<% @ Language=VBScript %> <% Option Explicit %> <% '**************************************************************************************** '** Copyright Notice '** '** Web Wiz Forums(TM) '** http://www.webwizforums.com '** '** Copyright (C)2001-2008 Web Wiz(TM). All Rights Reserved. '** '** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS UNDER LICENSE FROM 'WEB WIZ'. '** '** IF YOU DO NOT AGREE TO THE LICENSE AGREEMENT THEN 'WEB WIZ' IS UNWILLING TO LICENSE '** THE SOFTWARE TO YOU, AND YOU SHOULD DESTROY ALL COPIES YOU HOLD OF 'WEB WIZ' SOFTWARE '** AND DERIVATIVE WORKS IMMEDIATELY. '** '** If you have not received a copy of the license with this work then a copy of the latest '** license contract can be found at:- '** '** http://www.webwizguide.com/license '** '** For more information about this software and for licensing information please contact '** 'Web Wiz' at the address and website below:- '** '** Web Wiz, Unit 10E, Dawkins Road Industrial Estate, Poole, Dorset, BH15 4JD, England '** http://www.webwizguide.com '** '** Removal or modification of this copyright notice will violate the license contract. '** '**************************************************************************************** '*************************** SOFTWARE AND CODE MODIFICATIONS **************************** '** '** MODIFICATION OF THE FREE EDITIONS OF THIS SOFTWARE IS A VIOLATION OF THE LICENSE '** AGREEMENT AND IS STRICTLY PROHIBITED '** '** If you wish to modify any part of this software a license must be purchased '** '**************************************************************************************** Response.Buffer = True 'Dimension variables Dim objCDOMail 'Holds the CDO mail object Dim objJMail 'Holds the Jmail object Dim strUsername 'Holds the users username Dim strPassword 'Holds the usres password Dim strEmailAddress 'Holds the users e-mail address Dim strReturnPage 'Holds the page to return to Dim blnInvalidUsername 'Set to true if the username entered does not exsit Dim blnInvalidEmail 'Set to true if the user has not given there e-mail address Dim blnEmailSent 'Set to true if the e-mail has been sent Dim strEmailBody 'Holds the body of the e-mail message Dim strSubject 'Holds the subject of the e-mail Dim strSalt 'Holds the salt value for the password Dim strEncyptedPassword 'Holds the encrypted password Dim strUserCode 'Holds the user code for the user Dim strUserInput 'Holds teh user input Dim blnSecurityCodeOK 'Set to false if the security is not OK 'Intialise variables blnInvalidUsername = False blnInvalidEmail = False blnEmailSent = False blnSecurityCodeOK = true 'If e-mail notify is not turned on then close the window If blnEmail = False Then 'Clean up Call closeDatabase() 'Redirect Response.Redirect "default.asp" & strQsSID1 End If 'Read in the users details from the form strUserInput = Trim(Mid(Request.Form("usrInput"), 1, 60)) 'Replace harmful SQL quotation marks with doubles strUserInput = formatSQLInput(strUserInput) 'If CAPTCHA is required check the security image is ccorrect If strUserInput <> "" AND blnCAPTCHAsecurityImages Then 'If the login attempt is above 3 then check if the user has entered a CAPTCHA image If LCase(getSessionItem("SCS")) = LCase(Trim(Request.Form("securityCode"))) AND getSessionItem("SCS") <> "" Then blnSecurityCodeOK = True Else blnSecurityCodeOK = False End If 'Distroy session variable Call saveSessionItem("SCS", "") End If 'If a username has been entered check that the password is correct If strUserInput <> "" AND blnSecurityCodeOK Then 'Initalise the strSQL variable with an SQL statement to query the database strSQL = "SELECT " & strDbTable & "Author.Username, " & strDbTable & "Author.Password, " & strDbTable & "Author.User_code, " & strDbTable & "Author.Salt, " & strDbTable & "Author.Author_email " & _ "FROM " & strDbTable & "Author" & strRowLock & " " & _ "WHERE " & strDbTable & "Author.Username = '" & strUserInput & "' OR " & strDbTable & "Author.Author_email = '" & strUserInput & "';" 'Set the cursor type property of the record set to Dynamic so we can navigate through the record set rsCommon.CursorType = 2 'Set the Lock Type for the records so that the record set is only locked when it is updated rsCommon.LockType = 3 'Query the database rsCommon.Open strSQL, adoCon 'If the query has returned a value to the recordset then generate new password and send it to the user in an email If NOT rsCommon.EOF Then 'Read in the users username and email address from the recordset strUsername = rsCommon("Username") strEmailAddress = rsCommon("Author_email") 'If there is a password in the db to send to change the password and email the user If NOT strEmailAddress = "" Then 'Read in user code to see if the member is suspended strUserCode = rsCommon("User_code") 'For extra security create a new user code for the user strUserCode = userCode(strUsername) 'Generate a new password using an 8 character long hex values strPassword = hexValue(8) 'If pass is to be encrypted then do so If blnEncryptedPasswords Then 'Create a salt value for the new password strSalt = getSalt(8) 'Concatenate salt value to the password strEncyptedPassword = LCase(strPassword) & strSalt 'Encrypt the password strEncyptedPassword = HashEncode(strEncyptedPassword) 'Else the password is not to be encrypted Else strEncyptedPassword = LCase(strPassword) End If 'Save new password back to the database with the salt rsCommon.Fields("Password") = strEncyptedPassword rsCommon.Fields("Salt") = strSalt rsCommon.Fields("User_code") = strUserCode 'Update the database with the new password rsCommon.Update 'Initailise the e-mail body variable with the body of the e-mail strEmailBody = strTxtHi & _ vbCrLf & vbCrLf & strTxtEmailPasswordRequest & " " & strMainForumName & "." & _ vbCrLf & vbCrLf & strTxtEmailPasswordRequest2 & _ vbCrLf & vbCrLf & "----------------------------" & _ vbCrLf & strTxtUsername & ": - " & strUsername & _ vbCrLf & strTxtPassword & ": - " & strPassword & _ vbCrLf & "----------------------------" & _ vbCrLf & vbCrLf & strTxtEmailPasswordRequest3 & _ vbCrLf & vbCrLf & " " & strForumPath 'Initalise the subject of the e-mail strSubject = strTxtForumLostPasswordRequest 'Send the e-mail using the Send Mail function created on the send_mail_function.inc file blnEmailSent = SendMail(strEmailBody, decodeString(strUsername), decodeString(strEmailAddress), strWebsiteName, decodeString(strForumEmailAddress), strSubject, strMailComponent, false) Else 'Set the Invalid e-mail variable to True blnInvalidEmail = True End If Else 'Set the Invalid username variable to True blnInvalidUsername = True End If 'Clean up rsCommon.Close End If 'Setup username field strUserInput = Server.HTMLEncode(strUserInput) 'Reset Server Objects Call closeDatabase() 'Set bread crumb trail strBreadCrumbTrail = strBreadCrumbTrail & strNavSpacer & strTxtForgottenPassword %> <% = strTxtForgottenPassword %> <% '***** START WARNING - REMOVAL OR MODIFICATION OF THIS CODE WILL VIOLATE THE LICENSE AGREEMENT ****** Response.Write("") '***** END WARNING - REMOVAL OR MODIFICATION OF THIS CODE WILL VIOLATE THE LICENSE AGREEMENT ****** %>

<% = strTxtForgottenPassword %>


<% 'If the user has entered a username that does not exsit then display an error message or security code incorrect If blnInvalidUsername OR blnInvalidEmail OR (blnSecurityCodeOK = False AND blnCAPTCHAsecurityImages) Then %>
<% = strTxtError %> <% = strTxtError %>
<% 'If no match in db then If blnInvalidUsername Then Response.Write(strTxtNoRecordOfUsername & "
" & strTxtPleaseTryAgain & "
") 'If no match in db then If blnInvalidEmail Then Response.Write(strTxtNoEmailAddressInProfile & "
" & strTxtReregisterForForum & "
") 'If the security code is incorrect If blnSecurityCodeOK = False Then Response.Write("
" & Replace(strTxtSecurityCodeDidNotMatch, "\n\n", "
") & "
") %>

<% 'If the password has been e-mailed to the user then let them know ElseIf blnEmailSent Then %>
<% = strTxtForgottenPassword %>

<% = strTxtPasswordEmailToYou %>


<% End If 'show the email form If blnInvalidEmail = False AND blnEmailSent = False Then %>
<% 'If this CAPTCHA enabled ask for a seurity code If blnCAPTCHAsecurityImages Then %> <% End If %>
<% = strTxtForgottenPassword %>
<% = strTxtPleaseEnterYourUsername %>
<% = strTxtUserNameOrEmailAddress %>
<% = strTxtUniqueSecurityCode %>
<% = strTxtEnterCAPTCHAcode %>
<% End If %>

<% '***** START WARNING - REMOVAL OR MODIFICATION OF THIS CODE WILL VIOLATE THE LICENSE AGREEMENT ****** If blnLCode = True Then If blnTextLinks = True Then Response.Write("Bulletin Board Software by Web Wiz Forums® version " & strVersion & "") If blnACode Then Response.Write(" [Free Express Edition]") Else Response.Write("") If blnACode Then Response.Write("
Powered by Web Wiz Forums Free Express Edition") End If Response.Write("
Copyright ©2001-2008 Web Wiz") End If '***** END WARNING - REMOVAL OR MODIFICATION OF THIS CODE WILL VIOLATE THE LICENSE AGREEMENT ****** 'Display the process time If blnShowProcessTime Then Response.Write "

" & strTxtThisPageWasGeneratedIn & " " & FormatNumber(Timer() - dblStartTime, 3) & " " & strTxtSeconds & "
" %>
<% 'If the user details are not recognised display error If blnInvalidUsername Then Response.Write(vbCrLf & "") End If 'If no email address for user If blnInvalidEmail Then Response.Write(vbCrLf & "") End If 'If the security code did not match If blnSecurityCodeOK = False AND Request.Form("securityCode") <> "" Then Response.Write(vbCrLf & "") End If %>