SQL Update Befehl mit Übergabe der Parameter in URl und ABgleich in Sessionvariablen

login/ChangePW.aspx.vb

@@ -7,7 +7,7 @@ Partial Class login_ChangePW
     Protected Sub Page_Load(sender As Object, e As EventArgs)
         Dim url = Request.ServerVariables("URL")
         Session.Add("urltochangepw", url)
-        If VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Session.Item("TokenforEmail").ToString()) = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1")) AndAlso VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Session.Item("TokenforEmail").ToString()) = Not Nothing AndAlso VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1")) = Not Nothing Then
+        If VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Session.Item("TokenforEmail").ToString()) = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1")) AndAlso VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Session.Item("TokenforEmail").ToString()) = Not Nothing AndAlso VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1")) = Not Nothing And VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Session.Item("USerID").ToString()) = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")) Then
             If getDateoftoken(VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1"))) = True Then
                 txt_Pw_WH.Enabled = True
                 txt_Pw.Enabled = True
@@ -57,27 +57,36 @@ Partial Class login_ChangePW
         Dim Msg, Style, Title As String
 
         If String.IsNullOrEmpty(txt_Pw.Text) = Not True AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = Not True AndAlso String.IsNullOrEmpty(txt_Pw.Text) = Not True AndAlso String.IsNullOrEmpty(txt_Pw_WH_M.Text) = Not True Then
+            reqPassw1txt_M.Enabled = False
+            reqPasswtxt_M.Enabled = False
+            reqPasswtxt.Enabled = True
+            reqPassw1txt.Enabled = True
             reqPasswtxt.Validate()
             reqPassw1txt.Validate()
-            reqPassw1txt_M.Enabled = False
-            reqPasswtxt.Enabled = True
-            tempstr = txt_Pw.Text
-        ElseIf String.IsNullOrEmpty(txt_Pw.Text) = True AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = True AndAlso String.IsNullOrEmpty(txt_Pw_M.Text) = Not True AndAlso String.IsNullOrEmpty(txt_Pw_WH_M.Text) = Not True Then
 
+            If reqPasswtxt.IsValid And reqPassw1txt.IsValid Then
+                tempstr = txt_Pw.Text
+            End If
+        ElseIf String.IsNullOrEmpty(txt_Pw.Text) = True AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = True AndAlso String.IsNullOrEmpty(txt_Pw_M.Text) = Not True AndAlso String.IsNullOrEmpty(txt_Pw_WH_M.Text) = Not True Then
             reqPasswtxt.Enabled = False
             reqPassw1txt.Enabled = False
+            reqPasswtxt_M.Enabled = True
+            reqPassw1txt_M.Enabled = True
             reqPasswtxt_M.Validate()
             reqPassw1txt_M.Validate()
-            tempstr = txt_Pw_M.Text
+
+            If reqPassw1txt_M.IsValid And reqPasswtxt_M.IsValid Then
+                tempstr = txt_Pw_M.Text
+            End If
         Else
             tempstr = "Error01"
         End If
 
-
         If txt_Pw.Text = tempstr And txt_Pw_WH.Text = tempstr AndAlso txt_Pw_M.Text = String.Empty And txt_Pw_WH_M.Text = String.Empty Then
             Try
                 Dim ConnectionString = ""
                 Dim usrname = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par2"))
+                Dim UsrID = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3"))
                 If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
                     'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956"
                     ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
@@ -86,25 +95,17 @@ Partial Class login_ChangePW
                     'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
                 End If
                 Using con As New SqlConnection(ConnectionString)
-                    '#######################################################
-                    'Überprüfung Andreas
-                    '#######################################################
-
-                    Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET Password=@Password WHERE Username=@Username AND Password=@Password")
+                    Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET Password=@Password WHERE Username=@Username AND Password=@Password AND KundenNr=@KundenNr")
                         ' cmd.CommandType = CommandType.StoredProcedure
                         cmd.Parameters.AddWithValue("@Username", usrname)
                         cmd.Parameters.AddWithValue("@Password", tempstr)
+                        cmd.Parameters.AddWithValue("@KundenNr", UsrID)
                         cmd.Connection = con
-                        con.Open()
-                        'Modifizierung der Datenbank ist im Debug aus
-
-                        'Dim integ As Integer = cmd.ExecuteNonQuery()
-                        'MsgBox(integ.ToString)
-                        con.Close()
+                        cmd.ExecuteNonQuery()
                     End Using
                 End Using
             Catch ex As Exception
-
+                lbl_messagetext.Text = ex.Message
             End Try
             Msg = "PW erfolgreich geändert!"
             Style = vbOKOnly + vbInformation + vbDefaultButton1
@@ -118,9 +119,28 @@ Partial Class login_ChangePW
             'End If
         ElseIf txt_Pw_M.Text = tempstr And txt_Pw_WH_M.Text = tempstr AndAlso txt_Pw.Text = String.Empty And txt_Pw_M.Text = String.Empty Then
             Try
-
+                Dim ConnectionString = ""
+                Dim usrname = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par2"))
+                Dim UsrID = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3"))
+                If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
+                    'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956"
+                    ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
+                Else
+                    ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
+                    'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
+                End If
+                Using con As New SqlConnection(ConnectionString)
+                    Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET Password=@Password WHERE Username=@Username AND Password=@Password AND KundenNr=@KundenNr")
+                        ' cmd.CommandType = CommandType.StoredProcedure
+                        cmd.Parameters.AddWithValue("@Username", usrname)
+                        cmd.Parameters.AddWithValue("@Password", tempstr)
+                        cmd.Parameters.AddWithValue("@KundenNr", UsrID)
+                        cmd.Connection = con
+                        cmd.ExecuteNonQuery()
+                    End Using
+                End Using
             Catch ex As Exception
-
+                lbl_messagetext.Text = ex.Message
             End Try
             Msg = "PW erfolgreich geändert!"
             Style = vbOKOnly + vbInformation + vbDefaultButton1