<% Function zDecryptPassword(Password,KeyToUse) '# dead simple. i'll probably improve the encryption later Dim zstrEncryptedPassword,zintLetterCode,zintKeyCode zstrEncryptedPassword = "" For counter = 1 To Len(Password) zintLetterCode = Asc(Mid(Password,counter,1)) zintKeyCode = CInt(Mid(KeyToUse,counter,1)) zstrEncryptedPassword = zstrEncryptedPassword & Chr(zintLetterCode - zintKeyCode) Next zDecryptPassword = zstrEncryptedPassword End Function Sub checkField(fieldname,fieldvalue) If zobjRSLogin(fieldname) <> fieldvalue Then zblnValidUser = False End If End Sub If Not Request.Cookies("KAOS_NEWS").HasKeys Then 'user not logged in, kick em out to login page Response.Redirect "ui_index.asp?msg=you need to login before you can modify anything." End If '# if script gets here, then user has a cookie Dim zobjRSLogin Set zobjRSLogin = Server.CreateObject("ADODB.Recordset") Dim zblnValidUser,z1_Username,z1_UserID,z1_AccessLevel,zstrPassword zblnValidUser = True 'starts true, set to false if user fails anything z1_Username = Request.Cookies("KAOS_NEWS")("username") z1_UserID = CInt(Request.Cookies("KAOS_NEWS")("userid")) 'not used by check z1_AccessLevel = CInt(Request.Cookies("KAOS_NEWS")("accesslevel")) 'not used by check Dim zstrSQLLogin zstrSQLLogin = "SELECT * FROM userInfo WHERE userInfo.UserID LIKE " & z1_UserID zobjRSLogin.Open zstrSQLLogin, zobjConn, adOpenForwardOnly, adLockReadOnly, adCmdText If Not zobjRSLogin.EOF Then Call checkField("Username",z1_Username) Call checkField("UserID",z1_UserID) Call checkField("AccessLevel",z1_AccessLevel) zstrPassword = zDecryptPassword(Request.Cookies("KAOS_NEWS")("password"),zobjRSLogin("EncCode")) Call checkField("Password",zstrPassword) Else zblnValidUser = False End If zobjRSLogin.Close Set zobjRSLogin = Nothing If Not zblnValidUser Then 'bad cookie details Response.Cookies("KAOS_NEWS").Expires = Date - 1000 'delete the invalid cookie Response.Redirect "ui_index.asp?msg=you had a cookie containing invalid information. please login again." End If %>