116. response.write "<br> " & encodeUTF8("̍") & " - "
  117. response.write "&#" & 1376 + Asc(a) & ";"
  118. response.write "<br> &#x062E;"
  119. %>
  120. <TABLE cellspacing=0 cellpadding=0 width=300 height=150 style='border:4px solid <%=SelectedMenuColor%>;' dir=rtl align=center>
  121. <TR>
  122. <TD>
  123. <font face="tahoma">
  124. <%
  125. if request("act")="" then
  126. ' conStr="DRIVER={SQL Server};SERVER=(local);DATABASE=sefareshat;UID=sefadmin; PWD=5tgb;"
  127. conStr="Provider=SQLNCLI10.1;Persist Security Info=False;User ID=sefadmin;Initial Catalog=jame;Data Source=.\sqlexpress;PWD=5tgb;"
  128. Set conn = Server.CreateObject("ADODB.Connection")
  129. conn.open conStr
  130. Set RS1 = conn.Execute("SELECT * FROM [Users] WHERE [UserName]='" & sqlSafe(request("UserName")) & "' AND [Password]='" & sqlSafe(request("Password")) & "' ")
  131. If (RS1.EOF) Then
  132. session.abandon
  133. rs1.close
  134. set rs1=conn.execute("select * from [Users] where [UserName]='" & sqlSafe(request("UserName")) & "' AND [oldPassword]='" & sqlSafe(request("Password")) & "' ")
  135. if rs1.eof then
  136. %>
  137. <div align=center style='background-color: #FF8888;width:300' > &nbsp;</div><br><br>
  138. <%
  139. else
  140. %>
  141. <div align=center style='background-color: #FF8800;width:300' > <br> <b>31</b> Ȑ<br>&nbsp;</div><br><br>
  142. <%
  143. end if
  144. rs1.close
  145. else
  146. session("ID")=RS1("ID")
  147. session("CSRName") = RS1("RealName")
  148. session("Permission") = RS1("Permission")
  149. session("exten")= RS1("Extention")
  150. Set RS2 = conn.Execute("SELECT GLs.*, UserDefaults.[User] FROM GLs INNER JOIN UserDefaults ON GLs.ID = UserDefaults.WorkingGL WHERE (UserDefaults.[User] = '"& RS1("ID") & "') OR (UserDefaults.[User] = 0) ORDER BY ABS(UserDefaults.[User]) DESC")
  151. remotID = request.serverVariables("REMOTE_ADDR")
  152. conn.Execute ("INSERT INTO loginLog (user_id,ip) VALUES ("&RS1("ID")&",'"&remotID&"')")
  153. session("VatRate")=RS2("Vat")
  154. session("OpenGL")=RS2("id")
  155. session("FiscalYear")=RS2("FiscalYear")
  156. session("OpenGLName")=RS2("name")
  157. session("OpenGLStartDate")=RS2("StartDate")
  158. session("OpenGLEndDate")=RS2("EndDate")
  159. session("IsClosed")=RS2("IsClosed") ' add by SAM
  160. RS2.movenext
  161. session("differentGL") = False
  162. if not RS2.EOF then
  163. temp=RS2("id")
  164. if temp <> session("OpenGL") then
  165. session("differentGL") = True
  166. end if
  167. end if
  168. RS2.close
  169. RS1.close
  170. conn.Close
  171. ' Added By kid 820910
  172. if session("ID")=16 OR session("ID")=17 then ' shahami = 16 dehghan = 17
  173. session.Timeout=240
  174. end if
  175. if request.cookies("OldURL")<>"" then
  176. aa = request.cookies("OldURL")
  177. response.cookies("OldURL") = ""
  178. 'response.form = request.cookies("OldForm")
  179. 'response.redirect split(aa,"?")(0)
  180. response.redirect aa
  181. else
  182. response.redirect "default.asp"
  183. end if
  184. End If
  185. conn.Close
  186. elseif request.querystring("err")<>"" then
  187. %>
  188. <div align=center style='background-color: #FF8888;width:300'><%=request.querystring("err")%>&nbsp;</div><br><br>
  189. <%
  190. end if
  191. %>
  192. </TD>
  193. </TR>
  194. <TR>
  195. <TD>
  196. <FORM METHOD=POST ACTION="?">
  197. <div dir='rtl' align = "center" >
  198. <!--IMG SRC="images/khaneh.jpg" WIDTH="350" HEIGHT="20" BORDER=0 ALT=""-->
  199. <TABLE>
  200. <TR>
  201. <TD colspan="2" align="center"></TD>
  202. </TR>
  203. <TR>
  204. <TD> </TD>
  205. <TD><INPUT TYPE="text" NAME="UserName" onkeyDown="return myKeyDownHandler();" onKeyPress="return myKeyPressHandler();"></TD>
  206. </TR>
  207. <TR>
  208. <TD> </TD>
  209. <TD><INPUT TYPE="password" NAME="Password" onkeyDown="return myKeyDownHandler();" onKeyPress="return myKeyPressHandler();"></TD>
  210. </TR>
  211. <TR>
  212. <TD></TD>
  213. <TD><INPUT style="font-family:tahoma; width:100%;" TYPE="submit" name="act" value=""></TD>
  214. </TR>
  215. </TABLE>
  216. <br>
  217. &nbsp;
  218. <br>
  219. </div>
  220. </FORM>
  221. <br>
  222. </font>
  223. </TD>
  224. </TR>
  225. </TABLE>
  226. </BODY>
  227. </HTML>