<%@ LANGUAGE="VBSCRIPT" %>
<% Option Explicit %>
<%
if request.queryString("l") = "1" then
session("eCart_customerID") = NULL
session("eCart_globalDiscountRate") = NULL
session("eCart_membershipID") = NULL
session("isAuth") = NULL
session("memberEmailAddress") = NULL
clearCart()
Set objConn = Server.CreateObject("ADODB.Connection")
objConn.Open dbConnectionStr
SQLQuery = "UPDATE tblVisitors SET customerID=0 WHERE sessionID='" & prepString(session("eCartSessionID")) & "';"
objConn.execute(SQLQuery)
if lCase(request.serverVariables("HTTPS")) = "on" then
SQLQuery = "SELECT websiteURL FROM tblStore_Checkout;"
Set ds = objConn.Execute(SQLQuery)
If not ds.eof and not ds.bof then
if isTextValid(ds("websiteURL")) then s = ds("websiteURL") & "default.asp?csir=1"
end if
ds.close
set ds = nothing
end if
objConn.close
set objConn = nothing
if inStr(lCase(s), "http://") > 0 then response.redirect s
end if
if session("eCart_customerID") <> "" AND request.queryString("l") <> "0" then
setupSecurePage "accountMain.asp?csir=1&l=0&csid=" & session("eCartsessionID"), true
if session("eCart_customerID") <> "" AND request.queryString("l") <> "0" then response.redirect "accountMain.asp?l=0"
else
setupSecurePage "", true
end if
if session("eCart_customerID") <> "" AND request.queryString("l") <> "0" then response.redirect "accountMain.asp?l=0"
returnPage = "account.asp"
Response.Expires = 60
Response.Expiresabsolute=Now()-2
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "no-cache"
Dim email, password
Dim errorMSG
Dim submitted
submitted = request.form("submitted")
if submitted <> "" then
submitted = true
email = request.form("email")
password = request.form("password")
if email = "" then
errorMSG = "Please enter your email address."
elseIf password = "" then
errorMSG = "Please enter your password."
else
' Search for member
Set objConn = Server.CreateObject("ADODB.Connection")
objConn.Open dbConnectionStr
SQLQuery = "SELECT " & _
"tblCustomers.customerID, " & _
"tblCustomers.email, " & _
"tblCustomers.memberShipNo, " & _
"tblMembership.membershipID, " & _
"tblMembership.globalDiscountRate " & _
"FROM " & _
"tblCustomers " & _
"LEFT JOIN tblMembership ON tblCustomers.membershipType=tblMembership.membershipID " & _
"WHERE email='" & prepString(email) & "' AND customerPassword='" & prepString(password) & "';"
Set ds = objConn.Execute(SQLQuery)
If not ds.eof and not ds.bof then
session("isAuth") = true
session("eCart_customerID") = ds("customerID")
session("memberEmailAddress") = ds("email")
if isNumeric(ds("globalDiscountRate")) AND ds("globalDiscountRate") > 0 then session("eCart_globalDiscountRate") = ds("globalDiscountRate")
' using membership table - removed 14.01.05 MC
'if isNumeric(ds("membershipID")) AND ds("membershipID") > 0 then session("eCart_membershipID") = ds("membershipID")
' instead uses the memberShipNo field in the tblCustomers table
if isNumeric(ds("memberShipNo")) AND ds("memberShipNo") > 0 then session("eCart_membershipID") = ds("memberShipNo")
ds.close
set ds = nothing
checkForMemberPricing()
SQLQuery = "UPDATE tblVisitors SET customerID=" & session("eCart_customerID") & " WHERE sessionID='" & prepString(session("eCartSessionID")) & "';"
objConn.execute(SQLQuery)
objConn.close
set objConn = nothing
response.redirect "accountMain.asp"
else
errorMSG = "Couldn't locate your member details, please try again."
end if
ds.close
set ds = nothing
objConn.close
set objConn = nothing
end if
end if
%>
<% =session("storePageTitle") %>
Member Login(Please
note: This login is for course participants only.)
Lost password
<% ' ERROR REPORTING - DON'T REMOVE!
if dMode <> true AND err.number <> 0 then
reportError err.number, err.description, err.source, ""
end if %>