Create Version 1.0

achg.asp

@@ -0,0 +1,145 @@
+<%@Language="VBScript"%>
+<!--#include file = "text.asp"-->
+<!--#include file = "ui.asp"-->
+<%
+On Error goto 0
+If Request.Form("cancel") <> "" Then
+	If Request.Form("denyifcancel") <> "" Then
+		Response.Status = "401 Unauthorized"
+		Response.End
+	Else
+		Response.Redirect(Request.QueryString)
+	End If
+	Response.End
+End If
+
+If Request.Form("new") <> Request.Form("new2") Then
+	Call ShowResult(L_PWDM_Text, "error")
+	Response.End
+End If
+
+On Error Resume Next
+dim domain, posbs, posat, username, pUser, root
+dim upn_name
+upn_name = ""
+
+domain = Trim(Request.Form("domain"))
+if domain = "" then
+	posbs = Instr(1,Request.Form("acct"),"\")
+	posat = Instr(1,Request.Form("acct"),"@")
+	if posbs > 0 then
+		domain = Left(Request.Form("acct"),posbs-1)
+		username = Right(Request.Form("acct"),len(Request.Form("acct")) - posbs)
+	elseif posat > 0 then
+		upn_name = Request.Form("acct")
+		domain = Right(upn_name, len(upn_name) - posat)
+		username = Left(upn_name, posat-1)
+	else
+		username = Request.Form("acct")
+		set nw = Server.CreateObject("WScript.Network")
+		domain = nw.Computername
+	end if
+else
+	username = Trim(Request.Form("acct"))
+end if
+
+if IsInvalidUsername(username) = true then
+	Call ShowResult(L_InvalidUsername_Text & ".", "error")
+	Response.End
+end if
+
+if IsInvalidDomainname(domain) = true then
+	Call ShowResult(L_InvalidDomainname_Text & ".", "error")
+	Response.End
+end if
+
+if upn_name = "" then
+	set pUser = GetObject("WinNT://" & domain & "/" & username & ",user")
+	if Not IsObject(pUser) then
+		set root = GetObject("WinNT:")
+		set pUser = root.OpenDSObject("WinNT://" & domain & "/" & username & ",user", username, Request.Form("old"),1)
+	end if
+	if Not IsObject(pUser) then
+		set pUser = Server.CreateObject("IIS.PwdChg")
+		pUser.Domain = domain
+		pUser.User = username
+	end if
+else
+	set pUser = Server.CreateObject("IIS.PwdChg")
+	if Not IsObject(pUser) then
+		set pUser = GetObject("WinNT://" & domain & "/" & username & ",user")
+		if Not IsObject(pUser) then
+			set root = GetObject("WinNT:")
+			set pUser = root.OpenDSObject("WinNT://" & domain & "/" & username & ",user", username, Request.Form("old"),1)
+		end if
+	else
+		pUser.Domain = domain
+		pUser.User = username
+		pUser.UPN = upn_name
+	end if
+end if
+
+if Not IsObject(pUser) then
+	if err.number = -2147024843 then
+		Call ShowResult(L_NotExist_Text & ".", "error")
+	else
+		if err.description <> "" then
+			Call ShowResult(L_Error_Text & ": " & err.description, "error")
+		else
+			Call ShowResult(L_Errornumber_Text & ": " & err.number, "error")
+		end if
+	end if
+	Response.End
+end if
+
+err.Clear
+pUser.ChangePassword Request.Form("old"), Request.Form("new")
+
+if err.number <> 0 then
+	if err.number = -2147024810 then
+		Call ShowResult(L_Error_Text & ": " & L_Invalid_Text, "error")
+	elseif err.number = -2147022651 then
+		Call ShowResult(L_PasswordToShort_Text, "error")
+	else
+		Call ShowResult(L_Errornumber_Text & ": " & err.number, "error")
+	end if
+	Response.End
+else
+	Call ShowResult(L_PasswordChanged_Text & ".", "success")
+	Response.End
+end if
+
+Sub ShowResult(msg, cls)
+	Dim subtitle
+	If cls = "success" Then
+		subtitle = "Die Aenderung wurde vom Active Directory bestaetigt."
+	Else
+		subtitle = "Die Aenderung konnte nicht abgeschlossen werden."
+	End If
+	Call RenderPageStart("Kennwort aendern", subtitle)
+%>
+<div class="msg <%=cls%>"><%=Server.HTMLEncode(msg)%></div>
+<div class="actions">
+  <a class="btn-link btn-secondary" href="/aexp4b.asp">Zurueck zum Formular</a>
+  <% If cls = "success" Then %>
+  <a class="btn-link" href="/">Fertig</a>
+  <% End If %>
+</div>
+<%
+	Call RenderPageEnd()
+End Sub
+
+function IsInvalidUsername(username)
+	dim re
+	set re = new RegExp
+	re.Pattern = "[/\\""\[\]:<>\+=;,@]"
+	IsInvalidUsername =  re.Test(username)
+end function
+
+function IsInvalidDomainname(domainname)
+	dim re
+	set re = new RegExp
+	re.Pattern = "[/\\""\[\]:<>\+=;,@!#$%^&\(\)\{\}\|~]"
+	IsInvalidDomainName =  re.Test(domainname)
+end function
+%>