Send Password if user forgets - asp-classic

I'm working on a project with asp and i have a section of where a user forgets his or her password she enters her email and if it's valid it sends the password. Now the problem is, its able to check if the email is in the database alright and sends the mail, but can't send the password along.
<%
'Check if the form has been processed
If Request.Form("process")="true" Then
'Check the recordset for a valid record
If Not rs_user.Eof Then
'Valid record, so proceed with the email
Call sSendReminder (rs_user("email"), rs_user("password"))
Response.Write "Your password has been sent to your inbox. If you don't find it in your mail box, check your junk mail folder"
dim sName, sEmail, sMessage
dim oCdoMail, oCdoConf, sConfURL
sEmail = Request.Form("email")
Set oCdoMail = Server.CreateObject("CDO.Message")
Set oCdoConf = Server.CreateObject("CDO.Configuration")
sConfURL = "http://schemas.microsoft.com/cdo/configuration/"
with oCdoConf
.Fields.Item(sConfURL & "sendusing") = 2
.Fields.Item(sConfURL & "smtpserver") = "smptserveraddress.com"
.Fields.Item(sConfURL & "smtpserverport") = 25
.Fields.Update
end with
with oCdoMail
.From = "noreply#sample.com"
.To = sEmail
.Subject = "Password Recovery from samplesite"
.TextBody = "Your password is: " & password
.HTMLBody = "Your password is: " & password
.Configuration = oCdoConf
.Send
end with
Set oCdoConf = Nothing
Set oCdoMail = Nothing
Else
'Not a valid record
Response.Write "Sorry, no email was found."
End If
End If
Sub sSendReminder(email, password)
End Sub
%>

Is the above code the exact code you are running?
If so, you need to move the
Sub sSendReminder(email, password)
above
dim sName, sEmail, sMessage
You also need to move those "end if" statements outside the sub.
Your code runs (I think) because it is technically correct, but it doesn't run like you think it should because your sub is actually blank.
Correct code would look like this:
<%
'Check if the form has been processed
If Request.Form("process")="true" Then
'Check the recordset for a valid record
If Not rs_user.Eof Then
'Valid record, so proceed with the email
Call sSendReminder (rs_user("email"), rs_user("password"))
Response.Write "Your password has been sent to your inbox. If you don't find it in your mail box, check your junk mail folder"
Else
'Not a valid record
Response.Write "Sorry, no email was found."
End If
End If
Sub sSendReminder(email, password)
dim sName, sEmail, sMessage
dim oCdoMail, oCdoConf, sConfURL
sEmail = Request.Form("email")
Set oCdoMail = Server.CreateObject("CDO.Message")
Set oCdoConf = Server.CreateObject("CDO.Configuration")
sConfURL = "http://schemas.microsoft.com/cdo/configuration/"
with oCdoConf
.Fields.Item(sConfURL & "sendusing") = 2
.Fields.Item(sConfURL & "smtpserver") = "smptserveraddress.com"
.Fields.Item(sConfURL & "smtpserverport") = 25
.Fields.Update
end with
with oCdoMail
.From = "noreply#sample.com"
.To = sEmail
.Subject = "Password Recovery from samplesite"
.TextBody = "Your password is: " & password
.HTMLBody = "Your password is: " & password
.Configuration = oCdoConf
.Send
end with
Set oCdoConf = Nothing
Set oCdoMail = Nothing
End Sub %>

Related

Error when leaving input blank in ASP

I am developing a script to allow users to write to Active Directory. The problem is that, when I leave a field blank, it results in an error. When, however, I put a value in, even a space, it seems happy. I have the following code:
<%#LANGUAGE="VBScript">
%>
<%
if isEmpty(request.form("subval")) then
response.write("You did not submit the form, please <a href='ldap.asp'>go back</a>")
else
'If the subval field is empty, we know the form has been submitted OK
dim firstname, lastname, email, telephonenumber, mobile, description
ADUser = "LDAP://OU=Staff,OU=Users,DC=example,DC=internal"
' Make AD connection and run query
subval = request.querystring("account_name")
'This value held the CN earlier, it is now overwriten here
Set objCon = Server.CreateObject("ADODB.Connection")
objCon.provider ="ADsDSOObject"
objCon.Properties("User ID") = "EXAMPLE\Exampe"
objCon.Properties("Password") = "TestPassword"
objCon.Properties("Encrypt Password") = TRUE
objCon.open "Active Directory Provider"
Set objCom = CreateObject("ADODB.Command")
Set objCom.ActiveConnection = objCon
objCom.CommandText ="select sAMAccountName, distinguishedName FROM '"+ ADUser +"' where sAMAccountname='"& subval &"'"
Set objRS = objCom.Execute
distinguishedName = objRS.Fields("distinguishedName")
objRS.Close
objCon.Close
Set objRS = Nothing
Set objCom = Nothing
'We select the distinguishedName from AD
firstname = request.form("firstname")
lastname = request.form("lastname")
email = request.form("email")
telephonenumber = request.form("telephonenumber")
mobile = request.form("mobile")
description = request.form("description")
Const ADS_PROPERTY_UPDATE = 2
Set objUser = GetObject _ ("LDAP://" & distinguishedName)
if (IsNull(firstname)) Then
firstname = " "
end if
if (IsNull(lastname)) Then
lastname = " "
end if
if (IsNull(email)) Then
email = " "
end if
if (IsNull(telephonenumber)) Then
telephonenumber = " "
end if
if (IsNull(mobile)) Then
mobile = " "
end if
if (IsNull(description)) Then
description = " "
end if
objUser.Put "givenName", firstname
objUser.Put "mail", email
objUser.Put "sn", lastname
objUser.Put "mobile", mobile
objUser.Put "description", description
objUser.Put "telephoneNumber", telephonenumber
objUser.SetInfo
Response.Write("User data for "& subval &" has been modified")
end if
%>
The error I get whenever I leave a field blank is why I am trying to inject spaces into the variables since that seems to work in my form.
The error I get is on the SetInfo line
error '8007200b'
/updateldap.asp, line 68
I'm not sure what I can try since I've done all the stuff I can think of
8007200b = LDAP_INVALID_SYNTAX (The attribute syntax specified to the directory service is invalid)
I would say that you have worked out what the issue is. LDAP attributes cannot be NULL. You probably don't even need to have spaces, an empty string might work as well.
e.g.
if (IsNull(firstname)) Then
firstname = ""
end if

Any way of condensing this ASP.net System.Net.Mail code

I am using the code below to send an email alert when a user log in fails.
Is there a simpler way of writing this so that the email routine doesn't have to be written out twice like this, for users that exist and users that do not exist? Essentially I am looking for a more efficient way of writing this.
Thanks for any help.
Protected Sub LoginUser_LoginError(ByVal sender As Object, ByVal e As System.EventArgs) Handles LoginUser.LoginError
LoginUser.FailureText = "Invalid Username or Password - Please Try Again"
Dim UserName As TextBox = DirectCast(LoginUser.FindControl("UserName"), TextBox)
Dim CurrentUser As MembershipUser = Membership.GetUser(LoginUser.UserName)
If (CurrentUser IsNot Nothing) Then
If (CurrentUser.IsLockedOut = True) Then
LoginUser.FailureText = "Your account has been locked - Contact the system administrator"
ElseIf (CurrentUser.IsApproved = False) Then
LoginUser.FailureText = "Your account is disabled - Contact the system administrator"
End If
Dim Email_Error As New Thread(
Sub()
Dim mailObject As New System.Net.Mail.MailMessage()
Dim emailCredentials As New System.Net.NetworkCredential("email#domain.com", "password")
mailObject.To.Add("my#email.com")
If (CurrentUser.IsLockedOut = True) Then
mailObject.Subject = "User " & CurrentUser.ToString() & " is locked out"
ElseIf (CurrentUser.IsApproved = False) Then
mailObject.Subject = "User " & CurrentUser.ToString() & " is disabled"
Else
mailObject.Subject = "User " & CurrentUser.ToString() & " login failed"
End If
mailObject.From = New System.Net.Mail.MailAddress("info#domain.com")
mailObject.IsBodyHtml = True
If (CurrentUser.IsLockedOut = True) Then
mailObject.Body = "User is locked out"
ElseIf (CurrentUser.IsApproved = False) Then
mailObject.Body = "User is disabled"
Else
mailObject.Body = "User login failed"
End If
Dim SmtpMail As New System.Net.Mail.SmtpClient("smtp.email.com")
SmtpMail.UseDefaultCredentials = False
SmtpMail.EnableSsl = False
SmtpMail.Credentials = emailCredentials
SmtpMail.Port = 587
SmtpMail.Send(mailObject)
End Sub
)
Email_Error.Start()
Else
Dim Email_NoUser_Error As New Thread(
Sub()
Dim mailObject As New System.Net.Mail.MailMessage()
Dim emailCredentials As New System.Net.NetworkCredential("email#domain.com", "password")
mailObject.To.Add("my#email.com")
mailObject.Subject = "Unknown User " & UserName.Text() & " login failed"
mailObject.From = New System.Net.Mail.MailAddress("info#domain.com")
mailObject.IsBodyHtml = True
mailObject.Body = "Unknown User login failed"
Dim SmtpMail As New System.Net.Mail.SmtpClient("smtp.email.com")
SmtpMail.UseDefaultCredentials = False
SmtpMail.EnableSsl = False
SmtpMail.Credentials = emailCredentials
SmtpMail.Port = 587
SmtpMail.Send(mailObject)
End Sub
)
Email_NoUser_Error.Start()
End If
End Sub
I'd create the mailObject only once and set all the fields that stay the same, then call functions Email_Error and Email_NoUser_Error only to set those fields which vary, then after returning to the first function send it there.

Automatically Logging In User After Custom Membership Creation (not using Wizard)

I'm using the following code to create a user account on my vb.net website. The code is in a button click. It works fine as far creating the membership but when the user is redirected to the next page they are not logged in. Apparently "newUser.IsApproved = True" is not working. Any thoughts on what I'm doing wrong. I want the user to be automatically logged in after the membership is created.
Dim createStatus As MembershipCreateStatus
Try
Dim newUser As System.Web.Security.MembershipUser = Membership.CreateUser(txtinput_Email.Value, txtinput_Password.Value, txtinput_Email.Value)
newUser.IsApproved = True
Catch ex As Exception
LabelCreateAccountResults.Text = ex.Message
' MessageBox.Show("There's an error: " & vbCrLf & ex.ToString)
Response.Write("<script language='javascript'>alert('" & ex.Message & "')</script>")
Exit Sub
End Try
Select Case createStatus
Case MembershipCreateStatus.Success
LabelCreateAccountResults.Text = "The user account was successfully created!"
Response.Redirect("yo-delivery.aspx")
Case MembershipCreateStatus.DuplicateUserName
LabelCreateAccountResults.Text = "That username already exists."
Case MembershipCreateStatus.DuplicateEmail
LabelCreateAccountResults.Text = "A user with that Email address already exists."
Case MembershipCreateStatus.InvalidEmail
LabelCreateAccountResults.Text = "PLease enter a VALID email address."
Case MembershipCreateStatus.InvalidPassword
LabelCreateAccountResults.Text = "The password entered is invalid. Please enter a passoword with at least 4 characters."
Case Else
LabelCreateAccountResults.Text = "Unknown Error: Account NOT created."
End Select
OK perhaps look into something along these lines
Dim username__1 As String = Username.Text
Dim password__2 As String = Password.Text
If Membership.ValidateUser(username__1, password__2) Then
Dim ticket As New FormsAuthenticationTicket(1, username__1, DateTime.Now, DateTime.Now.AddMinutes(20), False, String.Empty, _
FormsAuthentication.FormsCookiePath)
Response.Cookies.Add(New HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket)) With { _
Key .Expires = ticket.Expiration, _
Key .Path = FormsAuthentication.FormsCookiePath _
})
If Not String.IsNullOrEmpty(Request.QueryString("returnurl")) Then
Response.Redirect(Request.QueryString("returnurl"))
End If
Response.Redirect("~/Home")
End If

Getting error when sending data through form (Office365)

I am trying to debug this issue when sending this information from a form, but I keep getting this error.
error '8004020e'
/contacthandler.asp, line 45
I have not done much work in asp, but I've managed to clean this file up a little bit from the previous developer (still had the error). The error happens at the .Send..forgot to clarify that.
Here is the code. Any help is appreciated.
'declare variables
dim name, phone, email, comment, service, returnPage
'set variables to the corresponding fields from contact form
name = request.form("custName")
phone = request.form("custPhone")
email = request.form("custEmail")
comment = request.form("custNotes")
service = request.form("service")
returnPage = request.form("page")
dim theEmail
' set the email content data
theEmail = "<h3>Contact from website, information below.</h3><table border='0'><tr><th>Customer Name:<td>"&name
theEmail = theEmail&"<tr><th>Phone Number:<td>"&phone&"<tr><th>Email Address:<td>"&email&"<tr><th>Service Category:<td>"&service
theEmail = theEmail&"<tr><th valign='top'>Comments/Notes:<td>"&comment&"</table>"
' send the email
dim sch
sch = "http://schemas.microsoft.com/cdo/configuration/"
Set cdoConfig = CreateObject("CDO.Configuration")
With cdoConfig.Fields
.Item(sch & "sendusing") = 2 ' cdoSendUsingPort
.Item(sch & "smtpserverport") = 587
.Item(sch & "smtpserver") = "smtp.office365.com"
.Item(sch & "smtpauthenticate") = 1
.Item(sch & "sendusername") = "########"
.Item(sch & "sendpassword") = "########"
.update
End With
Set cdoMessage = CreateObject("CDO.Message")
With cdoMessage
Set .Configuration = cdoConfig
.From = name & "<" & email & ">"
.To = "info#mywebsite.com"
.Subject = "Website - "&service&" Request"
.HTMLBody = theEmail
.Send
End With
Set cdoMessage = Nothing
Set cdoConfig = Nothing
'response.write "sent, check the mail"
response.redirect "thankyou.asp"
'returnPage&".asp"
MSDN (http://msdn.microsoft.com/en-us/library/ms527318%28v=exchg.10%29.aspx) suggests you need to format your .From field as follows:
.From """" & name & """ <" & email & ">"
I used Google to look up the error code and I found lots of sites they meant there is an issue with sending the data. That can be another source of trouble.
What will happen if you replace
.Item(sch & "sendusing") = 2 ' cdoSendUsingPort
by
.Item(cdoSendUsingMethod) = 1 'cdoSendUsingPickup
Additional try it without any comments.

how to display the username after login instead of login and register form

i have created a login page using ASP classic.
The problem is that after the login it redirect to the index page with the same login and register button instead of display the username or email id?
Thanks in advance...
Here is the code(VBScript).
<%
email = ""
password = ""
ErrorMessage = ""
if request.form <> "" then
email = Request.Form("email")
password = Request.Form("password")
if email = "" or password = "" then
ErrorMessage = "You must specify a username and password."
else
set conn = Server.CreateObject("ADODB.Connection")
conn.Provider = "Microsoft.Jet.OLEDB.4.0"
conn.Open("F:\main\main\App_Data\Users.mdb")
set rs = Server.CreateObject("ADODB.recordset")
rs.Open "Select * FROM Login WHERE Email = '" & email & "'", conn
response.write("email")
if rs.EOF = false then
if rs.fields("Password") = password then
Response.Redirect("indexs.asp")
end if
end if
ErrorMessage = "Login failed"
end if
end if
if ErrorMessage <> "" then
response.write("<p>" & ErrorMessage & "</p>")
response.write("<p>Please correct the errors and try again.</p>")
end if
%>
Set a session variable before you redirect to index.asp eg
Session("username") = rs("username")
You can then use the session variable in a conditional statement on your index page eg
If session("username") = "" Then
'your login form goes here
else
response.write "Welcome "+ session("username")
End If

Resources