Web Wiz Support and Community Forums : Error with usercode

Error with usercode : here is a mod you can do . its...

Sat, 18 Sep 2004 14:25:58 +0000

Author: dj air
Subject: 11846
Posted: 18 September 2004 at 2:25pm

here is a mod you can do . its just cut and paste

Existing code
[code]

'If a username has been entered check that the password is correct
If (strUsername <> "" AND Request.Form("QUIK") = false) OR(Request.Form("QUIK") AND blnLongSecurityCode = false AND strUsername<> "") Then

    'Check the users session ID for security from hackers if the user code has been disabled
    If blnLongSecurityCode = False Then Call checkSessionID(Request.Form("sessionID"))

    'Check security code to pervent hackers
    If Session("lngSecurityCode") <>Trim(Mid(Request.Form("securityCode"), 1, 6)) AND blnLongSecurityCodeThen blnSecurityCodeOK = False

    'Read the various forums from the database
    'Initalise the strSQL variable with an SQL statement to query the database
    strSQL = "SELECT " & strDbTable &"Author.Password, " & strDbTable & "Author.Salt, " &strDbTable & "Author.Username, " & strDbTable &"Author.Author_ID, " & strDbTable & "Author.User_code "
    strSQL = strSQL & "FROM " & strDbTable & "Author "
    strSQL = strSQL & "WHERE " & strDbTable & "Author.Username = '" & strUsername & "';"

    'Set the Lock Type for the records so that the record set is only locked when it is updated
    rsCommon.LockType = 3

    'Query the database
    rsCommon.Open strSQL, adoCon


    'If no record is returned then the login is incorrect
    If rsCommon.EOF Then blnIncorrectLogin = true


    'If the query has returned a value to the recordset then check the password is correct
    If NOT rsCommon.EOF AND blnSecurityCodeOK Then

        'Only encrypt password if this is enabled
        If blnEncryptedPasswords Then

            'Encryptpassword so we can check it against the encypted password in thedatabase
            'Read in the salt
            strPassword = strPassword & rsCommon("Salt")

            'Encrypt the entered password
            strPassword = HashEncode(strPassword)
        End If

        'Check the encrypted password is correct, if it is get the user ID and set a cookie
        If strPassword = rsCommon("Password") Then

            'Read in theusers ID number and whether they want to be automactically logged inwhen they return to the forum
            lngUserID = CLng(rsCommon("Author_ID"))
            strUsername = rsCommon("Username")

            'For extra security create a new user code for the user
            strUserCode = userCode(strUsername)

            'Save the new usercode back to the database
            rsCommon.Fields("User_code") = strUserCode
            rsCommon.Update


            'Write acookie with the User ID number so the user logged in throughout theforum
            'Write thecookie with the name Forum containing the value UserID number
            Response.Cookies(strCookieName)("UID") = strUserCode



            'Write acookie saying if the user is browsing anonymously, 1 = Anonymous, 0 =Shown
            If CBool(Request.Form("NS")) = False Then

               Response.Cookies(strCookieName)("NS") = "1"'Anonymous
            Else
                Response.Cookies(strCookieName)("NS") = "0" 'Shown
            End If

            'If the userhas selected to be remebered when they next login then set the expirydate for the cookie for 1 year
            If blnAutoLogin = True Then

                'Set the expiry date for 1 year
               'If no expiry date is set the cookie is deleted fromthe users system 20 minutes after they leave the forum
               Response.Cookies(strCookieName).Expires =DateAdd("yyyy", 1, Now())
            End If

            'Reset Server Objects
            rsCommon.Close

            Set rsCommon = Nothing
            adoCon.Close
            Set adoCon = Nothing

            'Go to thelogin test to make sure the user has cookies enabled on their browser
            'If this is aredierect form the email notify unsubscribe page to get the user to login then redirct back there
            If Request.QueryString("M") = "Unsubscribe" Then

               Response.Redirect("login_user_test.asp?TID=" &Request.QueryString("TID") & "&FID=" & intForumID &"&M=Unsubscribe")

            'Redirect the user back to the forum they have just come from
            ElseIf intForumID > 0 Then

Error with usercode : Borg, this is a serious issue,...

Sat, 18 Sep 2004 12:42:49 +0000

Author: theSCIENTIST
Subject: 11846
Posted: 18 September 2004 at 12:42pm

Borg, this is a serious issue, even thou I have not been affected by it on my currently deployed projects, it would be nice if you could release a patch, not just with files, but with a detailed explanation on how to manually patch in case we can't just replace our files (files with many modifications we made), as opposed to wait for the new v8.0 release.

Thx.

Error with usercode : Thanks. I'll will do that!...

Fri, 17 Sep 2004 06:17:41 +0000

Author: FreeMen
Subject: 11846
Posted: 17 September 2004 at 6:17am

Thanks. I'll will do that!

Error with usercode : It looks like there is a problem...

Fri, 17 Sep 2004 06:12:20 +0000

Author: WebWiz-Bruce
Subject: 11846
Posted: 17 September 2004 at 6:12am

It looks like there is a problem if the user tries to login into their account before they activate it.

This will be corrected for the next version.

In the meantime ask your users to activate their accounts before logging in.

Error with usercode : It has happend 9 times now. Always...

Fri, 17 Sep 2004 05:36:00 +0000

Author: FreeMen
Subject: 11846
Posted: 17 September 2004 at 5:36am

It has happend 9 times now.

Always the code that differs.

And I have reupped the files..

My users CAN'T activate their account, 'cause of the error in the usercode!?

Error with usercode : I can't see how the code...

Fri, 17 Sep 2004 05:31:01 +0000

Author: WebWiz-Bruce
Subject: 11846
Posted: 17 September 2004 at 5:31am

I can't see how the code can be changed in the way you mention.

Make sure you do not have any corrupted files by reuploading the files again.

Also make sure the user activates their account beofre trying to login.

Error with usercode : Hi My users can't activate...

Fri, 17 Sep 2004 04:19:05 +0000

Author: FreeMen
Subject: 11846
Posted: 17 September 2004 at 4:19am

My users can't activate their accounts because the link they get in their mail is wrong?

Example:

The user get this: activate.asp?ID=ch018379117BB6 but the database says: ch01BD1CE9AF24 as the code???

What can I do?