<% ' enter this script in one of 6 ways ' register -> insert ok or fail ' change profile -> update ok or fail dim status, formsubmitted, changeProfile, pwFileName1, pwFieldName2 dim userName, pw, realName, email status=0 formsubmitted=0 changeProfile=0 if Request("profile")="-1" or Request.QueryString("profile")=1 then changeProfile=-1 if Request("content_length")<>0 then formsubmitted=-1 ' content_length doesn't include q.string ' if form submitted then save element values for later use in form if formsubmitted then userName=Request("UserName") ' doesn't throw error if element not present pw=Request("PW") realName=Request("myName") email=Request("email") end if ' profile mode userName is always current user if changeProfile then userName=Session("User") ' must connect to db if formsubmitted or if changeProfile=1 (to get current settings) if formsubmitted or changeProfile then Set Conn = Server.CreateObject("ADODB.Connection") Conn.Open "Driver={MySQL};DATABASE=consultdb; UID=consult;PASSWORD=jemima64" ' get info about userName SQL="SELECT * FROM Users WHERE userName='" & userName & "'" set RS=Conn.Execute(SQL) if not formsubmitted then ' get current profile data from database ' NB DON'T SHOW THE CURRENT PASSWORD realName=RS("realName") email=RS("email") else ' do something with the data submitted in the form if changeProfile then if Request("oldpassword")<>RS("password") then ' password check failed status=-2 else ' update profile status=2 ' find out what needs to be updated SQL="" if pw<>"" then SQL = SQL & "password='" & pw & "'" if realName<>"" then if SQL<>"" then SQL=SQL & "," SQL = SQL & "realName='" & realName & "'" end if if email<>"" then if SQL<>"" then SQL=SQL & "," SQL = SQL & "email='" & email & "' " end if if SQL<>"" then SQL="UPDATE Users SET " & SQL & "WHERE userName='" & userName & "'" Conn.Execute(SQL) end if end if else ' must be a new registration - check whether userName already exists ' set status=1 for not found, -1 for found if RS.EOF then status=1 Session("User")=userName SQL="INSERT INTO Users (userName,password,realName,email,sessionID) values (" SQL = SQL & "'" & userName & "'," SQL = SQL & "'" & Request("PW") & "'," SQL = SQL & "'" & realName & "'," SQL = SQL & "'" & email & "'," SQL = SQL & "'" & Session.SessionID & "')" Conn.Execute(SQL) else status=-1 end if end if end if RS.Close Conn.Close ' status=1 indicates a new registration ' status=2 indicates updated profile if status>0 then Response.Redirect "loginok.asp?type="&status end if %> <% if status=-1 then %>

User name '<%= userName %>' is already in use. Please select another one.

<% elseif status=-2 then %>

Old password incorrect. Please try again.

<% end if %>
") %> <% else pwFieldName1="Password" pwFieldName2="Retype password" %> <% end if %> <% else %> <% end if %>
User name <% if changeProfile then pwFieldName1="New password" pwFieldName2="Retype new password" Response.Write(userName & "
Old password
<%= pwFieldName1 %>
<%= pwFieldName2 %>
Real name
e-mail
  <% if changeProfile then %>