<%
' Contact your provider for support, NOT flicks software
' http://www.flicks.com/support/
' http://www.flicks.com/authentix/intro.htm
' You may use this program freely so long as it is in conjuction with a product from Flicks Software
' updated 8/10/00 for update_all
' call like so: cmd=update_all_users&site_tag=SITE1&u=user1&n=pass1&u=user2&n=pass2&u=user3&n=pass3&u=user4&n=pass4
' IMPORTANT:
' change Website Config so that it Posts Plaintext Passwords
dim kword, keyword
'======
'====== These values will ALWAYS need to be set for each customer
'======
DEFAULT_GROUP_NAME = "Group1" ' set this to the appropriate AuthentiX group, if not passed in via form
'Set kword to your keyword. Make sure that it matches the keyword you establish in the online clearer's admin page!
kword = ""
' set mailserver = "" to turn off email messages
mailserver = ""
'mailserver = "your.mailserver.com"
webmaster = "you@mailserver.com"
okToAddUserIfAlreadyThere = true
enableLogging = true
'======
'====== The above values will ALWAYS need to be set for each customer
'======
' change this value if you are using AuthentiX ISP
usingAuthentiXStandard = true
if (usingAuthentiXStandard) then
Set auth = Server.CreateObject("AUTHXOCX.AuthXOCXCtrl.1")
else
Set auth = Server.CreateObject("AUTHXISP.AuthXOCXCtrl.1")
' use this line to automatically set the domain to be the requesting IP
protectedDomain = Request.ServerVariables("LOCAL_ADDR")
' use this alternative if you are protecting by host header,
' set protectedDomain to be -your- host header
'protectedDomain = "hostheader.com"
auth.SetVirtualDomain protectedDomain, Request.ServerVariables("SCRIPT_NAME")
' check with your isp for your password, initially it is empty
auth.SetVirtualDomainPassword("")
end if
'--- These values set on a per provider basis
ADMINPWORD = "SITE1"
ADD_ACTION_CODE = "APPEND_USER" ' input converted to uppercase
DELETE_ACTION_CODE = "DELETE_USER" ' input converted to uppercase
EXISTS_ACTION_CODE = "EXISTS"
LIST_ACTION_CODE = "LIST_ALL_USERS"
VERSION_ACTION_CODE = "VERSION"
UPDATE_ALL = "UPDATE_ALL_USERS"
'---------------
'---------------
'---------------
Sub MessageOutToFile(messageOut)
Set fs = CreateObject("Scripting.FileSystemObject")
currentFilename = Request.ServerVariables("PATH_TRANSLATED")
pos = InStrRev(currentFilename, ".")
traceName = Left(currentFilename, pos) & "htm"
Set traceFile = fs.OpenTextFile(traceName, 8, True)
traceFile.Write vbCRLF & "-=-=-=-=-=-= " & messageOut & " -=-=-=-=-=-= " & vbCRLF
traceFile.Close
End Sub
Sub TraceInput()
msg = msg & "Query String
"
For Each Key In Request.QueryString
msg = msg & Key
msg = msg & "="
msg = msg & Request.QueryString(Key)
msg = msg & "
"
Next
msg = msg & "
"
msg = msg & "Form
"
For Each Key In Request.Form
msg = msg & Key
msg = msg & "="
msg = msg & Request.Form(Key)
msg = msg & "
"
Next
msg = msg & "
"
msg = msg & "Cookies
"
For Each Cookie In Request.Cookies
If Request.Cookies(cookie).HasKeys Then
For Each Key In Request.Cookies(Cookie)
msg = msg & Cookie
msg = msg & "("
msg = msg & Request.Form(Key)
msg = msg & ") = "
msg = msg & Request.Cookies(Cookie)(Key)
msg = msg & "
"
Next
Else
msg = msg & Cookie
msg = msg & "="
msg = msg & Request.Cookies(Cookie)
msg = msg & "
"
End If
Next
msg = msg & "
"
msg = msg & "Server Variables
"
For Each Key In Request.ServerVariables
msg = msg & Key
msg = msg & "="
msg = msg & Request.ServerVariables(Key)
msg = msg & "
"
count = count + 1
Next
msg = msg & "
"
MessageOutToFile(msg)
End Sub
'---------------
'---------------
'---------------
TraceInput
'---------------
'---------------
'---------------
SUCCESS_MESSAGE = "done"
ERROR_PREFIX = "error: "
Set keyword = Request.Form("keyword")
if ("" = keyword) then
keyword = Request.QueryString("keyword")
end if
Set username = Request.Form("u")
if ("" = username) then
username = Request.QueryString("u")
end if
Set password = Request.Form("n") ' unencrypted only please!
if ("" = password ) then
password = Request.QueryString("n")
end if
Set action = Request.Form("cmd")
if ("" = action) then
action = Request.QueryString("cmd")
end if
Set expireDays = Request.Form("z_DaysUntilExpire") ' number of days
if ("" = expireDays) then
expireDays = Request.QueryString("z_DaysUntilExpire")
end if
Set groupname = Request.Form("cgi_var1")
if ("" = groupname) then
groupname = Request.QueryString("cgi_var1")
end if
Set systemPassword = Request.Form("site_tag")
if ("" = systemPassword) then
systemPassword = Request.QueryString("site_tag")
end if
notes = ""
if (ADMINPWORD <> systemPassword) Then
errorMessage = ERROR_PREFIX & " security"
errorOut(errorMessage)
response.End
End if
if (keyword <> kword) then
errorMessage = ERROR_PREFIX & " security - Bad Keyword"
errorOut(errorMessage)
response.End
End if
' you can also check the incoming remote address with Request.ServerVariables("REMOTE_ADDR")
if 0 < Instr(Request.ServerVariables("REMOTE_ADDR"), "216.34.180") then
' all OK
else
if 0 < Instr(Request.ServerVariables("REMOTE_ADDR"), "63.95.42") then
' all OK
else
'
errorMessage = ERROR_PREFIX & " IP Security"
errorOut(errorMessage)
End if
End if
if (isnull(groupname) or (groupname = "")) then
Set groupname = Request.Form("sitename")
if ("" = groupname) then
groupname = Request.QueryString("sitename")
end if
end if
if (isnull(groupname) or (groupname = "")) then
Set groupname = Request.Form("siteid")
if ("" = groupname) then
groupname = Request.QueryString("siteid")
end if
end if
if (isnull(groupname) or (groupname = "")) then
groupname = DEFAULT_GROUP_NAME
end if
if (isnull(expireDays) or (0 = expireDays)) then
expireDate = 0 ' never
else
expireDate = now + expireDays
end if
if (not isnull(action)) then action = trim(ucase(action))
if (action = ADD_ACTION_CODE) then
if (isnull(username) or (username = "")) Then
errorMessage = ERROR_PREFIX & " empty username"
errorOut(errorMessage)
response.End
End if
notes = "added (single)"
errorCode = auth.UserAdd(username, password, notes, expireDate)
if (errorCode <> 0) then
if ((errorCode = 3) and (okToAddUserIfAlreadyThere)) then
'nothing - continue and add to group anyway
else
errorMessage = ERROR_PREFIX & " User could not be added, username: *" & username & "* password: *" & password & "*, code is " & errorCode
errorOut(errorMessage)
response.End
End if
End if
errorCode = auth.GroupAddUser(groupname, username)
if (errorCode <> 0) then
errorMessage = ERROR_PREFIX & " User could not be added to group: " & groupname & ", username: *" & username & "* password: *" & password & "*, code is " & errorCode
errorOut(errorMessage)
response.End
End if
Response.Write(SUCCESS_MESSAGE)
Response.End
end if
if (action = DELETE_ACTION_CODE) then
Dim userList
userList = Split(username, ":")
for counter = 0 To UBound(userList)
' response.Write("
" & counter & ": " & userList(counter))
' just attempt to delete them all
singleUsername = userList(counter)
if (isnull(singleUsername) or (singleUsername = "")) Then
' ignore
else
errorCode = auth.UserDelete(singleUsername)
end if
Next
' errorCode = auth.UserDelete(username)
' if (errorCode <> 0) then
' errorMessage = ERROR_PREFIX & " User could not be deleted, username: *" & username & "*, code is " & errorCode
' errorOut(errorMessage)
' else
' Response.Write(SUCCESS_MESSAGE)
' End if
Response.Write(SUCCESS_MESSAGE)
Response.End
End if
if (action = EXISTS_ACTION_CODE) then
if (auth.UserLookup(username) = 0) then
Response.Write(SUCCESS_MESSAGE)
else
errorMessage = ERROR_PREFIX & " does not exist"
response.Write(errorMessage)
end if
Response.End
End if
if (action = LIST_ACTION_CODE) then
i = 0
Response.Write("<![CDATA[" + chr(13) + chr(10))
for i = 0 to (auth.UserGetCount - 1)
usernamefromlist = auth.UserGetAt(i)
Response.Write(usernamefromlist)
Response.Write(":")
Response.Write(auth.UserPassword(usernamefromlist))
Response.Write(vbCRLF)
next
response.End
End if
if (action = VERSION_ACTION_CODE) then
Response.Write("AuthentiX ASP interface v1.01")
response.End
End if
if (action = UPDATE_ALL) then
if (isnull(username) or (username = "")) Then
errorMessage = ERROR_PREFIX & " empty username"
errorOut(errorMessage)
response.End
End if
'response.Write("<P>")
'response.Write(username)
'response.Write("<P>")
'response.Write(password)
'response.Write("<P>")
usernameArray = Split(username, ",")
passwordArray = Split(password, ",")
for cNumber = 0 To UBound(usernameArray)
'response.Write(usernameArray(cNumber))
'response.Write(",")
'response.Write(passwordArray(cNumber))
'response.Write("<BR>")
Next
memberCount = auth.GroupGetMemberCount(groupname)
dim existingUserArray()
redim existingUserArray(memberCount)
for cNumber = 0 To (memberCount - 1)
existingUserArray(cNumber) = auth.GroupGetMemberAt(groupname, cNumber)
Next
for cNumber = 0 To (memberCount - 1)
auth.UserDelete(existingUserArray(cNumber))
response.Write("deleted: ")
response.Write(existingUserArray(cNumber))
response.Write("<BR>")
Next
notes = "Update (all)"
for cNumber = 0 To UBound(usernameArray)
username = trim(usernameArray(cNumber))
password = trim(passwordArray(cNumber))
errorCode = auth.UserAdd(username, password, notes, expireDate)
if (errorCode <> 0) then
if ((errorCode = 3) and (okToAddUserIfAlreadyThere)) then
'nothing - continue and add to group anyway
else
errorMessage = ERROR_PREFIX & " User could not be added, username: *" & username & "* password: *" & password & "*, code is " & errorCode
errorOut(errorMessage)
response.End
End if
End if
errorCode = auth.GroupAddUser(groupname, username)
if (errorCode <> 0) then
errorMessage = ERROR_PREFIX & " User could not be added to group: " & groupname & ", username: *" & username & "* password: *" & password & "*, code is " & errorCode
errorOut(errorMessage)
response.End
End if
Next
Response.Write(SUCCESS_MESSAGE)
Response.End
end if
errorMessage = ERROR_PREFIX & " unknown command: *" & action & "*"
errorOut(errorMessage)
Sub errorOut(errorMessage)
Response.Status = "400 Unauthorized " & errorMessage
response.Write("<html><body>" & errorMessage & "<br> </body> </html> ")
if (mailserver <> "") then
result = auth.SMTPSendMail(mailserver, webmaster, webmaster, errorMessage, errorMessage)
response.Write(result)
End if
End Sub
response.End
%>
]]></plaintext></div>