<% ' ====================================================================================== ' PROFILE MANAGER OBJECT ' ====================================================================================== ' Programmer: R. Smit ' Date Modified: 2012/01/12 ' Version 1.00 ' Inherits: class.base.asp, class.db.asp ' ====================================================================================== Class O_profiles Private oConn Public oBase Private iID Sub Class_Initialize() Set oBase = Base End Sub Function Connect(sConn,ID) Set oConn = sConn iID = ID End Function Function default(iID) Call Dashboard(0) End Function Function Load(nID) Call Dashboard(0) End Function Function ClearSession Session.Contents.Remove("logged_in_id") Session.Contents.Remove("logged_in_user") Session.Contents.Remove("special_session") End Function Function IsAuthorized If IsSet(Session("logged_in_id")) And IsSet(Session("logged_in_user")) Then sQ = oDB.ExecuteQuery(oConn,"SELECT id,email_address FROM profiles WHERE id = "&Session("logged_in_id")&" AND email_address = '"&Session("logged_in_user")&"'") If IsArray(sQ) Then IsAuthorized = True Else IsAuthorized = False End If End If End Function Function Authorize(blnIsLogin) blnLoggedIn = False If IsSet(Session("logged_in_user")) = False OR IsSet(Session("logged_in_id")) = False Then If IsSet(Request.Form("username")) AND IsSet(Request.Form("password")) Then sQ = oDB.ExecuteQuery(oConn,"SELECT id,email_address FROM profiles WHERE email_address = '"&Escape(Request.Form("username"))&"' AND password = '"&Escape(Request.Form("password"))&"'") If IsArray(sQ) Then Session("logged_in_id") = sQ(0,0) Session("logged_in_user") = sQ(1,0) Session("special_session") = False If blnIsLogin Then blnLoggedIn = True End If Else WriteLog Session("logged_in_id"),"Failed login" Call ClearSession If Request.Form("returnurl") <> "[RETURN_URL]" Then Response.Redirect(Request.Form("returnurl") & "&error=1") Else Response.Redirect(URL2("pages","load","login","error=1")) End If End If Else 'WriteLog Session("logged_in_id"),"Unauthorized" Call ClearSession Response.Redirect(URL2("pages","load","login","error=0")) End If Else sQ = oDB.ExecuteQuery(oConn,"SELECT id,email_address FROM profiles WHERE id = "&Session("logged_in_id")&" AND email_address = '"&Session("logged_in_user")&"'") If Not IsArray(sQ) Then WriteLog Session("logged_in_id"),"Failed login - Expired Session" Call ClearSession Response.Redirect(URL2("pages","load","login","error=1")) End If End If If blnIsLogin Then Authorize = blnLoggedIn End If End Function Function Login(nID) blnAuthorized = Authorize(True) If blnAuthorized Then oDB.ExecuteNonQuery oConn, "UPDATE profiles SET last_logged_in = '"&Date&"' WHERE id = " & Session("logged_in_id") WriteLog Session("logged_in_id"),"User Logged In" If Request.Form("returnurl") <> "[RETURN_URL]" Then Response.Redirect(Request.Form("returnurl")) Else Response.Redirect(URL("profiles","dashboard",0)) End If Else 'Call ClearSession WriteLog Session("logged_in_id"),"Login Failed" If Request.Form("returnurl") <> "[RETURN_URL]" Then Response.Redirect(Request.Form("returnurl") & "&error=1") Else Response.Redirect(URL2("pages","load","login","error=1")) End If End If End Function Function Logout(nID) WriteLog Session("logged_in_id"), "User Manually Logged Out" Call ClearSession Session.Abandon() Response.Redirect(URL("pages","load","login")) End Function Sub WriteLog(intProfile,strComment) 'Response.Write("

" & strComment & "

") End Sub Sub Disabled_WriteLog(intProfile,strComment) strIP = Request.ServerVariables("REMOTE_ADDR") strUser = "" If intProfile = 0 Then strUser = "Anonymous" Else strUser = oDB.GetValue(oConn,"email_address","profiles","WHERE id = " & intProfile) End If For Each strHTTP in Request.Form sFormData = sFormData & "&" & strHttp & "=" & Escape(Request.Form(strHttp)) Next For Each strHTTP in Session.Contents sSessionData = sSessionData & "&" & strHttp & "=" & Escape(Session(strHttp)) Next oDB.ExecuteNonQuery oConn,"INSERT INTO admin_log (log_date,ip_address,user,http_data,session_data,comment,session_id) VALUES ('"&Now&"','"&strIP&"','"&strUser&"','"&sFormData&"','"&sSessionData&"','"&strComment&"','"&Session.SessionID&"')" End Sub Function ProfileLogin(nID) Dashboard(0) End Function Function ProfileProperty(intID, strProperty) ProfileProperty = oDB.GetValue(oConn,strProperty,"profiles","WHERE id = " & intID) End Function Function Dashboard(nID) Call Authorize(False) sFile = oBase.LoadView("profiles","dashboard",0) aParts = DoSplit(sFile) sContent = aParts(0) sQ = oDB.ExecuteQuery(oConn,"SELECT id, entity_name, entity_surname FROM profiles WHERE id = " & Session("logged_in_id")) If IsArray(sQ) Then sContent = oBase.InsertValue(sContent,"PROFILE_NAME",sQ(1,0)) sContent = oBase.InsertValue(sContent,"PROFILE",GetProfile) End If Response.Write(sContent) End Function Function GetCategories Call Authorize(False) sReturn = "" sQ = oDB.ExecuteQuery(oConn,"SELECT id, category_id FROM profile_categories WHERE profile_id = " & Session("logged_in_id") & " AND terms_accepted = True") If IsArray(sQ) Then For i = 0 to uBound(sQ,2) sReturn = sReturn & "cat_" & sQ(1,i) & "," Next sReturn = TrimR(sReturn,1) End If GetCategories = sReturn End Function Function GetProfile Call Authorize(False) sQ = oDB.ExecuteQuery(oConn,"SELECT id, entity_name, entity_surname, email_address, cell_number, fax_number, tel_number, address, last_logged_in, entity_type, contact_person, entity_number FROM profiles WHERE id = " & Session("logged_in_id")) If IsArray(sQ) Then Select Case sQ(9,0) Case 1 sFile = oBase.LoadView("profiles","profile-person",0) Case 2 sFile = oBase.LoadView("profiles","profile-company",0) Case 3 sFile = oBase.LoadView("profiles","profile-trust",0) Case Else sFile = oBase.LoadView("profiles","profile-person",0) End Select sRepeat = sFile Select Case sQ(9,i) Case 1 sRepeat = oBase.InsertValue(sRepeat,"ENTITY_SURNAME",sQ(2,i)) Case 2 sRepeat = oBase.InsertValue(sRepeat,"CONTACT_PERSON",sQ(10,i)) Case 3 sRepeat = oBase.InsertValue(sRepeat,"CONTACT_PERSON",sQ(10,i)) Case Else sRepeat = oBase.InsertValue(sRepeat,"ENTITY_SURNAME",sQ(2,i)) End Select sRepeat = oBase.InsertValue(sRepeat,"ENTITY_NAME",sQ(1,i)) sRepeat = oBase.InsertValue(sRepeat,"ENTITY_NUMBER",sQ(11,i)) sRepeat = oBase.InsertValue(sRepeat,"EMAIL_ADDRESS",sQ(3,i)) sRepeat = oBase.InsertValue(sRepeat,"CELL_NUMBER",sQ(4,i)) sRepeat = oBase.InsertValue(sRepeat,"FAX_NUMBER",sQ(5,i)) sRepeat = oBase.InsertValue(sRepeat,"TEL_NUMBER",sQ(6,i)) sRepeat = oBase.InsertValue(sRepeat,"ADDRESS",sQ(7,i)) sRepeat = oBase.InsertValue(sRepeat,"ID",sQ(0,i)) GetProfile = sRepeat Else sRepeat = "

Profile error.

" GetProfile = sRepeat End If End Function Function Update_Profile(nID) For Each Item in Request.Form 'Response.Write("

#" & Item & "#

") Next If oDB.ExecuteUpdate(oConn,"profiles",Request.Form) Then Response.Redirect(URL2("profiles","dashboard",0,"success-msg=Your profile has been updated.")) End If End Function Function ChangePassword(nID) If Trim(Request.Form("password")) = Trim(Request.Form("confirm_password")) AND Request.Form("password") <> "" Then oDB.ExecuteNonQuery oConn, "UPDATE profiles SET password = '"&Request.Form("password")&"' WHERE id = " & Request.Form("id") Response.Redirect(URL2("profiles","dashboard",0,"success-msg=Your password has been changed")) Else Response.Redirect(URL2("profiles","dashboard",0,"error-msg=Your password does not match")) End If End Function Function ProfileCategories(aSelected,blnShowall) aSelected = cStr(aSelected) If aSelected <> "0" Then aSelected = Split(aSelected,",") End If sFile = oBase.LoadView("profiles","categories",1) aParts = DoSplit(sFile) sHeader = aParts(0) sFooter = aParts(2) sQ = oDB.ExecuteQuery(oConn,"SELECT id, title, description FROM property_categories") If IsArray(sQ) Then intCounter = 0 For i = 0 to uBound(sQ,2) intCounter = intCounter + 1 If InArray(aSelected,"cat_" & sQ(0,i)) And blnShowall = False Then sRepeat = sRepeat & aParts(1) sRepeat = oBase.InsertValue(sRepeat,"TITLE",sQ(1,i)) sRepeat = oBase.InsertValue(sRepeat,"DESCRIPTION",sQ(2,i)) sRepeat = oBase.InsertValue(sRepeat,"ID",sQ(0,i)) sRepeat = oBase.InsertValue(sRepeat,"I",i+1) sRepeat = oBase.InsertValue(sRepeat,"SELECTED",True) sRepeat = oBase.InsertValue(sRepeat,"READONLY",True) If intCounter = 4 Then sRepeat = oBase.InsertValue(sRepeat,"CLEAR",True) intCounter = 0 Else sRepeat = oBase.InsertValue(sRepeat,"CLEAR","") End If ElseIf InArray(aSelected,"cat_" & sQ(0,i)) = False And blnShowall = True Then If blnShowall Then sRepeat = sRepeat & aParts(1) sRepeat = oBase.InsertValue(sRepeat,"TITLE",sQ(1,i)) sRepeat = oBase.InsertValue(sRepeat,"DESCRIPTION",sQ(2,i)) sRepeat = oBase.InsertValue(sRepeat,"ID",sQ(0,i)) sRepeat = oBase.InsertValue(sRepeat,"I",i+1) sRepeat = oBase.InsertValue(sRepeat,"SELECTED",False) sRepeat = oBase.InsertValue(sRepeat,"READONLY",False) If intCounter = 4 Then sRepeat = oBase.InsertValue(sRepeat,"CLEAR",True) intCounter = 0 Else sRepeat = oBase.InsertValue(sRepeat,"CLEAR","") End If End If ElseIf InArray(aSelected,"cat_" & sQ(0,i)) = True And blnShowall = True Then If blnShowall Then sRepeat = sRepeat & aParts(1) sRepeat = oBase.InsertValue(sRepeat,"TITLE",sQ(1,i)) sRepeat = oBase.InsertValue(sRepeat,"DESCRIPTION",sQ(2,i)) sRepeat = oBase.InsertValue(sRepeat,"ID",sQ(0,i)) sRepeat = oBase.InsertValue(sRepeat,"I",i+1) sRepeat = oBase.InsertValue(sRepeat,"SELECTED",True) sRepeat = oBase.InsertValue(sRepeat,"READONLY",False) If intCounter = 4 Then sRepeat = oBase.InsertValue(sRepeat,"CLEAR",True) intCounter = 0 Else sRepeat = oBase.InsertValue(sRepeat,"CLEAR","") End If End If End If Next End If ProfileCategories = sHeader & sRepeat & sFooter End Function Function AmendCategories(nID) sFile = oBase.LoadView("profiles","amend-confirm",0) sFile = oBase.InsertValue(sFile,"TERMS",CategoryTerms(Request.Form("categories[]"))) Response.Write(sFile) End Function Function CategoryTerms(sTerms) sFile = oBase.LoadView("profiles","terms",1) aParts = DoSplit(sFile) sHeader = aParts(0) sFooter = aParts(2) sQuery = "" aTerms = Split(sTerms,",") For Each Item in aTerms aName = Split(Item,"cat_") sQuery = sQuery & " OR " sQuery = sQuery & "id = " & aName(1) Next sQ = oDB.ExecuteQuery(oConn,"SELECT id, title, description, terms FROM property_categories WHERE id = 0" & sQuery) If IsArray(sQ) Then For i = 0 to uBound(sQ,2) sRepeat = sRepeat & aParts(1) sRepeat = oBase.InsertValue(sRepeat,"TITLE",sQ(1,i)) sRepeat = oBase.InsertValue(sRepeat,"TERMS",sQ(2,i)) sRepeat = oBase.InsertValue(sRepeat,"ID",sQ(0,i)) Next End If CategoryTerms = sHeader & sRepeat & sFooter End Function Function Register(nID) sFile = oBase.LoadView("profiles","register",0) sFile = oBase.InsertValue(sFile,"ENTITY_NAME",Request.QueryString("entity_name")) sFile = oBase.InsertValue(sFile,"ENTITY_SURNAME",Request.QueryString("entity_surname")) sFile = oBase.InsertValue(sFile,"ENTITY_NUM",Request.QueryString("entity_num")) sFile = oBase.InsertValue(sFile,"EMAIL_ADDRESS",Request.QueryString("email_address")) sFile = oBase.InsertValue(sFile,"TEL_NUMBER",Request.QueryString("tel_number")) sFile = oBase.InsertValue(sFile,"CELL_NUMBER",Request.QueryString("cell_number")) sFile = oBase.InsertValue(sFile,"FAX_NUMBER",Request.QueryString("fax_number")) sFile = oBase.InsertValue(sFile,"ADDRESS",Request.QueryString("address")) Response.Write(sFile) End Function Function CheckEmail(nID) blnReturn = False sQ = oDB.ExecuteQuery(oConn,"SELECT id FROM profiles WHERE email_address = '"&Request.Form("email")&"'") If IsArray(sQ) Then blnReturn = 1 Else blnReturn = 0 End If Response.Write(blnReturn) End Function Function DoRegister(nID) sReturnValues = Request.Form 'Response.Write(sReturnValues) If Trim(Request.Form("password")) <> Trim(Request.Form("confirm_password")) Then Response.Redirect(URL2("profiles","register",1,sReturnValues & " &error-msg=Passwords do not match")) Else sFile = oBase.LoadView("profiles","confirm_register",0) sFile = oBase.InsertValue(sFile,"ENTITY_NAME",Request.Form("entity_name")) sFile = oBase.InsertValue(sFile,"ENTITY_SURNAME",Request.Form("entity_surname")) sFile = oBase.InsertValue(sFile,"ENTITY_NUM",Request.Form("entity_num")) sFile = oBase.InsertValue(sFile,"EMAIL_ADDRESS",Request.Form("email_address")) sFile = oBase.InsertValue(sFile,"TEL_NUMBER",Request.Form("tel_number")) sFile = oBase.InsertValue(sFile,"CELL_NUMBER",Request.Form("cell_number")) sFile = oBase.InsertValue(sFile,"FAX_NUMBER",Request.Form("fax_number")) sFile = oBase.InsertValue(sFile,"ADDRESS",Request.Form("address")) sFile = oBase.InsertValue(sFile,"RETURN_VARS",sReturnValues) sFile = oBase.InsertValue(sFile,"FORM_FIELDS",base64_encode(sReturnValues)) Response.Write(sFile) End If End Function Function ConfirmAmend(nID) Call Profiles.Authorize(False) oConn.Execute("DELETE FROM profile_categories WHERE profile_id = " & Session("logged_in_id")) For Each Item in Request.Form("accept[]") intCatID = cInt(Replace(Item,"accept_","")) sQ = "Insert into profile_categories (profile_id, category_id, terms_accepted) VALUES ("&Session("logged_in_id")&","&intCatID&",true)" oConn.Execute(sQ) Next SendAmendEmail(Session("logged_in_id")) End Function Function ConfirmRegister(nID) aForm = base64_decode(Request.Form("postback")) sReturn = aForm aForm = Split(aForm,"&") If Trim(LCase(Request.Form("thequestion"))) = "red" Then Set oRS = Server.CreateObject("Scripting.Dictionary") For Each Item in aForm aField = Split(Item,"=") If aField(0) = "confirm_password" Then Else If Left(aField(0),10) = "categories" Then Else aField(1) = HTMLDecode(aField(1)) oRS.Add aField(0),aField(1) End If End If Next intID = oDB.ExecuteInsert(oConn,"profiles",oRS) Set oRS = Nothing If Not IsNull(intID) then For Each Item in Request.Form("accept[]") intCatID = cInt(Replace(Item,"accept_","")) sQ = "Insert into profile_categories (profile_id, category_id, terms_accepted) VALUES ("&intID&","&intCatID&",true)" oConn.Execute(sQ) Next SendRegistrationEmail(intID) End If Else Response.Redirect(URL2("profiles","register",1,sReturn & "&error-msg=Anti-Spam test failed. Make sure you correctly answer the anti-spam question on the next page.")) End If End Function Function SendRegistrationEmail(intProfileID) If C_DEV = False Then sEntityName = oDB.GetValue(oConn,"entity_name","profiles","WHERE id = " & intProfileID) sEntityEmail = oDB.GetValue(oConn,"email_address","profiles","WHERE id = " & intProfileID) sEmailBody = oBase.LoadView("profiles","registration_email",0) sEmailBody = oBase.InsertValue(sEmailBody,"ENTITY_NAME",sEntityName) Set oEmail = Server.CreateObject("SMTPsvg.Mailer") oEmail.FromName = C_COMPANY_NAME oEmail.FromAddress= C_COMPANY_EMAIL oEmail.RemoteHost = C_SMTP oEmail.AddRecipient sEntityName, sEntityEmail oEmail.Subject = C_COMPANY_NAME & " User Registration" oEmail.ContentType = "text/html" oEmail.BodyText = sEmailBody oEmail.SendMail Set oEmail = Nothing End If Response.Redirect(URL("profiles","registration_success",0)) End Function Function SendAmendEmail(intProfileID) If C_DEV = False Then sEntityName = oDB.GetValue(oConn,"entity_name","profiles","WHERE id = " & intProfileID) sEntityEmail = oDB.GetValue(oConn,"email_address","profiles","WHERE id = " & intProfileID) sEmailBody = oBase.LoadView("profiles","amend_email",0) sEmailBody = oBase.InsertValue(sEmailBody,"ENTITY_NAME",sEntityName) Set oEmail = Server.CreateObject("SMTPsvg.Mailer") oEmail.FromName = C_COMPANY_NAME oEmail.FromAddress= C_COMPANY_EMAIL oEmail.RemoteHost = C_SMTP oEmail.AddRecipient sEntityName, sEntityEmail oEmail.Subject = C_COMPANY_NAME & " Profile Amended" oEmail.ContentType = "text/html" oEmail.BodyText = sEmailBody oEmail.SendMail Set oEmail = Nothing End If Response.Redirect(URL2("profiles","dashboard",1,"msg=Your profile has been successfully amended")) End Function Function Registration_Success(nID) sFile = oBase.LoadView("profiles","registration_success",0) Response.Write(sFile) End Function Function LoggedInToolbar sFile = oBase.LoadView("profiles","top",0) If IsAuthorized Then sName = oDB.GetValue(oConn,"entity_name","profiles","WHERE id = " & Session("logged_in_id")) sFile = oBase.InsertValue(sFile,"NAME",sName) sFile = oBase.InsertValue(sFile,"IN",True) sFile = oBase.InsertValue(sFile,"OUT",False) Else sFile = oBase.InsertValue(sFile,"IN",False) sFile = oBase.InsertValue(sFile,"OUT",True) End If Response.Write(sFile) End Function End Class %>