%option explicit%>
<%
'*******************************************************
' VP-ASP 6.50 Affiliate Login
' March 26, 2004
'*******************************************************
Dim sAction
Dim login
Dim loginaffid
dim Loginlastname
Dim LoginPassword
Dim PaymentTypes(10)
Dim PaymentCount
Dim Newuser
'VP-ASP 6.50 - precautionary security fix
Newuser=cleanchars(Request("New"))
If newuser<>"" then
SetSess "affregister",""
end if
sAction=Request("Action")
if sAction="" then
sAction=Request("Action.x")
end if
Serror=""
If sAction = "" Then
DisplayForm()
Else
ValidateData()
if sError = "" Then
HandleLogin
End if
DisplayForm
end if
Sub DisplayForm
ShopPageHeader
if getconfig("xbreadcrumbs") = "Yes" then
response.write "
"
end if
Response.Write "" & getlang("langcommonlogin") & "
"
if sError<> "" then
response.write errorfontstart & "" & SError & errorfontend & "
"
Serror=""
end if
shopwriteheaderpic getlang("langcommonlogin"),"images/icons/lock.gif"
Response.Write(""
ShopPageTrailer
end sub
Sub ValidateData
'VP-ASP 6.50 - precautionary security fix
Loginaffid=cleanchars(request("loginaffid"))
LoginLastname = cleanchars(Request("LoginLastname"))
Loginpassword = cleanchars(Request("Loginpassword"))
If LoginLastname = "" Then
sError = sError & getlang("LangLoginLastname") & "
"
End If
If LoginAffid = "" Then
sError = sError & getlang("LangaffId") & "
"
end if
If Loginpassword = "" Then
sError = sError & getlang("LangLoginPassword") & "
"
End If
If Serror<>"" then
Serror = getlang("LangCommonRequired") & "
" & SError
else
if not isnumeric(LoginAffid) then
sError= getlang("LangAffidInvalid") & "
"
end if
end if
validateinput loginlastname,"LoginLastName",serror
validateinput loginpassword,"Loginpassword",serror
end sub
Sub HandleLogin
ReadAffRecord LoginAffid, Loginlastname, Loginpassword
CloseAffRs
If lngaffid<>"" then
SetSess "AffRegister",lngaffid
responseredirect "shopaffadmin.asp"
else
Serror= getlang("LangAffNotFound") &"
"
end if
end sub
sub validateinput(input,fieldname,error)
'This routine checks for known bad keywords and sends customer to shoperror.asp if bad strings are found
'Pre:
' Input - contains raw data from querystring/formfield
' Fieldname - contains name of field being tested *optional*
'Post:
' error is appended to the error string
dim invalidstrings,string
dim found
found=false
invalidstrings=array("select","insert","update","delete","drop","--",";","@@","char(","create","exec")
for each string in invalidstrings
if instr(1,input,string,1)>0 then
error=error & "Invalid string '" & string & "' entered in field " & fieldname & "
"
exit sub
end if
next
end sub
%>