Profile Check-In

Introduction. Now we need to develop an ASP that will be used so that shoppers who have previously created a profile can re-access it. The file will be called Profile.asp.

We also need to deal with the ever present situation of someone who has forgotten their password. We will use the typical strategy of requiring them to enter their e-mail address and then mail them the password that we have in the database for that address to the e-mail address. While not a perfect security measure, it is certainly intelligent and functional. This will be done with the file EmailPassword.asp.

The Profile.asp. This code is relatively straight forward, particularly when compared to what you have recently dealt with in the shopping basket. This file should be called Profile.asp. The ASP does the following.

Gives a textbox and password text box for the shopper to enter their E-mail address and profile password.

The results of this form are routed to the ProfileDisplay.asp.

<%@ Language=VBScript %>
<HTML>




To retrieve your profile, please enter in
your e-mail address and password.
<BR><BR>

<b><i>Note:</b></i> If you do NOT have a username or
password, upon your first purchase you will have the
option to create one.

<BR><BR>


<form method="post" action="ProfileDisplay.asp">


<table>
<tr>
<td align="right">
E-mail:
</td>
<td>
<input type="text" name="email" value="">
</td>
</tr>
<tr>
<td align="right">
Password:
</td>
<td>
<input type="password" name="password" value="">
</td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="submit" value="Submit" name="submit">
</td>
</tr>
</table>

</form>



</BODY>
</HTML>

The EmailPassword.asp. This ASP is not actually accessed directly from the Profile.asp. It is accessed by the processing script for the Profile.asp. Remember, the processing script for the Profile.asp is DisplayProfile.asp. If the user cannot replicate their password for an e-mail address they have the option to have the password e-mailed to them by being redirected to the EmailPassword.asp. The following EmailPassword.asp will

Open the database connection.

Retrieve the password from our database using an SQL command.

If there is such an e-mail address in the database then this will send you the password.

It is interesting to note that this script doesn't adequately handle a poorly entered e-mail address or a non-existent e-mail address. This sounds like a good homework exercise!

<%@ Language=VBScript %>
<HTML>




<%

' Create an ADO database connection
set dbProfile = server.createobject("adodb.connection")

' Create the record set
set rsProfile = server.CreateObject("adodb.recordset")

' Open the connection using our SQL Server DSN-less connection string
dbProfile.ConnectionString="Driver={SQL Server}; Server=cisdev.quinnipiac.edu;" & _
"Database=WildWillies;UID=cis; PWD=csatqu"

dbProfile.Open

' Build the SQL statement to retrieve the password
sql = "select chrPassword from shopper where chrEmail = '" & _
request("email") & "'"

' Execute the statement
set rsProfile = dbProfile.Execute(sql)

' Create the CDONTS mail object
Set objNewMail = server.CreateObject("CDONTS.NewMail")

' Check to ensure that a profile exists with that email address
If not rsProfile.eof Then

' Execute the mail object to send the email
' We pass in the from address, the to address,
' the subject and the body with the password.
objNewMail.Send "support@wildwillieinc.com", _
request("email"), _
"Wild Willie's CD Store", _
"Here is your password: " & rsProfile("chrPassword")

End If

%>

<B>Your password has been sent to your email address.</b>



</BODY>
</HTML>