By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,162 Members | 1,050 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,162 IT Pros & Developers. It's quick & easy.

Retrieve the same password

P: 2
Hello everyone, I'm new to ASP. I'm trying to do is if the user forgot the password, will ask for email and he/she goes to email retrieve the same password from the database. My problem is the database password is all encrypted and if i retrieve it is gonna show the encrypted password as well. Please help. Thanks




Expand|Select|Wrap|Line Numbers
  1. <!--#include file="include_login_header.asp" -->
  2. <%@Language = JScript %>
  3. <% Response.Buffer = true; %>
  4. <!--#include virtual="/medacist_admin/globals.asp" -->
  5. <%
  6.  
  7.     if (String(Session("health_system_code")).replace("undefined","") == "" ||
  8.         String(Session("facility_code")).replace("undefined","") == "" ||
  9.         String(Session("username")).replace("undefined","") == "") {
  10.          Response.Write("Please <a target=\"_blank\" href=\"" + BASE_HOST_URL + "/login/" + "client_login.asp\">login</a>");
  11.          Response.End();
  12.     }
  13.     var mregion = String(Session("region")).replace("undefined","");
  14. %>
  15. <br>
  16. <div align=center>
  17. <link rel="stylesheet" href="css/styles.css">
  18. <h2>Medacist Client Services - Change Password</h2>
  19. <%
  20. var sErrorDisplay="";
  21. // make sure you can't get to new_password directly.
  22. if (String(Session("one_time_use_flag")) == "Y") {
  23.     Response.Redirect("new_password.asp");
  24. }
  25.  
  26. if (Request.ServerVariables("REQUEST_METHOD") == "POST") {
  27.     var nFailureCount=0;
  28.     nFailureCount = Session("failure_count")==undefined ? 0 : Session("failure_count");
  29.  
  30.     var sError ="";
  31.  
  32.     var sOldPass = String(Request.Form("old_password")).replace("undefined","");
  33.     var sNewPass = String(Request.Form("new_password")).replace("undefined","");
  34.     var sConfirmNewPass = String(Request.Form("confirm_new_password")).replace("undefined","");
  35.  
  36.  
  37.     if (sOldPass == "") {
  38.         sError += ",Old Password is required";
  39.     }
  40.  
  41.     if (sNewPass == "") {
  42.         sError += ",New Password is required";
  43.     }
  44.     if (sConfirmNewPass == "") {
  45.         sError += ",Confirm Password is required";
  46.     }
  47.  
  48.     if (sNewPass != sConfirmNewPass) {
  49.         sError += ",New password and Confirm New password do not match";
  50.     }
  51.  
  52.  
  53.     var rsOldPass = execSQL("select cast(md5(?)as char) hash_password, medacist_password " +
  54.                              " from medacist_user " +
  55.                             " where health_system_code = ? " +
  56.                               " and facility_code = ? " +
  57.                                " and username = ? ",
  58.                          Array(sOldPass,Session("health_system_code"),Session("facility_code"),Session("username")));
  59.  
  60.  
  61.     if (String(rsOldPass.fields("medacist_password").value) != String(rsOldPass.fields("hash_password").value)) {
  62.  
  63.         if (nFailureCount >= Application("MAX_ATTEMPT")) {
  64.             execSQL("update medacist_user set locked_out_flag = 'Y', locked_out_date_time=Now() " +
  65.                     " where health_system_code = ? and facility_code = ? and username = ?",
  66.                     Array(Session("health_system_code"),Session("facility_code"),Session("username")));
  67.  
  68.             logAccess(Session("health_system_code"),Session("facility_code"),Session("username"),"LOCKOUT","failure. Max attempt count exceeded. Account has been locked out. failure count:" + nFailureCount);
  69.             Session.Abandon();
  70.             Response.Redirect("account_locked.asp");
  71.         }
  72.  
  73.         nFailureCount++;
  74.         logAccess(Session("health_system_code"),Session("facility_code"),Session("username"),"CHANGE_PASSWORD","failure. failure count=" + nFailureCount + " ,password attempted:" + sOldPass);
  75.         Session("failure_count") = nFailureCount;
  76.         sError += ",Old Password is incorrect";
  77.  
  78.     }
  79.  
  80.  
  81.     if (sError.length == 0 ) {
  82.         var rsPass = execSQL("select medacist_password " +
  83.                               " from medacist_password_hist " +
  84.                              " where health_system_code = ? " +
  85.                                " and facility_code = ? " +
  86.                                " and username = ? ",
  87.                              Array(Session("health_system_code"),Session("facility_code"),Session("username")));
  88.  
  89.         if (!rsPass.Eof) {
  90.             while (!rsPass.Eof && sError.length == 0) {
  91.                 if (sNewPass == rsPass.fields("medacist_password").value) {
  92.                     sError += ",Passwords cannot be reused.";
  93.                 } else if (sNewPass.indexOf(rsPass.fields("medacist_password").value)>-1) {
  94.                     sError += ",New password is too similiar to previous one";
  95.                 }
  96.                 rsPass.moveNext();
  97.             }
  98.         }
  99.     }
  100.  
  101.     // check if it's legal
  102.  
  103.     if (sError.length==0) {
  104.         if (!validatePassword(sNewPass)) {
  105.             sError += ",Invalid password. Must contain upper and lower case letters, Contain numbers, Between 8 and 12 characters in length,Contain a symbol"
  106.         }
  107.     }
  108.  
  109.     if (sError != "") {
  110.         sError = sError.substr(1);
  111.         var vError = sError.split(",");
  112.         sErrorDisplay = "<ul>";
  113.     for (var v in vError) {
  114.             if (vError[v] != "")
  115.                 sErrorDisplay += "<li>" + vError[v] + "</li>\n";
  116.         }
  117.     sErrorDisplay += "</ul>";
  118.     } else {
  119.  
  120.  
  121.         execSQL("update medacist_user \n" +
  122.                   " set password_creation_date_time = Now(), \n" +
  123.                       " password_expiration_date_time = date_add(now(),INTERVAL ? DAY), \n" +
  124.                       " medacist_password=md5(?), \n" +
  125.                       " one_time_use_flag='N'  \n" +
  126.                 " where health_system_code= ?  \n" +
  127.                   " and facility_code = ?  \n" +
  128.                   " and username = lower(?)",Array(PASSWORD_EXPIRATION,sNewPass,Session("health_system_code"),Session("facility_code"),Session("username")));
  129.  
  130.         execSQL("insert into medacist_password_hist (health_system_code,facility_code," +
  131.                 " username,medacist_password) values (?,?,?,?)",
  132.                 Array(Session("health_system_code"),Session("facility_code"),Session("username"),sOldPass));
  133.  
  134.         logAccess(Session("health_system_code"),Session("facility_code"),Session("username"),"CHANGE_PASSWORD","success. password changed");
  135.  
  136.         var rsExpire = execSQL("select DATE_FORMAT(password_expiration_date_time,'%m/%e/%Y %H:%i:%s')  password_expiration_date_time " +
  137.                        " from medacist_user where health_system_code= ? and facility_code = ? and username = lower(?)",
  138.                        Array(Session("health_system_code"),Session("facility_code"),Session("username")));
  139.  
  140.         Session("logged_in") = "Y";
  141.         Session("failure_count") = 0;
  142.  
  143.         Session("password_expiration_date_time") = rsExpire.fields("password_expiration_date_time").value;
  144.         if (mregion == null  || mregion == '') {
  145.             Response.Write("Password changed. <a href=\"client_data.asp\">Click here</a> to continue.");
  146.         } else {
  147.             Response.Write("Password changed. <a href=\"client_data_S.asp\">Click here</a> to continue.");
  148.         }
  149.         Response.End();
  150.     }
  151.  
  152.  
  153. }
  154.  
  155. Response.Write(sErrorDisplay);
  156. %>
  157.  
  158. <form name="change_password" action="<%=BASE_HOST_URL + /login/%>change_password.asp" method="post">
  159.  
  160. <table>
  161. <tr><td>Health System code</td><td><%=Session("health_system_code")%></td></tr>
  162. <tr><td>Facility code</td><td><%=Session("facility_code")%></td></tr>
  163. <tr><td>User Name</td><td><%=Session("username")%></td></tr>
  164. <tr><td>Old Password</td><td><input type="password" name="old_password"></td></tr>
  165. <tr><td>New Password</td><td><input type="password" name="new_password"></td></tr>
  166. <tr><td>Confirm New Password</td><td><input type="password" name="confirm_new_password"></td></tr>
  167. </table>
  168.  
  169. <table width="400"><tr><td bgcolor="#ffffcc">
  170. Note that passwords must contain a mixture of upper and lower case letters, numbers, be between 8 and 12 characters in length and contain a symbol.
  171. </td></tr></table>
  172. <br>
  173. <input type="submit" value="Change Password">
  174. </form>
  175. </div>
  176. <!--#include file="include_login_footer.asp" -->
  177.  
Jan 7 '15 #1
Share this question for a faster answer!
Share on Google+

Post your reply

Sign in to post your reply or Sign up for a free account.