Snitz Forums 2000 - Password Security Tweaks/Password Salting MODS

		if strAuthType = "db" then
			if strDBNTUserName = "" then 
				strDBNTUserName = Request.Form("Name")
			end if
		end if
                 
		strEncodedPassword = sha256("" & Request.Form("Password") & strPasswordSalt)
		strEncodedPassword2 = sha256("" & Request.Form("Password"))
		
		'## Forum_SQL
		strSql = "SELECT " & strMemberTablePrefix & "MEMBERS.MEMBER_ID"
		strsql = strsql & ", " & strMemberTablePrefix & "MEMBERS.M_NAME"
		strSql = strSql & ", " & strMemberTablePrefix & "MEMBERS.M_USERNAME"
		strsql = strsql & ", " & strMemberTablePrefix & "MEMBERS.M_EMAIL"
		strsql = strsql & ", " & strMemberTablePrefix & "MEMBERS.M_FIRSTNAME"
		strsql = strsql & ", " & strMemberTablePrefix & "MEMBERS.M_LASTNAME"
		strSql = strSql & ", " & strMemberTablePrefix & "MEMBERS.M_LEVEL"
		strSql = strSql & ", " & strMemberTablePrefix & "MEMBERS.M_TITLE"
		strSql = strSql & ", " & strMemberTablePrefix & "MEMBERS.M_PASSWORD"
		strSql = strSql & ", " & strMemberTablePrefix & "MEMBERS.M_AIM"
		strSql = strSql & ", " & strMemberTablePrefix & "MEMBERS.M_ICQ"
		strSql = strSql & ", " & strMemberTablePrefix & "MEMBERS.M_MSN"
		strSql = strSql & ", " & strMemberTablePrefix & "MEMBERS.M_YAHOO"
		strSql = strSql & ", " & strMemberTablePrefix & "MEMBERS.M_COUNTRY"
		strSql = strSql & ", " & strMemberTablePrefix & "MEMBERS.M_POSTS"
		strsql = strsql & ", " & strMemberTablePrefix & "MEMBERS.M_CITY"
		strsql = strsql & ", " & strMemberTablePrefix & "MEMBERS.M_STATE"
'		strsql = strsql & ", " & strMemberTablePrefix & "MEMBERS.M_HIDE_EMAIL"
		strsql = strsql & ", " & strMemberTablePrefix & "MEMBERS.M_RECEIVE_EMAIL"
		strsql = strsql & ", " & strMemberTablePrefix & "MEMBERS.M_DATE"
		strsql = strsql & ", " & strMemberTablePrefix & "MEMBERS.M_PHOTO_URL"
		strSql = strSql & ", " & strMemberTablePrefix & "MEMBERS.M_HOMEPAGE"
		strsql = strsql & ", " & strMemberTablePrefix & "MEMBERS.M_LINK1"
		strsql = strsql & ", " & strMemberTablePrefix & "MEMBERS.M_LINK2"
		strsql = strsql & ", " & strMemberTablePrefix & "MEMBERS.M_AGE"
		strsql = strsql & ", " & strMemberTablePrefix & "MEMBERS.M_DOB"
		strsql = strsql & ", " & strMemberTablePrefix & "MEMBERS.M_MARSTATUS"
		strsql = strsql & ", " & strMemberTablePrefix & "MEMBERS.M_SEX"
		strSql = strSql & ", " & strMemberTablePrefix & "MEMBERS.M_VIEW_SIG"
		strSql = strSql & ", " & strMemberTablePrefix & "MEMBERS.M_SIG_DEFAULT"
		strsql = strsql & ", " & strMemberTablePrefix & "MEMBERS.M_OCCUPATION"
		strsql = strsql & ", " & strMemberTablePrefix & "MEMBERS.M_HOBBIES"
		strsql = strsql & ", " & strMemberTablePrefix & "MEMBERS.M_LNEWS"
		strsql = strsql & ", " & strMemberTablePrefix & "MEMBERS.M_QUOTE"
		strsql = strsql & ", " & strMemberTablePrefix & "MEMBERS.M_BIO"
		strSql = strSql & ", " & strMemberTablePrefix & "MEMBERS.M_SIG"
		strSql = strSql & " FROM " & strMemberTablePrefix & "MEMBERS"
		strSql = strSql & " WHERE " & strDBNTSQLName & " = '" & ChkString(strDBNTUserName, "SQLString") & "' "
		if strAuthType = "db" then
			strSql = strSql & " AND   M_PASSWORD = '" & ChkString(strEncodedPassword2,"SQLString") & "'"
		end if