<%option explicit%> <% '******************************************************* ' VP-ASP 6.50 Affiliate Login ' March 26, 2004 '******************************************************* Dim sAction Dim login Dim loginaffid dim Loginlastname Dim LoginPassword Dim PaymentTypes(10) Dim PaymentCount Dim Newuser 'VP-ASP 6.50 - precautionary security fix Newuser=cleanchars(Request("New")) If newuser<>"" then SetSess "affregister","" end if sAction=Request("Action") if sAction="" then sAction=Request("Action.x") end if Serror="" If sAction = "" Then DisplayForm() Else ValidateData() if sError = "" Then HandleLogin End if DisplayForm end if Sub DisplayForm ShopPageHeader if getconfig("xbreadcrumbs") = "Yes" then response.write "" end if Response.Write "

" & getlang("langcommonlogin") & "

" if sError<> "" then response.write errorfontstart & "" & SError & errorfontend & "
" Serror="" end if shopwriteheaderpic getlang("langcommonlogin"),"images/icons/lock.gif" Response.Write("
") response.write "
" Response.Write(TableDefLogin) Response.Write(tableRow) Response.Write("" & getlang("LangAffid") & "") Response.Write("") Response.Write(tableRow & "" & getlang("LangCustLastname") & "" &_ "") Response.Write(tablerow & "" & getlang("LangLoginPassword") & "" &_ "") Response.Write(tableRow) Response.write "
" response.write "
" If getconfig("xbuttonlogin")="" then Response.Write("") else Response.Write("") end if Response.write "
" addwebsessform response.write "
" ShopPageTrailer end sub Sub ValidateData 'VP-ASP 6.50 - precautionary security fix Loginaffid=cleanchars(request("loginaffid")) LoginLastname = cleanchars(Request("LoginLastname")) Loginpassword = cleanchars(Request("Loginpassword")) If LoginLastname = "" Then sError = sError & getlang("LangLoginLastname") & "
" End If If LoginAffid = "" Then sError = sError & getlang("LangaffId") & "
" end if If Loginpassword = "" Then sError = sError & getlang("LangLoginPassword") & "
" End If If Serror<>"" then Serror = getlang("LangCommonRequired") & "
" & SError else if not isnumeric(LoginAffid) then sError= getlang("LangAffidInvalid") & "
" end if end if validateinput loginlastname,"LoginLastName",serror validateinput loginpassword,"Loginpassword",serror end sub Sub HandleLogin ReadAffRecord LoginAffid, Loginlastname, Loginpassword CloseAffRs If lngaffid<>"" then SetSess "AffRegister",lngaffid responseredirect "shopaffadmin.asp" else Serror= getlang("LangAffNotFound") &"
" end if end sub sub validateinput(input,fieldname,error) 'This routine checks for known bad keywords and sends customer to shoperror.asp if bad strings are found 'Pre: ' Input - contains raw data from querystring/formfield ' Fieldname - contains name of field being tested *optional* 'Post: ' error is appended to the error string dim invalidstrings,string dim found found=false invalidstrings=array("select","insert","update","delete","drop","--",";","@@","char(","create","exec") for each string in invalidstrings if instr(1,input,string,1)>0 then error=error & "Invalid string '" & string & "' entered in field " & fieldname & "
" exit sub end if next end sub %>