diff --git a/js/geturlofsite.js b/js/geturlofsite.js new file mode 100644 index 0000000..913377e --- /dev/null +++ b/js/geturlofsite.js @@ -0,0 +1,9 @@ +class geturlofsite { + var url = "" + function seturl() { + url = window.location.href; + } + function geturl() { + return new URL(url) + }; +}; \ No newline at end of file diff --git a/login/ChangePW.aspx b/login/ChangePW.aspx index 07cf545..4f11c4f 100644 --- a/login/ChangePW.aspx +++ b/login/ChangePW.aspx @@ -120,6 +120,9 @@ + + + @@ -128,5 +131,9 @@ + + diff --git a/login/ChangePW.aspx.vb b/login/ChangePW.aspx.vb index cfe5443..01aa1c3 100644 --- a/login/ChangePW.aspx.vb +++ b/login/ChangePW.aspx.vb @@ -3,14 +3,18 @@ Partial Class login_ChangePW Inherits System.Web.UI.Page Protected Sub Page_Load(sender As Object, e As EventArgs) + Dim url = Request.ServerVariables("URL") + Session.Add("urltochangepw", url) - btn_submitpw.Enabled = False - txt_Pw_WH.Enabled = False - regexval_txt_Pw_WH.Enabled = False - If IsPostBack Then - reqPasswtxt.Validate() - reqPassw1txt.Validate() - Session.Add("urltochangepw", Request.Url.AbsoluteUri) + If getDateoftoken(VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1"))) = True Then + txt_Pw_WH.Enabled = False + regexval_txt_Pw_WH.Enabled = False + If IsPostBack Then + reqPasswtxt.Validate() + reqPassw1txt.Validate() + End If + Else + btn_submitpw.Enabled = False End If End Sub @@ -23,6 +27,16 @@ Partial Class login_ChangePW btn_submitpw.Enabled = False End If End Sub + Public Function geturlofpage() As String + Dim url = Request.Url.Authority + HttpContext.Current.Request.RawUrl.ToString() + + If Request.ServerVariables("HTTPS") = "on" Then + url = "https://" + url + Else + url = "http://" + url + End If + Return url + End Function Protected Sub btn_submitpw_Click(sender As Object, e As EventArgs) Dim tempstr As String = "" @@ -47,7 +61,6 @@ Partial Class login_ChangePW Msg = "PW nicht erfolgreich geändert!" Style = vbAbortRetryIgnore + vbCritical + vbDefaultButton1 Title = "Error" - MsgBox(Msg, Style, Title) If MsgBox(Msg, Style, Title).Retry Then Response.Redirect(Request.RawUrl) @@ -73,4 +86,24 @@ Partial Class login_ChangePW regexval_txt_Pw_WH.Enabled = False End If End Sub + + Function getDateoftoken(tokenname As String) As Boolean + Dim data() As Byte = Convert.FromBase64String(tokenname) + Dim wenn As DateTime = DateTime.FromBinary(BitConverter.ToInt64(data, 0)) + tmr_PWToken.Interval = 30000 + tmr_PWToken.Enabled = True + + If wenn < DateTime.UtcNow.AddMinutes(-3) Then + Return False + MsgBox("Token nicht gefunden oder zu alt!" + Environment.NewLine + "Bitte erneut Mail senden!") + Else + tmr_PWToken.Enabled = False + Return True + End If + End Function + + + Protected Sub tmr_PWToken_Tick(sender As Object, e As EventArgs) + btn_submitpw.Enabled = False + End Sub End Class diff --git a/login/ForgotPW.aspx b/login/ForgotPW.aspx index 4e45112..a77c6d1 100644 --- a/login/ForgotPW.aspx +++ b/login/ForgotPW.aspx @@ -1,5 +1,5 @@ <%@ Page Language="VB" AutoEventWireup="false" CodeFile="ForgotPW.aspx.vb" Inherits="login_ForgotPW" %> - +<%@ Reference VirtualPath="~/login/ChangePW.aspx" %> @@ -115,8 +115,13 @@ + - + + + + + diff --git a/login/ForgotPW.aspx.vb b/login/ForgotPW.aspx.vb index 09e1063..cae56af 100644 --- a/login/ForgotPW.aspx.vb +++ b/login/ForgotPW.aspx.vb @@ -7,6 +7,9 @@ Imports System.Data Partial Class login_ForgotPW Inherits System.Web.UI.Page + + + Protected Sub Page_Load(sender As Object, e As EventArgs) If txt_Username.Text = "" Then Try @@ -15,6 +18,7 @@ Partial Class login_ForgotPW MsgBox(ex.Message) End Try End If + End Sub Protected Sub btn_Back_Click(sender As Object, e As EventArgs) Response.Redirect("login/login_FLEX.aspx") @@ -72,7 +76,7 @@ Partial Class login_ForgotPW con.Close() End Using tokenname = genToken(username, password, email) - If SendEmail(username, password, email) = True Then + If SendEmail(username, password, email, tokenname) = True Then 'password = RandomString(New Random, 10) If (getDateoftoken(tokenname) = True) Then Dim msgboxstyle = vbDefaultButton1 + vbOK @@ -86,7 +90,7 @@ Partial Class login_ForgotPW MsgBox("Mail would be sent successfully!") lblMessage.ForeColor = Color.Green lblMessage.Text = "Passwort wurde erfolgreich an die angegebene E-Mail Adresse gesendet." - ElseIf SendEmail(username, password, email) = False Then + ElseIf SendEmail(username, password, email, tokenname) = False Then MsgBox("Mail would not be sent successfully!") lblMessage.ForeColor = Color.Red lblMessage.Text = "Diese E-Mail ist nicht in unserer Datenbank vorhanden." @@ -104,31 +108,38 @@ Partial Class login_ForgotPW Return sb.ToString() End Function - Function SendEmail(username As String, password As String, email As String) As Boolean + Function SendEmail(username As String, password As String, email As String, tokenname As String) As Boolean Dim getdomianenvironment As String = "" + Dim pagename As String = "" + Dim ServPort As String = "" If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME") - ElseIf HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then + ServPort = Request.ServerVariables("SERVER_PORT") + pagename = Request.ServerVariables("SCRIPT_NAME") + ElseIf HttpContext.Current.Request.ServerVariables("SERVER_NAME") = Not "localhost" Then getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME") + ServPort = Nothing + pagename = Request.ServerVariables("SCRIPT_NAME") End If + 'Dim pg As String = Request.ServerVariables("URL") + MsgBox("/" + ServPort + Request.ServerVariables("URL")) Dim mailto As String = email Dim Betreff As String = "Passwort reset" - Dim htmlbody = String.Format("Sehr geehrte/r {0},

Der Link zum Zurücksetzen des Passwortes lautet:


.
" + Environment.NewLine + "This is default.aspx" + Environment.NewLine + "
Mit freundlichen Grüßen,", username, password) + Dim htmlbody = String.Format("Sehr geehrte/r {0},

Der Link zum Zurücksetzen des Passwortes lautet:


.
" + Environment.NewLine + "Link" + Environment.NewLine + "
Mit freundlichen Grüßen,", username, password) Try Dim tokennametemp = genToken(username, password, email) 'Dim Strtemp = Session.Keys.Item("urltochangepw") If getDateoftoken(tokennametemp) = True Then ' Dim attachment As Attachment = New Attachment(File.OpenRead(excel), "Kundenliste.xlsx") ' Msg.Attachments.Add(attachment) - VERAG_PROG_ALLGEMEIN.cProgramFunctions.sendMail(mailto, Betreff, htmlbody) MsgBox("SENT") Return True Else - + MsgBox("Error02: Mail not delivered!") tokennametemp = genToken(username, password, email) - VERAG_PROG_ALLGEMEIN.cProgramFunctions.sendMail(mailto, Betreff, htmlbody) + VERAG_PROG_ALLGEMEIN.cProgramFunctions.sendMail(mailto, Betreff, htmlbody, tokenname) Return False End If Catch ex As Exception @@ -140,8 +151,9 @@ Partial Class login_ForgotPW Function genToken(username As String, password As String, email As String) As String Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary()) Dim Key() As Byte = Guid.NewGuid().ToByteArray() + Dim token As String + Try - Dim token As String token = Convert.ToBase64String(time.Concat(Key).ToArray()) Return token Catch Ex As Exception @@ -152,21 +164,35 @@ Partial Class login_ForgotPW MsgBox(Msg, Style, Title) If MsgBox(Msg, Style, Title).Retry Then - If SendEmail(username, password, email) = True Then - MsgBox("SENT") + genToken(username, password, email) + Else + MsgBox("Tokengenerierung nicht erfolgreich." & vbCrLf & "In 5 Sekunden nochmal versuchen!") + Dim jetzt As DateTime = DateTime.UtcNow + Dim wenn As DateTime = DateTime.UtcNow.AddMinutes(-3) + Token_tmr.Interval = 3000 + Token_tmr.Enabled = True + + If jetzt < DateTime.UtcNow.AddSeconds(-5) Then + Return "NotYet" Else - MsgBox("Error02: Mail not delivered!") + Token_tmr.Enabled = False + token = Convert.ToBase64String(time.Concat(Key).ToArray()) + Return token End If End If End Try End Function + + Function getDateoftoken(tokenname As String) As Boolean Dim data() As Byte = Convert.FromBase64String(tokenname) Dim wenn As DateTime = DateTime.FromBinary(BitConverter.ToInt64(data, 0)) - If wenn < DateTime.UtcNow.AddHours(-24) Then + If wenn < DateTime.UtcNow.AddMinutes(-30) Then Return False MsgBox("Token nicht gefunden oder zu alt!" + Environment.NewLine + "Bitte erneut Mail senden!") + ElseIf tokenname = "NotYet" Then + Return False Else Return True End If @@ -175,4 +201,8 @@ Partial Class login_ForgotPW Protected Sub txtEmail_TextChanged(sender As Object, e As EventArgs) regexval_txt_Email.Validate() End Sub + + Protected Sub Token_tmr_Tick(sender As Object, e As EventArgs) + btn_Send.Enabled = False + End Sub End Class \ No newline at end of file