<% Dim db, rst,DSNtemp Dim uname, upage, oldpass, newpass, conpass Dim refer,authenticated authenticated = Session("PrivateAreaAuthenticated") If authenticated <> True Then Response.Redirect("http://www.goaction.com") ElseIf Session("PrivateAreaAdmin") <> True Then Response.Redirect(Session("PrivateAreaUserpage")) End if Set db = Server.CreateObject("ADODB.Connection") Set rst = Server.CreateObject("ADODB.Recordset") DSNtemp="DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath("/data/private.mdb") db.Open DSNtemp If Not IsNull(Request.ServerVariables("HTTP_REFERER")) Then refer = Request.ServerVariables("HTTP_REFERER") Else refer = "abc" End If uname = Request.Form("uname") upage = Request.Form("upage") oldpass = Request.Form("oldpass") newpass = Request.Form("newpass") conpass = Request.Form("conpass") %> Action Systems: Private Download Area: Admin Page: Password Change
Private Download Area
Admin Page
Password Change for user <%=uname%>
<% If InStr(refer,"http://www.goaction.com/private/edituserinfo.asp") = 0 Then Response.Write "Improper navigation. Aborting update." ElseIf InStr(newpass,conpass) = 0 Then Response.Write "The new password did not match the confirmation password. Aborting update." Else oldpass = sha256(uname & oldpass & upage) newpass = sha256(uname & newpass & upage) Set rst = _ db.Execute("SELECT Count(UserID) As qty FROM tblUser WHERE UserName='" & uname & "' AND UserPassword='" & oldpass & "'") If rst("qty") = 0 Then Response.Write "Old password did not match what was in the database. Aborting update." Else db.Execute "UPDATE tblUser SET UserPassword='" & newpass & "' WHERE UserName='" & uname & "' AND UserPassword='" & oldpass & "'" Response.Write "Updated user " & uname & " with new password." End If rst.Close Set rst = Nothing End If db.Close Set db = Nothing %>

Close this window