<%@Language="VBScript"%> <% On Error goto 0 If Request.Form("cancel") <> "" Then If Request.Form("denyifcancel") <> "" Then Response.Status = "401 Unauthorized" Response.End Else Response.Redirect(Request.QueryString) End If Response.End End If If Request.Form("new") <> Request.Form("new2") Then Call ShowResult(L_PWDM_Text, "error") Response.End End If On Error Resume Next dim domain, posbs, posat, username, pUser, root dim upn_name upn_name = "" domain = Trim(Request.Form("domain")) if domain = "" then posbs = Instr(1,Request.Form("acct"),"\") posat = Instr(1,Request.Form("acct"),"@") if posbs > 0 then domain = Left(Request.Form("acct"),posbs-1) username = Right(Request.Form("acct"),len(Request.Form("acct")) - posbs) elseif posat > 0 then upn_name = Request.Form("acct") domain = Right(upn_name, len(upn_name) - posat) username = Left(upn_name, posat-1) else username = Request.Form("acct") set nw = Server.CreateObject("WScript.Network") domain = nw.Computername end if else username = Trim(Request.Form("acct")) end if if IsInvalidUsername(username) = true then Call ShowResult(L_InvalidUsername_Text & ".", "error") Response.End end if if IsInvalidDomainname(domain) = true then Call ShowResult(L_InvalidDomainname_Text & ".", "error") Response.End end if if upn_name = "" then set pUser = GetObject("WinNT://" & domain & "/" & username & ",user") if Not IsObject(pUser) then set root = GetObject("WinNT:") set pUser = root.OpenDSObject("WinNT://" & domain & "/" & username & ",user", username, Request.Form("old"),1) end if if Not IsObject(pUser) then set pUser = Server.CreateObject("IIS.PwdChg") pUser.Domain = domain pUser.User = username end if else set pUser = Server.CreateObject("IIS.PwdChg") if Not IsObject(pUser) then set pUser = GetObject("WinNT://" & domain & "/" & username & ",user") if Not IsObject(pUser) then set root = GetObject("WinNT:") set pUser = root.OpenDSObject("WinNT://" & domain & "/" & username & ",user", username, Request.Form("old"),1) end if else pUser.Domain = domain pUser.User = username pUser.UPN = upn_name end if end if if Not IsObject(pUser) then if err.number = -2147024843 then Call ShowResult(L_NotExist_Text & ".", "error") else if err.description <> "" then Call ShowResult(L_Error_Text & ": " & err.description, "error") else Call ShowResult(L_Errornumber_Text & ": " & err.number, "error") end if end if Response.End end if err.Clear pUser.ChangePassword Request.Form("old"), Request.Form("new") if err.number <> 0 then if err.number = -2147024810 then Call ShowResult(L_Error_Text & ": " & L_Invalid_Text, "error") elseif err.number = -2147022651 then Call ShowResult(L_PasswordToShort_Text, "error") else Call ShowResult(L_Errornumber_Text & ": " & err.number, "error") end if Response.End else Call ShowResult(L_PasswordChanged_Text & ".", "success") Response.End end if Sub ShowResult(msg, cls) Dim subtitle If cls = "success" Then subtitle = "Die Aenderung wurde vom Active Directory bestaetigt." Else subtitle = "Die Aenderung konnte nicht abgeschlossen werden." End If Call RenderPageStart("Kennwort aendern", subtitle) %>
<%=Server.HTMLEncode(msg)%>
Zurueck zum Formular <% If cls = "success" Then %> Fertig <% End If %>
<% Call RenderPageEnd() End Sub function IsInvalidUsername(username) dim re set re = new RegExp re.Pattern = "[/\\""\[\]:<>\+=;,@]" IsInvalidUsername = re.Test(username) end function function IsInvalidDomainname(domainname) dim re set re = new RegExp re.Pattern = "[/\\""\[\]:<>\+=;,@!#$%^&\(\)\{\}\|~]" IsInvalidDomainName = re.Test(domainname) end function %>