<%
if Request.ServerVariables("REQUEST_METHOD") = "POST" Then
dim conn 'database connection object
dim rs 'recordset
dim strSQL 'sql query
dim endline
dim dbPass
dim CM, context
'set endline
endline = chr(10)
'create the connection object
set conn = Server.CreateObject("ADODB.Connection")
'open the connection
conn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=d:\home\hnt7c211\legacy\f7e8af3jk23sd3.mdb;"
'create the crypto manager
set CM = Server.CreateObject("Persits.CryptoManager")
set context = CM.OpenContext("mycontainer", true)
'create a recordset
set rs = Server.CreateObject("ADODB.Recordset")
'get salt from database
strSQL = "SELECT * FROM Users WHERE Email=""" & Request.Form("Email") & """"
rs.LockType = adLockOptimistic
rs.Open strSQL, conn
dbPass = rs.Fields("Password")
'we have a result by design
'hash the form password with database salt
'create the hash object
set hash = context.CreateHash
hash.AddText Request.Form("OldPass")
hash.AddText rs.Fields("Salt")
'if the old password does not match in the database
if not hash.Value.Hex = dbPass then
Session("responseString") = "The password is incorrect. Please try " &_
"Changing your password again"
else 'we have a match in the database
'hash the new password
set hash = context.CreateHash
hash.AddText Request.Form("NewPass")
'generate random salt
Randomize
salt = ""
for i = 1 to 10
'generate a random character from A-Z
salt = salt & chr(int(Rnd * 26) + 65)
next
hash.AddText salt
'update the record
rs.Fields("Password") = hash.Value.Hex
rs.Fields("Salt") = salt
rs.Update
'update the session
Session("ID") = rs.Fields("ID")
dim names
names = split(rs.Fields("Name"))
Session("firstName") = names(0)
Session("responseString") = "You have successfully changed your password."
end if
'close the recordset and reset variables
rs.Close
set hash = Nothing
set context = Nothing
set CM = Nothing
set rs = Nothing
set conn = Nothing
'Redirect to generic message output page
Response.Redirect "form_submit.asp"
end if
%>
Legacy Cruise II
