Änderungen in Abfrage Reset pW token

2021-11-11 13:53:38 +01:00
parent 943ec78da3
commit 4607b0165f
2 changed files with 214 additions and 190 deletions
--- a/login/Change_PW.aspx.vb
+++ b/login/Change_PW.aspx.vb
@@ -4,10 +4,36 @@ Imports System.Data.SqlClient
 Partial Class login_Change_PW
    Inherits System.Web.UI.Page
-    Protected Sub Page_Load(sender As Object, e As EventArgs)
+    Protected Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load
        Dim url = Request.ServerVariables("URL")
        Session.Add("urltochangepw", url)
-        If VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Session.Item("TokenforEmail").ToString()) = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1")) AndAlso VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Session.Item("TokenforEmail").ToString()) = Not Nothing AndAlso VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1")) = Not Nothing And VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Session.Item("CustomerID").ToString()) = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par3") And VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Session.Item("test")) = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par2"))) Then
+        Dim ConnectionString = ""
        If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
            VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = True
            'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956"
            ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
        Else
            VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = False
            ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
            'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
        End If
        Using con As New SqlConnection(ConnectionString)
            ' Using cmd As New SqlCommand("Validate_User")
            Using cmd As New SqlCommand("SELECT KundenNr,Username FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND KundenNr=@KundenNr")
                ' cmd.CommandType = CommandType.StoredProcedure
                Dim usrname = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par2"))
                Dim UsrID = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3"))
                cmd.Parameters.AddWithValue("@Username", usrname)
                cmd.Parameters.AddWithValue("@KundenNr", UsrID)
                cmd.Connection = con
                con.Open()
                ' userId = Convert.ToInt32(cmd.ExecuteScalar())
                Dim dr As SqlDataReader = cmd.ExecuteReader()
                If dr.HasRows Then
                    dr.Read()
                    If VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1")) = Not Nothing AndAlso VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")) = Not Nothing AndAlso VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par3") = Not Nothing And VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par2")) = Not Nothing) Then
                        If getDateoftoken(VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1"))) = True Then
                            Try
                                txt_Pw_WH.Enabled = True
@@ -18,7 +44,7 @@ Partial Class login_Change_PW
                                    reqPassw1txt.Validate()
                                End If
                            Catch exc As Exception
-                    MsgBox(exc)
+                                lbl_messagetext.Text = exc.Message
                            End Try
                        Else
                            btn_submitpw.Enabled = False
@@ -36,6 +62,12 @@ Partial Class login_Change_PW
                        lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb + "Link ist abgelaufen. Bitte neue E-Mail senden."
                        Response.Redirect("ForgotPW.aspx")
                    End If
                    dr.Close()
                End If
            End Using
            con.Close()
        End Using
    End Sub
    Protected Sub txt_Pw_WH_TextChanged(sender As Object, e As EventArgs)
@@ -49,11 +81,11 @@ Partial Class login_Change_PW
    End Sub
-    Protected Sub btn_submitpw_Click(sender As Object, e As EventArgs)
+    Protected Sub btn_submitpw_Click(sender As Object, e As EventArgs) Handles btn_submitpw.Click
        Dim tempstr As String = ""
        Dim Msg, Style, Title As String
-        If String.IsNullOrEmpty(txt_Pw.Text) = Not True AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = Not True AndAlso String.IsNullOrEmpty(txt_Pw.Text) = Not True AndAlso String.IsNullOrEmpty(txt_Pw_WH_M.Text) = Not True Then
+        If String.IsNullOrEmpty(txt_Pw.Text) = Not True AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = Not True AndAlso String.IsNullOrEmpty(txt_Pw_M.Text) = Not True AndAlso String.IsNullOrEmpty(txt_Pw_WH_M.Text) = Not True Then
            reqPasswtxt_M.Enabled = False
            reqPasswtxt_M.Enabled = False
            reqPasswtxt.Enabled = True
@@ -139,9 +171,7 @@ Partial Class login_Change_PW
            Catch ex As Exception
                lbl_messagetext.Text = ex.Message
            End Try
-            Msg = "PW erfolgreich geändert!"
+
            Style = vbOKOnly + vbInformation + vbDefaultButton1
            Title = "Information"
            regexval_txt_Pw.ForeColor = Drawing.Color.Green
            regexval_txt_Pw.Text = "Password has been changed successfully!"
            'MsgBox(Msg, Style, Title)
@@ -188,10 +218,10 @@ Partial Class login_Change_PW
        Dim nameoftoken = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(tokenname)
        If wenn < DateTime.UtcNow.AddMinutes(-30) Then
            nameoftoken = String.Empty
-            If VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Session.Item("Mob").ToString()) = "True" Then
+            If VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Mob").ToString()) = "True" Then
                VERAG_VARIABLES.seterrorcount(101)
                lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb + "Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!"
-            ElseIf VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Session.Item("Mob").ToString()) = "False" Then
+            ElseIf VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Mob").ToString()) = "False" Then
                VERAG_VARIABLES.seterrorcount(101)
                lbl_messagetext_M.Text = VERAG_VARIABLES.geterrornumb + "Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!"
            End If
--- a/login/ForgotPW.aspx.vb
+++ b/login/ForgotPW.aspx.vb
@@ -248,7 +248,7 @@ Partial Class ForgotPW
    End Sub
    Protected Sub btn_Send_M_Click(sender As Object, e As EventArgs)
-        Try
+
        Dim username As String = String.Empty
            Dim password As String = String.Empty
            Dim email As String = String.Empty
@@ -475,12 +475,6 @@ Partial Class ForgotPW
            VERAG_VARIABLES.seterrorcount(15)
            lblMessage_M.Text = VERAG_VARIABLES.geterrornumb + "Error with Database or the connection." + Environment.NewLine + "Please contact the admin."
        End If
        Catch Exc As Exception
            lblMessage.ForeColor = Drawing.Color.Red
            lblMessage_M.ForeColor = Drawing.Color.Red
            VERAG_VARIABLES.seterrorcount(8)
            lblMessage_M.Text = VERAG_VARIABLES.geterrornumb + "Error08: No input found." + Environment.NewLine + Exc.Message
        End Try
    End Sub
    Function SendEmail_M(username As String, password As String, email As String, tokenname As String, userID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean, sessionisnew As Boolean) As Boolean
@@ -504,7 +498,7 @@ Partial Class ForgotPW
                Dim Ausschusstext2 As String = "und Zinsen zuletzt auf Zölle angerechnet. Zahlbar und klagbar in Schärding oder Ried. Steuer-Zoll-und Tarifauskünfte sind unverbindlich."
                Dim Ausschusstext3 As String = "We operate exclusively on the basis of the General Freight Forwarding Terms and Conditions in the respectively applicable version. Payments are initially"
                Dim Ausschusstext4 As String = "charged on freight, fees and interests and at last on customs duties. The place of jurisdiction: Schärding / Ried. Tax, customs and tariff information are not binding."
-                htmlbody = String.Format("Dear {0},<br /><br /> Please follow the Link to reset your password:<br /><br />" + Environment.NewLine + "<a runat=" + "server" + " href=http://" + getdomianenvironment + ServPort + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(userID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("True") + ">http://" + getdomianenvironment + ServPort + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(userID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("True") + "</a>" + Environment.NewLine + "<br /><br />Notice:<br /><span style='color: #043381;font-size:14px'><i>The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!</i></span><br / ><br />Kind regards,<br /><br /><span style='color: #043381'><b>VERAG | EDV Support</b></span><br /><span>" + mailpic + "</span><br /><br /><span style='color: #043381'>VERAG Spedition AG | A 4975 Suben, Nr. 100</span><br /><span style='color: #043381'>T.<a href='tel:+43 7711 2777-xx'>+43 7711 2777-xx</a> |<a href='mailto:@support@verag.ag'>support@verag.ag</a> |" + emailnr + "FN xxxxxxx</span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext2 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext3 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext4 + "</i></span><br />", username, password)
+                htmlbody = String.Format("Dear {0},<br /><br /> Please follow the Link to reset your password:<br /><br />" + Environment.NewLine + "<a runat=" + "server" + " href=http://" + getdomianenvironment + ServPort + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(userID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("True") + ">http://" + getdomianenvironment + ServPort + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(userID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("True") + "</a>" + Environment.NewLine + "<br /><br />Notice:<br /><span style='color: #043381;font-size:14px'><i>The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!</i></span><br / ><br />Kind regards,<br /><br /><span style='color: #043381'><b>VERAG | EDV Support</b></span><br /><span>" + mailpic + "</span><br /><br /><span style='color: #043381'>VERAG Spedition AG | A 4975 Suben, Nr. 100</span><br /><span style='color: #043381'>T.<a href='tel:+43 7711 2777-xx'>+43 7711 2777-xx</a> |<a href='mailto:@support@verag.ag'>support@verag.ag</a> |" + emailnr + "FN xxxxxxx</span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext2 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext3 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext4 + "</i></span><br />", username, password)
            ElseIf String.IsNullOrWhiteSpace(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = True Then
                getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME")
                'MsgBox(getdomianenvironment)
@@ -517,7 +511,7 @@ Partial Class ForgotPW
                Dim Ausschusstext2 As String = "und Zinsen zuletzt auf Zölle angerechnet. Zahlbar und klagbar in Schärding oder Ried. Steuer-Zoll-und Tarifauskünfte sind unverbindlich."
                Dim Ausschusstext3 As String = "We operate exclusively on the basis of the General Freight Forwarding Terms and Conditions in the respectively applicable version. Payments are initially"
                Dim Ausschusstext4 As String = "charged on freight, fees and interests and at last on customs duties. The place of jurisdiction: Schärding / Ried. Tax, customs and tariff information are not binding."
-                htmlbody = String.Format("Dear {0},<br /><br /> Please follow the Link to reset your password:<br /><br />" + Environment.NewLine + "<a runat=" + "server" + " href=http://" + getdomianenvironment + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(userID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("True") + ">http://" + getdomianenvironment + ServPort + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(userID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("True") + "</a>" + Environment.NewLine + "<br />Notice:<br /><span style='color: #043381;font-size:14px'><i>The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!</i></span><br / ><br />Kind regards, <br /><br /><span style='color: #043381'><b>VERAG | EDV Support</b></span><br /><span>" + mailpic + "</span><br /><br /><span style='color: #043381'>VERAG Spedition AG | A 4975 Suben, Nr. 100</span><br /><span style='color: #043381'>T.<a href='tel:+43 7711 2777-xx'>+43 7711 2777-xx</a> |<a href='mailto:@support@verag.ag'>support@verag.ag</a> | " + emailnr + "FN xxxxxxx</span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext2 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext3 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext4 + "</i></span><br />", username, password)
+                htmlbody = String.Format("Dear {0},<br /><br /> Please follow the Link to reset your password:<br /><br />" + Environment.NewLine + "<a runat=" + "server" + " href=http://" + getdomianenvironment + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(userID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("True") + ">http://" + getdomianenvironment + ServPort + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(userID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("True") + "</a>" + Environment.NewLine + "<br />Notice:<br /><span style='color: #043381;font-size:14px'><i>The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!</i></span><br / ><br />Kind regards, <br /><br /><span style='color: #043381'><b>VERAG | EDV Support</b></span><br /><span>" + mailpic + "</span><br /><br /><span style='color: #043381'>VERAG Spedition AG | A 4975 Suben, Nr. 100</span><br /><span style='color: #043381'>T.<a href='tel:+43 7711 2777-xx'>+43 7711 2777-xx</a> |<a href='mailto:@support@verag.ag'>support@verag.ag</a> | " + emailnr + "FN xxxxxxx</span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext2 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext3 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext4 + "</i></span><br />", username, password)
            ElseIf String.IsNullOrWhiteSpace(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = True Then
                'MsgBox("Error09:" + Environment.NewLine + "The Domain could not be vaildated. Check Link please or contact the Administrator of the program.")
                lblMessage_M.ForeColor = Color.OrangeRed
@@ -585,7 +579,7 @@ Partial Class ForgotPW
        Dim emailnr = VERAG_PROG_ALLGEMEIN.cAllgemein.FIRMA_ID.ToString
        If isusrnmright = True And iscstmIDright = True AndAlso isemailright = True And sessionisnew = False Then
            If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
-                MsgBox(getdomianenvironment)
+                'MsgBox(getdomianenvironment)
                getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME")
                ServPort = ":" + Request.ServerVariables("SERVER_PORT")
                'pagename = Request.ServerVariables("SCRIPT_NAME")
@@ -599,7 +593,7 @@ Partial Class ForgotPW
                htmlbody = String.Format("Dear {0},<br /><br /> Please follow the Link to reset your password:<br /><br />" + Environment.NewLine + "<a runat=" + "server" + " href=http://" + getdomianenvironment + ServPort + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(userID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + ">http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(tokenname) + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(userID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "</a>" + Environment.NewLine + "<br /><br />Notice:<br /><span style='color: #043381;font-size:14px'><i>The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!</i></span><br / ><br /><br />Kind regards, <br /><span style='color: #043381'><b>VERAG | EDV Support</b></span><br /><span>" + mailpic + "</span><br /><span style='color: #043381'>VERAG Spedition AG | A 4975 Suben, Nr. 100</span><br /><span style='color: #043381'>T.<a href='tel:+43 7711 2777-xx'>+43 7711 2777-xx</a> |<a href='mailto:@support@verag.ag'>support@verag.ag</a> |" + emailnr + "FN xxxxxxx</span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext2 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext3 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext4 + "</i></span><br />", username, password)
            ElseIf String.IsNullOrEmpty(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = False Then
                getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME")
-                MsgBox(getdomianenvironment)
+                'MsgBox(getdomianenvironment)
                ServPort = ":" + Request.ServerVariables("SERVER_PORT")
                'pagename = Request.ServerVariables("SCRIPT_NAME")
                mailto = email