<%
'*******************************************************************************
'* XUD Copyright 1995-2005 XCENT - www.xcent.com *
'* XUD is a trademark of XCENT *
'* This notice may not be removed from this source code file *
'*******************************************************************************
sUserEnteredCode = RequestValue("USERTESTCODE")
sAntiBotTestCode = RequestValue("ANTIBOTTESTCODE")
vNow = Now
If gbEnabled Then
OpenDBConn
sCMD = UCase(Trim(RequestValue("CMD")))
sEmail = RequestValue("Email")
Set objErr = CreateObject("Scripting.Dictionary")
Select Case sCMD
Case "SENDPASSWORD":
If ValidateForm Then
If gbLogLostPW Then
LogEvent "LOSTPW", sEmail & ", " & DispShortDateTime(vNow) & ", " & Request.ServerVariables("REMOTE_ADDR")
End If
sSQL = "SELECT COUNT(*) As calcCount FROM tblXUDUserRegistration" & _
" WHERE regEmail = " & SQLStr(sEmail)
Set rs = gobjConnect.Execute(sSQL)
If Not rs.Eof Then
If FVal(rs("calcCount")) > 0 Then
Randomize
sNewPassword = GenerateUserPassword
sSQL = "UPDATE tblXUDUserRegistration SET regPHash = " & SQLVal(PHash(sNewPassword)) & _
" WHERE regEmail = " & SQLStr(sEmail)
gobjConnect.Execute sSQL
sSQL = "SELECT regUserName FROM tblXUDUserRegistration" & _
" WHERE regEmail = " & SQLStr(sEmail)
sUserName = ""
Set rsUser = gobjConnect.Execute(sSQL)
sUserName = ""
If Not rsUser.Eof Then
bFirstIteration = True
Do While Not rsUser.EOF
If Not bFirstIteration Then
sUserName = sUserName & ", "
Else
sFirstUsername = "" & rsUser("regUserName")
bFirstIteration = False
End If
sUserName = sUserName & "" & rsUser("regUserName")
'sUserName = "" & rsUser("regUserName")
rsUser.MoveNext
Loop
End If
rsUser.Close
Set rsUser = Nothing
sTemp = ReadFile(Server.MapPath("XUDEmailTemplates\XUDLostPassword.txt")) & vbCrLf & _
ReadFile(Server.MapPath("XUDEmailTemplates\XUDEmailFooter.txt"))
sTemp = Replace(sTemp, "%USERNAME%", sUsername)
sTemp = Replace(sTemp, "%XUD%", gsXUDURL)
sTemp = Replace(sTemp, "%DATETIME%", DispShortDateTime(vNow))
sTemp = Replace(sTemp, "%NEWPASSWORD%", sNewPassword)
sSubject = GetFirstLine(sTemp)
sTmpEmail = sEmail & " (" & sFirstUsername & ")"
SendEmailMessage sTmpEmail, gsAdminEmail, sSubject, sTemp
Else
If Not objErr.Exists("EMAIL") Then objErr.Add "EMAIL", GLS_LostPErrEmailBad
End If
Else
If Not objErr.Exists("EMAIL") Then objErr.Add "EMAIL", GLS_LostPErrEmailBad
End If
rs.Close
Set rs = Nothing
End If
If objErr.Count>0 Then
ShowForm
Else
DoPageHeader
TableHead
'ShowHTMLFile "XUDHtmlTxt/XUDLostPasswordSent.htm"
sTemp = ReadFile(Server.MapPath(".\XUDHtmlTxt\XUDLostPasswordSent.htm"))
sTemp = Replace(sTemp, "%DATETIME%", DispShortDateTime(vNow))
Response.Write sTemp
Response.Write ""
TableFoot
DoPageFooter
End If
Case Else
ShowForm
End Select
CloseDBConn
Set objErr = Nothing
Else
Response.Redirect "XUDDisabled.asp"
End If
Function ValidateForm
ValidateForm = True
If (Len(Trim(sEmail))=0) Or (Instr(sEmail,"@")<1) Or (Instr(sEmail,".")<1) Then
objErr.Add "EMAIL", GLS_LostPErrEmailBad
End If
If gbAntiBotPasswordProtect And giImagingHandler > 0 Then
If Not CheckAntiBotTestCode( "XUD", sAntiBotTestCode, sUserEnteredCode) Then
objErr.Add "ANTIBOTTEST", GLS_RegErrorAntiBotTest
End If
End If
If objErr.Count > 0 Then
ValidateForm = False
End If
End Function
Sub ShowForm
DoPageHeader
AddJavaScriptHelp
TableHead
ShowHTMLFile "XUDHtmlTxt/XUDLostPassword.htm"
Response.Write ""
TableFoot
DoPageFooter
Response.Write vbCrLf & "" & vbCrLf
End Sub
Sub TableHead
Response.Write "