Bei nichteinhaltung der Datumsgrenze oder sonstigen Fehlern wird der Token aus Sicherheitsgründen aus dem Sessionspeicher entfernt.

2021-10-14 09:14:32 +02:00
parent 48a809c12d
commit 1fbe8e8d44
1 changed files with 4 additions and 2 deletions
--- a/login/ForgotPW.aspx.vb
+++ b/login/ForgotPW.aspx.vb
@@ -243,14 +243,16 @@ Partial Class login_ForgotPW
    Function getDateoftoken(tokenname As String) As Boolean
        Dim data() As Byte = Convert.FromBase64String(tokenname)
        Dim wenn As DateTime = DateTime.FromBinary(BitConverter.ToInt64(data, 0))
-        If wenn < DateTime.UtcNow.AddMinutes(-30) Then
+        If wenn > DateTime.UtcNow.AddMinutes(-30) Then
            tokenname = String.Empty
-
            'MsgBox("Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!")
+            Session.Remove("TokenforEmail")
            Return False
        ElseIf tokenname = "NotYet" Then
+            Session.Remove("TokenforEmail")
            Return False
        ElseIf tokenname = "Error04" Then
+            Session.Remove("TokenforEmail")
            Return False
        Else
            Return True