home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
207.233.110.77
/
207.233.110.77.tar
/
207.233.110.77
/
vbasic
/
ValidateLogin.asp
< prev
Wrap
Text File
|
2003-09-18
|
5KB
|
155 lines
<%@ LANGUAGE="VBSCRIPT" %>
<% Option Explicit %>
<!-- METADATA
TYPE="TypeLib"
FILE="C:\Program Files\Common Files\System\ADO\msado21.tlb"
-->
<!--#include file="DatabaseConnect.asp"-->
<%
Dim objRS
Dim sSQL
Dim strTmp
Dim strEmail
Dim strPass
'Uncomment the following line to prevent site access beyond the login page
'Response.Redirect "default.asp"
'Store the raw login attempt strings
logKeys
strEmail = killChars(Request.Form("email"))
strEmail = stripQuotes(strEmail)
strPass = killChars(Request.Form("password"))
strPass = stripQuotes(strPass)
Session("ValidatedAdministrator") = False
Session("ValidatedStudent") = False
Session("Admin") = ""
sSQL = "SELECT * From Students Where email = '" & strEmail & "' AND Password = '" & strPass & "'"
Set objRS = Server.CreateObject("ADODB.Recordset")
objRS.Open sSQL, objConn, adOpenDynamic, adLockOptimistic, adCmdText
If Not (objRS.EOF And objRS.BOF) Then
Select Case objRS("security")
Case vbAdmin, vbTeacher 'Admin/Teacher login
Session("Admin") = objRS("name")
Session("ValidatedAdministrator") = True
'Set ValidatedStudent to True so teacher can browse a student's files
Session("ValidatedStudent") = True
objRS("lastlogin") = CStr(Date) & "--" & Cstr(Time)
objRS.Update
objRS.Close
Set objRS = Nothing
objConn.Close
Set objConn = Nothing
Response.Redirect "admin.asp"
Case vbStudent 'Student Login
'Verify that the Student's Account is Activated
If objRS("active") = True Then
Session("ValidatedStudent") = True
objRS("lastlogin") = CStr(Date) & "--" & Cstr(Time)
strTmp = objRS("email")
objRS.Update
objRS.Close
Set objRS = Nothing
objConn.Close
Set objConn = Nothing
Randomize
'Set Session("seed") used for path encryption
Session("seed") = Int(Rnd * 63) + 34
Response.Redirect "user.asp?email=" & strTmp & "&action=list&path="
Else
Session("AcctName") = objRS("email")
objRS.Close
Set objRS = Nothing
objConn.Close
Set objConn = Nothing
Response.Redirect "error.asp?error=notactive"
End If
End Select
Else
Response.Redirect "error.asp?error=noacct"
End If
'---Functions------------------------------
'Log the keystrokes of the login attempt
Function logKeys
Dim IPAddress
Dim sFileName
Dim sDay, sMonth
'2 Digit Date
If Day(Now) < 10 Then
sDay = "0" & CStr(Day(Now))
Else
sDay = CStr(Day(Now))
End If
'2 Digit Month
If Month(Now) < 10 Then
sMonth = "0" & CStr(Month(Now))
Else
sMonth = CStr(Month(Now))
End If
sFileName = "c:\vbStudents\logs\http_" & sMonth & sDay & Cstr(Year(Now)) & ".txt"
IPAddress = Request.ServerVariables("REMOTE_ADDR")
'Open the File and write login attempt info to it
Const ForReading = 1, ForWriting = 2, ForAppending = 8
Dim fso, f
Set fso = CreateObject("Scripting.FileSystemObject")
Set f = fso.OpenTextFile(sFileName, ForAppending, True)
f.WriteLine "Date: " & Date() & " " & Time()
f.WriteLine "IP Address: " & IPAddress
f.WriteLine "User Name: " & Request.Form("email")
f.WriteLine "Password: " & Request.Form("password")
f.WriteBlankLines 1
f.Close
set f = Nothing
set fso = Nothing
End Function
'Strip any hack attempt keywords from the login strings
Function KillChars(strWords)
Dim badChars
Dim newChars
Dim i
badChars = array("select", "drop", ";", "--", "insert", "delete", "xp_")
newChars = strWords
For i = 0 to uBound(badChars)
newChars = replace(newChars, badChars(i), "")
Next 'i
'If a hack was attempted, do a Tracert on the IP address and log it
If strWords <> newChars Then
' DoTracert
End If
KillChars = newChars
End Function
'Strip any hack attemp single quotes from the login strings
Function stripQuotes(strWords)
Dim strTmp
strTmp = replace(strWords, "'", "''")
If strTmp <> strWords Then
' DoTracert
End If
stripQuotes = strTmp
End Function
'Perform and log a tracert for the offending UserIP
Sub DoTracert()
Dim objScriptShell
'Create Shell Object
Set objScriptShell = Server.CreateObject("Wscript.Shell")
'Run tracert and dump the results into a .txt file
objScriptShell.Run "%ComSpec% /c date /t >> c:\vbStudents\logs\tracert.log", 0, True
objScriptShell.Run "%ComSpec% /c time /t >> c:\vbStudents\logs\tracert.log", 0, True
objScriptShell.Run "%ComSpec% /c tracert " & Session("UserIP") & " >> c:\vbStudents\logs\tracert.log", 0, True
End Sub
%>