FLUTEC Design + Build Company

<% ' ' Retrieve input data... cFORM = Request("cFORM") cUSERIDv = Left(SqlFix(Ucase(Trim(Request("cUSERID")))),50) cPASSWORDv = Left(Ucase(Trim(Request("cPASSWORD"))),20) 'cNEWUSER = Request("cNEWUSER") cUSERID = "" cPASSWORD = "" 'Variable Agregada por Dep. de sistemas flutec Session("Username_log") = "" ' '****************************************************************** 'response.write("cForm=" & cFORM & "
") 'response.write("cUserID=" & cUserIDv & "
") 'response.write("cPassword=" & cPasswordv & "
") 'response.write("cNewUser=" & cNewUser & "
") '****************************************************************** ' Display SignIn Form if FORM is blank... ShowFormLogin = False If Len(cForm) = 0 Then ShowFormLogin = True ' ' Check for userid/password match if LOGIN form... If cFORM = "LOGIN" Then ' Look up the USER ID 'response.write("cUSERID:" & cUSERIDv & "
") oSql = "SELECT u.username, u.password," _ & " a.levelID AS aLevel" _ & " FROM users u INNER JOIN accesslevel a" _ & " ON u.userID = a.userID" _ & " WHERE u.username = '" & cUSERIDv & "'" 'oSql = "SELECT username, password FROM users WHERE username = '" & cUserIDv & "'" 'sSQL = "SELECT users.*, accesslevel.levelID AS aLevel FROM users" _ ' & " INNER JOIN accesslevel" _ ' & " ON users.userID = accesslevel.userID" _ ' & " WHERE users.username = '" & sUserName & "'" _ ' & " AND users.password = '" & sPassword & "'" 'Response.Write("Password Check:" & oSql & "
") Set oRS = oASPTools.Execute(oSql) '**************************************************************** ' Codigo Agregado por Carlos Castañeda I. '**************************************************************** ' IF FOUND... If Not oRS.EOF Then ' Compare Passswords cConfirm = Trim(Ucase(oRS("password"))) cName = Trim(oRS("username")) 'response.write("cConfirm=" & cConfirm & "
") If cCONFIRM <> cPASSWORDv Then ' ------------------------------------ ' >> The BAD PASSWORD Form... ' >> Display Bad Password... ' ------------------------------------ BadLogin = "BadPassword" ShowFormLogin = True oSql = "INSERT INTO activity SELECT " & _ Q & cUSERIDv & Q & " AS USERID, " & _ Q & Request.ServerVariables("REMOTE_HOST") & Q & " AS IP, " & _ "#" & FN_NOW & "#" & " AS [DATE], " & _ "'BAD PASS' AS [ACTION]" 'Response.Write("Activty Write BAD PASS: " & oSql & "
") oRS = oASPTools.Execute(oSQL) ' Save the session variable Session("NOACCESS") = 1 Else ' Successful login ' ' Save the session variables Session("USERID") = cUSERIDv Session("NAME") = cName Session("PASSWORD") = cPASSWORDv Session("ACCESSLEVEL") = oRS.Fields("aLevel") ' ' Insert into the activity logs oSql = "INSERT INTO activity SELECT " & _ Q & cUSERIDv & Q & " AS USERID, " & _ Q & Request.ServerVariables("REMOTE_HOST") & Q & " AS IP, " & _ "#" & FN_NOW & "#" & " AS [DATE], " & _ "'LOGIN' AS [ACTION]" 'Response.Write("Activty Write LOGIN: " & oSql & "
") oRS = oASPTools.Execute(oSQL) ' ' Update user record with activity oSql = "UPDATE users SET " & _ "login_count = login_count + 1, " & _ "login_last = " & "#" & FN_NOW & "#" & " " & _ "WHERE username = " & Q & cUSERIDv & Q 'Response.Write("Activty Write LOGIN: " & oSql & "
") oRS = oASPTools.Execute(oSQL) ' sqlFOLDER = "SELECT folder FROM folders WHERE folderID = " _ & Session("ACCESSLEVEL") Set rsFolder = oASPTools.Execute(sqlFOLDER) ' Session("NOACCESS") = 0 ' If Not rsFolder.EOF Then 'Codigo Agregado por dep. de sistemas flutec session("Username_log") = "LOGT" ' ''RedirTo = HOST_SERVER_PATH & "/" & rsLevel.Fields("folder") RedirTo = rsFolder.Fields("folder") RedirTo = RedirTo & "?UserName=" & Session("USERID") 'RedirTo = RedirTo & "&Password=" & Session("PASSWORD") Response.Write("Folder LOGIN: " & RedirTo & "
") Response.Redirect RedirTo Else 'Codigo Agregado por dep. de sistemas flutec session("Username_log") = "" ' Session("NOACCESS") = 2 'Session("USERID") = "0" 'Response.Redirect("client_login.asp") End If Set rsLevel = Nothing ' 'Response.Redirect("default.asp") End If Else ' ------------------------------------ ' >> Unauthorized User Form... ' >> Display Access Denied... ' ------------------------------------ BadLogin = "AccessDenied" ShowFormLogin = True oSql = "INSERT INTO activity SELECT " & _ Q & cUSERIDv & Q & " AS USERID, " & _ Q & Request.ServerVariables("REMOTE_HOST") & Q & " AS IP, " & _ "#" & FN_NOW & "#" & " AS [DATE], " & _ "'UNAUTHORIZED USER' AS [ACTION]" oRS = oASPTools.Execute(oSQL) ' Save the session variable Session("NOACCESS") = 2 End If End If %>

<% Select Case Session("NOACCESS") Case 0 ' Do nothing Case 1 'UserName or Password Response.Write "Login Failure. Please check your User Name and Password." Case 2 'Access Denied or Unauthorized User Response.Write "Access Denied.
" Response.write "Please contact Flutec at 915-613-0909 or 011-52-656-625-5474 with any questions." End Select %>