edv/VERAG_Homepage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MD5 Hash token Generation wurde implementiert.

Browse Source
This commit is contained in:
ja
2021-12-01 13:05:46 +01:00
parent b2a29d5839
commit 114d84c1c3
6 changed files with 102 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
App_Code/VERAG_VARIABLES.vb
View File

@@ -1,4 +1,5 @@
Imports Microsoft.VisualBasic
Imports System.Security.Cryptography
Imports Microsoft.VisualBasic
Public Class VERAG_VARIABLES
Public Shared errornumb As Integer = 0
@@ -14,4 +15,20 @@ Public Class VERAG_VARIABLES
Shared Function getErrorcodeindez(Errorcode As String) As String
Return VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Errorcode)
End Function
Public Shared Function GenerateSalt(ByVal nSalt As Integer) As String
Dim saltBytes = New Byte(nSalt) {}
Using provider = New RNGCryptoServiceProvider()
provider.GetNonZeroBytes(saltBytes)
End Using
Return Convert.ToBase64String(saltBytes)
End Function
Public Shared Function HashPassword(ByVal password As String, ByVal salt As String, ByVal nIterations As Integer, ByVal nHash As Integer) As String
Dim saltBytes = Convert.FromBase64String(salt)
Using rfc2898DeriveBytes = New Rfc2898DeriveBytes(password, saltBytes, nIterations)
Return Convert.ToBase64String(rfc2898DeriveBytes.GetBytes(nHash))
End Using
End Function
End Class

5
Customers/Customers.master
View File

@@ -165,10 +165,10 @@
margin-right: 320px;
}
#contfluid {
width: 800px;
width: 465px;
}
.modal-content{
width:300px;
width:465px;
}
}
@media (max-width: 328.98px) {
@@ -311,7 +311,6 @@
End Using
con.Close()
End Using
%>
<li class="wrapper">
<!-- Sidebar -->

2
Customers/Invoices.aspx
View File

@@ -221,7 +221,7 @@
</div>
</div>
<div id="Abstand_laenger" style="height:/*24px*/ 1.873536299765808vh;"></div>
<asp:Button ID="btn_SendData" ClientIDMode="Predictable" CssClass="btn btn-primary" runat="server" CausesValidation="false" Text="Erhalte Rechnungen!" style="background-color:#fff;color:#043381;height:30px;width:221px;font-size:1.33em;" />
<asp:Button ID="btn_SendData" ClientIDMode="Predictable" CssClass="btn btn-primary" runat="server" Text="Erhalte Rechnungen!" CausesValidation="false" style="margin-top:2px;margin-bottom:auto;padding-bottom:2px;color:#043381;font-size:1.33em;background-color:#fff;height:30px;width:221px;"/>
<div id="Abstand_lang" style="height: /*32px*/ 2.498048399687744vh;"></div>
<div class="g-3">
<div id="conovertab">

26
css/Customers/MasterpageCustomers.css
View File

@@ -143,25 +143,25 @@ ContentPlaceHolder1 {
color: #043381;
}
.modal-dialog {
width: 428px;
width: 455px;
margin-left:0px;
}
#contfluid {
width: 428px;
width: 460px;
}
.modal-content {
width: 428px;
width: 455px;
display: block;
overflow-x: no-content;
}
.modal-header {
width: 428px;
width: 455px;
}
.modal-body{
width:428px;
width:455px;
}
ul{
width:428px;
width:455px;
}
#Image1 {
@@ -338,19 +338,21 @@ ContentPlaceHolder1 {
/* background-color:#043381;*/
background-color: #fff;
color: #043381;
width: 400px;
width: 600px;
}
.modal-content {
width: 900px;
width: 600px;
display: block;
overflow-x: hidden;
}
row{
width:600px:
}
.modal-header {
background-image: linear-gradient(to right, #003680, #0055cc);
color: #fff;
width: 800px;
width: 600px;
}
.modal-footer {
@@ -440,11 +442,11 @@ ContentPlaceHolder1 {
width: 800px;
}
.modal-content {
width: 900px;
width: 800px;
display: block;
}
.modal-dialog{
width:900px;
width:800px;
}
.modal-header {
background-image: linear-gradient(to right, #003680, #0055cc);

71
login/ForgotPW.aspx.vb
View File

@@ -8,6 +8,7 @@ Imports System.Data
Partial Class ForgotPW
Inherits System.Web.UI.Page
Dim ConnectionString As String = String.Empty
Dim salt As String = String.Empty
Protected Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs) Handles Me.Load
If Page.IsPostBack = True Then
@@ -453,7 +454,8 @@ Partial Class ForgotPW
Else
tokenname = Session.Item("TokenforEmail")
End If
'Dim md5temptoken As String = gensaltToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession, UserID)
MsgBox("Token:" + tokenname + Environment.NewLine + "md5" + md5temptoken)
If SendEmail_M(username, password, email, tokenname, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession, UserID) = True Then
'password = RandomString(New Random, 10)
If (getDateoftoken(tokenname) = True) Then
@@ -524,7 +526,7 @@ Partial Class ForgotPW
Dim Ausschusstext2 As String = "und Zinsen zuletzt auf Zölle angerechnet. Zahlbar und klagbar in Schärding oder Ried. Steuer-Zoll-und Tarifauskünfte sind unverbindlich."
Dim Ausschusstext3 As String = "We operate exclusively on the basis of the General Freight Forwarding Terms and Conditions in the respectively applicable version. Payments are initially"
Dim Ausschusstext4 As String = "charged on freight, fees and interests and at last on customs duties. The place of jurisdiction: Schärding / Ried. Tax, customs and tariff information are not binding."
htmlbody = String.Format("Dear {0}," + Environment.NewLine + Environment.NewLine + " Please follow the Link to reset your password:<br />" + Environment.NewLine + "<a runat=" + "server" + " href=http://" + getdomianenvironment + ServPort + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + ">http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(tokenname) + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "</a>" + Environment.NewLine + "<br /><br />Notice:<br /><span style='color: #043381;font-size:14px'><i>The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!</i></span><br / >To resend the E_Mail: <a runat=" + "server" + " href=http://" + getdomianenvironment + ServPort + "/login/ForgotPW.aspx>http://" + getdomianenvironment + "/login/ForgotPW.aspx</a><br /><br />Kind regards, <br /><span style='color: #043381'><b>VERAG | EDV Support</b></span><br /><span>" + mailpic + "</span><br /><span style='color: #043381'>VERAG Spedition AG | A 4975 Suben, Nr. 100</span><br /><span style='color: #043381'>T.<a href='tel:+43 7711 2777-xx'>+43 7711 2777-xx</a> |<a href='mailto:@support@verag.ag'>support@verag.ag</a> |" + emailnr + "FN xxxxxxx</span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext2 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext3 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext4 + "</i></span><br />", username, password)
htmlbody = String.Format("Dear {0}," + Environment.NewLine + Environment.NewLine + " Please follow the Link to reset your password:<br />" + Environment.NewLine + "<a runat=" + "server" + " href=http://" + getdomianenvironment + ServPort + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + ">http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(tokenname) + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "</a>" + Environment.NewLine + "<br /><br />Notice:<br /><span style='color: #043381;font-size:14px'><i>The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!</i></span><br / >To resend the E_Mail: <a runat=" + "server" + " href=http://" + getdomianenvironment + ServPort + "/login/ForgotPW.aspx>Follow this Link</a><br /><br />Kind regards, <br /><span style='color: #043381'><b>VERAG | EDV Support</b></span><br /><span>" + mailpic + "</span><br /><span style='color: #043381'>VERAG Spedition AG | A 4975 Suben, Nr. 100</span><br /><span style='color: #043381'>T.<a href='tel:+43 7711 2777-xx'>+43 7711 2777-xx</a> |<a href='mailto:@support@verag.ag'>support@verag.ag</a> |" + emailnr + "FN xxxxxxx</span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext2 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext3 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext4 + "</i></span><br />", username, password)
ElseIf String.IsNullOrEmpty(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = False Then
getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME")
'MsgBox(getdomianenvironment)
@@ -537,7 +539,7 @@ Partial Class ForgotPW
Dim Ausschusstext2 As String = "und Zinsen zuletzt auf Zölle angerechnet. Zahlbar und klagbar in Schärding oder Ried. Steuer-Zoll-und Tarifauskünfte sind unverbindlich."
Dim Ausschusstext3 As String = "We operate exclusively on the basis of the General Freight Forwarding Terms and Conditions in the respectively applicable version. Payments are initially"
Dim Ausschusstext4 As String = "charged on freight, fees and interests and at last on customs duties. The place of jurisdiction: Schärding / Ried. Tax, customs and tariff information are not binding."
htmlbody = String.Format("Dear {0}," + Environment.NewLine + Environment.NewLine + " Please follow the Link to reset your password:<br />" + Environment.NewLine + "<a runat=" + "server" + " href=http://" + getdomianenvironment + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + ">http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "</a>" + Environment.NewLine + "<br /><br />Notice:<br /><span style='color: #043381;font-size:14px'><i>The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!</i></span><br / >To resend the E_Mail: <a runat=" + "server" + " href=http://" + getdomianenvironment + "/login/ForgotPW.aspx>http://" + getdomianenvironment + "/login/ForgotPW.aspx</a><br />Kind regards, <br /><span style='color: #043381'><b>VERAG | EDV Support</b></span><br /><span>" + mailpic + "</span><br /><span style='color: #043381'>VERAG Spedition AG | A 4975 Suben, Nr. 100</span><br /><span style='color: #043381'>T.<a href='tel:+43 7711 2777-xx'>+43 7711 2777-xx</a> |<a href='mailto:@support@verag.ag'>support@verag.ag</a> | " + emailnr + "FN xxxxxxx</span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext2 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext3 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext4 + "</i></span><br />", username, password)
htmlbody = String.Format("Dear {0}," + Environment.NewLine + Environment.NewLine + " Please follow the Link to reset your password:<br />" + Environment.NewLine + "<a runat=" + "server" + " href=http://" + getdomianenvironment + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + ">http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "</a>" + Environment.NewLine + "<br /><br />Notice:<br /><span style='color: #043381;font-size:14px'><i>The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!</i></span><br / >To resend the E_Mail: <a runat=" + "server" + " href=http://" + getdomianenvironment + "/login/ForgotPW.aspx>Follow this Link</a><br />Kind regards, <br /><span style='color: #043381'><b>VERAG | EDV Support</b></span><br /><span>" + mailpic + "</span><br /><span style='color: #043381'>VERAG Spedition AG | A 4975 Suben, Nr. 100</span><br /><span style='color: #043381'>T.<a href='tel:+43 7711 2777-xx'>+43 7711 2777-xx</a> |<a href='mailto:@support@verag.ag'>support@verag.ag</a> | " + emailnr + "FN xxxxxxx</span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext2 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext3 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext4 + "</i></span><br />", username, password)
ElseIf String.IsNullOrWhiteSpace(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = True Then
'MsgBox("Error09:" + Environment.NewLine + "The Domain could not be vaildated. Check Link please or contact the Administrator of the program.")
lblMessage_M.ForeColor = Color.OrangeRed
@@ -646,6 +648,7 @@ Partial Class ForgotPW
Else
tokenname = Session.Item("TokenforEmail").ToString()
End If
'Dim Strtemp = Session.Keys.Item("urltochangepw")
If getDateoftoken(tokenname) = True Then
' Dim attachment As Attachment = New Attachment(File.OpenRead(excel), "Kundenliste.xlsx")
@@ -730,7 +733,64 @@ Partial Class ForgotPW
Return "Error in Session ID. It has changed. Please check admin!"
End If
End Function
Function gensaltToken(username As String, password As String, email As String, CustomerID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean, isnewSession As Boolean, theUserID As String) As String
If isnewSession = False Then
Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary())
Dim Key() As Byte = Guid.NewGuid().ToByteArray()
Dim token As String
Dim MyMin As Integer = 100, MyMax As Integer = 555, My1stRandomNumber As Integer, My2ndRandomNumber As Integer
' Create a random number generator
Dim Generator As System.Random = New System.Random()
' Get a random number >= MyMin and <= MyMax
My1stRandomNumber = Generator.Next(MyMin, MyMax + 1) ' Note: Next function returns numbers _less than_ max, so pass in max + 1 to include max as a possible value
' Get another random number (don't create a new generator, use the same one)
My2ndRandomNumber = Generator.Next(MyMin, MyMax + 1)
If isusrnmright = True And iscstmIDright = True And isemailright = True AndAlso String.IsNullOrEmpty(theUserID) = False Then
Try
Dim salt As String = VERAG_VARIABLES.GenerateSalt(My1stRandomNumber)
Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray())
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10101, My1stRandomNumber))
Return token
Catch Ex As Exception
'Dim Msg, Style, Title As String
'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given."
'Style = vbRetry + vbExclamation + vbDefaultButton1
'Title = "Error05: Token-Generierung"
'MsgBox(Msg, Style, Title)
'If MsgBox(Msg, Style, Title).Retry Then
'genToken(username, password, email)
Dim salt As String = VERAG_VARIABLES.GenerateSalt(My1stRandomNumber)
Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray())
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10101, My1stRandomNumber))
If SendEmail(username, password, email, token, CustomerID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession, theUserID) = True Then
'MsgBox("Email could not been sent because of an internal encryption error.", vbOK + vbInformation + vbDefaultButton1, "Token-Generation Error")
Else
'MsgBox("Email has been sent successful." & vbCr & "Please check your E-Mails!", vbOK + vbInformation + vbDefaultButton1, "Token-Generation successful!")
End If
'Else
'MsgBox("Token-Generation has not been successful." & vbCrLf & "Please try again in five seconds!")
Dim jetzt As DateTime = DateTime.UtcNow
Dim wenn As DateTime = DateTime.UtcNow.AddSeconds(-5)
If jetzt < wenn Then
Return "NotYet"
Else
token = genToken(username, password, email, CustomerID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession, theUserID)
Return token
'End If
End If
End Try
Else
Return String.Empty
End If
Else
Return "Error in Session ID. It has changed. Please check admin!"
End If
End Function
Function getDateoftoken(tokenname As String) As Boolean
Dim data() As Byte = Convert.FromBase64String(VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(tokenname))
Dim wenn As DateTime = DateTime.FromBinary(BitConverter.ToInt64(data, 0))
@@ -766,11 +826,12 @@ Partial Class ForgotPW
End If
VERAG_PROG_ALLGEMEIN.cProgramFunctions.sendMail(mailto, Betreff, htmlbody)
Return False
Else
Return True
Else
Return True
End If
End Function
'Function RandomString(r As Random, max As Integer) As String
'Dim s As String = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!§$%&/?="
'Dim sb As New StringBuilder

1
login/login_FLEX.aspx.vb
View File

@@ -1,5 +1,6 @@
Imports System.Data.SqlClient
Imports System.Data
Imports System.Security.Cryptography
Partial Class login_FLEX
Inherits System.Web.UI.Page