Modificare il file: \iwgallery\includes\inc_register.asp

<% If (strRegister = 0) OR (Request.Cookies("IWGalleryUserName") <> "") Then Response.Redirect("../home/") %> <!--#include virtual="/iwgallery/WA_ValidationToolkit/WAVT_Scripts_VB.asp" --> <!--#include virtual="/iwgallery/WA_ValidationToolkit/WAVT_ValidatedForm_VB.asp" --> <!--#include virtual="/iwgallery/captcha/CAPTCHA_process_form.asp" --> <% If (CStr(Request("MM_insert")) = "form1") Then If NOT blnCAPTCHAcodeCorrect Then Response.Redirect("../home/register.asp?msg=Codice Antispam non corretto: riprovare") End If End If %> <% Dim firstNumber, firstLower, firstUpper, firstOther, latterNumber, _ latterLower, latterUpper, latterOther, passwordLength, extraChars firstNumber = "true" firstLower = "true" firstUpper = "true" firstOther = "false" latterNumber = "true" latterLower = "true" latterUpper = "true" latterOther = "false" passwordLength = 10 extraChars = "" Function getRandomNum(lbound, ubound) For j = 1 To (250 - ubound) Randomize getRandomNum = Int(((ubound - lbound) * Rnd) + 1) Next End Function Function getRandomChar(number, lower, upper, other, extra) numberChars = "0123456789" lowerChars = "abcdefghijklmnopqrstuvwxyz" upperChars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" otherChars = "`~!@#$%^&*()-_=+[{]}\\|;:"""'\,<.>/? " charSet = extra if (number = "true") Then charSet = charSet + numberChars if (lower = "true") Then charSet = charSet + lowerChars if (upper = "true") Then charSet = charSet + upperChars if (other = "true") Then charSet = charSet + otherChars jmi = Len(charSet) getRandomChar = Mid(charSet, getRandomNum(1, jmi), 1) End Function Function getPassword(length, extraChars, firstNumber, firstLower, _ firstUpper, firstOther, latterNumber, latterLower, latterUpper, latterOther) rc = "" If (length > 0) Then rc = rc + getRandomChar(firstNumber, firstLower, firstUpper, firstOther, extraChars) End If For idx = 1 To length - 1 rc = rc + getRandomChar(latterNumber, latterLower, latterUpper, latterOther, extraChars) Next getPassword = rc End Function strUltraPass = getPassword(passwordLength, extraChars, _ firstNumber, firstLower, firstUpper, firstOther, _ latterNumber, latterLower, latterUpper, latterOther) %> <!--#include virtual="/iwgallery/Connections/connIWGallery.asp" --> <% ' *** Edit Operations: declare variables Dim MM_editAction Dim MM_abortEdit Dim MM_editQuery Dim MM_editCmd Dim MM_editConnection Dim MM_editTable Dim MM_editRedirectUrl Dim MM_editColumn Dim MM_recordId Dim MM_fieldsStr Dim MM_columnsStr Dim MM_fields Dim MM_columns Dim MM_typeArray Dim MM_formVal Dim MM_delim Dim MM_altVal Dim MM_emptyVal Dim MM_i MM_editAction = CStr(Request.ServerVariables("SCRIPT_NAME")) If (Request.QueryString <> "") Then MM_editAction = MM_editAction & "?" & Server.HTMLEncode(Request.QueryString) End If ' boolean to abort record edit MM_abortEdit = false ' query string to execute MM_editQuery = "" %> <% ' *** Redirect if username exists MM_flag="MM_insert" If (CStr(Request(MM_flag)) <> "") Then MM_dupKeyRedirect="../home/register.asp" MM_rsKeyConnection=MM_connIWGallery_STRING MM_dupKeyUsernameValue = CStr(Request.Form("LOGIN")) MM_dupKeySQL="SELECT USE_NAME FROM USERS WHERE USE_NAME='" & MM_dupKeyUsernameValue & "'" MM_adodbRecordset="ADODB.Recordset" set MM_rsKey=Server.CreateObject(MM_adodbRecordset) MM_rsKey.ActiveConnection=MM_rsKeyConnection MM_rsKey.Source=MM_dupKeySQL MM_rsKey.CursorType=0 MM_rsKey.CursorLocation=2 MM_rsKey.LockType=3 MM_rsKey.Open If Not MM_rsKey.EOF Or Not MM_rsKey.BOF Then Session("WAVT_incregister") = "" WAFV_Errors = "void" ' the username was found - can not add the requested username MM_qsChar = "?" If (InStr(1,MM_dupKeyRedirect,"?") >= 1) Then MM_qsChar = "&" MM_dupKeyRedirect = MM_dupKeyRedirect & MM_qsChar & "requsername=" & MM_dupKeyUsernameValue PostResult MM_dupKeyRedirect,WAFV_Errors,"incregister" 'Response.Redirect(MM_dupKeyRedirect) End If MM_rsKey.Close End If %> <% ' *** Insert Record: set variables If (CStr(Request("MM_insert")) = "form1") Then MM_editConnection = MM_connIWGallery_STRING MM_editTable = "USERS" MM_editRedirectUrl = "../home/register_ok.asp?email=" & cStr(Request.Form("EMAIL")) MM_fieldsStr = "LOGIN|value|EMAIL|value|PUBLIC|value|FIRST|value|LAST|value|IP|value|APPROVED|value" MM_columnsStr = "USE_NAME|',none,''|USE_EMAIL|',none,''|USE_PUBLIC|none,1,0|USE_FIRST|',none,''|USE_LAST|',none,''|USE_IP|',none,''|USE_APPROVED|none,none,NULL" ' create the MM_fields and MM_columns arrays MM_fields = Split(MM_fieldsStr, "|") MM_columns = Split(MM_columnsStr, "|") ' set the form values For MM_i = LBound(MM_fields) To UBound(MM_fields) Step 2 MM_fields(MM_i+1) = CStr(Request.Form(MM_fields(MM_i))) Next ' append the query string to the redirect URL If (MM_editRedirectUrl <> "" And Request.QueryString <> "") Then If (InStr(1, MM_editRedirectUrl, "?", vbTextCompare) = 0 And Request.QueryString <> "") Then MM_editRedirectUrl = MM_editRedirectUrl & "?" & Request.QueryString Else MM_editRedirectUrl = MM_editRedirectUrl & "&" & Request.QueryString End If End If End If %> <% ' *** Insert Record: construct a sql insert statement and execute it Dim MM_tableValues Dim MM_dbValues If (CStr(Request("MM_insert")) <> "") Then ' create the sql insert statement MM_tableValues = "" MM_dbValues = "" For MM_i = LBound(MM_fields) To UBound(MM_fields) Step 2 MM_formVal = MM_fields(MM_i+1) MM_typeArray = Split(MM_columns(MM_i+1),",") MM_delim = MM_typeArray(0) If (MM_delim = "none") Then MM_delim = "" MM_altVal = MM_typeArray(1) If (MM_altVal = "none") Then MM_altVal = "" MM_emptyVal = MM_typeArray(2) If (MM_emptyVal = "none") Then MM_emptyVal = "" If (MM_formVal = "") Then MM_formVal = MM_emptyVal Else If (MM_altVal <> "") Then MM_formVal = MM_altVal ElseIf (MM_delim = "'") Then ' escape quotes MM_formVal = "'" & Replace(MM_formVal,"'","''") & "'" Else MM_formVal = MM_delim + MM_formVal + MM_delim End If End If If (MM_i <> LBound(MM_fields)) Then MM_tableValues = MM_tableValues & "," MM_dbValues = MM_dbValues & "," End If MM_tableValues = MM_tableValues & MM_columns(MM_i) MM_dbValues = MM_dbValues & MM_formVal Next MM_editQuery = "insert into " & MM_editTable & " (" & MM_tableValues & ", USE_PASSWORD) values (" & MM_dbValues & ", '" & strUltraPass & "')" If (Not MM_abortEdit) Then If strApprove = 1 Then ' richiesta l'approvazione dell'Admin MailRegister cStr(Request.Form("EMAIL")), cStr(Request.Form("LOGIN")), strUltraPass MailApprove Else ' non richiesta l'approvazione dell'Admin MailRegistered cStr(Request.Form("EMAIL")), cStr(Request.Form("LOGIN")), strUltraPass End If ' execute the insert Set MM_editCmd = Server.CreateObject("ADODB.Command") MM_editCmd.ActiveConnection = MM_editConnection MM_editCmd.CommandText = MM_editQuery MM_editCmd.Execute MM_editCmd.ActiveConnection.Close If (MM_editRedirectUrl <> "") Then Response.Redirect(MM_editRedirectUrl) End If End If End If %> <script language="JavaScript" type="text/JavaScript"> <!-- function WAAddError(formElement,errorMsg,focusIt,stopIt) { if (document.WAFV_Error) { document.WAFV_Error += "\n" + errorMsg; } else { document.WAFV_Error = errorMsg; } if (!document.WAFV_InvalidArray) { document.WAFV_InvalidArray = new Array(); } document.WAFV_InvalidArray[document.WAFV_InvalidArray.length] = formElement; if (focusIt && !document.WAFV_Focus) { document.WAFV_Focus = focusIt; } if (stopIt == 1) { document.WAFV_Stop = true; } else if (stopIt == 2) { formElement.WAFV_Continue = true; } else if (stopIt == 3) { formElement.WAFV_Stop = true; formElement.WAFV_Continue = false; } } function WAValidateAN(formElement,value,errorMsg,allowUpper,allowLower,allowNumbers,allowSpace,extraChars,focusIt,stopIt,required) { var isValid = true; extraChars = extraChars.replace(/&quot;/g,'"'); if ((!document.WAFV_Stop && !formElement.WAFV_Stop) || formElement.WAFV_Continue) { for (var x=0; x<value.length; x++) { var charGood = false; var nextChar = value.charAt(x); var charCode = value.charCodeAt(x); if (allowLower) { if (charCode >= 97 && charCode <= 122) { charGood = true; } } if (allowUpper) { if (charCode >= 65 && charCode <= 90) { charGood = true; } } if (allowNumbers) { if (charCode >= 48 && charCode <= 57) { charGood = true; } } if (allowSpace) { if (nextChar == " ") { charGood = true; } } if (extraChars) { if (unescape(extraChars).indexOf(nextChar) >= 0) { charGood = true; } } if (!charGood) { isValid = false; x = value.length; } } if (required && value=="") isValid = false; } if (!isValid) { WAAddError(formElement,errorMsg,focusIt,stopIt); } } function WAValidateEM(formElement,value,errorMsg,focusIt,stopIt,required) { var isValid = true; if ((!document.WAFV_Stop && !formElement.WAFV_Stop) && !(!required && value=="")) { var knownDomsPat = /^(com|net|org|edu|int|mil|gov|arpa|biz|aero|name|coop|info|pro|museum)$/; var emailPat = /^(.+)@(.+)$/; var accepted = "\[^\\s\\(\\)><@,;:\\\\\\\"\\.\\[\\]\]+"; var quotedUser = "(\"[^\"]*\")"; var ipDomainPat = /^\[(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})\]$/; var section = "(" + accepted + "|" + quotedUser + ")"; var userPat = new RegExp("^" + section + "(\\." + section + ")*$"); var domainPat = new RegExp("^" + accepted + "(\\." + accepted +")*$"); var theMatch = value.match(emailPat); var acceptedPat = new RegExp("^" + accepted + "$"); var userName = ""; var domainName = ""; if (theMatch==null) { isValid = false; } else { userName = theMatch[1]; domainName = theMatch[2]; var domArr = domainName.split("."); var IPArray = domainName.match(ipDomainPat); for (x=0; x < userName.length; x++) { if (userName.charCodeAt(x) > 127) { isValid = false; } } for (x=0; x < domainName.length; x++) { if (domainName.charCodeAt(x) > 127) { isValid = false; } } if (userName.match(userPat) == null) { isValid = false; } if (IPArray != null) { for (var x=1; x<=4; x++) { if (IPArray[x] > 255) { isValid = false; } } } for (x=0; x < domArr.length; x++) { if (domArr[x].search(acceptedPat) == -1 || domArr[x].length < 2) { isValid = false; } } if (domArr[domArr.length-1].length !=2 && domArr[domArr.length-1].search(knownDomsPat) == -1) { isValid = false; } if (domArr.length < 2) { isValid = false; } } } if (!isValid) { WAAddError(formElement,errorMsg,focusIt,stopIt); } } function WAtrimIt(theString,leaveLeft,leaveRight) { if (!leaveLeft) { while (theString.charAt(0) == " ") theString = theString.substring(1); } if (!leaveRight) { while (theString.charAt(theString.length-1) == " ") theString = theString.substring(0,theString.length-1); } return theString; } function WAValidateRQ(formElement,errorMsg,focusIt,stopIt,trimWhite,inputType) { var isValid = true; if (!document.WAFV_Stop && !formElement.WAFV_Stop) { if (inputType == "select") { if (formElement.selectedIndex == -1) { isValid = false; } else if (!formElement.options[formElement.selectedIndex].value || formElement.options[formElement.selectedIndex].value == "") { isValid = false; } } else if (inputType == "checkbox") { if (formElement.length) { isValid = false; focusIt = false; for (var x=0; x<formElement.length ; x++) { if (formElement[x].checked && formElement[x].value!="") { isValid = true; break; } } } else if (!formElement.checked) isValid = false; } else if (inputType == "radio") { isValid = false; if (formElement.checked) isValid = true; } else if (inputType == "radiogroup") { isValid = false; for (var x=0; x<formElement.length; x++) { if (formElement[x].checked && formElement[x].value!="") { isValid = true; break; } } formElement = formElement[0]; } else { var value = formElement.value; if (trimWhite) { value = WAtrimIt(value); } if (value == "") { isValid = false; } } } if (!isValid) { WAAddError(formElement,errorMsg,focusIt,stopIt); } } function WAAlertErrors(errorHead,errorFoot,setFocus,submitForm) { if (!document.WAFV_StopAlert) { document.WAFV_StopAlert = true; if (document.WAFV_InvalidArray) { document.WAFV_Stop = true; var errorMsg = document.WAFV_Error; if (errorHead!="") errorMsg = errorHead + "\n" + errorMsg; if (errorFoot!="") errorMsg += "\n" + errorFoot; document.MM_returnValue = false; if (document.WAFV_Error!="") alert(errorMsg.replace(/&quot;/g,'"')); else if (submitForm) submitForm.submit(); if (setFocus && document.WAFV_Focus) { document.tempFocus = document.WAFV_Focus; setTimeout("document.tempFocus.focus();setTimeout('document.WAFV_Stop = false;document.WAFV_StopAlert = false;',1)",1); } else { document.WAFV_Stop = false; document.WAFV_StopAlert = false; } for (var x=0; x<document.WAFV_InvalidArray.length; x++) { document.WAFV_InvalidArray[x].WAFV_Stop = false; } } else { document.WAFV_Stop = false; document.WAFV_StopAlert = false; if (submitForm) { submitForm.submit(); } document.MM_returnValue = true; } document.WAFV_Focus = false; document.WAFV_Error = false; document.WAFV_InvalidArray = false; } } //--> </script> <script language="JavaScript" type="text/JavaScript"> <!-- function MM_findObj(n, d) { //v4.01 var p,i,x; if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) { d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);} if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n]; for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document); if(!x && d.getElementById) x=d.getElementById(n); return x; } function MK_dynamicForm() { //v4.0 var obj,l,args=MK_dynamicForm.arguments; val=document.MM_returnValue; val=(val==null)?true:val; if(val){obj=MM_findObj(args[0]);l=args.length; if(obj){if(l>2){for (i=2; i<(l-1); i+=2) {eval("obj."+args[i]+"='"+args[i+1]+"';")}} eval("obj."+args[1]+"();");}} document.MM_returnValue = false; } //--> </script> <script language="JavaScript" type="text/JavaScript"> <!-- function MM_openBrWindow(theURL,winName,features) { //v2.0 window.open(theURL,winName,features); } //--> </script> <script> function KW_submitOnce(obj){ // Copyright 2004 Kaosweaver d=document; if (d.getElementById) {for (i=0;i<obj.length;i++){var fObj=obj.elements[i]; fObj.disabled=(fObj.type.toLowerCase()=="submit"||fObj.type.toLowerCase()=="reset")}} } </script> <script type="text/javascript"> <!-- function WAFV_GetValueFromInputType(formElement,inputType,trimWhite) { var value=""; if (inputType == "select") { if (formElement.selectedIndex != -1 && formElement.options[formElement.selectedIndex].value && formElement.options[formElement.selectedIndex].value != "") { value = formElement.options[formElement.selectedIndex].value; } } else if (inputType == "checkbox") { if (formElement.length) { for (var x=0; x<formElement.length ; x++) { if (formElement[x].checked && formElement[x].value!="") { value = formElement[x].value; break; } } } else if (formElement.checked) value = formElement.value; } else if (inputType == "radio") { if (formElement.length) { for (var x=0; x<formElement.length; x++) { if (formElement[x].checked && formElement[x].value!="") { value = formElement[x].value; break; } } } else if (formElement.checked) value = formElement.value; } else if (inputType == "radiogroup") { for (var x=0; x<formElement.length; x++) { if (formElement[x].checked && formElement[x].value!="") { value = formElement[x].value; break; } } } else { var value = formElement.value; } if (trimWhite) { value = WAtrimIt(value); } return value; } //--> </script> <table width="100%" border="0" cellpadding="0" cellspacing="0" class="box"> <tr> <td align="left" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="1" align="left" class="box-header"><img src="../themes/<%= strTheme %>/box-header-left.jpg"></td> <td width="100%" class="box-header">Nuova Registrazione</td> <td width="1" align="right" class="box-header"><img src="../themes/<%= strTheme %>/box-header-right.jpg"></td> </tr> </table></td> </tr> <tr> <td align="left" valign="top" class="box-main"> <form action="<%=MM_editAction%>" method="POST" name="form1" onSubmit="WAValidateAN(document.form1.LOGIN,document.form1.LOGIN.value,'* Il campo Login &egrave; obbligatorio e pu&ograve; contenere solo caratteri alfanumerici, senza spazi',true,true,true,false,'@.-',document.form1.LOGIN,0,true);WAValidateEM(document.form1.EMAIL,document.form1.EMAIL.value,'* Il campo E-mail &egrave; obbligatorio e deve contenere un indirizzo E-mail valido',document.form1.EMAIL,0,true);WAValidateRQ(document.form1.TERMS,'* &Egrave; necessario accettare le condizioni di utilizzo del servizio',document.form1.TERMS,0,true,'checkbox');WAValidateRQ(document.form1.PRIVACY,'* &Egrave; necessario fornire il proprio consenso al trattamento dei dati personali',document.form1.PRIVACY,0,true,'checkbox');WAValidateRQ(document.form1.securityCode,'* Inserire il Codice Antispam esattamente come scritto',document.form1.securityCode,0,true,'text');WAAlertErrors('','',true,false);return document.MM_returnValue&&KW_submitOnce(this)"> <table width="360" border="0" align="center" cellpadding="0" cellspacing="1" class="content"> <tr> <td align="right">&nbsp;</td> <td><% If NOT Request.QueryString("requsername") = "" Then %> <span class="evidence"><%= Request.QueryString("requsername") %> esiste già</span> <% End If %><% If NOT Request.QueryString("msg") = "" Then %> <span class="evidence"><%= Request.QueryString("msg") %></span> <% End If %></td> </tr> <tr> <td align="right">*Login:</td> <td><input name="LOGIN" type="text" id="LOGIN" value="" size="32"> </td> </tr> <tr> <td align="right">*E-mail:</td> <td><input name="EMAIL" type="text" id="EMAIL" value="<%=ValidatedField("incregister","EMAIL")%>" size="32"> </td> </tr> <tr> <td align="right"><input <%If (CStr(cStr(Request.Form("PUBLIC"))) = CStr("1")) Then Response.Write("checked") : Response.Write("")%> name="PUBLIC" type="checkbox" id="PUBLIC" value="1"></td> <td>E-mail visibile agli altri Utenti?</td> </tr> <tr> <td align="right">Nome:</td> <td><input name="FIRST" type="text" id="FIRST" value="<%=ValidatedField("incregister","FIRST")%>" size="32"> </td> </tr> <tr> <td align="right">Cognome:</td> <td><input name="LAST" type="text" id="LAST" value="<%=ValidatedField("incregister","LAST")%>" size="32"> </td> </tr> <tr> <td align="right" valign="top" nowrap>*Codice Antispam:</td> <td><!--#include virtual="/iwgallery/captcha/CAPTCHA_form_inc.asp" --></td> </tr> <tr valign="top"> <td align="right"><input <%If (CStr(ValidatedField("incregister","TERMS")) = CStr("1")) Then Response.Write("checked") : Response.Write("")%> name="TERMS" type="checkbox" id="TERMS" value="1"></td> <td>Ho letto ed accettato le <a href="javascript:void(0);" onClick="MM_openBrWindow('../home/terms.asp','terms','scrollbars=yes,resizable=yes,width=320,height=320')">condizioni di utilizzo</a> del servizio in ogni loro parte*</td> </tr> <tr valign="top"> <td align="right"><input <%If (CStr(ValidatedField("incregister","PRIVACY")) = CStr("1")) Then Response.Write("checked") : Response.Write("")%> name="PRIVACY" type="checkbox" id="PRIVACY" value="1"></td> <td>Ho letto l'<a href="javascript:void(0);" onClick="MM_openBrWindow('../home/privacy.asp','privacy','scrollbars=yes,resizable=yes,width=320,height=320')">informativa sulla Privacy</a> ed autorizzo <span class="evidence"><%= strPageTitle %></span> al trattamento dei dati personali*</td> </tr> <tr valign="top"> <td align="right"><strong>Nota</strong>:</td> <td>La password verr&agrave; inviata all'indirizzo E-mail specificato </td> </tr> <tr> <td align="right">&nbsp;</td> <td><input name="Submit" type="submit" class="button" value="Registrati"> </td> </tr> </table> <input name="IP" type="hidden" id="IP" value="<%= Request.ServerVariables("REMOTE_ADDR") %>" size="32"> <input name="APPROVED" type="hidden" id="APPROVED" value="<%= ABS(strApprove -1) %>"> <input type="hidden" name="MM_insert" value="form1"> </form> </td> </tr> <tr> <td align="left" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="1" align="left" class="box-bottom"><img src="../themes/<%= strTheme %>/box-bottom-left.jpg"></td> <td width="100%" class="box-bottom"><img src="../images/shim.gif" width="1" height="1"></td> <td width="1" align="right" class="box-bottom"><img src="../themes/<%= strTheme %>/box-bottom-right.jpg"></td> </tr> </table></td> </tr> </table>

[Íàçàä]