MD5 Hash token Generation wurde implementiert.

2021-12-01 13:05:46 +01:00
parent b2a29d5839
commit 114d84c1c3
6 changed files with 102 additions and 22 deletions
--- a/login/ForgotPW.aspx.vb
+++ b/login/ForgotPW.aspx.vb
@@ -8,6 +8,7 @@ Imports System.Data
 Partial Class ForgotPW
    Inherits System.Web.UI.Page
    Dim ConnectionString As String = String.Empty
+    Dim salt As String = String.Empty
    Protected Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs) Handles Me.Load

        If Page.IsPostBack = True Then
@@ -453,7 +454,8 @@ Partial Class ForgotPW
            Else
                tokenname = Session.Item("TokenforEmail")
            End If
-
+            'Dim md5temptoken As String = gensaltToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession, UserID)
+            MsgBox("Token:" + tokenname + Environment.NewLine + "md5" + md5temptoken)
            If SendEmail_M(username, password, email, tokenname, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession, UserID) = True Then
                'password = RandomString(New Random, 10)
                If (getDateoftoken(tokenname) = True) Then
@@ -524,7 +526,7 @@ Partial Class ForgotPW
                Dim Ausschusstext2 As String = "und Zinsen zuletzt auf Zölle angerechnet. Zahlbar und klagbar in Schärding oder Ried. Steuer-Zoll-und Tarifauskünfte sind unverbindlich."
                Dim Ausschusstext3 As String = "We operate exclusively on the basis of the General Freight Forwarding Terms and Conditions in the respectively applicable version. Payments are initially"
                Dim Ausschusstext4 As String = "charged on freight, fees and interests and at last on customs duties. The place of jurisdiction: Schärding / Ried. Tax, customs and tariff information are not binding."
-                htmlbody = String.Format("Dear {0}," + Environment.NewLine + Environment.NewLine + " Please follow the Link to reset your password:<br />" + Environment.NewLine + "<a runat=" + "server" + " href=http://" + getdomianenvironment + ServPort + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + ">http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(tokenname) + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "</a>" + Environment.NewLine + "<br /><br />Notice:<br /><span style='color: #043381;font-size:14px'><i>The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!</i></span><br / >To resend the E_Mail: <a runat=" + "server" + " href=http://" + getdomianenvironment + ServPort + "/login/ForgotPW.aspx>http://" + getdomianenvironment + "/login/ForgotPW.aspx</a><br /><br />Kind regards, <br /><span style='color: #043381'><b>VERAG | EDV Support</b></span><br /><span>" + mailpic + "</span><br /><span style='color: #043381'>VERAG Spedition AG | A 4975 Suben, Nr. 100</span><br /><span style='color: #043381'>T.<a href='tel:+43 7711 2777-xx'>+43 7711 2777-xx</a> |<a href='mailto:@support@verag.ag'>support@verag.ag</a> |" + emailnr + "FN xxxxxxx</span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext2 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext3 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext4 + "</i></span><br />", username, password)
+                htmlbody = String.Format("Dear {0}," + Environment.NewLine + Environment.NewLine + " Please follow the Link to reset your password:<br />" + Environment.NewLine + "<a runat=" + "server" + " href=http://" + getdomianenvironment + ServPort + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + ">http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(tokenname) + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "</a>" + Environment.NewLine + "<br /><br />Notice:<br /><span style='color: #043381;font-size:14px'><i>The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!</i></span><br / >To resend the E_Mail: <a runat=" + "server" + " href=http://" + getdomianenvironment + ServPort + "/login/ForgotPW.aspx>Follow this Link</a><br /><br />Kind regards, <br /><span style='color: #043381'><b>VERAG | EDV Support</b></span><br /><span>" + mailpic + "</span><br /><span style='color: #043381'>VERAG Spedition AG | A 4975 Suben, Nr. 100</span><br /><span style='color: #043381'>T.<a href='tel:+43 7711 2777-xx'>+43 7711 2777-xx</a> |<a href='mailto:@support@verag.ag'>support@verag.ag</a> |" + emailnr + "FN xxxxxxx</span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext2 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext3 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext4 + "</i></span><br />", username, password)
            ElseIf String.IsNullOrEmpty(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = False Then
                getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME")
                'MsgBox(getdomianenvironment)
@@ -537,7 +539,7 @@ Partial Class ForgotPW
                Dim Ausschusstext2 As String = "und Zinsen zuletzt auf Zölle angerechnet. Zahlbar und klagbar in Schärding oder Ried. Steuer-Zoll-und Tarifauskünfte sind unverbindlich."
                Dim Ausschusstext3 As String = "We operate exclusively on the basis of the General Freight Forwarding Terms and Conditions in the respectively applicable version. Payments are initially"
                Dim Ausschusstext4 As String = "charged on freight, fees and interests and at last on customs duties. The place of jurisdiction: Schärding / Ried. Tax, customs and tariff information are not binding."
-                htmlbody = String.Format("Dear {0}," + Environment.NewLine + Environment.NewLine + " Please follow the Link to reset your password:<br />" + Environment.NewLine + "<a runat=" + "server" + " href=http://" + getdomianenvironment + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + ">http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "</a>" + Environment.NewLine + "<br /><br />Notice:<br /><span style='color: #043381;font-size:14px'><i>The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!</i></span><br / >To resend the E_Mail: <a runat=" + "server" + " href=http://" + getdomianenvironment + "/login/ForgotPW.aspx>http://" + getdomianenvironment + "/login/ForgotPW.aspx</a><br />Kind regards, <br /><span style='color: #043381'><b>VERAG | EDV Support</b></span><br /><span>" + mailpic + "</span><br /><span style='color: #043381'>VERAG Spedition AG | A 4975 Suben, Nr. 100</span><br /><span style='color: #043381'>T.<a href='tel:+43 7711 2777-xx'>+43 7711 2777-xx</a> |<a href='mailto:@support@verag.ag'>support@verag.ag</a> | " + emailnr + "FN xxxxxxx</span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext2 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext3 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext4 + "</i></span><br />", username, password)
+                htmlbody = String.Format("Dear {0}," + Environment.NewLine + Environment.NewLine + " Please follow the Link to reset your password:<br />" + Environment.NewLine + "<a runat=" + "server" + " href=http://" + getdomianenvironment + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + ">http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "</a>" + Environment.NewLine + "<br /><br />Notice:<br /><span style='color: #043381;font-size:14px'><i>The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!</i></span><br / >To resend the E_Mail: <a runat=" + "server" + " href=http://" + getdomianenvironment + "/login/ForgotPW.aspx>Follow this Link</a><br />Kind regards, <br /><span style='color: #043381'><b>VERAG | EDV Support</b></span><br /><span>" + mailpic + "</span><br /><span style='color: #043381'>VERAG Spedition AG | A 4975 Suben, Nr. 100</span><br /><span style='color: #043381'>T.<a href='tel:+43 7711 2777-xx'>+43 7711 2777-xx</a> |<a href='mailto:@support@verag.ag'>support@verag.ag</a> | " + emailnr + "FN xxxxxxx</span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext2 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext3 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext4 + "</i></span><br />", username, password)
            ElseIf String.IsNullOrWhiteSpace(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = True Then
                'MsgBox("Error09:" + Environment.NewLine + "The Domain could not be vaildated. Check Link please or contact the Administrator of the program.")
                lblMessage_M.ForeColor = Color.OrangeRed
@@ -646,6 +648,7 @@ Partial Class ForgotPW
                Else
                    tokenname = Session.Item("TokenforEmail").ToString()
                End If
+
                'Dim Strtemp = Session.Keys.Item("urltochangepw")
                If getDateoftoken(tokenname) = True Then
                    '  Dim attachment As Attachment = New Attachment(File.OpenRead(excel), "Kundenliste.xlsx")
@@ -730,7 +733,64 @@ Partial Class ForgotPW
            Return "Error in Session ID. It has changed. Please check admin!"
        End If
    End Function
+    Function gensaltToken(username As String, password As String, email As String, CustomerID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean, isnewSession As Boolean, theUserID As String) As String
+        If isnewSession = False Then
+            Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary())
+            Dim Key() As Byte = Guid.NewGuid().ToByteArray()
+            Dim token As String
+            Dim MyMin As Integer = 100, MyMax As Integer = 555, My1stRandomNumber As Integer, My2ndRandomNumber As Integer

+            ' Create a random number generator
+            Dim Generator As System.Random = New System.Random()
+
+            ' Get a random number >= MyMin and <= MyMax
+            My1stRandomNumber = Generator.Next(MyMin, MyMax + 1) ' Note: Next function returns numbers _less than_ max, so pass in max + 1 to include max as a possible value
+
+            ' Get another random number (don't create a new generator, use the same one)
+            My2ndRandomNumber = Generator.Next(MyMin, MyMax + 1)
+            If isusrnmright = True And iscstmIDright = True And isemailright = True AndAlso String.IsNullOrEmpty(theUserID) = False Then
+                Try
+                    Dim salt As String = VERAG_VARIABLES.GenerateSalt(My1stRandomNumber)
+                    Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray())
+                    token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10101, My1stRandomNumber))
+                    Return token
+                Catch Ex As Exception
+                    'Dim Msg, Style, Title As String
+                    'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given."
+                    'Style = vbRetry + vbExclamation + vbDefaultButton1
+                    'Title = "Error05: Token-Generierung"
+                    'MsgBox(Msg, Style, Title)
+                    'If MsgBox(Msg, Style, Title).Retry Then
+                    'genToken(username, password, email)
+                    Dim salt As String = VERAG_VARIABLES.GenerateSalt(My1stRandomNumber)
+                    Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray())
+                    token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10101, My1stRandomNumber))
+
+                    If SendEmail(username, password, email, token, CustomerID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession, theUserID) = True Then
+                        'MsgBox("Email could not been sent because of an internal encryption error.", vbOK + vbInformation + vbDefaultButton1, "Token-Generation Error")
+                    Else
+                        'MsgBox("Email has been sent successful." & vbCr & "Please check your E-Mails!", vbOK + vbInformation + vbDefaultButton1, "Token-Generation successful!")
+                    End If
+                    'Else
+                    'MsgBox("Token-Generation has not been successful." & vbCrLf & "Please try again in five seconds!")
+                    Dim jetzt As DateTime = DateTime.UtcNow
+                    Dim wenn As DateTime = DateTime.UtcNow.AddSeconds(-5)
+
+                    If jetzt < wenn Then
+                        Return "NotYet"
+                    Else
+                        token = genToken(username, password, email, CustomerID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession, theUserID)
+                        Return token
+                        'End If
+                    End If
+                End Try
+            Else
+                Return String.Empty
+            End If
+        Else
+            Return "Error in Session ID. It has changed. Please check admin!"
+        End If
+    End Function
    Function getDateoftoken(tokenname As String) As Boolean
        Dim data() As Byte = Convert.FromBase64String(VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(tokenname))
        Dim wenn As DateTime = DateTime.FromBinary(BitConverter.ToInt64(data, 0))
@@ -766,11 +826,12 @@ Partial Class ForgotPW
            End If
            VERAG_PROG_ALLGEMEIN.cProgramFunctions.sendMail(mailto, Betreff, htmlbody)
            Return False
-            Else
-                Return True
+        Else
+            Return True
        End If
    End Function

+
    'Function RandomString(r As Random, max As Integer) As String
    'Dim s As String = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!§$%&/?="
    'Dim sb As New StringBuilder