<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>
<%
' Names of roles users may log in as
Const AdvisorRoleName = "Advisor"
Const GuestRoleName = "Guest"
Const TeleconferenceRoleName = "Teleconference"
Const AdminRoleName = "Admin"
' Returns the user name of the current user.
Function GetCurrentUserName( _
)
GetCurrentUserName = Session( "MM_Username" )
End Function
' Returns the role name of the current user.
Function GetCurrentRoleName( _
)
GetCurrentRoleName = Session( "MM_RoleName" )
End Function
' Validates that the current user is logged in and in the correct role. If the user is not logged
' in or not in the correct role, he/she is redirected to a login page.
Sub AuthorizeCurrentUser( _
RoleName, _
LoginPage _
)
Dim MM_grantAccess
Dim MM_qsChar
Dim MM_referrer
' *** Restrict Access To Page: Grant or deny access to this page
MM_grantAccess=false
' If the user is logged in,
If GetCurrentUserName( ) <> "" Then
' and if the user is in the correct role for this page,
If GetCurrentRoleName( ) = RoleName Then
' The user is grnated access
MM_grantAccess = true
End If
End If
' If the user is not allowed to view this page,
If Not MM_grantAccess Then
' Redirect the user to the appropriate login page
MM_qsChar = "?"
If (InStr(1,LoginPage,"?") >= 1) Then MM_qsChar = "&"
MM_referrer = Request.ServerVariables("URL")
if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?" & Request.QueryString()
LoginPage = LoginPage & MM_qsChar & "accessdenied=" & Server.URLEncode(MM_referrer)
Response.Redirect(LoginPage)
End If
End Sub
%>
<%
' *** Edit Operations: declare variables
Dim MM_editAction
Dim MM_abortEdit
Dim MM_editQuery
Dim MM_editCmd
Dim MM_editConnection
Dim MM_editTable
Dim MM_editRedirectUrl
Dim MM_editColumn
Dim MM_recordId
Dim MM_fieldsStr
Dim MM_columnsStr
Dim MM_fields
Dim MM_columns
Dim MM_typeArray
Dim MM_formVal
Dim MM_delim
Dim MM_altVal
Dim MM_emptyVal
Dim MM_i
Dim NewPass
Dim ValPass
MM_editAction = CStr(Request.ServerVariables("SCRIPT_NAME"))
If (Request.QueryString <> "") Then
MM_editAction = MM_editAction & "?" & Request.QueryString
End If
' boolean to abort record edit
MM_abortEdit = false
' query string to execute
MM_editQuery = ""
%>
<%
' *** Update Record: set variables
ErrorMessage = ""
If (CStr(Request("MM_update")) = "form1" And CStr(Request("MM_recordId")) <> "") Then
ValPass = (CStr(Request.Form("vpass")))
NewPass = (Cstr(Request.Form("npass")))
' If the passwords match and they are the proper length,
If NewPass = ValPass And Len( NewPass ) >=3 And Len( NewPass ) <= 12 Then
MM_editConnection = Application("CenturionCounsel_ConnectionString")
MM_editTable = "advisors"
MM_editColumn = "username"
MM_recordId = "'" + Request.Form("MM_recordId") + "'"
MM_editRedirectUrl = "password_updated.asp"
MM_fieldsStr = "email|value|npass|value"
MM_columnsStr = "email|',none,''|password|',none,''"
' create the MM_fields and MM_columns arrays
MM_fields = Split(MM_fieldsStr, "|")
MM_columns = Split(MM_columnsStr, "|")
' set the form values
For MM_i = LBound(MM_fields) To UBound(MM_fields) Step 2
MM_fields(MM_i+1) = CStr(Request.Form(MM_fields(MM_i)))
Next
' append the query string to the redirect URL
If (MM_editRedirectUrl <> "" And Request.QueryString <> "") Then
If (InStr(1, MM_editRedirectUrl, "?", vbTextCompare) = 0 And Request.QueryString <> "") Then
MM_editRedirectUrl = MM_editRedirectUrl & "?" & Request.QueryString
Else
MM_editRedirectUrl = MM_editRedirectUrl & "&" & Request.QueryString
End If
End If
Else
ErrorMessage = "The New Password and Verify " & _
"Password must be 3-12 characters and match exactly. " & _
"They are case sensitive and do not accept the following special " & _
"characters: " & _
"" ' : ; , . < > ? / [ " & _
"] { } | \ = ! @ # % * ( or )."
MM_abortEdit = True
End If
End If
%>
<%
' *** Update Record: construct a sql update statement and execute it
If (CStr(Request("MM_update")) <> "" And CStr(Request("MM_recordId")) <> "" And Not MM_abortEdit) Then
' create the sql update statement
MM_editQuery = "update " & MM_editTable & " set "
For MM_i = LBound(MM_fields) To UBound(MM_fields) Step 2
MM_formVal = MM_fields(MM_i+1)
MM_typeArray = Split(MM_columns(MM_i+1),",")
MM_delim = MM_typeArray(0)
If (MM_delim = "none") Then MM_delim = ""
MM_altVal = MM_typeArray(1)
If (MM_altVal = "none") Then MM_altVal = ""
MM_emptyVal = MM_typeArray(2)
If (MM_emptyVal = "none") Then MM_emptyVal = ""
If (MM_formVal = "") Then
MM_formVal = MM_emptyVal
Else
If (MM_altVal <> "") Then
MM_formVal = MM_altVal
ElseIf (MM_delim = "'") Then ' escape quotes
MM_formVal = "'" & Replace(MM_formVal,"'","''") & "'"
Else
MM_formVal = MM_delim + MM_formVal + MM_delim
End If
End If
If (MM_i <> LBound(MM_fields)) Then
MM_editQuery = MM_editQuery & ","
End If
MM_editQuery = MM_editQuery & MM_columns(MM_i) & " = " & MM_formVal
Next
MM_editQuery = MM_editQuery & " where " & MM_editColumn & " = " & MM_recordId & _
" AND password = '" & Replace( Request.Form( "cpass" ), "'", "''" ) & "'"
If (Not MM_abortEdit) Then
' execute the update
Set MM_editCmd = Server.CreateObject("ADODB.Command")
MM_editCmd.ActiveConnection = MM_editConnection
MM_editCmd.CommandText = MM_editQuery
MM_editCmd.Execute RecordsAffected
MM_editCmd.ActiveConnection.Close
' If no records were updated,
If RecordsAffected = 0 Then
' Assume that the password was wrong
ErrorMessage = "Sorry, the password you entered is incorrect."
MM_abortEdit = True
End If
If (MM_editRedirectUrl <> "" And Not MM_abortEdit) Then
Response.Redirect(MM_editRedirectUrl)
End If
End If
End If
%>
<%
' *** Restrict Access To Page: Grant or deny access to this page
MM_authorizedUsers=""
MM_authFailedURL="advisorlogin_fail.asp"
MM_grantAccess=false
If Session("MM_Username") <> "" Then
If (true Or CStr(Session("MM_UserAuthorization"))="") Or _
(InStr(1,MM_authorizedUsers,Session("MM_UserAuthorization"))>=1) Then
MM_grantAccess = true
End If
End If
If Not MM_grantAccess Then
MM_qsChar = "?"
If (InStr(1,MM_authFailedURL,"?") >= 1) Then MM_qsChar = "&"
MM_referrer = Request.ServerVariables("URL")
if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?" & Request.QueryString()
MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" & Server.URLEncode(MM_referrer)
Response.Redirect(MM_authFailedURL)
End If
%>
<%
Dim rsAdvisors1__MMColParam
rsAdvisors1__MMColParam = GetCurrentUserName( )
Dim rsAdvisors1
Dim rsAdvisors1_numRows
Set rsAdvisors1 = Server.CreateObject("ADODB.Recordset")
rsAdvisors1.ActiveConnection = Application("CenturionCounsel_ConnectionString")
rsAdvisors1.Source = "SELECT * FROM advisors WHERE username = '" + Replace(rsAdvisors1__MMColParam, "'", "''") + "'"
rsAdvisors1.CursorType = 0
rsAdvisors1.CursorLocation = 2
rsAdvisors1.LockType = 1
rsAdvisors1.Open()
rsAdvisors1_numRows = 0
%>
Welcome to Centurion Counsel, Inc.
