Retrieve the same password

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • cookie2015
    New Member
    • Jan 2015
    • 2
    #1

    Retrieve the same password

    Hello everyone, I'm new to ASP. I'm trying to do is if the user forgot the password, will ask for email and he/she goes to email retrieve the same password from the database. My problem is the database password is all encrypted and if i retrieve it is gonna show the encrypted password as well. Please help. Thanks




    Code:
    <!--#include file="include_login_header.asp" -->
<%@Language = JScript %>
<% Response.Buffer = true; %>
<!--#include virtual="/medacist_admin/globals.asp" -->
<%

	if (String(Session("health_system_code")).replace("undefined","") == "" ||
	    String(Session("facility_code")).replace("undefined","") == "" ||
	    String(Session("username")).replace("undefined","") == "") {
         Response.Write("Please <a target=\"_blank\" href=\"" + BASE_HOST_URL + "/login/" + "client_login.asp\">login</a>");
         Response.End();
    }
	var mregion = String(Session("region")).replace("undefined","");
%>
<br>
<div align=center>
<link rel="stylesheet" href="css/styles.css">
<h2>Medacist Client Services - Change Password</h2>
<%
var sErrorDisplay="";
// make sure you can't get to new_password directly.
if (String(Session("one_time_use_flag")) == "Y") {
    Response.Redirect("new_password.asp");
}

if (Request.ServerVariables("REQUEST_METHOD") == "POST") {
    var nFailureCount=0;
    nFailureCount = Session("failure_count")==undefined ? 0 : Session("failure_count");
    
    var sError ="";

    var sOldPass = String(Request.Form("old_password")).replace("undefined","");
    var sNewPass = String(Request.Form("new_password")).replace("undefined","");
    var sConfirmNewPass = String(Request.Form("confirm_new_password")).replace("undefined","");


    if (sOldPass == "") {
        sError += ",Old Password is required";
    }

    if (sNewPass == "") {
        sError += ",New Password is required";
    }
    if (sConfirmNewPass == "") {
        sError += ",Confirm Password is required";
    }

    if (sNewPass != sConfirmNewPass) {
        sError += ",New password and Confirm New password do not match";
    }


    var rsOldPass = execSQL("select cast(md5(?)as char) hash_password, medacist_password " +
                             " from medacist_user " +
                            " where health_system_code = ? " +
                              " and facility_code = ? " +
                               " and username = ? ",
                         Array(sOldPass,Session("health_system_code"),Session("facility_code"),Session("username")));


    if (String(rsOldPass.fields("medacist_password").value) != String(rsOldPass.fields("hash_password").value)) {

        if (nFailureCount >= Application("MAX_ATTEMPT")) {
            execSQL("update medacist_user set locked_out_flag = 'Y', locked_out_date_time=Now() " +
                    " where health_system_code = ? and facility_code = ? and username = ?",
                    Array(Session("health_system_code"),Session("facility_code"),Session("username")));

            logAccess(Session("health_system_code"),Session("facility_code"),Session("username"),"LOCKOUT","failure. Max attempt count exceeded. Account has been locked out. failure count:" + nFailureCount);
            Session.Abandon();
            Response.Redirect("account_locked.asp");
        }

        nFailureCount++;
        logAccess(Session("health_system_code"),Session("facility_code"),Session("username"),"CHANGE_PASSWORD","failure. failure count=" + nFailureCount + " ,password attempted:" + sOldPass);
        Session("failure_count") = nFailureCount;
        sError += ",Old Password is incorrect";

    }


    if (sError.length == 0 ) {
        var rsPass = execSQL("select medacist_password " +
                              " from medacist_password_hist " +
                             " where health_system_code = ? " +
                               " and facility_code = ? " +
                               " and username = ? ",
                             Array(Session("health_system_code"),Session("facility_code"),Session("username")));

        if (!rsPass.Eof) {
            while (!rsPass.Eof && sError.length == 0) {
                if (sNewPass == rsPass.fields("medacist_password").value) {
                    sError += ",Passwords cannot be reused.";
                } else if (sNewPass.indexOf(rsPass.fields("medacist_password").value)>-1) {
                    sError += ",New password is too similiar to previous one";
                }
                rsPass.moveNext();
            }
        }
    }

    // check if it's legal

    if (sError.length==0) {
        if (!validatePassword(sNewPass)) {
            sError += ",Invalid password. Must contain upper and lower case letters, Contain numbers, Between 8 and 12 characters in length,Contain a symbol"
        }
    }

    if (sError != "") {
        sError = sError.substr(1);
        var vError = sError.split(",");
        sErrorDisplay = "<ul>";
	for (var v in vError) {
            if (vError[v] != "")
                sErrorDisplay += "<li>" + vError[v] + "</li>\n";
        }
	sErrorDisplay += "</ul>";
    } else {


        execSQL("update medacist_user \n" +
                  " set password_creation_date_time = Now(), \n" +
                      " password_expiration_date_time = date_add(now(),INTERVAL ? DAY), \n" +
                      " medacist_password=md5(?), \n" +
                      " one_time_use_flag='N'  \n" +
                " where health_system_code= ?  \n" +
                  " and facility_code = ?  \n" +
                  " and username = lower(?)",Array(PASSWORD_EXPIRATION,sNewPass,Session("health_system_code"),Session("facility_code"),Session("username")));

        execSQL("insert into medacist_password_hist (health_system_code,facility_code," +
                " username,medacist_password) values (?,?,?,?)",
                Array(Session("health_system_code"),Session("facility_code"),Session("username"),sOldPass));

        logAccess(Session("health_system_code"),Session("facility_code"),Session("username"),"CHANGE_PASSWORD","success. password changed");

        var rsExpire = execSQL("select DATE_FORMAT(password_expiration_date_time,'%m/%e/%Y %H:%i:%s')  password_expiration_date_time " +
                       " from medacist_user where health_system_code= ? and facility_code = ? and username = lower(?)",
                       Array(Session("health_system_code"),Session("facility_code"),Session("username")));

        Session("logged_in") = "Y";
        Session("failure_count") = 0;

        Session("password_expiration_date_time") = rsExpire.fields("password_expiration_date_time").value;
		if (mregion == null  || mregion == '') {
			Response.Write("Password changed. <a href=\"client_data.asp\">Click here</a> to continue.");
        } else {
			Response.Write("Password changed. <a href=\"client_data_S.asp\">Click here</a> to continue.");
		}
		Response.End();
    }


}

Response.Write(sErrorDisplay);
%>

<form name="change_password" action="<%=BASE_HOST_URL + /login/%>change_password.asp" method="post">

<table>
<tr><td>Health System code</td><td><%=Session("health_system_code")%></td></tr>
<tr><td>Facility code</td><td><%=Session("facility_code")%></td></tr>
<tr><td>User Name</td><td><%=Session("username")%></td></tr>
<tr><td>Old Password</td><td><input type="password" name="old_password"></td></tr>
<tr><td>New Password</td><td><input type="password" name="new_password"></td></tr>
<tr><td>Confirm New Password</td><td><input type="password" name="confirm_new_password"></td></tr>
</table>

<table width="400"><tr><td bgcolor="#ffffcc">
Note that passwords must contain a mixture of upper and lower case letters, numbers, be between 8 and 12 characters in length and contain a symbol.
</td></tr></table>
<br>
<input type="submit" value="Change Password">
</form>
</div>
<!--#include file="include_login_footer.asp" -->
    Tags: None
    Previous template Next
    Working...