From 2621029aeafd3aa760ab886956877fda09583155 Mon Sep 17 00:00:00 2001 From: ja Date: Fri, 12 Nov 2021 14:45:54 +0100 Subject: [PATCH] =?UTF-8?q?Verschl=C3=BCsselungsmechanismus=20ge=C3=A4nder?= =?UTF-8?q?t=20da=20man=20meine=20Zahlen=20einlesen=20konnte=20beim=20User?= =?UTF-8?q?name?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- login/Change_PW.aspx | 27 +++++++++++++++++------- login/Change_PW.aspx.vb | 46 +++++++++++++++++++++-------------------- login/ForgotPW.aspx | 11 +++++++--- login/ForgotPW.aspx.vb | 8 +++---- 4 files changed, 55 insertions(+), 37 deletions(-) diff --git a/login/Change_PW.aspx b/login/Change_PW.aspx index 881dafc..6e44b63 100644 --- a/login/Change_PW.aspx +++ b/login/Change_PW.aspx @@ -139,14 +139,20 @@ + + + @@ -192,16 +198,21 @@
- +
+ + + Das Passwort muss mindestens 1 Klein-, 1 Großbuchstaben sowie ein Sonderzeichen bei einer Länge von minimal 4 und maximal 30 Stellen besitzen. +
- - +
- + + + + - + + + +
- +
+ + + Das Passwort muss mindestens 1 Klein-, 1 Großbuchstaben sowie ein Sonderzeichen bei einer Länge von minimal 4 und maximal 30 Stellen besitzen. +
- -
diff --git a/login/Change_PW.aspx.vb b/login/Change_PW.aspx.vb index 1e49f31..dcaf497 100644 --- a/login/Change_PW.aspx.vb +++ b/login/Change_PW.aspx.vb @@ -23,7 +23,7 @@ Partial Class login_Change_PW ' Using cmd As New SqlCommand("Validate_User") Using cmd As New SqlCommand("SELECT KundenNr,Username FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND KundenNr=@KundenNr") ' cmd.CommandType = CommandType.StoredProcedure - Dim usrname = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par2")) + Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")) Dim UsrID = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")) cmd.Parameters.AddWithValue("@Username", usrname) cmd.Parameters.AddWithValue("@KundenNr", UsrID) @@ -34,7 +34,7 @@ Partial Class login_Change_PW If dr.HasRows Then dr.Read() If VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1")) = Not Nothing Then - If getDateoftoken(VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1"))) = True AndAlso VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par2")) = dr("Username") AndAlso VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")) = dr("KundenNr") Then + If getDateoftoken(VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1"))) = True AndAlso VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")) = dr("Username") AndAlso VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")) = dr("KundenNr") Then Try If IsPostBack Then @@ -96,10 +96,10 @@ Partial Class login_Change_PW nameoftoken = String.Empty If VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Mob").ToString()) = "True" Then VERAG_VARIABLES.seterrorcount(101) - lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb + "Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!" + lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb + "Token ist zu alt oder wurde nicht gefunden!" + Environment.NewLine + "Bitte erneut eine E-mail zusenden!" ElseIf VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Mob").ToString()) = "False" Then VERAG_VARIABLES.seterrorcount(101) - lbl_messagetext_M.Text = VERAG_VARIABLES.geterrornumb + "Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!" + lbl_messagetext_M.Text = VERAG_VARIABLES.geterrornumb + "Token ist zu alt oder wurde nicht gefunden!" + Environment.NewLine + "Bitte erneut eine E-mail zusenden!" End If 'MsgBox("Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!") @@ -155,7 +155,7 @@ Partial Class login_Change_PW ' Using cmd As New SqlCommand("Validate_User") Using cmd As New SqlCommand("SELECT KundenNr,Username,Password FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND KundenNr=@KundenNr") ' cmd.CommandType = CommandType.StoredProcedure - Dim usrname = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par2")) + Dim usrname = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")) Dim UsrID = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")) cmd.Parameters.AddWithValue("@Username", usrname) cmd.Parameters.AddWithValue("@KundenNr", UsrID) @@ -177,14 +177,14 @@ Partial Class login_Change_PW End Using Else VERAG_VARIABLES.seterrorcount(22) - lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb + "Error in Passwort Validation." + lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb + "Error bei der Passwort Validation." End If Else tempstr = "Error01" End If - If txt_Pw.Text = tempstr And txt_Pw_WH.Text = tempstr AndAlso String.IsNullOrEmpty(txt_Pw_M.Text) = True And String.IsNullOrEmpty(txt_Pw_WH_M.Text) = True And tempstr = Not "Error01" Then + If String.IsNullOrEmpty(txt_Pw_M.Text) = True And String.IsNullOrEmpty(txt_Pw_WH_M.Text) = True And tempstr = Not "Error01" Then If String.IsNullOrEmpty(txt_Pw.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = False Then txt_Pw_WH_M.Enabled = False @@ -200,7 +200,7 @@ Partial Class login_Change_PW End If Try Dim ConnectionString = "" - Dim usrname = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par2")) + Dim usrname = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")) Dim UsrID = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")) If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then 'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956" @@ -222,7 +222,8 @@ Partial Class login_Change_PW End Using Else VERAG_VARIABLES.seterrorcount(22) - lbl_messagetext_M.Text = VERAG_VARIABLES.geterrornumb() + "Error mit der Validierung des Kennwortes." + lbl_messagetext_M.ForeColor = Drawing.Color.Red + lbl_messagetext_M.Text = VERAG_VARIABLES.geterrornumb() + "Error bei der Validierung des Kennwortes." End If Catch ex As Exception lbl_messagetext.Text = ex.Message @@ -231,7 +232,7 @@ Partial Class login_Change_PW Style = vbOKOnly + vbInformation + vbDefaultButton1 Title = "Information" regexval_txt_Pw.ForeColor = Drawing.Color.Green - regexval_txt_Pw.Text = "Password has been changed successfully!" + regexval_txt_Pw.Text = "Passwort wurde erfolgreich geändert!" 'MsgBox(Msg, Style, Title) ' If MsgBox(Msg, Style, Title).Ok Then 'Response.Redirect("login_FLEX.aspx") @@ -239,7 +240,7 @@ Partial Class login_Change_PW ElseIf tempstr = "Error01" Then regexval_txt_Pw.ForeColor = Drawing.Color.MediumVioletRed VERAG_VARIABLES.seterrorcount(2) - regexval_txt_Pw.Text = VERAG_VARIABLES.geterrornumb + "Password has not been changed successfully!" + regexval_txt_Pw.Text = VERAG_VARIABLES.geterrornumb + "Passwort konnte nicht erfolgreich geändert werden!" ' Msg = "PW nicht erfolgreich geändert!" ' Style = vbAbortRetryIgnore + vbCritical + vbDefaultButton1 ' Title = "Error" @@ -261,7 +262,7 @@ Partial Class login_Change_PW ' btn_submitpw.Enabled = True Else lbl_messagetext.ForeColor = Drawing.Color.Red - lbl_messagetext.Text = "Passwort stimmt nicht überein." + lbl_messagetext.Text = "Passwörter stimmen nicht überein." 'btn_submitpw.Enabled = False End If End Sub @@ -295,7 +296,7 @@ Partial Class login_Change_PW 'btn_submitpw_M.Enabled = True Else lbl_messagetext_M.ForeColor = Drawing.Color.Red - lbl_messagetext_M.Text = "Passwort stimmt nicht überein." + lbl_messagetext_M.Text = "Passwörter stimmen nicht überein." 'btn_submitpw.Enabled = False End If End Sub @@ -324,10 +325,10 @@ Partial Class login_Change_PW End If Using con As New SqlConnection(ConnectionString) ' Using cmd As New SqlCommand("Validate_User") - Using cmd As New SqlCommand("SELECT KundenNr,Username, Passwort FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND KundenNr=@KundenNr") + Using cmd As New SqlCommand("SELECT KundenNr,Username, Password FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND KundenNr=@KundenNr") ' cmd.CommandType = CommandType.StoredProcedure - Dim usrname = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par2")) - Dim UsrID = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")) + Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")).ToString + Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")).ToString cmd.Parameters.AddWithValue("@Username", usrname) cmd.Parameters.AddWithValue("@KundenNr", UsrID) cmd.Connection = con @@ -336,9 +337,10 @@ Partial Class login_Change_PW Dim dr As SqlDataReader = cmd.ExecuteReader() If dr.HasRows Then dr.Read() - If txt_Pw_M.Text = Not dr("Passwort") Or txt_Pw_WH_M.Text = Not dr("Passwort") Then + If txt_Pw_M.Text = Not dr("Password").ToString Or txt_Pw_WH_M.Text = Not dr("Password").ToString Then tempstr = txt_Pw_M.Text Else + lbl_messagetext_M.ForeColor = Drawing.Color.Red lbl_messagetext_M.Text = "Die gewählten Passwörter dürfen nicht dem alten entsprechen!" End If End If @@ -349,11 +351,11 @@ Partial Class login_Change_PW Else tempstr = "Error01" End If - If txt_Pw_M.Text = tempstr And txt_Pw_WH_M.Text = tempstr AndAlso String.IsNullOrEmpty(txt_Pw.Text) = True And String.IsNullOrEmpty(txt_Pw_WH.Text) = True And tempstr = Not "Error01" Then + If txt_Pw_WH_M.Text = tempstr AndAlso String.IsNullOrEmpty(txt_Pw.Text) = True And String.IsNullOrEmpty(txt_Pw_WH.Text) = True And Not tempstr = "Error01" Then Try ConnectionString = "" - Dim usrname = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par2")) - Dim UsrID = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")) + Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")).ToString + Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")).ToString If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then 'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956" ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" @@ -370,7 +372,7 @@ Partial Class login_Change_PW cmd.Connection = con cmd.ExecuteNonQuery() regexval_txt_Pw_M.ForeColor = Drawing.Color.Green - regexval_txt_Pw_M.Text = "Password has been changed successfully!" + regexval_txt_Pw_M.Text = "Passwort wurde erfolgreich geändert!" End Using End Using Catch ex As Exception @@ -386,7 +388,7 @@ Partial Class login_Change_PW ElseIf tempstr = "Error01" Then regexval_txt_Pw_M.ForeColor = Drawing.Color.MediumVioletRed VERAG_VARIABLES.seterrorcount(2) - regexval_txt_Pw_M.Text = VERAG_VARIABLES.geterrornumb + "Password has not been changed successfully!" + regexval_txt_Pw_M.Text = VERAG_VARIABLES.geterrornumb + "Passwort konnte nicht erfolgreich geändert werden!" ' Msg = "PW nicht erfolgreich geändert!" ' Style = vbAbortRetryIgnore + vbCritical + vbDefaultButton1 ' Title = "Error" diff --git a/login/ForgotPW.aspx b/login/ForgotPW.aspx index 205e8fd..ec4b2c1 100644 --- a/login/ForgotPW.aspx +++ b/login/ForgotPW.aspx @@ -286,7 +286,7 @@
- +
- +
@@ -335,6 +335,11 @@
+ +
@@ -356,7 +361,7 @@ - +
diff --git a/login/ForgotPW.aspx.vb b/login/ForgotPW.aspx.vb index b0bc889..f19d8b2 100644 --- a/login/ForgotPW.aspx.vb +++ b/login/ForgotPW.aspx.vb @@ -10,6 +10,7 @@ Partial Class ForgotPW Dim ConnectionString As String = String.Empty Protected Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs) Handles Me.Load VERAG_VARIABLES.initerrorcount() + End Sub Protected Sub btn_Back_Click(sender As Object, e As EventArgs) Response.Redirect("login_FLEX.aspx") @@ -363,8 +364,7 @@ Partial Class ForgotPW customerID = txt_CustomerID_M.Text lblMessage_M.ForeColor = Color.Green isuserIDright = True - VERAG_VARIABLES.seterrorcount(17) - lblMessage_M.Text = VERAG_VARIABLES.geterrornumb + "The given Customer-ID exists in our database." + lblMessage_M.Text = "The given Customer-ID exists in our database." Else lblMessage_M.ForeColor = Color.Red isuserIDright = False @@ -498,7 +498,7 @@ Partial Class ForgotPW Dim Ausschusstext2 As String = "und Zinsen zuletzt auf Zölle angerechnet. Zahlbar und klagbar in Schärding oder Ried. Steuer-Zoll-und Tarifauskünfte sind unverbindlich." Dim Ausschusstext3 As String = "We operate exclusively on the basis of the General Freight Forwarding Terms and Conditions in the respectively applicable version. Payments are initially" Dim Ausschusstext4 As String = "charged on freight, fees and interests and at last on customs duties. The place of jurisdiction: Schärding / Ried. Tax, customs and tariff information are not binding." - htmlbody = String.Format("Dear {0},

Please follow the Link to reset your password:

" + Environment.NewLine + "http://" + getdomianenvironment + ServPort + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(userID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("True") + "" + Environment.NewLine + "

Notice:
The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!

Kind regards,

VERAG | EDV Support
" + mailpic + "

VERAG Spedition AG | A 4975 Suben, Nr. 100
T.+43 7711 2777-xx |support@verag.ag |" + emailnr + "FN xxxxxxx
" + Ausschusstext + "
" + Ausschusstext2 + "
" + Ausschusstext3 + "
" + Ausschusstext4 + "
", username, password) + htmlbody = String.Format("Dear {0},

Please follow the Link to reset your password:

" + Environment.NewLine + "http://" + getdomianenvironment + ServPort + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(userID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("True") + "" + Environment.NewLine + "

Notice:
The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!

Kind regards,

VERAG | EDV Support
" + mailpic + "

VERAG Spedition AG | A 4975 Suben, Nr. 100
T.+43 7711 2777-xx |support@verag.ag |" + emailnr + "FN xxxxxxx
" + Ausschusstext + "
" + Ausschusstext2 + "
" + Ausschusstext3 + "
" + Ausschusstext4 + "
", username, password) ElseIf String.IsNullOrWhiteSpace(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = True Then getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME") 'MsgBox(getdomianenvironment) @@ -511,7 +511,7 @@ Partial Class ForgotPW Dim Ausschusstext2 As String = "und Zinsen zuletzt auf Zölle angerechnet. Zahlbar und klagbar in Schärding oder Ried. Steuer-Zoll-und Tarifauskünfte sind unverbindlich." Dim Ausschusstext3 As String = "We operate exclusively on the basis of the General Freight Forwarding Terms and Conditions in the respectively applicable version. Payments are initially" Dim Ausschusstext4 As String = "charged on freight, fees and interests and at last on customs duties. The place of jurisdiction: Schärding / Ried. Tax, customs and tariff information are not binding." - htmlbody = String.Format("Dear {0},

Please follow the Link to reset your password:

" + Environment.NewLine + "http://" + getdomianenvironment + ServPort + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(userID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("True") + "" + Environment.NewLine + "
Notice:
The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!

Kind regards,

VERAG | EDV Support
" + mailpic + "

VERAG Spedition AG | A 4975 Suben, Nr. 100
T.+43 7711 2777-xx |support@verag.ag | " + emailnr + "FN xxxxxxx
" + Ausschusstext + "
" + Ausschusstext2 + "
" + Ausschusstext3 + "
" + Ausschusstext4 + "
", username, password) + htmlbody = String.Format("Dear {0},

Please follow the Link to reset your password:

" + Environment.NewLine + "http://" + getdomianenvironment + ServPort + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(userID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("True") + "" + Environment.NewLine + "
Notice:
The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!

Kind regards,

VERAG | EDV Support
" + mailpic + "

VERAG Spedition AG | A 4975 Suben, Nr. 100
T.+43 7711 2777-xx |support@verag.ag | " + emailnr + "FN xxxxxxx
" + Ausschusstext + "
" + Ausschusstext2 + "
" + Ausschusstext3 + "
" + Ausschusstext4 + "
", username, password) ElseIf String.IsNullOrWhiteSpace(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = True Then 'MsgBox("Error09:" + Environment.NewLine + "The Domain could not be vaildated. Check Link please or contact the Administrator of the program.") lblMessage_M.ForeColor = Color.OrangeRed