functions_windows_authentication.asp

简单的asp论坛源码系统,很适用于初学者!界面简洁,功能齐全

<!--#include file="functions_hash1way.asp" -->
<%
'****************************************************************************************
'**  Copyright Notice    
'**
'**  Web Wiz Forums(TM)
'**  http://www.webwizforums.com
'**                            
'**  Copyright (C)2001-2008 Web Wiz(TM). All Rights Reserved.
'**  
'**  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS UNDER LICENSE FROM 'WEB WIZ'.
'**  
'**  IF YOU DO NOT AGREE TO THE LICENSE AGREEMENT THEN 'WEB WIZ' IS UNWILLING TO LICENSE 
'**  THE SOFTWARE TO YOU, AND YOU SHOULD DESTROY ALL COPIES YOU HOLD OF 'WEB WIZ' SOFTWARE
'**  AND DERIVATIVE WORKS IMMEDIATELY.
'**  
'**  If you have not received a copy of the license with this work then a copy of the latest
'**  license contract can be found at:-
'**
'**  http://www.webwizguide.com/license
'**
'**  For more information about this software and for licensing information please contact
'**  'Web Wiz' at the address and website below:-
'**
'**  Web Wiz, Unit 10E, Dawkins Road Industrial Estate, Poole, Dorset, BH15 4JD, England
'**  http://www.webwizguide.com
'**
'**  Removal or modification of this copyright notice will violate the license contract.
'**
'****************************************************************************************



'*************************** SOFTWARE AND CODE MODIFICATIONS **************************** 
'**
'** MODIFICATION OF THE FREE EDITIONS OF THIS SOFTWARE IS A VIOLATION OF THE LICENSE  
'** AGREEMENT AND IS STRICTLY PROHIBITED
'**
'** If you wish to modify any part of this software a license must be purchased
'**
'****************************************************************************************



'This file is used if you want to use Windows Authentication/Active Directory to log users into Web Wiz Forums.

'This file will auto check if the user is already in the forums database, if not a new 
'member will be created for the windows authenticated user.

'The members username in the forum will use the name part of the windows authentication username,
'if the forum admin would like to change the members name to something different, they can log
'into the forums online 'control panel' and the 'Change Username' tool to change the members name



'Set the variable below to true if you are using windows authentication
Const blnWindowsAuthentication = False



'Sub to login and create member accounts when using windows authentication
Private Function windowsAuthentication()


	Dim strAuthenticatedUser
	Dim strAuthenticatedPass
	Dim strUserName
	Dim strSQL
	Dim intForumStartingGroup
	Dim strSalt


	'Get windows authentcated username
	strAuthenticatedUser = Request.ServerVariables("AUTH_USER")
	
	'If the method above fails use the following
	If strAuthenticatedUser = "" Then strAuthenticatedUser = Request.ServerVariables("LOGON_USER")
		
	'Get the user password
	strAuthenticatedPass = Request.ServerVariables("AUTH_PASSWORD")
	
	
	
	'If the windows authenticated username has not been passed across display an error message
	If strAuthenticatedUser = "" Then
		Call errorMsg("An error has occurred while reading Authenticated User's, username from Windows Server.<br />Please check that are using a Windows Authenticated Login System and you are NOT browsing this site anonymously.", "windowsAuthentication()_get_AUTH_USER", "functions_windows_authentication.asp")
	End If
	
	
	
	'Create a salt value
	strSalt = getSalt(5)
	
	'Only encrypt password if this is enabled
	If blnEncryptedPasswords AND strAuthenticatedPass <> "" Then
		
		'Encrypt the entered password
		strAuthenticatedPass = HashEncode(strAuthenticatedPass & strSalt)
	End If
	
	
	'If there is no password for the user then just place in a random value
	If strAuthenticatedPass = "" Then strAuthenticatedPass = LCase(hexValue(10))
	
	
	
	
	'See if user is in forum db by looking for the windows authentication ID in the User_code field
	strSQL = "SELECT " & strDbTable & "Author.User_code " & _
	"FROM " & strDbTable & "Author" & strDBNoLock & " " & _
	"WHERE " & strDbTable & "Author.User_code = '" & Replace(strAuthenticatedUser, "'", "''") & "';"
	
	'Set error trapping
	On Error Resume Next
	
	'Query the database
	rsCommon.Open strSQL, adoCon
				
	'If an error has occurred write an error to the page
	If Err.Number <> 0 Then	Call errorMsg("An error has occurred while reading data from the database.", "windowsAuthentication()_get_member_data", "functions_windows_authentication.asp")
			
	'Disable error trapping
	On Error goto 0
		
	
	'If not in forum db add user to db
	If rsCommon.EOF AND strAuthenticatedUser <> "" Then
		
		'Close rs
		rsCommon.Close
		
		'Use the last part of the windows authentication (bit without domain) as the forum username
		If InStrRev(strAuthenticatedUser, "\") = 0 Then
			strUserName = strAuthenticatedUser
		Else
			strUserName = Mid(strAuthenticatedUser, InStrRev(strAuthenticatedUser, "\")+1, Len(strAuthenticatedUser))
		End If
		
		'We need to get the start user group ID from the database
		'Initalise the strSQL variable with an SQL statement to query the database
                strSQL = "SELECT " & strDbTable & "Group.Group_ID " & _
                "FROM " & strDbTable & "Group" & strDBNoLock & " " & _
                "WHERE " & strDbTable & "Group.Starting_group = " & strDBTrue & ";"

                'Query the database
                rsCommon.Open strSQL, adoCon

                'Get the forum starting group ID number
                intForumStartingGroup = CInt(rsCommon("Group_ID"))

                'Close the recordset
                rsCommon.Close
		
		
		'Create SQL to insert new user in database
		strSQL = "INSERT INTO " & strDbTable & "Author (" & _
		"Group_ID, " & _
		"Username, " & _
		"User_code, "
		If strDatabaseType = "mySQL" Then strSQL = strSQL & "Password, " Else strSQL = strSQL &  "[Password], "
		strSQL = strSQL & "Salt, " & _
		"Show_email, " & _
		"Attach_signature, " & _
		"Time_offset, " & _
		"Time_offset_hours, " & _
		"Rich_editor, " & _
		"Date_format, " & _
		"Active, " & _
		"Reply_notify, " & _
		"PM_notify, " & _
		"No_of_posts, " & _
		"Signature, " & _
		"Join_date, " & _
		"Last_visit, " & _
		"Login_attempt, " & _
		"Banned, " & _
		"Info " & _
		") " & _
		"VALUES " & _
		"('" & intForumStartingGroup & "', " & _
		"'" & Replace(strUserName, "'", "''") & "', " & _
		"'" & Replace(strAuthenticatedUser, "'", "''") & "', " & _
		"'" & Replace(strAuthenticatedPass, "'", "''") & "', "  & _
		"'" & strSalt & "', " & _
		strDBFalse & ", " & _
		strDBFalse & ", " & _
		"'" & strTimeOffSet & "', " & _
		"'" & intTimeOffSet & "', " & _
		strDBTrue & ", " & _
		"'dd/mm/yy', " & _
		strDBTrue & ", " & _
		strDBFalse & ", " & _
		strDBFalse & ", " & _
		"'0', " & _
		"'', " & _
		strDatabaseDateFunction & ", " & _
		strDatabaseDateFunction & ", " & _
		"'0', " & _
		strDBFalse & ", " & _
		"'');"
		
			
		'Set error trapping
		On Error Resume Next
	
		'Write to database
		adoCon.Execute(strSQL)
				
		'If an error has occurred write an error to the page
		If Err.Number <> 0 Then	Call errorMsg("An error has occurred while writing to the database.", "windowsAuthentication()_add_new_user", "functions_windows_authentication.asp")
			
		'Disable error trapping
		On Error goto 0
	
	Else
		rsCommon.Close
	End If
	
	
	'Create a forum session for the user to keep them logged
	Call saveSessionItem("UID", strAuthenticatedUser)
	Call saveSessionItem("NS", "0")
	
	
	'Return function
	windowsAuthentication = strAuthenticatedUser

End Function
%>