<%if request.form("a")="logout" or request.querystring("a")="logout" then session.Abandon() Response.Cookies("username")="" Response.Cookies("password")="" Response.Redirect "login.asp" response.end end if%> <% dim xt set xt = new XTempl dbConnection = "" db_connect() DoEvent "BeforeProcessLogin dbConnection" myurl=SESSION("MyURL") SESSION("MyURL")="" defaulturl="" defaulturl="track_list.asp" strMessage="" pUsername=postvalue("username") pPassword=postvalue("password") rememberbox_checked="" rememberbox_attrs = "name=""remember_password"" value=""1"" " if request.Cookies("username")<>"" or request.Cookies("password")<>"" then rememberbox_checked=" checked" if request.form("btnSubmit") = "Login" then if request.form("remember_password") = 1 then Response.Cookies("username") = pUsername Response.Cookies("username").Expires = DateAdd("yyyy", 1, Now()) Response.Cookies("password") = pPassword Response.Cookies("password").Expires = DateAdd("yyyy", 1, Now()) rememberbox_checked=" checked" else Response.Cookies("username") = "" Response.Cookies("password") = "" rememberbox_checked="" end if ' username and password are stored in the database Set rs = server.CreateObject("ADODB.Recordset") strUsername = pUsername strPassword = pPassword Set rsTemp = server.CreateObject("ADODB.Recordset") rsTemp.Open "select * from [staff] where 1=0",dbConnection,1,2 if FieldNeedQuotes(rsTemp,cUserNameField) then strUsername="'" & db_addslashes(strUsername) & "'" else strUsername=my_numeric(strUsername) end if if FieldNeedQuotes(rsTemp,cPasswordField) then strPassword="'" & db_addslashes(strPassword) & "'" else strPassword=my_numeric(strPassword) end if rsTemp.close strSQL = "select * from [staff] where " & AddFieldWrappers(cUserNameField) & _ "=" & strUsername & " and " & AddFieldWrappers(cPasswordField) & "=" & strPassword RetVal = True DoEvent "RetVal = BeforeLogin(pUsername, pPassword)" if RetVal = False then strSQL="select * from [staff] where 1<0" rs.Open strSQL,dbConnection, 1, 2 'Call ReportError if not rs.EOF then strPassword = pPassword if CStr(rs(cUserNameField))=pUsername and CStr(rs(cPasswordField))=strPassword then SESSION("UserID") = pUsername SESSION("AccessLevel") = ACCESS_LEVEL_USER SESSION("GroupID") = dbvalue(rs("id")) if SESSION("GroupID")="admin" then _ SESSION("AccessLevel") = ACCESS_LEVEL_ADMINGROUP SESSION("OwnerID") = dbvalue(rs("name")) SESSION("_track_OwnerID") = dbvalue(rs("name")) DoEvent "AfterSuccessfulLogin pUsername,pPassword" if myurl<>"" then response.Redirect myurl else response.Redirect defaulturl end if response.End else DoEvent "AfterUnsuccessfulLogin pUsername,pPassword" strMessage = "Invalid Login" end if rs.MoveNext else DoEvent "AfterUnsuccessfulLogin pUsername,pPassword" strMessage = "Invalid Login" end if rs.close end if xt.assign "rememberbox_attrs",rememberbox_attrs & rememberbox_checked SESSION("MyURL")=myurl if myurl<>"" then xt.assign "guestlink_attrs","href=""" & myurl & """" else xt.assign "guestlink_attrs","href=""" & defaulturl & """" end if if request.form("username")<>"" or request.querystring("username")<>"" then xt.assign "username_attrs","value=""" & my_htmlspecialchars(pUsername) & """" else xt.assign "username_attrs","value=""" & my_htmlspecialchars(request.Cookies("username")) & """" end if password_attrs="onkeydown=""e=event; if(!e) e = window.event; if (e.keyCode != 13) return; e.cancel = true; e.cancelBubble=true; document.forms[0].submit(); return false;""" if request.form("password")<>"" then password_attrs=password_attrs & " value=""" & my_htmlspecialchars(pPassword)& """" else password_attrs=password_attrs & " value=""" & my_htmlspecialchars(request.Cookies("password")) & """" end if xt.assign "password_attrs",password_attrs if request.querystring("message")="expired" then strMessage = "Your session has expired. Please login again." if strMessage<>"" then xt.assign "message_block",true xt.assign "message",strMessage end if set sbody=CreateObject("Scripting.Dictionary") sbody("begin")="

" sbody("end")="

" xt.assign "body",sbody templatefile = "login.htm" DoEvent "BeforeShowLogin xt,templatefile" xt.display templatefile %>