%@LANGUAGE="VBSCRIPT"%> <% if session("admin") <> "TRUE" then response.redirect("../index.asp")%> <% 'Generate Password for new user NUMLOWER = 48 ' 48 = 0 NUMUPPER = 57 ' 57 = 9 LOWERBOUND = 65 ' 65 = A UPPERBOUND = 90 ' 90 = Z LOWERBOUND1 = 97 ' 97 = a UPPERBOUND1 = 122 ' 122 = z PASSWORD_LENGTH = 6 ' initialize the random number generator Randomize() newPassword = "" count = 0 DO UNTIL count = PASSWORD_LENGTH ' generate a num between 2 and 10 ; ' if num > 4 create an uppercase else create lowercase If Int( ( 10 - 2 + 1 ) * Rnd + 2 ) > 4 Then pwd = Int( ( UPPERBOUND - LOWERBOUND + 1 ) * Rnd + LOWERBOUND ) Else pwd = Int( ( UPPERBOUND1 - LOWERBOUND1 + 1 ) * Rnd + LOWERBOUND1 ) End If newPassword = newPassword + Chr( pwd ) count = count + 1 Loop generatePassword = newPassword ' End Password Gen %> <% ' *** Edit Operations: declare variables MM_editAction = CStr(Request("URL")) If (Request.QueryString <> "") Then MM_editAction = MM_editAction & "?" & Request.QueryString End If ' boolean to abort record edit MM_abortEdit = false ' query string to execute MM_editQuery = "" %> <% ' *** Insert Record: set variables If (CStr(Request("MM_insert")) <> "") Then MM_editConnection = MM_workspace_STRING MM_editTable = "users" MM_editRedirectUrl = "../../forum/do_forum.asp?username=" & request.form("username") & "&password=" & request.form("password") & "&firstname=" & request.form("firstname") & "&lastname=" & request.form("lastname") & "&email=" & request.form("email") MM_fieldsStr = "username|value|password|value|fullname|value|email|value|address|value|telephone|value|fax|value|mobile|value|administrator|value" MM_columnsStr = "username|',none,''|password|',none,''|fullname|',none,''|email|',none,''|address|',none,''|telephone|',none,''|fax|',none,''|mobile|',none,''|administrator|none,'Y','N'" ' create the MM_fields and MM_columns arrays MM_fields = Split(MM_fieldsStr, "|") MM_columns = Split(MM_columnsStr, "|") ' set the form values For i = LBound(MM_fields) To UBound(MM_fields) Step 2 MM_fields(i+1) = CStr(Request.Form(MM_fields(i))) Next ' append the query string to the redirect URL If (MM_editRedirectUrl <> "" And Request.QueryString <> "") Then If (InStr(1, MM_editRedirectUrl, "?", vbTextCompare) = 0 And Request.QueryString <> "") Then MM_editRedirectUrl = MM_editRedirectUrl & "?" & Request.QueryString Else MM_editRedirectUrl = MM_editRedirectUrl & "&" & Request.QueryString End If End If End If %> <% ' *** Insert Record: construct a sql insert statement and execute it If (CStr(Request("MM_insert")) <> "") Then ' create the sql insert statement MM_tableValues = "" MM_dbValues = "" For i = LBound(MM_fields) To UBound(MM_fields) Step 2 FormVal = MM_fields(i+1) MM_typeArray = Split(MM_columns(i+1),",") Delim = MM_typeArray(0) If (Delim = "none") Then Delim = "" AltVal = MM_typeArray(1) If (AltVal = "none") Then AltVal = "" EmptyVal = MM_typeArray(2) If (EmptyVal = "none") Then EmptyVal = "" If (FormVal = "") Then FormVal = EmptyVal Else If (AltVal <> "") Then FormVal = AltVal ElseIf (Delim = "'") Then ' escape quotes FormVal = "'" & Replace(FormVal,"'","''") & "'" Else FormVal = Delim + FormVal + Delim End If End If If (i <> LBound(MM_fields)) Then MM_tableValues = MM_tableValues & "," MM_dbValues = MM_dbValues & "," End if MM_tableValues = MM_tableValues & MM_columns(i) MM_dbValues = MM_dbValues & FormVal Next MM_editQuery = "insert into " & MM_editTable & " (" & MM_tableValues & ") values (" & MM_dbValues & ")" If (Not MM_abortEdit) Then ' execute the insert Set MM_editCmd = Server.CreateObject("ADODB.Command") MM_editCmd.ActiveConnection = MM_editConnection MM_editCmd.CommandText = MM_editQuery MM_editCmd.Execute MM_editCmd.ActiveConnection.Close If (MM_editRedirectUrl <> "") Then Response.Redirect(MM_editRedirectUrl) End If End If End If %>