Expand|Select|Wrap|Line Numbers
- <!--#include file="include_login_header.asp" -->
- <%@Language = JScript %>
- <% Response.Buffer = true; %>
- <!--#include virtual="/medacist_admin/globals.asp" -->
- <%
- if (String(Session("health_system_code")).replace("undefined","") == "" ||
- String(Session("facility_code")).replace("undefined","") == "" ||
- String(Session("username")).replace("undefined","") == "") {
- Response.Write("Please <a target=\"_blank\" href=\"" + BASE_HOST_URL + "/login/" + "client_login.asp\">login</a>");
- Response.End();
- }
- var mregion = String(Session("region")).replace("undefined","");
- %>
- <br>
- <div align=center>
- <link rel="stylesheet" href="css/styles.css">
- <h2>Medacist Client Services - Change Password</h2>
- <%
- var sErrorDisplay="";
- // make sure you can't get to new_password directly.
- if (String(Session("one_time_use_flag")) == "Y") {
- Response.Redirect("new_password.asp");
- }
- if (Request.ServerVariables("REQUEST_METHOD") == "POST") {
- var nFailureCount=0;
- nFailureCount = Session("failure_count")==undefined ? 0 : Session("failure_count");
- var sError ="";
- var sOldPass = String(Request.Form("old_password")).replace("undefined","");
- var sNewPass = String(Request.Form("new_password")).replace("undefined","");
- var sConfirmNewPass = String(Request.Form("confirm_new_password")).replace("undefined","");
- if (sOldPass == "") {
- sError += ",Old Password is required";
- }
- if (sNewPass == "") {
- sError += ",New Password is required";
- }
- if (sConfirmNewPass == "") {
- sError += ",Confirm Password is required";
- }
- if (sNewPass != sConfirmNewPass) {
- sError += ",New password and Confirm New password do not match";
- }
- var rsOldPass = execSQL("select cast(md5(?)as char) hash_password, medacist_password " +
- " from medacist_user " +
- " where health_system_code = ? " +
- " and facility_code = ? " +
- " and username = ? ",
- Array(sOldPass,Session("health_system_code"),Session("facility_code"),Session("username")));
- if (String(rsOldPass.fields("medacist_password").value) != String(rsOldPass.fields("hash_password").value)) {
- if (nFailureCount >= Application("MAX_ATTEMPT")) {
- execSQL("update medacist_user set locked_out_flag = 'Y', locked_out_date_time=Now() " +
- " where health_system_code = ? and facility_code = ? and username = ?",
- Array(Session("health_system_code"),Session("facility_code"),Session("username")));
- logAccess(Session("health_system_code"),Session("facility_code"),Session("username"),"LOCKOUT","failure. Max attempt count exceeded. Account has been locked out. failure count:" + nFailureCount);
- Session.Abandon();
- Response.Redirect("account_locked.asp");
- }
- nFailureCount++;
- logAccess(Session("health_system_code"),Session("facility_code"),Session("username"),"CHANGE_PASSWORD","failure. failure count=" + nFailureCount + " ,password attempted:" + sOldPass);
- Session("failure_count") = nFailureCount;
- sError += ",Old Password is incorrect";
- }
- if (sError.length == 0 ) {
- var rsPass = execSQL("select medacist_password " +
- " from medacist_password_hist " +
- " where health_system_code = ? " +
- " and facility_code = ? " +
- " and username = ? ",
- Array(Session("health_system_code"),Session("facility_code"),Session("username")));
- if (!rsPass.Eof) {
- while (!rsPass.Eof && sError.length == 0) {
- if (sNewPass == rsPass.fields("medacist_password").value) {
- sError += ",Passwords cannot be reused.";
- } else if (sNewPass.indexOf(rsPass.fields("medacist_password").value)>-1) {
- sError += ",New password is too similiar to previous one";
- }
- rsPass.moveNext();
- }
- }
- }
- // check if it's legal
- if (sError.length==0) {
- if (!validatePassword(sNewPass)) {
- sError += ",Invalid password. Must contain upper and lower case letters, Contain numbers, Between 8 and 12 characters in length,Contain a symbol"
- }
- }
- if (sError != "") {
- sError = sError.substr(1);
- var vError = sError.split(",");
- sErrorDisplay = "<ul>";
- for (var v in vError) {
- if (vError[v] != "")
- sErrorDisplay += "<li>" + vError[v] + "</li>\n";
- }
- sErrorDisplay += "</ul>";
- } else {
- execSQL("update medacist_user \n" +
- " set password_creation_date_time = Now(), \n" +
- " password_expiration_date_time = date_add(now(),INTERVAL ? DAY), \n" +
- " medacist_password=md5(?), \n" +
- " one_time_use_flag='N' \n" +
- " where health_system_code= ? \n" +
- " and facility_code = ? \n" +
- " and username = lower(?)",Array(PASSWORD_EXPIRATION,sNewPass,Session("health_system_code"),Session("facility_code"),Session("username")));
- execSQL("insert into medacist_password_hist (health_system_code,facility_code," +
- " username,medacist_password) values (?,?,?,?)",
- Array(Session("health_system_code"),Session("facility_code"),Session("username"),sOldPass));
- logAccess(Session("health_system_code"),Session("facility_code"),Session("username"),"CHANGE_PASSWORD","success. password changed");
- var rsExpire = execSQL("select DATE_FORMAT(password_expiration_date_time,'%m/%e/%Y %H:%i:%s') password_expiration_date_time " +
- " from medacist_user where health_system_code= ? and facility_code = ? and username = lower(?)",
- Array(Session("health_system_code"),Session("facility_code"),Session("username")));
- Session("logged_in") = "Y";
- Session("failure_count") = 0;
- Session("password_expiration_date_time") = rsExpire.fields("password_expiration_date_time").value;
- if (mregion == null || mregion == '') {
- Response.Write("Password changed. <a href=\"client_data.asp\">Click here</a> to continue.");
- } else {
- Response.Write("Password changed. <a href=\"client_data_S.asp\">Click here</a> to continue.");
- }
- Response.End();
- }
- }
- Response.Write(sErrorDisplay);
- %>
- <form name="change_password" action="<%=BASE_HOST_URL + /login/%>change_password.asp" method="post">
- <table>
- <tr><td>Health System code</td><td><%=Session("health_system_code")%></td></tr>
- <tr><td>Facility code</td><td><%=Session("facility_code")%></td></tr>
- <tr><td>User Name</td><td><%=Session("username")%></td></tr>
- <tr><td>Old Password</td><td><input type="password" name="old_password"></td></tr>
- <tr><td>New Password</td><td><input type="password" name="new_password"></td></tr>
- <tr><td>Confirm New Password</td><td><input type="password" name="confirm_new_password"></td></tr>
- </table>
- <table width="400"><tr><td bgcolor="#ffffcc">
- Note that passwords must contain a mixture of upper and lower case letters, numbers, be between 8 and 12 characters in length and contain a symbol.
- </td></tr></table>
- <br>
- <input type="submit" value="Change Password">
- </form>
- </div>
- <!--#include file="include_login_footer.asp" -->