Änderungen codegenierung und verhashung pw

2021-12-22 13:30:36 +01:00
parent a833f5a7f6
commit 1f4b9a7029
5 changed files with 20 additions and 20 deletions
--- a/login/login_FLEX.aspx.vb
+++ b/login/login_FLEX.aspx.vb
@@ -14,9 +14,8 @@ Partial Class login_FLEX
        VERAG_VARIABLES.initerrorcount()
        If Page.IsPostBack = True Then
            Page.MaintainScrollPositionOnPostBack = True
-            intzahl = VERAG_VARIABLES.RandomInteger(Math.Pow(2, 8), Math.Pow(2, 10))
+
            intzahliterats = VERAG_VARIABLES.getiterationnumber
-            salt = VERAG_VARIABLES.GenerateSalt(intzahl)
        Else
            Page.MaintainScrollPositionOnPostBack = False
        End If
@@ -116,6 +115,8 @@ Partial Class login_FLEX
            reqfieldvalpassw_M.Enabled = False
            reqfieldvalpassw.Validate()
            If reqfieldvalpassw.IsValid = True Then
+                intzahl = VERAG_VARIABLES.RandomInteger(Math.Pow(2, 7), Math.Pow(2, 10))
+                Dim hashpw1 As Byte() = VERAG_VARIABLES.HashPassword(tb3_M.Text, salt, intzahliterats, intzahl)
                passw = tb3.Text
            End If
        End If
@@ -123,6 +124,8 @@ Partial Class login_FLEX
            reqfieldvalpassw.Enabled = False
            reqfieldvalpassw_M.Enabled = True
            reqfieldvalpassw_M.Validate()
+            intzahl = VERAG_VARIABLES.RandomInteger(Math.Pow(2, 6), Math.Pow(2, 10))
+            Dim hashpw1_M As Byte() = VERAG_VARIABLES.HashPassword(tb3_M.Text, salt, intzahliterats, intzahl)
            If reqfieldvalpassw_M.IsValid = True Then
                passw = tb3_M.Text
            Else
@@ -140,9 +143,10 @@ Partial Class login_FLEX
                cmd.Parameters.AddWithValue("@Password", passw)
                cmd.Connection = con
                con.Open()
+                cmd.ExecuteScalar()
                ' userId = Convert.ToInt32(cmd.ExecuteScalar())
                Dim dr As SqlDataReader = cmd.ExecuteReader()
-                If dr.HasRows Then
+                If dr.HasRows = True Then
                    dr.Read()
                    'MsgBox(dr.Item(0).ToString())
                    Select Case dr.Item(0)
@@ -167,7 +171,9 @@ Partial Class login_FLEX
                                VERAG_VARIABLES.seterrorcount(8)
                                Login1.FailureText = VERAG_VARIABLES.geterrornumb + "Username is not in the database!"
                            End If
-                            If tb3.Text = dr("Password") Then
+                            If String.Equals(tb3.Text, dr("Password")) = True Then
+                                intzahl = VERAG_VARIABLES.RandomInteger(Math.Pow(2, 6), Math.Pow(2, 10))
+                                salt = VERAG_VARIABLES.GenerateSalt(intzahl)
                                Dim hashpw As Byte() = VERAG_VARIABLES.HashPassword(passw, salt, intzahliterats, intzahl)
                                If VERAG_VARIABLES.Verifyhash(dr("Password").ToString, salt, hashpw, intzahliterats, intzahl) = True Then
                                    passw = dr("Password").ToString
@@ -179,6 +185,7 @@ Partial Class login_FLEX
                                Login1.FailureText = VERAG_VARIABLES.geterrornumb + "Password is not in the database!"
                            End If

+
                            'MsgBox("Erfolgreich validiert.")
                            Session.Add("test", UserNaMe)
                            Session.Add("CustomerID", Customer_ID)