edv/VERAG_Homepage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Verschlüsselungsmechanismus geändert da man meine Zahlen einlesen konnte beim Username

Browse Source
This commit is contained in:
ja
2021-11-12 14:45:54 +01:00
parent cc413a81b6
commit 2621029aea
4 changed files with 55 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
login/Change_PW.aspx.vb
View File

@@ -23,7 +23,7 @@ Partial Class login_Change_PW
' Using cmd As New SqlCommand("Validate_User")
Using cmd As New SqlCommand("SELECT KundenNr,Username FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND KundenNr=@KundenNr")
' cmd.CommandType = CommandType.StoredProcedure
Dim usrname = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par2"))
Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2"))
Dim UsrID = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3"))
cmd.Parameters.AddWithValue("@Username", usrname)
cmd.Parameters.AddWithValue("@KundenNr", UsrID)
@@ -34,7 +34,7 @@ Partial Class login_Change_PW
If dr.HasRows Then
dr.Read()
If VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1")) = Not Nothing Then
If getDateoftoken(VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1"))) = True AndAlso VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par2")) = dr("Username") AndAlso VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")) = dr("KundenNr") Then
If getDateoftoken(VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1"))) = True AndAlso VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")) = dr("Username") AndAlso VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")) = dr("KundenNr") Then
Try
If IsPostBack Then
@@ -96,10 +96,10 @@ Partial Class login_Change_PW
nameoftoken = String.Empty
If VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Mob").ToString()) = "True" Then
VERAG_VARIABLES.seterrorcount(101)
lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb + "Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!"
lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb + "Token ist zu alt oder wurde nicht gefunden!" + Environment.NewLine + "Bitte erneut eine E-mail zusenden!"
ElseIf VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Mob").ToString()) = "False" Then
VERAG_VARIABLES.seterrorcount(101)
lbl_messagetext_M.Text = VERAG_VARIABLES.geterrornumb + "Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!"
lbl_messagetext_M.Text = VERAG_VARIABLES.geterrornumb + "Token ist zu alt oder wurde nicht gefunden!" + Environment.NewLine + "Bitte erneut eine E-mail zusenden!"
End If
'MsgBox("Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!")
@@ -155,7 +155,7 @@ Partial Class login_Change_PW
' Using cmd As New SqlCommand("Validate_User")
Using cmd As New SqlCommand("SELECT KundenNr,Username,Password FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND KundenNr=@KundenNr")
' cmd.CommandType = CommandType.StoredProcedure
Dim usrname = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par2"))
Dim usrname = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2"))
Dim UsrID = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3"))
cmd.Parameters.AddWithValue("@Username", usrname)
cmd.Parameters.AddWithValue("@KundenNr", UsrID)
@@ -177,14 +177,14 @@ Partial Class login_Change_PW
End Using
Else
VERAG_VARIABLES.seterrorcount(22)
lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb + "Error in Passwort Validation."
lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb + "Error bei der Passwort Validation."
End If
Else
tempstr = "Error01"
End If
If txt_Pw.Text = tempstr And txt_Pw_WH.Text = tempstr AndAlso String.IsNullOrEmpty(txt_Pw_M.Text) = True And String.IsNullOrEmpty(txt_Pw_WH_M.Text) = True And tempstr = Not "Error01" Then
If String.IsNullOrEmpty(txt_Pw_M.Text) = True And String.IsNullOrEmpty(txt_Pw_WH_M.Text) = True And tempstr = Not "Error01" Then
If String.IsNullOrEmpty(txt_Pw.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = False Then
txt_Pw_WH_M.Enabled = False
@@ -200,7 +200,7 @@ Partial Class login_Change_PW
End If
Try
Dim ConnectionString = ""
Dim usrname = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par2"))
Dim usrname = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2"))
Dim UsrID = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3"))
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956"
@@ -222,7 +222,8 @@ Partial Class login_Change_PW
End Using
Else
VERAG_VARIABLES.seterrorcount(22)
lbl_messagetext_M.Text = VERAG_VARIABLES.geterrornumb() + "Error mit der Validierung des Kennwortes."
lbl_messagetext_M.ForeColor = Drawing.Color.Red
lbl_messagetext_M.Text = VERAG_VARIABLES.geterrornumb() + "Error bei der Validierung des Kennwortes."
End If
Catch ex As Exception
lbl_messagetext.Text = ex.Message
@@ -231,7 +232,7 @@ Partial Class login_Change_PW
Style = vbOKOnly + vbInformation + vbDefaultButton1
Title = "Information"
regexval_txt_Pw.ForeColor = Drawing.Color.Green
regexval_txt_Pw.Text = "Password has been changed successfully!"
regexval_txt_Pw.Text = "Passwort wurde erfolgreich geändert!"
'MsgBox(Msg, Style, Title)
' If MsgBox(Msg, Style, Title).Ok Then
'Response.Redirect("login_FLEX.aspx")
@@ -239,7 +240,7 @@ Partial Class login_Change_PW
ElseIf tempstr = "Error01" Then
regexval_txt_Pw.ForeColor = Drawing.Color.MediumVioletRed
VERAG_VARIABLES.seterrorcount(2)
regexval_txt_Pw.Text = VERAG_VARIABLES.geterrornumb + "Password has not been changed successfully!"
regexval_txt_Pw.Text = VERAG_VARIABLES.geterrornumb + "Passwort konnte nicht erfolgreich geändert werden!"
' Msg = "PW nicht erfolgreich geändert!"
' Style = vbAbortRetryIgnore + vbCritical + vbDefaultButton1
' Title = "Error"
@@ -261,7 +262,7 @@ Partial Class login_Change_PW
' btn_submitpw.Enabled = True
Else
lbl_messagetext.ForeColor = Drawing.Color.Red
lbl_messagetext.Text = "Passwort stimmt nicht überein."
lbl_messagetext.Text = "Passwörter stimmen nicht überein."
'btn_submitpw.Enabled = False
End If
End Sub
@@ -295,7 +296,7 @@ Partial Class login_Change_PW
'btn_submitpw_M.Enabled = True
Else
lbl_messagetext_M.ForeColor = Drawing.Color.Red
lbl_messagetext_M.Text = "Passwort stimmt nicht überein."
lbl_messagetext_M.Text = "Passwörter stimmen nicht überein."
'btn_submitpw.Enabled = False
End If
End Sub
@@ -324,10 +325,10 @@ Partial Class login_Change_PW
End If
Using con As New SqlConnection(ConnectionString)
' Using cmd As New SqlCommand("Validate_User")
Using cmd As New SqlCommand("SELECT KundenNr,Username, Passwort FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND KundenNr=@KundenNr")
Using cmd As New SqlCommand("SELECT KundenNr,Username, Password FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND KundenNr=@KundenNr")
' cmd.CommandType = CommandType.StoredProcedure
Dim usrname = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par2"))
Dim UsrID = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3"))
Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")).ToString
Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")).ToString
cmd.Parameters.AddWithValue("@Username", usrname)
cmd.Parameters.AddWithValue("@KundenNr", UsrID)
cmd.Connection = con
@@ -336,9 +337,10 @@ Partial Class login_Change_PW
Dim dr As SqlDataReader = cmd.ExecuteReader()
If dr.HasRows Then
dr.Read()
If txt_Pw_M.Text = Not dr("Passwort") Or txt_Pw_WH_M.Text = Not dr("Passwort") Then
If txt_Pw_M.Text = Not dr("Password").ToString Or txt_Pw_WH_M.Text = Not dr("Password").ToString Then
tempstr = txt_Pw_M.Text
Else
lbl_messagetext_M.ForeColor = Drawing.Color.Red
lbl_messagetext_M.Text = "Die gewählten Passwörter dürfen nicht dem alten entsprechen!"
End If
End If
@@ -349,11 +351,11 @@ Partial Class login_Change_PW
Else
tempstr = "Error01"
End If
If txt_Pw_M.Text = tempstr And txt_Pw_WH_M.Text = tempstr AndAlso String.IsNullOrEmpty(txt_Pw.Text) = True And String.IsNullOrEmpty(txt_Pw_WH.Text) = True And tempstr = Not "Error01" Then
If txt_Pw_WH_M.Text = tempstr AndAlso String.IsNullOrEmpty(txt_Pw.Text) = True And String.IsNullOrEmpty(txt_Pw_WH.Text) = True And Not tempstr = "Error01" Then
Try
ConnectionString = ""
Dim usrname = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par2"))
Dim UsrID = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3"))
Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")).ToString
Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")).ToString
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956"
ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
@@ -370,7 +372,7 @@ Partial Class login_Change_PW
cmd.Connection = con
cmd.ExecuteNonQuery()
regexval_txt_Pw_M.ForeColor = Drawing.Color.Green
regexval_txt_Pw_M.Text = "Password has been changed successfully!"
regexval_txt_Pw_M.Text = "Passwort wurde erfolgreich geändert!"
End Using
End Using
Catch ex As Exception
@@ -386,7 +388,7 @@ Partial Class login_Change_PW
ElseIf tempstr = "Error01" Then
regexval_txt_Pw_M.ForeColor = Drawing.Color.MediumVioletRed
VERAG_VARIABLES.seterrorcount(2)
regexval_txt_Pw_M.Text = VERAG_VARIABLES.geterrornumb + "Password has not been changed successfully!"
regexval_txt_Pw_M.Text = VERAG_VARIABLES.geterrornumb + "Passwort konnte nicht erfolgreich geändert werden!"
' Msg = "PW nicht erfolgreich geändert!"
' Style = vbAbortRetryIgnore + vbCritical + vbDefaultButton1
' Title = "Error"