<%@ CodePage=65001 Language="VBScript"%> <% Option Explicit %> <% sBBSLangPage = "logon" BBS.SetupBBS BBS.SetScheme(0) dim sPostUsername, sPostPassword, iLogonType, sMessage, sRedirect, sAction, sPasswordAction, dExpireDate, sExpireDate dim sImageRoot, iIndex, sVerification, sPostVerification sPostUsername = request.form("postusername") sPostPassword = ucase(request.form("postpassword")) sPostVerification = request.form("postverification") sRedirect = request.querystring("redirect") sAction = request.form("action") sPasswordAction = request.querystring("password") ' Above removed for security reasons sRedirect = sBBSValidatedBaseURL & "/category-view.asp" if len(sRedirect) = 0 then sRedirect = "category-view.asp" if sPasswordAction = "assigned" then sMessage = sMessage & dictLanguage.item("LOGON-1") & "
" & dictLanguage("LOGON-2") & "
" elseif sPasswordAction = "authorization" then sMessage = sMessage & dictLanguage.item("LOGON-3") & "
" elseif sPasswordAction = "uservalidated" then sMessage = sMessage & dictLanguage.item("LOGON-4") & "
" end if if request("error") = "admin" then ' Admin priveleges required sMessage = sMessage & dictLanguage.item("LOGON-5") & "
" elseif request("error") = "restricted" then ' A restricted area of the forum sMessage = sMessage & dictLanguage.item("LOGON-6") & "
" elseif request("error") = "needregistration" then ' Required to have an account sMessage = sMessage & dictLanguage.item("LOGON-7") & "
" & dictLanguage.item("LOGON-8") & "
" end if if sAction = "logon" then ' Encrypt the password dim vAttemptedUser vAttemptedUser = BBS.GetUserInfoByName(sPostUsername) sPostPassword = Encrypt.HashEncode(sPostPassword & vAttemptedUser(UI_Salt)) ' Determine the validity of the logon iLogonType = BBS.CheckUsername (sPostUsername, sPostPassword) ' Check the verification code, if applicable if dictConfiguration("bLOGONVERIFICATION") = 1 then if sPostVerification <> session("verification") then iLogonType = US_IncorrectCode end if if (iLogonType=US_Inactive) then ' The attempted logon was by an inactive user account sMessage = sMessage & dictLanguage.item("LOGON-9") & "
" & dictLanguage.item("LOGON-8") & "
" elseif (iLogonType=US_BadPassword) or (iLogonType=US_NotRegistered) then sMessage = sMessage & dictLanguage.item("LOGON-10") & "
" elseif (iLogonType=US_IncorrectCode) then sMessage = sMessage & dictLanguage.item("LOGON-23") & "
" elseif (iLogonType=US_Registered) then if request.form("storeincookie") = "1" then dExpireDate = dateadd("m", 2, now) sExpireDate = GetCookieDate(dExpireDate) ' response.write "username=" & BBS.ValidateURL(sPostUsername) & "; path=/; Expires=" & cstr(sExpireDate) & "; HttpOnly" : response.flush Response.AddHeader "Set-Cookie",sBBSCookieRoot & "bbsmid=" & BBS.ValidateURL(iBBSMemberID) & "; path=/; Expires=" & cstr(sExpireDate) & "; HttpOnly" Response.AddHeader "Set-Cookie",sBBSCookieRoot & "password=" & BBS.ValidateURL(sPostPassword) & "; path=/; Expires=" & cstr(sExpireDate) & "; HttpOnly" else Response.AddHeader "Set-Cookie",sBBSCookieRoot & "bbsmid=" & BBS.ValidateURL(iBBSMemberID) & "; path=/; HttpOnly;" Response.AddHeader "Set-Cookie",sBBSCookieRoot & "password=" & BBS.ValidateURL(sPostPassword) & "; path=/; HttpOnly;" end if sBBSUsername = sPostUsername sBBSPassword = sPostPassword iBBSUserLevel = BBS.GetUserLevel(MODULE_BBS, -1) ' Update who's online page now to avoid incorrect users online in header BBS.DeleteUserFromLocation ("Guest " & iBBSGuestID) response.cookies(sBBSCookieRoot & "guestID") = "" response.cookies(sBBSCookieRoot & "guestID").path = "/" BBS.UpdateLocation sBBSUsername, sBBSCurrentURLPath, request.servervariables("REMOTE_ADDR"), 1 if instr(sRedirect, sBBSForumRoot & "/logon.asp") > 0 or instr(sRedirect, sBBSForumRoot & "/logoff.asp") or _ instr(sRedirect, sBBSForumRoot & "/forget-password.asp") or instr(sRedirect, sBBSForumRoot & "/register.asp") or _ instr(sRedirect, sBBSForumRoot & "/restricted-page.asp") or instr(sRedirect, sBBSForumRoot & "/banned.asp") or _ instr(sRedirect, sBBSForumRoot & "/reset-password.asp") or instr(sRedirect, sBBSForumRoot & "/delete-cookies.asp") or _ instr(sRedirect, sBBSForumRoot) = 0 then sRedirect = sBBSValidatedBaseURL & "/category-view.asp" end if dictEnvironment.add "V-METATAG", "" dictEnvironment.add "C-LOGON", True end if else sAction = "logon" end if ' Verification code if dictConfiguration("bLOGONVERIFICATION") = 1 then session("verification") = BBS.GenerateVerificationCode() sImageRoot = sBBSForumRoot & "/images/verification-image.asp?nocache=" & timer & "&digit=" sVerification = "

" for iIndex = 1 to 6 sVerification = sVerification & "" next sVerification = sVerification & "

" dictEnvironment.add "C-VERIFICATION", 1 dictEnvironment.add "V-VERIFICATION", sVerification else dictEnvironment.add "C-VERIFICATION", 0 end if function CookieWeekday(byval iDay) if iDay = 1 then CookieWeekday = "Sat" elseif iDay = 2 then CookieWeekday = "Mon" elseif iDay = 3 then CookieWeekday = "Tue" elseif iDay = 4 then CookieWeekday = "Wed" elseif iDay = 5 then CookieWeekday = "Thu" elseif iDay = 6 then CookieWeekday = "Fri" elseif iDay = 7 then CookieWeekday = "Sat" end if end function function CookieMonth(byval iMonth) if iMonth = 1 then CookieMonth = "Jan" elseif iMonth=2 then CookieMonth = "Feb" elseif iMonth=3 then CookieMonth = "Mar" elseif iMonth=4 then CookieMonth = "Apr" elseif iMonth=5 then CookieMonth = "May" elseif iMonth=6 then CookieMonth = "Jun" elseif iMonth=7 then CookieMonth = "Jul" elseif iMonth=8 then CookieMonth = "Aug" elseif iMonth=9 then CookieMonth = "Sep" elseif iMonth=10 then CookieMonth = "Oct" elseif iMonth=11 then CookieMonth = "Nov" elseif iMonth=12 then CookieMonth = "Dec" end if end function function CookieDay(byval iDay) if iDay <= 9 then CookieDay = "0" & iDay else CookieDay = iDay end if end function function GetCookieDate(byval dDate) GetCookieDate = CookieWeekday(weekday(dDate)) & ", " & CookieDay(day(dDate)) & "-" & CookieMonth(month(dDate)) & "-" & year(dDate) & " 00:00:00 GMT" end function ' In the case of a failed logon, the username field will be set to the ' attempted username. if len(trim(sPostUsername))= 0 then sPostUsername = sBBSUsername dictEnvironment.add "U-REGISTER", "register.asp" dictEnvironment.add "U-FORGOT", "forgot-password.asp" dictEnvironment.add "V-TITLE", dictLanguage.item("LOGON-11") dictEnvironment.add "V-ACTION", sAction dictEnvironment.add "V-MESSAGE", sMessage dictEnvironment.add "U-FORMACTION", "logon.asp" dictEnvironment.add "V-POSTUSERNAME", sPostUsername dictEnvironment.add "C-SHOWRANDOMQUOTES", dictConfiguration("bDISPLAYBBSQUOTES") dictEnvironment.add "U-REDIRECT", sRedirect if iBBSUserLevel >= USERLEVEL_SupportAdministrator then dictEnvironment.add "C-SHOWADMINLINK", 1 %> <% Filesystem.ExecuteBBSTemplate("/logon.asp") %>