<%
Function fOLDLoginUser( stremail_address, strPlainPassword )
Dim fOLDLoginUserRS
Dim intPK, strDBPassword, strPassword, strSalt, arrayPassword, strPassString, strEncryptedPassword
strSQL = "select customers_id, customers_password " & _
"from customers " & _
"where customers.customers_email_address = '" & stremail_address & "' "
set fOLDLoginUserRS = objDMAConn.execute(strSQL)
With fOLDLoginUserRS
if not .eof then
strDBPassword = .fields("customers_password").value
intPK = CLng(.fields("customers_id").value)
arrayPassword = Split(strDBPassword,":")
strPassword = arrayPassword(0)
strSalt = arrayPassword(1)
strPassString = strSalt & strPlainPassword
strEncryptedPassword = calcMD5(CStr(strPassString))
if LCase(strEncryptedPassword) = LCase(strPassword) then
fOLDLoginUser = intPK
end if
else
fOLDLoginUser = 0
end if
End With
fOLDLoginUserRS.Close
If fOLDLoginUser <> 0 then
strSQL = "select customers_gender, customers_firstname,customers_lastname,customers_dob, "
strSQL = strSQL & "customers_telephone,customers_mobile,customers_fax,customers_newsletter, "
strSQL = strSQL & "entry_company,entry_street_address,entry_suburb,entry_postcode,entry_city,entry_state "
strSQL = strSQL & "from customers inner join address_book on address_book.customers_id = customers.customers_id "
strSQL = strSQL & "where address_book.address_book_id = customers.customers_default_address_id "
strSQL = strSQL & "and customers.customers_id = " & fOLDLoginUser
set fOLDLoginUserRS = objDMAConn.execute(strSQL)
With fOLDLoginUserRS
if not .eof then
Dim intCustomerID
strPassword = calcMD5(CStr(strPlainPassword))
sCreateAccount .fields("customers_gender").value, .fields("customers_firstname").value, .fields("customers_lastname").value, .fields("customers_dob").value, stremail_address, .fields("entry_company").value, .fields("entry_street_address").value, .fields("entry_suburb").value, .fields("entry_city").value, .fields("entry_state").value, .fields("entry_postcode").value, 179, .fields("customers_telephone").value, .fields("customers_fax").value, strPassword, intCustomerID
'Log the new user in
if CLng(intCustomerID) <> 0 then
'Force the user through a login
intCustomerID = fLoginUser( stremail_address, strPassword)
Session("CustomerID") = intCustomerID
if Request("accessdenied") <> "" then
response.Redirect(Request("accessdenied"))
else
response.Redirect(fGenerateLink("account.asp"))
end if
end if
end if
End With
fOLDLoginUserRS.Close
end if
Set fOLDLoginUserRS = Nothing
End Function
Dim strSuccessMsg
Dim strErrorMsg
strSuccessMsg = request("successmsg")
strErrorMsg = request("errormsg")
if LCase(request.form("action")) = "process" then
'Process Login Request
Dim strUsername, strPassWord, intLoginCustomerID
Dim objDMAConn 'Global Connection Object
Set objDMAConn = CreateObject("ADODB.Connection")
objDMAConn.Open "Driver={MySQL ODBC 3.51 Driver}; SERVER=localhost; DATABASE=dma; UID=dmauser; PWD=dmauser"
strPassword = request.form("password")
strUsername = request.form("email_address")
intLoginCustomerID = fOLDLoginUser( strUsername, strPassword)
if CLng(intLoginCustomerID) <> 0 then
' Match Found and Transferred to New System
else
strErrorMsg = "ERROR: NO MATCH FOR EMAIL ADDRESS AND / OR PASSWORD."
end if
'Close Down our Global Connection Object
objDMAConn.Close
Set objDMAConn = Nothing
end if
%>
<% strPageTitle = Application("STORE_NAME") & " Login" %>
