IISADMPWD/achg.asp

<%@Language="VBScript"%>
<!--#include file = "text.asp"-->
<!--#include file = "ui.asp"-->
<%
On Error goto 0
If Request.Form("cancel") <> "" Then
	If Request.Form("denyifcancel") <> "" Then
		Response.Status = "401 Unauthorized"
		Response.End
	Else
		Response.Redirect(Request.QueryString)
	End If
	Response.End
End If

If Request.Form("new") <> Request.Form("new2") Then
	Call ShowResult(L_PWDM_Text, "error")
	Response.End
End If

On Error Resume Next
dim domain, posbs, posat, username, pUser, root
dim upn_name
upn_name = ""

domain = Trim(Request.Form("domain"))
if domain = "" then
	posbs = Instr(1,Request.Form("acct"),"\")
	posat = Instr(1,Request.Form("acct"),"@")
	if posbs > 0 then
		domain = Left(Request.Form("acct"),posbs-1)
		username = Right(Request.Form("acct"),len(Request.Form("acct")) - posbs)
	elseif posat > 0 then
		upn_name = Request.Form("acct")
		domain = Right(upn_name, len(upn_name) - posat)
		username = Left(upn_name, posat-1)
	else
		username = Request.Form("acct")
		set nw = Server.CreateObject("WScript.Network")
		domain = nw.Computername
	end if
else
	username = Trim(Request.Form("acct"))
end if

if IsInvalidUsername(username) = true then
	Call ShowResult(L_InvalidUsername_Text & ".", "error")
	Response.End
end if

if IsInvalidDomainname(domain) = true then
	Call ShowResult(L_InvalidDomainname_Text & ".", "error")
	Response.End
end if

if upn_name = "" then
	set pUser = GetObject("WinNT://" & domain & "/" & username & ",user")
	if Not IsObject(pUser) then
		set root = GetObject("WinNT:")
		set pUser = root.OpenDSObject("WinNT://" & domain & "/" & username & ",user", username, Request.Form("old"),1)
	end if
	if Not IsObject(pUser) then
		set pUser = Server.CreateObject("IIS.PwdChg")
		pUser.Domain = domain
		pUser.User = username
	end if
else
	set pUser = Server.CreateObject("IIS.PwdChg")
	if Not IsObject(pUser) then
		set pUser = GetObject("WinNT://" & domain & "/" & username & ",user")
		if Not IsObject(pUser) then
			set root = GetObject("WinNT:")
			set pUser = root.OpenDSObject("WinNT://" & domain & "/" & username & ",user", username, Request.Form("old"),1)
		end if
	else
		pUser.Domain = domain
		pUser.User = username
		pUser.UPN = upn_name
	end if
end if

if Not IsObject(pUser) then
	if err.number = -2147024843 then
		Call ShowResult(L_NotExist_Text & ".", "error")
	else
		if err.description <> "" then
			Call ShowResult(L_Error_Text & ": " & err.description, "error")
		else
			Call ShowResult(L_Errornumber_Text & ": " & err.number, "error")
		end if
	end if
	Response.End
end if

err.Clear
pUser.ChangePassword Request.Form("old"), Request.Form("new")

if err.number <> 0 then
	if err.number = -2147024810 then
		Call ShowResult(L_Error_Text & ": " & L_Invalid_Text, "error")
	elseif err.number = -2147022651 then
		Call ShowResult(L_PasswordToShort_Text, "error")
	else
		Call ShowResult(L_Errornumber_Text & ": " & err.number, "error")
	end if
	Response.End
else
	Call ShowResult(L_PasswordChanged_Text & ".", "success")
	Response.End
end if

Sub ShowResult(msg, cls)
	Dim subtitle
	If cls = "success" Then
		subtitle = "Die Aenderung wurde vom Active Directory bestaetigt."
	Else
		subtitle = "Die Aenderung konnte nicht abgeschlossen werden."
	End If
	Call RenderPageStart("Kennwort aendern", subtitle)
%>
<div class="msg <%=cls%>"><%=Server.HTMLEncode(msg)%></div>
<div class="actions">
  <a class="btn-link btn-secondary" href="/aexp4b.asp">Zurueck zum Formular</a>
  <% If cls = "success" Then %>
  <a class="btn-link" href="/">Fertig</a>
  <% End If %>
</div>
<%
	Call RenderPageEnd()
End Sub

function IsInvalidUsername(username)
	dim re
	set re = new RegExp
	re.Pattern = "[/\\""\[\]:<>\+=;,@]"
	IsInvalidUsername =  re.Test(username)
end function

function IsInvalidDomainname(domainname)
	dim re
	set re = new RegExp
	re.Pattern = "[/\\""\[\]:<>\+=;,@!#$%^&\(\)\{\}\|~]"
	IsInvalidDomainName =  re.Test(domainname)
end function
%>