473,386 Members | 1,753 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp / active server pages > questions > retrieve the same password

Join Bytes to post your question to a community of 473,386 software developers and data experts.

Retrieve the same password

Hello everyone, I'm new to ASP. I'm trying to do is if the user forgot the password, will ask for email and he/she goes to email retrieve the same password from the database. My problem is the database password is all encrypted and if i retrieve it is gonna show the encrypted password as well. Please help. Thanks




Expand|Select|Wrap|Line Numbers
  1. <!--#include file="include_login_header.asp" -->
  2. <%@Language = JScript %>
  3. <% Response.Buffer = true; %>
  4. <!--#include virtual="/medacist_admin/globals.asp" -->
  5. <%
  6.  
  7.     if (String(Session("health_system_code")).replace("undefined","") == "" ||
  8.         String(Session("facility_code")).replace("undefined","") == "" ||
  9.         String(Session("username")).replace("undefined","") == "") {
  10.          Response.Write("Please <a target=\"_blank\" href=\"" + BASE_HOST_URL + "/login/" + "client_login.asp\">login</a>");
  11.          Response.End();
  12.     }
  13.     var mregion = String(Session("region")).replace("undefined","");
  14. %>
  15. <br>
  16. <div align=center>
  17. <link rel="stylesheet" href="css/styles.css">
  18. <h2>Medacist Client Services - Change Password</h2>
  19. <%
  20. var sErrorDisplay="";
  21. // make sure you can't get to new_password directly.
  22. if (String(Session("one_time_use_flag")) == "Y") {
  23.     Response.Redirect("new_password.asp");
  24. }
  25.  
  26. if (Request.ServerVariables("REQUEST_METHOD") == "POST") {
  27.     var nFailureCount=0;
  28.     nFailureCount = Session("failure_count")==undefined ? 0 : Session("failure_count");
  29.  
  30.     var sError ="";
  31.  
  32.     var sOldPass = String(Request.Form("old_password")).replace("undefined","");
  33.     var sNewPass = String(Request.Form("new_password")).replace("undefined","");
  34.     var sConfirmNewPass = String(Request.Form("confirm_new_password")).replace("undefined","");
  35.  
  36.  
  37.     if (sOldPass == "") {
  38.         sError += ",Old Password is required";
  39.     }
  40.  
  41.     if (sNewPass == "") {
  42.         sError += ",New Password is required";
  43.     }
  44.     if (sConfirmNewPass == "") {
  45.         sError += ",Confirm Password is required";
  46.     }
  47.  
  48.     if (sNewPass != sConfirmNewPass) {
  49.         sError += ",New password and Confirm New password do not match";
  50.     }
  51.  
  52.  
  53.     var rsOldPass = execSQL("select cast(md5(?)as char) hash_password, medacist_password " +
  54.                              " from medacist_user " +
  55.                             " where health_system_code = ? " +
  56.                               " and facility_code = ? " +
  57.                                " and username = ? ",
  58.                          Array(sOldPass,Session("health_system_code"),Session("facility_code"),Session("username")));
  59.  
  60.  
  61.     if (String(rsOldPass.fields("medacist_password").value) != String(rsOldPass.fields("hash_password").value)) {
  62.  
  63.         if (nFailureCount >= Application("MAX_ATTEMPT")) {
  64.             execSQL("update medacist_user set locked_out_flag = 'Y', locked_out_date_time=Now() " +
  65.                     " where health_system_code = ? and facility_code = ? and username = ?",
  66.                     Array(Session("health_system_code"),Session("facility_code"),Session("username")));
  67.  
  68.             logAccess(Session("health_system_code"),Session("facility_code"),Session("username"),"LOCKOUT","failure. Max attempt count exceeded. Account has been locked out. failure count:" + nFailureCount);
  69.             Session.Abandon();
  70.             Response.Redirect("account_locked.asp");
  71.         }
  72.  
  73.         nFailureCount++;
  74.         logAccess(Session("health_system_code"),Session("facility_code"),Session("username"),"CHANGE_PASSWORD","failure. failure count=" + nFailureCount + " ,password attempted:" + sOldPass);
  75.         Session("failure_count") = nFailureCount;
  76.         sError += ",Old Password is incorrect";
  77.  
  78.     }
  79.  
  80.  
  81.     if (sError.length == 0 ) {
  82.         var rsPass = execSQL("select medacist_password " +
  83.                               " from medacist_password_hist " +
  84.                              " where health_system_code = ? " +
  85.                                " and facility_code = ? " +
  86.                                " and username = ? ",
  87.                              Array(Session("health_system_code"),Session("facility_code"),Session("username")));
  88.  
  89.         if (!rsPass.Eof) {
  90.             while (!rsPass.Eof && sError.length == 0) {
  91.                 if (sNewPass == rsPass.fields("medacist_password").value) {
  92.                     sError += ",Passwords cannot be reused.";
  93.                 } else if (sNewPass.indexOf(rsPass.fields("medacist_password").value)>-1) {
  94.                     sError += ",New password is too similiar to previous one";
  95.                 }
  96.                 rsPass.moveNext();
  97.             }
  98.         }
  99.     }
  100.  
  101.     // check if it's legal
  102.  
  103.     if (sError.length==0) {
  104.         if (!validatePassword(sNewPass)) {
  105.             sError += ",Invalid password. Must contain upper and lower case letters, Contain numbers, Between 8 and 12 characters in length,Contain a symbol"
  106.         }
  107.     }
  108.  
  109.     if (sError != "") {
  110.         sError = sError.substr(1);
  111.         var vError = sError.split(",");
  112.         sErrorDisplay = "<ul>";
  113.     for (var v in vError) {
  114.             if (vError[v] != "")
  115.                 sErrorDisplay += "<li>" + vError[v] + "</li>\n";
  116.         }
  117.     sErrorDisplay += "</ul>";
  118.     } else {
  119.  
  120.  
  121.         execSQL("update medacist_user \n" +
  122.                   " set password_creation_date_time = Now(), \n" +
  123.                       " password_expiration_date_time = date_add(now(),INTERVAL ? DAY), \n" +
  124.                       " medacist_password=md5(?), \n" +
  125.                       " one_time_use_flag='N'  \n" +
  126.                 " where health_system_code= ?  \n" +
  127.                   " and facility_code = ?  \n" +
  128.                   " and username = lower(?)",Array(PASSWORD_EXPIRATION,sNewPass,Session("health_system_code"),Session("facility_code"),Session("username")));
  129.  
  130.         execSQL("insert into medacist_password_hist (health_system_code,facility_code," +
  131.                 " username,medacist_password) values (?,?,?,?)",
  132.                 Array(Session("health_system_code"),Session("facility_code"),Session("username"),sOldPass));
  133.  
  134.         logAccess(Session("health_system_code"),Session("facility_code"),Session("username"),"CHANGE_PASSWORD","success. password changed");
  135.  
  136.         var rsExpire = execSQL("select DATE_FORMAT(password_expiration_date_time,'%m/%e/%Y %H:%i:%s')  password_expiration_date_time " +
  137.                        " from medacist_user where health_system_code= ? and facility_code = ? and username = lower(?)",
  138.                        Array(Session("health_system_code"),Session("facility_code"),Session("username")));
  139.  
  140.         Session("logged_in") = "Y";
  141.         Session("failure_count") = 0;
  142.  
  143.         Session("password_expiration_date_time") = rsExpire.fields("password_expiration_date_time").value;
  144.         if (mregion == null  || mregion == '') {
  145.             Response.Write("Password changed. <a href=\"client_data.asp\">Click here</a> to continue.");
  146.         } else {
  147.             Response.Write("Password changed. <a href=\"client_data_S.asp\">Click here</a> to continue.");
  148.         }
  149.         Response.End();
  150.     }
  151.  
  152.  
  153. }
  154.  
  155. Response.Write(sErrorDisplay);
  156. %>
  157.  
  158. <form name="change_password" action="<%=BASE_HOST_URL + /login/%>change_password.asp" method="post">
  159.  
  160. <table>
  161. <tr><td>Health System code</td><td><%=Session("health_system_code")%></td></tr>
  162. <tr><td>Facility code</td><td><%=Session("facility_code")%></td></tr>
  163. <tr><td>User Name</td><td><%=Session("username")%></td></tr>
  164. <tr><td>Old Password</td><td><input type="password" name="old_password"></td></tr>
  165. <tr><td>New Password</td><td><input type="password" name="new_password"></td></tr>
  166. <tr><td>Confirm New Password</td><td><input type="password" name="confirm_new_password"></td></tr>
  167. </table>
  168.  
  169. <table width="400"><tr><td bgcolor="#ffffcc">
  170. Note that passwords must contain a mixture of upper and lower case letters, numbers, be between 8 and 12 characters in length and contain a symbol.
  171. </td></tr></table>
  172. <br>
  173. <input type="submit" value="Change Password">
  174. </form>
  175. </div>
  176. <!--#include file="include_login_footer.asp" -->
  177.  
Jan 7 '15 #1
0 2184

Sign in to post your reply or Sign up for a free account.

Similar topics

1
Password Retrival
by: Java_Script_user | last post by:
Hello: I would like to how to retrieve a password from mySQL database using PHP. I have a databse with user login and password. The login is in the form of an email. I would like to know how to...
PHP
13
Authenticate a user using same password as linux password
by: joltman | last post by:
We're working on an intranet site where we will require user's to only be able to access their own page in some instances. Rather than introducing another password to the mix, we were thinking...
PHP
21
Database Password
by: Keith W | last post by:
I have some code which uses the now unsupported "ChrB" function. The code worked in A97 but does not with A2k3. Can anyone tell me what the following arguments equate to? Many thanks. ...
Microsoft Access / VBA
3
I saved password into the database with "binary" data type from GetByte method. How can I to compare the password that between database and transfered from the page?
by: Benny Ng | last post by:
Dear all, The following is the source. The password is encrypted and saved into the Binary in SQL2K. Now I want to create a new page to compare the existed password and the password that in the...
.NET Framework
4
Need username/password setup help
by: arad | last post by:
I'm adding some pages to a website for a client and one of the options the client wants is for his employees to be able to login into a separate page for employees only, where they can retrieve...
Javascript
9
check a user password
by: webrod | last post by:
Hi all, how can I check a user/password in a LDAP ? I don't want to connect with this user, I would like to connect to LDAP with a ADMIN_LOG/ADMIN_PWD, then do a query to find the user and...
C# / C Sharp
3
Places to store a password
by: eggie5 | last post by:
I'm looking for the best place to store a general password I use on my website. Short of hard coding it into one of my aspx.cs files, I'm trying to find a good place to store it. The only place I...
ASP.NET
6
Possible to retrieve password of current application pool
by: Dylan Nicholson | last post by:
Running as an administrator, I can retrieve the account password stored by IIS for any application pool (using the WAMUserPass property). But, unsurprisingly, an ASP.NET application running inside...
ASP.NET
3
Entering username & password automatically using urllib.urlopen
by: rodrigo | last post by:
I am trying to retrieve a password protected page using: get = urllib.urlopen('http://password.protected.url"').read() While doing this interactively, I'm asked for the username, then the...
Python
2
how i retrieve the users password from mysql database
by: santhanalakshmi | last post by:
Hi, Please help me out..... I have created an user in the Mysql database with the password. user : san password : san ...
MySQL Database
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!