edv/VERAG_Homepage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SQL Update Befehl mit Übergabe der Parameter in URl und ABgleich in Sessionvariablen

Browse Source
This commit is contained in:
ja
2021-10-18 15:59:05 +02:00
parent 6fef897d03
commit 1237262ba0
6 changed files with 86 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Global.asax
View File

@@ -45,5 +45,6 @@
Session.Remove("TokenforEmail");
Session.Remove("SessID");
Session.Remove("urltochangepw");
Session.Remove("USerID");
}
</script>

62
login/ChangePW.aspx.vb
View File

@@ -7,7 +7,7 @@ Partial Class login_ChangePW
Protected Sub Page_Load(sender As Object, e As EventArgs)
Dim url = Request.ServerVariables("URL")
Session.Add("urltochangepw", url)
If VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Session.Item("TokenforEmail").ToString()) = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1")) AndAlso VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Session.Item("TokenforEmail").ToString()) = Not Nothing AndAlso VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1")) = Not Nothing Then
If VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Session.Item("TokenforEmail").ToString()) = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1")) AndAlso VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Session.Item("TokenforEmail").ToString()) = Not Nothing AndAlso VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1")) = Not Nothing And VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Session.Item("USerID").ToString()) = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")) Then
If getDateoftoken(VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1"))) = True Then
txt_Pw_WH.Enabled = True
txt_Pw.Enabled = True
@@ -57,27 +57,36 @@ Partial Class login_ChangePW
Dim Msg, Style, Title As String
If String.IsNullOrEmpty(txt_Pw.Text) = Not True AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = Not True AndAlso String.IsNullOrEmpty(txt_Pw.Text) = Not True AndAlso String.IsNullOrEmpty(txt_Pw_WH_M.Text) = Not True Then
reqPassw1txt_M.Enabled = False
reqPasswtxt_M.Enabled = False
reqPasswtxt.Enabled = True
reqPassw1txt.Enabled = True
reqPasswtxt.Validate()
reqPassw1txt.Validate()
reqPassw1txt_M.Enabled = False
reqPasswtxt.Enabled = True
tempstr = txt_Pw.Text
ElseIf String.IsNullOrEmpty(txt_Pw.Text) = True AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = True AndAlso String.IsNullOrEmpty(txt_Pw_M.Text) = Not True AndAlso String.IsNullOrEmpty(txt_Pw_WH_M.Text) = Not True Then
If reqPasswtxt.IsValid And reqPassw1txt.IsValid Then
tempstr = txt_Pw.Text
End If
ElseIf String.IsNullOrEmpty(txt_Pw.Text) = True AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = True AndAlso String.IsNullOrEmpty(txt_Pw_M.Text) = Not True AndAlso String.IsNullOrEmpty(txt_Pw_WH_M.Text) = Not True Then
reqPasswtxt.Enabled = False
reqPassw1txt.Enabled = False
reqPasswtxt_M.Enabled = True
reqPassw1txt_M.Enabled = True
reqPasswtxt_M.Validate()
reqPassw1txt_M.Validate()
tempstr = txt_Pw_M.Text
If reqPassw1txt_M.IsValid And reqPasswtxt_M.IsValid Then
tempstr = txt_Pw_M.Text
End If
Else
tempstr = "Error01"
End If
If txt_Pw.Text = tempstr And txt_Pw_WH.Text = tempstr AndAlso txt_Pw_M.Text = String.Empty And txt_Pw_WH_M.Text = String.Empty Then
Try
Dim ConnectionString = ""
Dim usrname = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par2"))
Dim UsrID = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3"))
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956"
ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
@@ -86,25 +95,17 @@ Partial Class login_ChangePW
'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
End If
Using con As New SqlConnection(ConnectionString)
'#######################################################
'Überprüfung Andreas
'#######################################################
Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET Password=@Password WHERE Username=@Username AND Password=@Password")
Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET Password=@Password WHERE Username=@Username AND Password=@Password AND KundenNr=@KundenNr")
' cmd.CommandType = CommandType.StoredProcedure
cmd.Parameters.AddWithValue("@Username", usrname)
cmd.Parameters.AddWithValue("@Password", tempstr)
cmd.Parameters.AddWithValue("@KundenNr", UsrID)
cmd.Connection = con
con.Open()
'Modifizierung der Datenbank ist im Debug aus
'Dim integ As Integer = cmd.ExecuteNonQuery()
'MsgBox(integ.ToString)
con.Close()
cmd.ExecuteNonQuery()
End Using
End Using
Catch ex As Exception
lbl_messagetext.Text = ex.Message
End Try
Msg = "PW erfolgreich geändert!"
Style = vbOKOnly + vbInformation + vbDefaultButton1
@@ -118,9 +119,28 @@ Partial Class login_ChangePW
'End If
ElseIf txt_Pw_M.Text = tempstr And txt_Pw_WH_M.Text = tempstr AndAlso txt_Pw.Text = String.Empty And txt_Pw_M.Text = String.Empty Then
Try
Dim ConnectionString = ""
Dim usrname = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par2"))
Dim UsrID = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3"))
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956"
ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
Else
ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
End If
Using con As New SqlConnection(ConnectionString)
Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET Password=@Password WHERE Username=@Username AND Password=@Password AND KundenNr=@KundenNr")
' cmd.CommandType = CommandType.StoredProcedure
cmd.Parameters.AddWithValue("@Username", usrname)
cmd.Parameters.AddWithValue("@Password", tempstr)
cmd.Parameters.AddWithValue("@KundenNr", UsrID)
cmd.Connection = con
cmd.ExecuteNonQuery()
End Using
End Using
Catch ex As Exception
lbl_messagetext.Text = ex.Message
End Try
Msg = "PW erfolgreich geändert!"
Style = vbOKOnly + vbInformation + vbDefaultButton1

14
login/ForgotPW.aspx
View File

@@ -279,16 +279,16 @@
</td></tr> -->
<tr style="color:#003680; height:40px;">
<td align="left" colspan="2">
<asp:TextBox ID="txtEmail" runat="server" Width="265" ValidationGroup="Valtxtemail" Font-Size="1.125em" Placeholder="E-Mail" CssClass="bg-email-icon" style="margin-left:45px;color:#003680"/>
<asp:RequiredFieldValidator ID="valreqtxtEmail" ControlToValidate="txtEmail" ValidationGroup="Valtxtemail" runat="server" Text="Require E-Mail Address" ForeColor="Red" ></asp:RequiredFieldValidator>
<asp:RegularExpressionValidator ControlToValidate="txtEmail" runat="server" ID="regexval_txt_Email" ValidationGroup="Valtxtemail" ValidationExpression="[\w\.]+\@(\bverag.ag\b)" Display="Dynamic" ErrorMessage="The E-Mail has not the correct domain!" SetFocusOnError="true" style="font-size:1em" ForeColor="Red"></asp:RegularExpressionValidator>
<asp:RegularExpressionValidator ControlToValidate="txtEmail" runat="server" ID="regexval_txt_Email_2" ValidationGroup="Valtxtemail" ValidationExpression="[\w\.]+\@[\w]+(?:\.[\w]{3}|\.[\w]{2}\.[\w]{2}|\.[\w]{2})\b" Display="Dynamic" ErrorMessage="The E-Mail has not the correct domain!" ForeColor="Red" SetFocusOnError="true"></asp:RegularExpressionValidator>
<asp:TextBox ID="txtEmail" runat="server" Width="265" ValidationGroup="val-desk" Font-Size="1.125em" Placeholder="E-Mail" CssClass="bg-email-icon" style="margin-left:45px;color:#003680"/>
<asp:RequiredFieldValidator ID="valreqtxtEmail" ControlToValidate="txtEmail" ValidationGroup="val-desk" runat="server" Text="Require E-Mail Address" ForeColor="Red" ></asp:RequiredFieldValidator>
<asp:RegularExpressionValidator ControlToValidate="txtEmail" runat="server" ID="regexval_txt_Email" ValidationGroup="val-desk" ValidationExpression="[\w\.]+\@(\bverag.ag\b)" Display="Dynamic" ErrorMessage="The E-Mail has not the correct domain!" SetFocusOnError="true" style="font-size:1em" ForeColor="Red"></asp:RegularExpressionValidator>
<asp:RegularExpressionValidator ControlToValidate="txtEmail" runat="server" ID="regexval_txt_Email_2" ValidationGroup="val-desk" ValidationExpression="[\w\.]+\@[\w]+(?:\.[\w]{3}|\.[\w]{2}\.[\w]{2}|\.[\w]{2})\b" Display="Dynamic" ErrorMessage="The E-Mail has not the correct domain!" ForeColor="Red" SetFocusOnError="true"></asp:RegularExpressionValidator>
</td></tr>
<tr style="color:#003680; height:30px;">
<td align="left" colspan="2">
<asp:TextBox ID="txt_Username" runat="server" CssClass="bg-user-icon" ValidationGroup="Valtxtusername" Placeholder="Username" Font-Size="1.125em" Width="265" style="margin-left:45px;color:#003680" />
<asp:RequiredFieldValidator ID="valreqtxtusername" ControlToValidate="txt_Username" ValidationGroup="Valtxtusername" runat="server" Text="Require Username" ErrorMessage="Please give a Username."></asp:RequiredFieldValidator>
<asp:RegularExpressionValidator ID="check_UserName_regex" ErrorMessage="The Username don't meet the rquirements. Try again." ControlToValidate="txt_Username" ValidationGroup="Valtxtusername" runat="server" Display="Dynamic" SetFocusOnError="true" ValidationExpression="^([a-zA-Z1-9]{4,30})$"></asp:RegularExpressionValidator>
<asp:TextBox ID="txt_Username" runat="server" CssClass="bg-user-icon" ValidationGroup="val-desk" Placeholder="Username" Font-Size="1.125em" Width="265" style="margin-left:45px;color:#003680" />
<asp:RequiredFieldValidator ID="valreqtxtusername" ControlToValidate="txt_Username" ValidationGroup="val-desk" runat="server" Text="Require Username" ErrorMessage="Please give a Username."></asp:RequiredFieldValidator>
<asp:RegularExpressionValidator ID="check_UserName_regex" ErrorMessage="The Username don't meet the rquirements. Try again." ControlToValidate="txt_Username" ValidationGroup="val-desk" runat="server" Display="Dynamic" SetFocusOnError="true" ValidationExpression="^([a-zA-Z1-9]{4,30})$"></asp:RegularExpressionValidator>
</td></tr>
<tr style="color:#003680; height:30px;">
<td align="right" colspan="2">

43
login/ForgotPW.aspx.vb
View File

@@ -19,6 +19,8 @@ Partial Class login_ForgotPW
Dim password As String = String.Empty
Dim email As String = String.Empty
Dim tokenname As String = String.Empty
Dim userID As String = String.Empty
If String.IsNullOrEmpty(txtEmail_M.Text) = True And String.IsNullOrEmpty(txt_Username_M.Text) = True And String.IsNullOrEmpty(txtEmail.Text) = False And String.IsNullOrEmpty(txt_Username.Text) = False Then
regexval_2_txt_Email_M.Enabled = False
valreqtxtEmail_M.Enabled = False
@@ -85,7 +87,7 @@ Partial Class login_ForgotPW
'Erweiterte Degub Msg-Box
'MsgBox("Userdaten in App" + Environment.NewLine + email + Environment.NewLine + username + Environment.NewLine + "Userdaten desktop" + txt_Username.Text + Environment.NewLine + txtEmail.Text + Environment.NewLine + "Userdaten Mobil:" + Environment.NewLine + txtEmail_M.Text + Environment.NewLine + txt_Username_M.Text)
If String.IsNullOrEmpty(email) = False And String.IsNullOrEmpty(tokenname) = True And String.IsNullOrEmpty(password) = True And String.IsNullOrEmpty(username) = False Then
If String.IsNullOrEmpty(email) = False And String.IsNullOrEmpty(tokenname) = True And String.IsNullOrEmpty(password) = True And String.IsNullOrEmpty(username) = False And String.IsNullOrEmpty(userID) = True Then
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = True
'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956"
@@ -98,7 +100,7 @@ Partial Class login_ForgotPW
Using con As New SqlConnection(ConnectionString)
' Using cmd As New SqlCommand("Validate_User")
Using cmd As New SqlCommand("SELECT Username,Password,Email FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username")
Using cmd As New SqlCommand("SELECT Username,Password,Email,KundenNr FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username")
' cmd.CommandType = CommandType.StoredProcedure
cmd.Parameters.AddWithValue("@Username", username)
cmd.Connection = con
@@ -109,18 +111,19 @@ Partial Class login_ForgotPW
username = dr("Username").ToString()
password = dr("Password").ToString()
email = dr("Email").ToString()
userID = VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(dr("KundenNr").ToString())
Try
If txt_Username.Text = dr("Username").ToString() AndAlso String.IsNullOrEmpty(txt_Username_M.Text) = True Then
If txt_Username.Text = dr("Username").ToString() AndAlso String.IsNullOrEmpty(txt_Username_M.Text) = True And String.IsNullOrEmpty(VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(userID)) = False Then
check_UserName_regex_M.Enabled = False
check_UserName_regex.Enabled = True
check_UserName_regex.IsValid = True
username = txt_Username.Text
ElseIf txt_Username_M.Text = dr("Username").ToString() AndAlso txt_Username.Text = String.Empty Then
ElseIf txt_Username_M.Text = dr("Username").ToString() AndAlso txt_Username.Text = String.Empty And String.IsNullOrEmpty(VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(userID)) = False Then
check_UserName_regex.Enabled = False
check_UserName_regex_M.Enabled = True
check_UserName_regex_M.IsValid = True
username = txt_Username_M.Text
ElseIf String.IsNullOrEmpty(txt_Username_M.Text) = True AndAlso String.IsNullOrEmpty(txtEmail.Text) = True Then
ElseIf String.IsNullOrEmpty(txt_Username_M.Text) = True AndAlso String.IsNullOrEmpty(txtEmail.Text) = True And String.IsNullOrEmpty(VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(userID)) = False Then
check_UserName_regex_M.MatchTimeout = 3000
check_UserName_regex_M.ErrorMessage = "No valid Username found in out database!"
check_UserName_regex_M.IsValid = False
@@ -129,7 +132,7 @@ Partial Class login_ForgotPW
check_UserName_regex.ErrorMessage = "No valid Username found in out database!"
check_UserName_regex.IsValid = False
End If
If (txtEmail.Text = dr("Email").ToString() AndAlso String.IsNullOrEmpty(txtEmail_M.Text) = True) Then
If (txtEmail.Text = dr("Email").ToString() AndAlso String.IsNullOrEmpty(txtEmail_M.Text) = True) And String.IsNullOrEmpty(VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(userID)) = False Then
regexval_txt_Email_M.Enabled = False
regexval_txt_Email.Enabled = True
regexval_txt_Email.Validate()
@@ -141,6 +144,9 @@ Partial Class login_ForgotPW
email = txtEmail_M.Text
lblMessage_M.ForeColor = Color.Green
lblMessage_M.Text = "The given e-mail exists in our database."
ElseIf String.IsNullOrEmpty(userID) = True Then
lblMessage_M.ForeColor = Color.Red
lblMessage_M.Text = "The given User does not exist in our database."
Else
lblMessage_M.ForeColor = Color.Red
lblMessage_M.Text = "The given e-mail does not exist in our database."
@@ -163,14 +169,14 @@ Partial Class login_ForgotPW
con.Close()
End Using
If Session.Item("TokenforEmail") = Nothing Then
tokenname = genToken(username, password, email)
tokenname = genToken(username, password, email, userID)
Session.Add("TokenforEmail", tokenname)
Session.Add("SessID", VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(Session.SessionID))
Else
tokenname = Session.Item("TokenforEmail")
End If
If SendEmail(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname)) = True Then
If SendEmail(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), userID) = True Then
'password = RandomString(New Random, 10)
If (getDateoftoken(tokenname) = True) Then
'Dim msgboxstyle = vbDefaultButton1 + vbOK
@@ -184,7 +190,7 @@ Partial Class login_ForgotPW
'MsgBox("Token is not valid anymore. Please generate a new one by sending a new e-mail!")
If Session.Item("TokenforEmail") = Nothing Then
tokenname = genToken(username, password, email)
tokenname = genToken(username, password, email, userID)
Session.Add("TokenforEmail", tokenname)
Else
tokenname = Session.Item("TokenforEmail")
@@ -194,7 +200,7 @@ Partial Class login_ForgotPW
'MsgBox("Mail would be sent successfully!")
lblMessage.ForeColor = Color.Green
lblMessage.Text = "The password has been sent sucessfully on the given valid e-mail address."
ElseIf SendEmail(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname)) = False Then
ElseIf SendEmail(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), userID) = False Then
'MsgBox("Mail would not be sent successfully!")
lblMessage.ForeColor = Color.Red
If String.IsNullOrWhiteSpace(username) = True Then
@@ -226,7 +232,7 @@ Partial Class login_ForgotPW
'Return sb.ToString()
'End Function
Function SendEmail(username As String, password As String, email As String, tokenname As String) As Boolean
Function SendEmail(username As String, password As String, email As String, tokenname As String, userID As String) As Boolean
Dim getdomianenvironment As String = String.Empty
Dim pagename As String = String.Empty
Dim ServPort As String = String.Empty
@@ -244,7 +250,7 @@ Partial Class login_ForgotPW
Dim Ausschusstext2 As String = "und Zinsen zuletzt auf Zölle angerechnet. Zahlbar und klagbar in Schärding oder Ried. Steuer-Zoll-und Tarifauskünfte sind unverbindlich."
Dim Ausschusstext3 As String = "We operate exclusively on the basis of the General Freight Forwarding Terms and Conditions in the respectively applicable version. Payments are initially"
Dim Ausschusstext4 As String = "charged on freight, fees and interests and at last on customs duties. The place of jurisdiction: Schärding / Ried. Tax, customs and tariff information are not binding."
htmlbody = String.Format("Dear, {0},<br /><br /> Please follow the Link to reset your password:<br /><br />" + Environment.NewLine + "<a runat=" + "server" + " href=http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(tokenname) + ">http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(tokenname) + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(username) + "</a>" + Environment.NewLine + "<br /><br /><br />Kind regards, <br /><span style='color: #043381'><b>VERAG | EDV Support</b></span><br /><span style='color: #043381'>VERAG Spedition AG | A 4975 Suben, Nr. 100</span><br /><span style='color: #043381'>T.<a href='tel:+43 7711 2777-xx'>+43 7711 2777-xx</a> |<a href='mailto:@support@verag.ag'>support@verag.ag</a> |" + emailnr + "FN xxxxxxx</span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext2 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext3 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext4 + "</i></span><br />", username, password)
htmlbody = String.Format("Dear, {0},<br /><br /> Please follow the Link to reset your password:<br /><br />" + Environment.NewLine + "<a runat=" + "server" + " href=http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(username) + "&Par3=" + userID + ">http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(tokenname) + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(username) + "&Par3=" + userID + "</a>" + Environment.NewLine + "<br /><br /><br />Kind regards, <br /><span style='color: #043381'><b>VERAG | EDV Support</b></span><br /><span style='color: #043381'>VERAG Spedition AG | A 4975 Suben, Nr. 100</span><br /><span style='color: #043381'>T.<a href='tel:+43 7711 2777-xx'>+43 7711 2777-xx</a> |<a href='mailto:@support@verag.ag'>support@verag.ag</a> |" + emailnr + "FN xxxxxxx</span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext2 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext3 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext4 + "</i></span><br />", username, password)
ElseIf String.IsNullOrWhiteSpace(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = False Then
getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME")
ServPort = String.Empty
@@ -255,7 +261,7 @@ Partial Class login_ForgotPW
Dim Ausschusstext2 As String = "und Zinsen zuletzt auf Zölle angerechnet. Zahlbar und klagbar in Schärding oder Ried. Steuer-Zoll-und Tarifauskünfte sind unverbindlich."
Dim Ausschusstext3 As String = "We operate exclusively on the basis of the General Freight Forwarding Terms and Conditions in the respectively applicable version. Payments are initially"
Dim Ausschusstext4 As String = "charged on freight, fees and interests and at last on customs duties. The place of jurisdiction: Schärding / Ried. Tax, customs and tariff information are not binding."
htmlbody = String.Format("Dear, {0},<br /><br /> Please follow the Link to reset your password:<br /><br />" + Environment.NewLine + "<a runat=" + "server" + " href=http://" + getdomianenvironment + "/login/ChangePW.aspx?Par1=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(tokenname) + ">http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(tokenname) + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(username) + "</a>" + Environment.NewLine + "<br /><br /><br />Kind regards, <br /><span style='color: #043381'><b>VERAG | EDV Support</b></span><br /><span style='color: #043381'>VERAG Spedition AG | A 4975 Suben, Nr. 100</span><br /><span style='color: #043381'>T.<a href='tel:+43 7711 2777-xx'>+43 7711 2777-xx</a> |<a href='mailto:@support@verag.ag'>support@verag.ag</a> | " + emailnr + "FN xxxxxxx</span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext2 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext3 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext4 + "</i></span><br />", username, password)
htmlbody = String.Format("Dear, {0},<br /><br /> Please follow the Link to reset your password:<br /><br />" + Environment.NewLine + "<a runat=" + "server" + " href=http://" + getdomianenvironment + "/login/ChangePW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(username) + "&Par3=" + userID + ">http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(username) + "&Par3=" + userID + "</a>" + Environment.NewLine + "<br /><br /><br />Kind regards, <br /><span style='color: #043381'><b>VERAG | EDV Support</b></span><br /><span style='color: #043381'>VERAG Spedition AG | A 4975 Suben, Nr. 100</span><br /><span style='color: #043381'>T.<a href='tel:+43 7711 2777-xx'>+43 7711 2777-xx</a> |<a href='mailto:@support@verag.ag'>support@verag.ag</a> | " + emailnr + "FN xxxxxxx</span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext2 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext3 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext4 + "</i></span><br />", username, password)
ElseIf String.IsNullOrWhiteSpace(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = True Then
'MsgBox("Error09:" + Environment.NewLine + "The Domain could not be vaildated. Check Link please or contact the Administrator of the program.")
lblMessage.ForeColor = Color.OrangeRed
@@ -266,7 +272,7 @@ Partial Class login_ForgotPW
Try
If Session.Item("TokenforEmail") = Nothing Then
tokenname = genToken(username, password, email)
tokenname = genToken(username, password, email, userID)
Session.Add("TokenforEmail", tokenname)
Else
tokenname = Session.Item("TokenforEmail").ToString()
@@ -291,8 +297,9 @@ Partial Class login_ForgotPW
lblMessage.Text = "Error02: Mail not delivered!"
'MsgBox("Error02: Mail not delivered!" & vbCrLf & "New Token has been generated.")
If Session.Item("TokenforEmail") = Nothing Then
tokenname = genToken(username, password, email)
tokenname = genToken(username, password, email, userID)
Session.Add("TokenforEmail", tokenname)
Session.Add("USerID", userID)
Else
tokenname = Session.Item("TokenforEmail").ToString()
End If
@@ -305,7 +312,7 @@ Partial Class login_ForgotPW
Return False
End Function
Function genToken(username As String, password As String, email As String) As String
Function genToken(username As String, password As String, email As String, UserID As String) As String
Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary())
Dim Key() As Byte = Guid.NewGuid().ToByteArray()
Dim token As String
@@ -322,7 +329,7 @@ Partial Class login_ForgotPW
'If MsgBox(Msg, Style, Title).Retry Then
'genToken(username, password, email)
token = VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(Convert.ToBase64String(time.Concat(Key).ToArray()))
If SendEmail(username, password, email, token) = False Then
If SendEmail(username, password, email, token, UserID) = False Then
'MsgBox("Email could not been sent because of an internal encryption error.", vbOK + vbInformation + vbDefaultButton1, "Token-Generation Error")
Else
'MsgBox("Email has been sent successful." & vbCr & "Please check your E-Mails!", vbOK + vbInformation + vbDefaultButton1, "Token-Generation successful!")
@@ -335,7 +342,7 @@ Partial Class login_ForgotPW
If jetzt < wenn Then
Return "NotYet"
Else
token = genToken(username, password, email)
token = genToken(username, password, email, UserID)
Return token
'End If
End If

20
login/login_FLEX.aspx
View File

@@ -229,8 +229,8 @@
#tblrowbuttons{
height:40px;
}
#lbl_for_chkbox{
font-size:18px;
#lbl_for_chkbox_M{
font-size:19px;
margin-left:8px;
color:#003680;
}
@@ -282,7 +282,7 @@
</td>
</tr>
<tr style="color:#003680; height:46px;">
<td align="left">
<td align="left" colspan="2">
<asp:TextBox ID="CustomerID" CssClass="bg-UID-icon" runat="server" required="true" ValidationGroup="Login" Width="320" Placeholder="User-ID" style="margin-left: 22px" Font-Size="1.25em"></asp:TextBox>
<asp:RequiredFieldValidator ID="CustomerIDrequired" runat="server" ControlToValidate="CustomerID" SetFocusOnError="false" ValidationGroup="Login" ErrorMessage="Please enter the User-ID."></asp:RequiredFieldValidator>
<asp:RegularExpressionValidator ID="valid_getNumberInput" ControlToValidate="CustomerID" ValidationGroup="Login" runat="server" Display="Dynamic" SetFocusOnError="false" ValidationExpression="[0-9]{4,10}"></asp:RegularExpressionValidator>
@@ -335,22 +335,22 @@
<tr style="color:#003680; height:86px">
<td align="left">
<asp:TextBox ID="CustomerID_M" CssClass="bg-UID-icon" runat="server" required="true" ValidationGroup="Login_M" Width="325" Placeholder="User-ID" Font-Size="2.025em" style="margin-left: 22px;margin-top:20px;"></asp:TextBox>
<asp:RequiredFieldValidator ID="CustomerID_M_required" runat="server" ControlToValidate="CustomerID_M" SetFocusOnError="false" ValidationGroup="Login_M" ErrorMessage="Please enter the User-ID."></asp:RequiredFieldValidator>
<asp:RegularExpressionValidator ID="valid_getNumber_M_Input" ControlToValidate="CustomerID_M" ValidationGroup="Login_M" runat="server" Display="Dynamic" SetFocusOnError="false" ValidationExpression="[0-9]{4,10}"></asp:RegularExpressionValidator>
<asp:RequiredFieldValidator ID="CustomerID_M_required" runat="server" ControlToValidate="CustomerID_M" SetFocusOnError="false" ForeColor="Red" style="margin-left:22px" ValidationGroup="Login_M" ErrorMessage="Please enter the User-ID."></asp:RequiredFieldValidator>
<asp:RegularExpressionValidator ID="valid_getNumber_M_Input" ControlToValidate="CustomerID_M" ValidationGroup="Login_M" ForeColor="Red" Font-Size="20px" runat="server" style="margin-left:22px" Display="Dynamic" SetFocusOnError="false" ValidationExpression="[0-9]{4,10}"></asp:RegularExpressionValidator>
</td>
</tr>
<tr style="color:#003680; height:86px;">
<td align="left" colspan="2">
<asp:TextBox id="UserName_M" runat="server" CssClass="bg-user-icon" TextMode="SingleLine" Width = "325" ValidationGroup="Login_M" Placeholder="Username" required="true" Font-Size="2.025em" style="margin-left:22px;color:#003680"></asp:TextBox>
<asp:RequiredFieldValidator ID="UserName_M_required" runat="server" ControlToValidate="UserName_M" ErrorMessage="Please enter the Username." ToolTip="The Username is required." ValidationGroup="Login_M"></asp:RequiredFieldValidator>
<asp:RegularExpressionValidator ID="check_UserName_M_regex" ControlToValidate="UserName_M" ValidationGroup="Login_M" runat="server" Display="Dynamic" SetFocusOnError="true" ValidationExpression="^([a-zA-Z]{4,30})$"></asp:RegularExpressionValidator>
<asp:RequiredFieldValidator ID="UserName_M_required" runat="server" ControlToValidate="UserName_M" ErrorMessage="Please enter the Username." style="margin-left:22px" ToolTip="The Username is required." ValidationGroup="Login_M"></asp:RequiredFieldValidator>
<asp:RegularExpressionValidator ID="check_UserName_M_regex" ControlToValidate="UserName_M" ValidationGroup="Login_M" runat="server" style="margin-left:132px" Display="Dynamic" SetFocusOnError="true" ValidationExpression="^([a-zA-Z]{4,30})$"></asp:RegularExpressionValidator>
</td>
</tr>
<tr style="color:#003680; height:86px;">
<td align="left" colspan="2">
<asp:TextBox ID="Password_M" runat="server" CssClass="bg-key-icon" TextMode="Password" required="true" Width = "325" Font-Size="2.025em" ValidationGroup="Login_M" MaxLength="30" AutoCompleteType="Enabled" CausesValidation="true" style="margin-left:22px;color:#003680" Placeholder="Password" Text="Password"></asp:TextBox>
<asp:RequiredFieldValidator ID="Passwordrequired_M" runat="server" ControlToValidate="Password_M" ErrorMessage="Password is needed to authenticate." ToolTip="Please enter the Password." ValidationGroup="Login_M"></asp:RequiredFieldValidator>
<asp:RegularExpressionValidator ID="checkpwd_M_REGEX" ControlToValidate="Password_M" ValidationGroup="Login_M" runat="server" Display="Dynamic" SetFocusOnError="true" ValidationExpression="^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[^a-zA-Z\d]){4,35}$"></asp:RegularExpressionValidator>
<asp:RequiredFieldValidator ID="Passwordrequired_M" runat="server" ControlToValidate="Password_M" style="margin-left:22px" ErrorMessage="Password is needed to authenticate." ToolTip="Please enter the Password." ValidationGroup="Login_M"></asp:RequiredFieldValidator>
<asp:RegularExpressionValidator ID="checkpwd_M_REGEX" ControlToValidate="Password_M" ValidationGroup="Login_M" runat="server" Display="Dynamic" style="margin-left:22px" SetFocusOnError="true" ValidationExpression="^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[^a-zA-Z\d]){4,35}$"></asp:RegularExpressionValidator>
</td>
</tr>
<tr style="color:#003680; height:143px;">
@@ -360,7 +360,7 @@
</tr>
<tr style="color:#003680; height:46px;">
<td align="left" colspan="2">
<asp:CheckBox ID="RememberMe_M" runat="server" style="margin-left:22px;"/><label for="RememberMe_M" id="lbl_for_chkbox">Remember me.</label>
<asp:CheckBox ID="RememberMe_M" runat="server" style="margin-left:22px;"/><label for="RememberMe_M" id="lbl_for_chkbox_M">Remember me.</label>
</td>
<td align="right" colspan="2">
<a id="btn_ForgotPW_M" runat="server" target="_top" href="ForgotPW.aspx" style="margin-left:-164px;margin-right:-62px;"> I forgot my password</a>

2
login/login_FLEX.aspx.vb
View File

@@ -60,7 +60,9 @@ Partial Class login_FLEX
End Sub
Protected Sub LoginButton_Click(sender As Object, e As EventArgs)
Validate("Login")
End Sub
Protected Sub LoginButton_M_Click(sender As Object, e As EventArgs)
Validate("Login_M")
End Sub
End Class