<%@ Language=VBScript %> <% '************************************************************************* ' DO NOT MODIFY THIS SCRIPT IF YOU WANT UPDATES TO WORK! ' Function : Use this page to make custom pages for your store ' Product : CandyPress Store Frontend ' Version : 4.1 ' Modified : May 2007 ' Copyright: Copyright (C) 2004 Webs Unlimited, Inc. ' See "license.txt" for this product for details regarding ' licensing, usage, disclaimers, distribution and general ' copyright requirements. If you don't have a copy of this ' file, you may request one at http://www.candypress.com '************************************************************************* Option explicit Response.Buffer = true %> <% dim mySQL, connTemp, rsTemp, rsTemp2, idOrder, idCust dim ip dim page dim sql dim emailBody dim emailTo dim errMsg sql = "" 'Open Database Connection call openDb() 'Store Configuration if loadConfig() = false then call errorDB(langErrConfig,"") end if 'Get/Set Cart/Order Session idOrder = sessionCart() 'Get/Set Customer Session idCust = sessionCust() emailTo = pEmailAdmin ' Put your own email here to recieve alerts ip = Request.ServerVariables("REMOTE_ADDR") page = request("page") sql = request("sql") if len(sql) > 0 then emailBody = "Houve uma tentativa de SQL Injection do IP: " & ip & " " _ & "usando a página: " & page & " em " & now() & vbcrlf & vbcrlf _ & "A tentativa foi finalizada." & vbcrlf & vbcrlf _ & "SQL String : " & sql emailTo = pEmailAdmin ' You can put your own email address in here if you wish 'response.Write emailBody 'Send Email call sendmail(pCompany, pEmailAdmin, emailTo, LangGenSQLinject, emailBody, 0) errMsg = LangGenInvalidRequest call closeDB() response.redirect "sysMsg.asp?errMsg=" & server.URLEncode(errMsg) end if call closeDB() %>