From 4607b0165fc469f38519dff78a25efbeda8963b5 Mon Sep 17 00:00:00 2001 From: ja Date: Thu, 11 Nov 2021 13:53:38 +0100 Subject: [PATCH] =?UTF-8?q?=C3=84nderungen=20in=20Abfrage=20Reset=20pW=20t?= =?UTF-8?q?oken?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- login/Change_PW.aspx.vb | 100 ++++++++----- login/ForgotPW.aspx.vb | 304 ++++++++++++++++++++-------------------- 2 files changed, 214 insertions(+), 190 deletions(-) diff --git a/login/Change_PW.aspx.vb b/login/Change_PW.aspx.vb index f9e4a49..1ece913 100644 --- a/login/Change_PW.aspx.vb +++ b/login/Change_PW.aspx.vb @@ -4,38 +4,70 @@ Imports System.Data.SqlClient Partial Class login_Change_PW Inherits System.Web.UI.Page - Protected Sub Page_Load(sender As Object, e As EventArgs) + Protected Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load Dim url = Request.ServerVariables("URL") Session.Add("urltochangepw", url) - If VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Session.Item("TokenforEmail").ToString()) = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1")) AndAlso VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Session.Item("TokenforEmail").ToString()) = Not Nothing AndAlso VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1")) = Not Nothing And VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Session.Item("CustomerID").ToString()) = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par3") And VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Session.Item("test")) = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par2"))) Then - If getDateoftoken(VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1"))) = True Then - Try - txt_Pw_WH.Enabled = True - txt_Pw.Enabled = True - regexval_txt_Pw_WH.Enabled = True - If IsPostBack Then - reqPasswtxt.Validate() - reqPassw1txt.Validate() - End If - Catch exc As Exception - MsgBox(exc) - End Try - Else - btn_submitpw.Enabled = False - txt_Pw.BackColor = Drawing.Color.Gray - txt_Pw.ForeColor = Drawing.Color.DarkGray - txt_Pw_WH.Enabled = False - txt_Pw_WH.BackColor = Drawing.Color.Gray - txt_Pw_WH.ForeColor = Drawing.Color.DarkGray - txt_Pw.Enabled = False - regexval_txt_Pw_WH.Enabled = False - End If + Dim ConnectionString = "" + + If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then + VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = True + 'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956" + ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" Else - VERAG_VARIABLES.initerrorcount() - VERAG_VARIABLES.seterrorcount(1) - lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb + "Link ist abgelaufen. Bitte neue E-Mail senden." - Response.Redirect("ForgotPW.aspx") + VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = False + ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" + 'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;" End If + + Using con As New SqlConnection(ConnectionString) + ' Using cmd As New SqlCommand("Validate_User") + Using cmd As New SqlCommand("SELECT KundenNr,Username FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND KundenNr=@KundenNr") + ' cmd.CommandType = CommandType.StoredProcedure + Dim usrname = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par2")) + Dim UsrID = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")) + cmd.Parameters.AddWithValue("@Username", usrname) + cmd.Parameters.AddWithValue("@KundenNr", UsrID) + cmd.Connection = con + con.Open() + ' userId = Convert.ToInt32(cmd.ExecuteScalar()) + Dim dr As SqlDataReader = cmd.ExecuteReader() + If dr.HasRows Then + dr.Read() + If VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1")) = Not Nothing AndAlso VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")) = Not Nothing AndAlso VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par3") = Not Nothing And VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par2")) = Not Nothing) Then + If getDateoftoken(VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1"))) = True Then + Try + txt_Pw_WH.Enabled = True + txt_Pw.Enabled = True + regexval_txt_Pw_WH.Enabled = True + If IsPostBack Then + reqPasswtxt.Validate() + reqPassw1txt.Validate() + End If + Catch exc As Exception + lbl_messagetext.Text = exc.Message + End Try + Else + btn_submitpw.Enabled = False + txt_Pw.BackColor = Drawing.Color.Gray + txt_Pw.ForeColor = Drawing.Color.DarkGray + txt_Pw_WH.Enabled = False + txt_Pw_WH.BackColor = Drawing.Color.Gray + txt_Pw_WH.ForeColor = Drawing.Color.DarkGray + txt_Pw.Enabled = False + regexval_txt_Pw_WH.Enabled = False + End If + Else + VERAG_VARIABLES.initerrorcount() + VERAG_VARIABLES.seterrorcount(1) + lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb + "Link ist abgelaufen. Bitte neue E-Mail senden." + Response.Redirect("ForgotPW.aspx") + End If + dr.Close() + End If + End Using + con.Close() + End Using + End Sub Protected Sub txt_Pw_WH_TextChanged(sender As Object, e As EventArgs) @@ -49,11 +81,11 @@ Partial Class login_Change_PW End Sub - Protected Sub btn_submitpw_Click(sender As Object, e As EventArgs) + Protected Sub btn_submitpw_Click(sender As Object, e As EventArgs) Handles btn_submitpw.Click Dim tempstr As String = "" Dim Msg, Style, Title As String - If String.IsNullOrEmpty(txt_Pw.Text) = Not True AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = Not True AndAlso String.IsNullOrEmpty(txt_Pw.Text) = Not True AndAlso String.IsNullOrEmpty(txt_Pw_WH_M.Text) = Not True Then + If String.IsNullOrEmpty(txt_Pw.Text) = Not True AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = Not True AndAlso String.IsNullOrEmpty(txt_Pw_M.Text) = Not True AndAlso String.IsNullOrEmpty(txt_Pw_WH_M.Text) = Not True Then reqPasswtxt_M.Enabled = False reqPasswtxt_M.Enabled = False reqPasswtxt.Enabled = True @@ -139,9 +171,7 @@ Partial Class login_Change_PW Catch ex As Exception lbl_messagetext.Text = ex.Message End Try - Msg = "PW erfolgreich geändert!" - Style = vbOKOnly + vbInformation + vbDefaultButton1 - Title = "Information" + regexval_txt_Pw.ForeColor = Drawing.Color.Green regexval_txt_Pw.Text = "Password has been changed successfully!" 'MsgBox(Msg, Style, Title) @@ -188,10 +218,10 @@ Partial Class login_Change_PW Dim nameoftoken = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(tokenname) If wenn < DateTime.UtcNow.AddMinutes(-30) Then nameoftoken = String.Empty - If VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Session.Item("Mob").ToString()) = "True" Then + If VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Mob").ToString()) = "True" Then VERAG_VARIABLES.seterrorcount(101) lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb + "Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!" - ElseIf VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Session.Item("Mob").ToString()) = "False" Then + ElseIf VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Mob").ToString()) = "False" Then VERAG_VARIABLES.seterrorcount(101) lbl_messagetext_M.Text = VERAG_VARIABLES.geterrornumb + "Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!" End If diff --git a/login/ForgotPW.aspx.vb b/login/ForgotPW.aspx.vb index 14b678c..b0bc889 100644 --- a/login/ForgotPW.aspx.vb +++ b/login/ForgotPW.aspx.vb @@ -248,8 +248,8 @@ Partial Class ForgotPW End Sub Protected Sub btn_Send_M_Click(sender As Object, e As EventArgs) - Try - Dim username As String = String.Empty + + Dim username As String = String.Empty Dim password As String = String.Empty Dim email As String = String.Empty Dim tokenname As String = String.Empty @@ -329,158 +329,152 @@ Partial Class ForgotPW lblMessage_M.Text = "Error 08. The form has not been filled completeley." End If - 'Erweiterte Degub Msg-Box - 'MsgBox("Userdaten in App" + Environment.NewLine + email + Environment.NewLine + username + Environment.NewLine + "Userdaten desktop" + txt_Username.Text + Environment.NewLine + txtEmail.Text + Environment.NewLine + "Userdaten Mobil:" + Environment.NewLine + txtEmail_M.Text + Environment.NewLine + txt_Username_M.Text) - If String.IsNullOrEmpty(tokenname) = True And String.IsNullOrEmpty(password) = True Then - If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then - VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = True - 'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956" - ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" - Else - VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = False - ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" - 'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;" - End If - - Using con As New SqlConnection(ConnectionString) - ' Using cmd As New SqlCommand("Validate_User") - Using cmd As New SqlCommand("SELECT Username,Password,Email,KundenNr FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND Email=@Email AND KundenNr=@CUSTOMERId") - ' cmd.CommandType = CommandType.StoredProcedure - cmd.Parameters.AddWithValue("@Username", username) - cmd.Parameters.AddWithValue("@Email", email) - cmd.Parameters.AddWithValue("@CUSTOMERId", customerID) - cmd.Connection = con - con.Open() - 'userId = Convert.ToInt32(cmd.ExecuteScalar()) - Dim dr As SqlDataReader = cmd.ExecuteReader() - If dr.Read() Then - username = dr("Username").ToString() - password = dr("Password").ToString() - email = dr("Email").ToString() - customerID = dr("KundenNr").ToString() - Try - If (txt_CustomerID_M.Text = dr("KundenNr").ToString() AndAlso String.IsNullOrEmpty(txt_CustomerID.Text) = True) And String.IsNullOrEmpty(customerID) = False Then - customerID = txt_CustomerID_M.Text - lblMessage_M.ForeColor = Color.Green - isuserIDright = True - VERAG_VARIABLES.seterrorcount(17) - lblMessage_M.Text = VERAG_VARIABLES.geterrornumb + "The given Customer-ID exists in our database." - Else - lblMessage_M.ForeColor = Color.Red - isuserIDright = False - VERAG_VARIABLES.seterrorcount(18) - lblMessage_M.Text = VERAG_VARIABLES.geterrornumb + "The given Customer-ID does not exist in our database." - Return - End If - Catch ex As Exception - Dim Msg, Style, Title As String - Msg = "Customer-ID validation failed!" & vbCrLf + "Please try again!" - Style = vbRetry + vbExclamation + vbDefaultButton1 - Title = "Authentication error!" - End Try - Try - If (txtEmail_M.Text = dr("Email").ToString() AndAlso String.IsNullOrEmpty(txtEmail.Text) = True) And String.IsNullOrEmpty(customerID) = False Then - email = txtEmail_M.Text - isuserEmailright = True - lblMessage_M.ForeColor = Color.Green - lblMessage_M.Text = "The given e-mail exists in our database." - Else - lblMessage_M.ForeColor = Color.Red - isuserEmailright = False - VERAG_VARIABLES.seterrorcount(19) - lblMessage_M.Text = VERAG_VARIABLES.geterrornumb + "The given E-Mail does not exist in our database." - Return - End If - Catch ex As Exception - Dim Msg, Style, Title As String - Msg = "E-Mail validation failed!" & vbCrLf + "Please try again!" - Style = vbRetry + vbExclamation + vbDefaultButton1 - Title = "Authentication error!" - End Try - Try - If (txt_Username_M.Text = dr("Username").ToString() AndAlso String.IsNullOrEmpty(txt_Username.Text) = True) And String.IsNullOrEmpty(customerID) = False Then - username = txt_Username_M.Text - lblMessage_M.ForeColor = Color.Green - isusernameright = True - lblMessage_M.Text = "The given Username exists in our database." - Else - lblMessage_M.ForeColor = Color.Red - isusernameright = False - VERAG_VARIABLES.seterrorcount(20) - lblMessage_M.Text = VERAG_VARIABLES.geterrornumb + "The given Username does not exist in our database." - End If - Catch ex As Exception - Dim Msg, Style, Title As String - Msg = "Username validation failed!" & vbCrLf + "Please try again!" - Style = vbRetry + vbExclamation + vbDefaultButton1 - Title = "Authentication error!" - End Try - End If - End Using - con.Close() - End Using - - If Session.Item("TokenforEmail") = Nothing Then - tokenname = genToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession) - Session.Add("TokenforEmail", tokenname) - Session.Add("SessID", VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(Session.SessionID)) - Else - tokenname = Session.Item("TokenforEmail") - End If - - If SendEmail_M(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession) = True Then - 'password = RandomString(New Random, 10) - If (getDateoftoken(tokenname) = True) Then - 'Dim msgboxstyle = vbDefaultButton1 + vbOK - 'MsgBox(tokenname, msgboxstyle) - lblMessage_M.ForeColor = Color.Green - lblMessage_M.Text = "Token generated successfully." - 'MsgBox("Token generated successfully.") - Else - lblMessage_M.ForeColor = Color.Red - VERAG_VARIABLES.seterrorcount(100) - lblMessage_M.Text = VERAG_VARIABLES.geterrornumb + "Token is not valid anymore. Please generate a new one by sending a new e-mail!" - 'MsgBox("Token is not valid anymore. Please generate a new one by sending a new e-mail!") - - If Session.Item("TokenforEmail") = Nothing Then - tokenname = genToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession) - Session.Add("TokenforEmail", tokenname) - Else - tokenname = Session.Item("TokenforEmail") - End If - End If - 'SendEmail(username, password, email) - 'MsgBox("Mail would be sent successfully!") - lblMessage_M.ForeColor = Color.Green - lblMessage_M.Text = "The password has been sent sucessfully on the given valid e-mail address." - ElseIf SendEmail_M(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession) = True Then - 'MsgBox("Mail would not be sent successfully!") - lblMessage_M.ForeColor = Color.Red - If String.IsNullOrWhiteSpace(username) = True Then - lblMessage_M.ForeColor = Drawing.Color.Red - VERAG_VARIABLES.seterrorcount(10) - lblMessage_M.Text = VERAG_VARIABLES.geterrornumb + "Username not recognized Error!" - ElseIf String.IsNullOrWhiteSpace(email) = True Then - lblMessage_M.ForeColor = Drawing.Color.Red - VERAG_VARIABLES.seterrorcount(11) - lblMessage_M.Text = VERAG_VARIABLES.geterrornumb + "Email not recognized Error!" - ElseIf String.IsNullOrWhiteSpace(password) = True Then - lblMessage_M.ForeColor = Drawing.Color.Red - VERAG_VARIABLES.seterrorcount(12) - lblMessage_M.Text = VERAG_VARIABLES.geterrornumb + "An internal password searching error occured in our systems ." - End If - End If + 'Erweiterte Degub Msg-Box + 'MsgBox("Userdaten in App" + Environment.NewLine + email + Environment.NewLine + username + Environment.NewLine + "Userdaten desktop" + txt_Username.Text + Environment.NewLine + txtEmail.Text + Environment.NewLine + "Userdaten Mobil:" + Environment.NewLine + txtEmail_M.Text + Environment.NewLine + txt_Username_M.Text) + If String.IsNullOrEmpty(tokenname) = True And String.IsNullOrEmpty(password) = True Then + If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then + VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = True + 'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956" + ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" Else - lblMessage_M.ForeColor = Drawing.Color.Red - VERAG_VARIABLES.seterrorcount(15) - lblMessage_M.Text = VERAG_VARIABLES.geterrornumb + "Error with Database or the connection." + Environment.NewLine + "Please contact the admin." + VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = False + ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" + 'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;" End If - Catch Exc As Exception - lblMessage.ForeColor = Drawing.Color.Red + + Using con As New SqlConnection(ConnectionString) + ' Using cmd As New SqlCommand("Validate_User") + Using cmd As New SqlCommand("SELECT Username,Password,Email,KundenNr FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND Email=@Email AND KundenNr=@CUSTOMERId") + ' cmd.CommandType = CommandType.StoredProcedure + cmd.Parameters.AddWithValue("@Username", username) + cmd.Parameters.AddWithValue("@Email", email) + cmd.Parameters.AddWithValue("@CUSTOMERId", customerID) + cmd.Connection = con + con.Open() + 'userId = Convert.ToInt32(cmd.ExecuteScalar()) + Dim dr As SqlDataReader = cmd.ExecuteReader() + If dr.Read() Then + username = dr("Username").ToString() + password = dr("Password").ToString() + email = dr("Email").ToString() + customerID = dr("KundenNr").ToString() + Try + If (txt_CustomerID_M.Text = dr("KundenNr").ToString() AndAlso String.IsNullOrEmpty(txt_CustomerID.Text) = True) And String.IsNullOrEmpty(customerID) = False Then + customerID = txt_CustomerID_M.Text + lblMessage_M.ForeColor = Color.Green + isuserIDright = True + VERAG_VARIABLES.seterrorcount(17) + lblMessage_M.Text = VERAG_VARIABLES.geterrornumb + "The given Customer-ID exists in our database." + Else + lblMessage_M.ForeColor = Color.Red + isuserIDright = False + VERAG_VARIABLES.seterrorcount(18) + lblMessage_M.Text = VERAG_VARIABLES.geterrornumb + "The given Customer-ID does not exist in our database." + Return + End If + Catch ex As Exception + Dim Msg, Style, Title As String + Msg = "Customer-ID validation failed!" & vbCrLf + "Please try again!" + Style = vbRetry + vbExclamation + vbDefaultButton1 + Title = "Authentication error!" + End Try + Try + If (txtEmail_M.Text = dr("Email").ToString() AndAlso String.IsNullOrEmpty(txtEmail.Text) = True) And String.IsNullOrEmpty(customerID) = False Then + email = txtEmail_M.Text + isuserEmailright = True + lblMessage_M.ForeColor = Color.Green + lblMessage_M.Text = "The given e-mail exists in our database." + Else + lblMessage_M.ForeColor = Color.Red + isuserEmailright = False + VERAG_VARIABLES.seterrorcount(19) + lblMessage_M.Text = VERAG_VARIABLES.geterrornumb + "The given E-Mail does not exist in our database." + Return + End If + Catch ex As Exception + Dim Msg, Style, Title As String + Msg = "E-Mail validation failed!" & vbCrLf + "Please try again!" + Style = vbRetry + vbExclamation + vbDefaultButton1 + Title = "Authentication error!" + End Try + Try + If (txt_Username_M.Text = dr("Username").ToString() AndAlso String.IsNullOrEmpty(txt_Username.Text) = True) And String.IsNullOrEmpty(customerID) = False Then + username = txt_Username_M.Text + lblMessage_M.ForeColor = Color.Green + isusernameright = True + lblMessage_M.Text = "The given Username exists in our database." + Else + lblMessage_M.ForeColor = Color.Red + isusernameright = False + VERAG_VARIABLES.seterrorcount(20) + lblMessage_M.Text = VERAG_VARIABLES.geterrornumb + "The given Username does not exist in our database." + End If + Catch ex As Exception + Dim Msg, Style, Title As String + Msg = "Username validation failed!" & vbCrLf + "Please try again!" + Style = vbRetry + vbExclamation + vbDefaultButton1 + Title = "Authentication error!" + End Try + End If + End Using + con.Close() + End Using + + If Session.Item("TokenforEmail") = Nothing Then + tokenname = genToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession) + Session.Add("TokenforEmail", tokenname) + Session.Add("SessID", VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(Session.SessionID)) + Else + tokenname = Session.Item("TokenforEmail") + End If + + If SendEmail_M(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession) = True Then + 'password = RandomString(New Random, 10) + If (getDateoftoken(tokenname) = True) Then + 'Dim msgboxstyle = vbDefaultButton1 + vbOK + 'MsgBox(tokenname, msgboxstyle) + lblMessage_M.ForeColor = Color.Green + lblMessage_M.Text = "Token generated successfully." + 'MsgBox("Token generated successfully.") + Else + lblMessage_M.ForeColor = Color.Red + VERAG_VARIABLES.seterrorcount(100) + lblMessage_M.Text = VERAG_VARIABLES.geterrornumb + "Token is not valid anymore. Please generate a new one by sending a new e-mail!" + 'MsgBox("Token is not valid anymore. Please generate a new one by sending a new e-mail!") + + If Session.Item("TokenforEmail") = Nothing Then + tokenname = genToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession) + Session.Add("TokenforEmail", tokenname) + Else + tokenname = Session.Item("TokenforEmail") + End If + End If + 'SendEmail(username, password, email) + 'MsgBox("Mail would be sent successfully!") + lblMessage_M.ForeColor = Color.Green + lblMessage_M.Text = "The password has been sent sucessfully on the given valid e-mail address." + ElseIf SendEmail_M(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession) = True Then + 'MsgBox("Mail would not be sent successfully!") + lblMessage_M.ForeColor = Color.Red + If String.IsNullOrWhiteSpace(username) = True Then + lblMessage_M.ForeColor = Drawing.Color.Red + VERAG_VARIABLES.seterrorcount(10) + lblMessage_M.Text = VERAG_VARIABLES.geterrornumb + "Username not recognized Error!" + ElseIf String.IsNullOrWhiteSpace(email) = True Then + lblMessage_M.ForeColor = Drawing.Color.Red + VERAG_VARIABLES.seterrorcount(11) + lblMessage_M.Text = VERAG_VARIABLES.geterrornumb + "Email not recognized Error!" + ElseIf String.IsNullOrWhiteSpace(password) = True Then + lblMessage_M.ForeColor = Drawing.Color.Red + VERAG_VARIABLES.seterrorcount(12) + lblMessage_M.Text = VERAG_VARIABLES.geterrornumb + "An internal password searching error occured in our systems ." + End If + End If + Else lblMessage_M.ForeColor = Drawing.Color.Red - VERAG_VARIABLES.seterrorcount(8) - lblMessage_M.Text = VERAG_VARIABLES.geterrornumb + "Error08: No input found." + Environment.NewLine + Exc.Message - End Try + VERAG_VARIABLES.seterrorcount(15) + lblMessage_M.Text = VERAG_VARIABLES.geterrornumb + "Error with Database or the connection." + Environment.NewLine + "Please contact the admin." + End If End Sub Function SendEmail_M(username As String, password As String, email As String, tokenname As String, userID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean, sessionisnew As Boolean) As Boolean @@ -504,7 +498,7 @@ Partial Class ForgotPW Dim Ausschusstext2 As String = "und Zinsen zuletzt auf Zölle angerechnet. Zahlbar und klagbar in Schärding oder Ried. Steuer-Zoll-und Tarifauskünfte sind unverbindlich." Dim Ausschusstext3 As String = "We operate exclusively on the basis of the General Freight Forwarding Terms and Conditions in the respectively applicable version. Payments are initially" Dim Ausschusstext4 As String = "charged on freight, fees and interests and at last on customs duties. The place of jurisdiction: Schärding / Ried. Tax, customs and tariff information are not binding." - htmlbody = String.Format("Dear {0},

Please follow the Link to reset your password:

" + Environment.NewLine + "http://" + getdomianenvironment + ServPort + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(userID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("True") + "" + Environment.NewLine + "

Notice:
The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!

Kind regards,

VERAG | EDV Support
" + mailpic + "

VERAG Spedition AG | A 4975 Suben, Nr. 100
T.+43 7711 2777-xx |support@verag.ag |" + emailnr + "FN xxxxxxx
" + Ausschusstext + "
" + Ausschusstext2 + "
" + Ausschusstext3 + "
" + Ausschusstext4 + "
", username, password) + htmlbody = String.Format("Dear {0},

Please follow the Link to reset your password:

" + Environment.NewLine + "http://" + getdomianenvironment + ServPort + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(userID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("True") + "" + Environment.NewLine + "

Notice:
The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!

Kind regards,

VERAG | EDV Support
" + mailpic + "

VERAG Spedition AG | A 4975 Suben, Nr. 100
T.+43 7711 2777-xx |support@verag.ag |" + emailnr + "FN xxxxxxx
" + Ausschusstext + "
" + Ausschusstext2 + "
" + Ausschusstext3 + "
" + Ausschusstext4 + "
", username, password) ElseIf String.IsNullOrWhiteSpace(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = True Then getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME") 'MsgBox(getdomianenvironment) @@ -517,7 +511,7 @@ Partial Class ForgotPW Dim Ausschusstext2 As String = "und Zinsen zuletzt auf Zölle angerechnet. Zahlbar und klagbar in Schärding oder Ried. Steuer-Zoll-und Tarifauskünfte sind unverbindlich." Dim Ausschusstext3 As String = "We operate exclusively on the basis of the General Freight Forwarding Terms and Conditions in the respectively applicable version. Payments are initially" Dim Ausschusstext4 As String = "charged on freight, fees and interests and at last on customs duties. The place of jurisdiction: Schärding / Ried. Tax, customs and tariff information are not binding." - htmlbody = String.Format("Dear {0},

Please follow the Link to reset your password:

" + Environment.NewLine + "http://" + getdomianenvironment + ServPort + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(userID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("True") + "" + Environment.NewLine + "
Notice:
The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!

Kind regards,

VERAG | EDV Support
" + mailpic + "

VERAG Spedition AG | A 4975 Suben, Nr. 100
T.+43 7711 2777-xx |support@verag.ag | " + emailnr + "FN xxxxxxx
" + Ausschusstext + "
" + Ausschusstext2 + "
" + Ausschusstext3 + "
" + Ausschusstext4 + "
", username, password) + htmlbody = String.Format("Dear {0},

Please follow the Link to reset your password:

" + Environment.NewLine + "http://" + getdomianenvironment + ServPort + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(userID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("True") + "" + Environment.NewLine + "
Notice:
The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!

Kind regards,

VERAG | EDV Support
" + mailpic + "

VERAG Spedition AG | A 4975 Suben, Nr. 100
T.+43 7711 2777-xx |support@verag.ag | " + emailnr + "FN xxxxxxx
" + Ausschusstext + "
" + Ausschusstext2 + "
" + Ausschusstext3 + "
" + Ausschusstext4 + "
", username, password) ElseIf String.IsNullOrWhiteSpace(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = True Then 'MsgBox("Error09:" + Environment.NewLine + "The Domain could not be vaildated. Check Link please or contact the Administrator of the program.") lblMessage_M.ForeColor = Color.OrangeRed @@ -585,7 +579,7 @@ Partial Class ForgotPW Dim emailnr = VERAG_PROG_ALLGEMEIN.cAllgemein.FIRMA_ID.ToString If isusrnmright = True And iscstmIDright = True AndAlso isemailright = True And sessionisnew = False Then If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then - MsgBox(getdomianenvironment) + 'MsgBox(getdomianenvironment) getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME") ServPort = ":" + Request.ServerVariables("SERVER_PORT") 'pagename = Request.ServerVariables("SCRIPT_NAME") @@ -599,7 +593,7 @@ Partial Class ForgotPW htmlbody = String.Format("Dear {0},

Please follow the Link to reset your password:

" + Environment.NewLine + "http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(tokenname) + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(userID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "" + Environment.NewLine + "

Notice:
The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!


Kind regards,
VERAG | EDV Support
" + mailpic + "
VERAG Spedition AG | A 4975 Suben, Nr. 100
T.+43 7711 2777-xx |support@verag.ag |" + emailnr + "FN xxxxxxx
" + Ausschusstext + "
" + Ausschusstext2 + "
" + Ausschusstext3 + "
" + Ausschusstext4 + "
", username, password) ElseIf String.IsNullOrEmpty(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = False Then getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME") - MsgBox(getdomianenvironment) + 'MsgBox(getdomianenvironment) ServPort = ":" + Request.ServerVariables("SERVER_PORT") 'pagename = Request.ServerVariables("SCRIPT_NAME") mailto = email