From 218a690d26ddcc58371cc59e199e7ec37823f212 Mon Sep 17 00:00:00 2001 From: ja Date: Wed, 1 Dec 2021 15:33:53 +0100 Subject: [PATCH] =?UTF-8?q?Asyncroner=20Aufruf=20der=20Salt-Erstellung=20u?= =?UTF-8?q?nd=20=C3=84nderung=20der=20rechtschreibung=20in=20Email=20Body?= =?UTF-8?q?=20bei=20Resetfunktion?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- login/ForgotPW.aspx | 2 +- login/ForgotPW.aspx.vb | 33 ++++++++++++++++++++++++--------- 2 files changed, 25 insertions(+), 10 deletions(-) diff --git a/login/ForgotPW.aspx b/login/ForgotPW.aspx index 564ef67..433f283 100644 --- a/login/ForgotPW.aspx +++ b/login/ForgotPW.aspx @@ -1,4 +1,4 @@ -<%@ Page Language="VB" AutoEventWireup="false" Debug="True" CodeFile="ForgotPW.aspx.vb" Inherits="ForgotPW" %> +<%@ Page Language="VB" AutoEventWireup="false" Debug="True" CodeFile="ForgotPW.aspx.vb" Inherits="ForgotPW" Async="true" %> <%@ Reference VirtualPath="~/login/Change_PW.aspx" %> diff --git a/login/ForgotPW.aspx.vb b/login/ForgotPW.aspx.vb index f07f27e..7cf4ff5 100644 --- a/login/ForgotPW.aspx.vb +++ b/login/ForgotPW.aspx.vb @@ -4,6 +4,8 @@ Imports System.Drawing Imports System.Configuration Imports System.Data.SqlClient Imports System.Data +Imports System.Threading +Imports System.Threading.Tasks Partial Class ForgotPW Inherits System.Web.UI.Page @@ -269,7 +271,7 @@ Partial Class ForgotPW End Try End Sub - Protected Sub btn_Send_M_Click(sender As Object, e As EventArgs) + Protected Async Sub btn_Send_M_Click(sender As Object, e As EventArgs) Dim username As String = String.Empty Dim password As String = String.Empty @@ -356,7 +358,7 @@ Partial Class ForgotPW lblMessage_M.Text = "Error 08. The form has not been filled completeley." End If - 'Erweiterte Degub Msg-Box + 'Erweiterte Debug Msg-Box 'MsgBox("Userdaten in App" + Environment.NewLine + email + Environment.NewLine + username + Environment.NewLine + "Userdaten desktop" + txt_Username.Text + Environment.NewLine + txtEmail.Text + Environment.NewLine + "Userdaten Mobil:" + Environment.NewLine + txtEmail_M.Text + Environment.NewLine + txt_Username_M.Text) If String.IsNullOrEmpty(tokenname) = True And String.IsNullOrEmpty(password) = True Then If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then @@ -454,8 +456,14 @@ Partial Class ForgotPW Else tokenname = Session.Item("TokenforEmail") End If - 'Dim md5temptoken As String = gensaltToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession, UserID) + 'Dim md5temptoken As String + + 'md5temptoken = Await Findtokenhashsalt(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession, UserID) + + 'md5temptoken = gensaltToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession, UserID) + 'MsgBox("Token:" + tokenname + Environment.NewLine + "md5" + md5temptoken) + If SendEmail_M(username, password, email, tokenname, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession, UserID) = True Then 'password = RandomString(New Random, 10) If (getDateoftoken(tokenname) = True) Then @@ -597,6 +605,13 @@ Partial Class ForgotPW End If End Function + Async Function Findtokenhashsalt(username As String, password As String, email As String, customerID As String, isusernameright As Boolean, isuserIDright As Boolean, isuserEmailright As Boolean, isnewsess As Boolean, UserID As String) As Task(Of String) + Dim t As Task(Of String) + t = Task.Run(Function() As String + Return gensaltToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, isnewsess, UserID) + End Function) + Return Await t + End Function Function SendEmail(username As String, password As String, email As String, tokenname As String, customerID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean, sessionisnew As Boolean, theUserID As String) As Boolean Dim getdomianenvironment As String = String.Empty Dim pagename As String = String.Empty @@ -618,7 +633,7 @@ Partial Class ForgotPW Dim Ausschusstext2 As String = "und Zinsen zuletzt auf Zölle angerechnet. Zahlbar und klagbar in Schärding oder Ried. Steuer-Zoll-und Tarifauskünfte sind unverbindlich." Dim Ausschusstext3 As String = "We operate exclusively on the basis of the General Freight Forwarding Terms and Conditions in the respectively applicable version. Payments are initially" Dim Ausschusstext4 As String = "charged on freight, fees and interests and at last on customs duties. The place of jurisdiction: Schärding / Ried. Tax, customs and tariff information are not binding." - htmlbody = String.Format("Dear {0},

Please follow the Link to reset your password:

" + Environment.NewLine + "http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "" + Environment.NewLine + "

Notice:
The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!
To resend the E_Mail: http://" + getdomianenvironment + ServPort + "/login/ForgotPW.aspx

Kind regards,
VERAG | EDV Support
" + mailpic + "
VERAG Spedition AG | A 4975 Suben, Nr. 100
T.+43 7711 2777-xx |support@verag.ag |" + emailnr + "FN xxxxxxx
" + Ausschusstext + "
" + Ausschusstext2 + "
" + Ausschusstext3 + "
" + Ausschusstext4 + "
", username, password) + htmlbody = String.Format("Dear {0},

Please follow the Link to reset your password:

" + Environment.NewLine + "http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "" + Environment.NewLine + "

Notice:
The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!
To resend the E-Mail: http://" + getdomianenvironment + ServPort + "/login/ForgotPW.aspx

Kind regards,
VERAG | EDV Support
" + mailpic + "
VERAG Spedition AG | A 4975 Suben, Nr. 100
T.+43 7711 2777-xx |support@verag.ag |" + emailnr + "FN xxxxxxx
" + Ausschusstext + "
" + Ausschusstext2 + "
" + Ausschusstext3 + "
" + Ausschusstext4 + "
", username, password) ElseIf String.IsNullOrEmpty(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = False Then getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME") 'MsgBox(getdomianenvironment) @@ -631,7 +646,7 @@ Partial Class ForgotPW Dim Ausschusstext2 As String = "und Zinsen zuletzt auf Zölle angerechnet. Zahlbar und klagbar in Schärding oder Ried. Steuer-Zoll-und Tarifauskünfte sind unverbindlich." Dim Ausschusstext3 As String = "We operate exclusively on the basis of the General Freight Forwarding Terms and Conditions in the respectively applicable version. Payments are initially" Dim Ausschusstext4 As String = "charged on freight, fees and interests and at last on customs duties. The place of jurisdiction: Schärding / Ried. Tax, customs and tariff information are not binding." - htmlbody = String.Format("Dear {0},

Please follow the Link to reset your password:

" + Environment.NewLine + "http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "" + Environment.NewLine + "

Notice:
The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!
To resend the E_Mail: http://" + getdomianenvironment + "/login/ForgotPW.aspx

Kind regards,
VERAG | EDV Support
" + mailpic + "
VERAG Spedition AG | A 4975 Suben, Nr. 100
T.+43 7711 2777-xx |support@verag.ag | " + emailnr + "FN xxxxxxx
" + Ausschusstext + "
" + Ausschusstext2 + "
" + Ausschusstext3 + "
" + Ausschusstext4 + "
", username, password) + htmlbody = String.Format("Dear {0},

Please follow the Link to reset your password:

" + Environment.NewLine + "http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "" + Environment.NewLine + "

Notice:
The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!
To resend the E-Mail: http://" + getdomianenvironment + "/login/ForgotPW.aspx

Kind regards,
VERAG | EDV Support
" + mailpic + "
VERAG Spedition AG | A 4975 Suben, Nr. 100
T.+43 7711 2777-xx |support@verag.ag | " + emailnr + "FN xxxxxxx
" + Ausschusstext + "
" + Ausschusstext2 + "
" + Ausschusstext3 + "
" + Ausschusstext4 + "
", username, password) ElseIf String.IsNullOrWhiteSpace(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = True Then 'MsgBox("Error09:" + Environment.NewLine + "The Domain could not be vaildated. Check Link please or contact the Administrator of the program.") lblMessage.ForeColor = Color.OrangeRed @@ -738,7 +753,7 @@ Partial Class ForgotPW Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary()) Dim Key() As Byte = Guid.NewGuid().ToByteArray() Dim token As String - Dim MyMin As Integer = 55, MyMax As Integer = 87555, My1stRandomNumber As Integer, My2ndRandomNumber As Integer + Dim MyMin As Integer = 25, MyMax As Integer = 788755, My1stRandomNumber As Integer, My2ndRandomNumber As Integer ' Create a random number generator Dim Generator As System.Random = New System.Random() @@ -751,7 +766,7 @@ Partial Class ForgotPW Try Dim salt As String = VERAG_VARIABLES.GenerateSalt(My1stRandomNumber) Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray()) - token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10101, My1stRandomNumber)) + token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 1991, My1stRandomNumber)) Return token Catch Ex As Exception 'Dim Msg, Style, Title As String @@ -763,7 +778,7 @@ Partial Class ForgotPW 'genToken(username, password, email) Dim salt As String = VERAG_VARIABLES.GenerateSalt(My1stRandomNumber) Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray()) - token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10101, My1stRandomNumber)) + token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 1991, My2ndRandomNumber)) If SendEmail(username, password, email, token, CustomerID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession, theUserID) = True Then 'MsgBox("Email could not been sent because of an internal encryption error.", vbOK + vbInformation + vbDefaultButton1, "Token-Generation Error") @@ -850,7 +865,7 @@ Partial Class ForgotPW Dim CustomerID As String = "717585" Dim TheusrID As String = "3" Dim tokentest As String = genToken(username, Passw, email, CustomerID, True, True, True, False, TheusrID) - 'Dim md5temptoken As String = gensaltToken(username, Passw, email, CustomerID, True, True, True, False, TheusrID) + If Session.Item("TokenforEmail") = Nothing Then tokentest = genToken(username, Passw, email, CustomerID, True, True, True, False, TheusrID) Session.Add("TokenforEmail", tokentest)