Änderungen im Design und SIcherheitserhöhung bei Tokengeneration
This commit is contained in:
ja
@@ -84,7 +84,7 @@
|
||||
</tr>
|
||||
<tr style="color:#003680;height:36.67px;">
|
||||
<td colspan="4">
|
||||
<asp:TextBox id="txt_Pw" runat="server" TextMode="Password" Font-Names="Verdana" OnTextChanged="txt_Pw_TextChanged"></asp:TextBox>
|
||||
<asp:TextBox id="txt_Pw" runat="server" TextMode="Password" Font-Names="Verdana" OnTextChanged="txt_Pw_TextChanged" AutoCompleteType="Disabled"></asp:TextBox>
|
||||
<span></span>
|
||||
</td>
|
||||
<tr style="color:#003680;height:38.67px;">
|
||||
@@ -107,7 +107,7 @@
|
||||
</tr>
|
||||
<tr style="color:#003680;height:36.67px;">
|
||||
<td>
|
||||
<asp:TextBox id="txt_Pw_WH" OnTextChanged="txt_Pw_WH_TextChanged" runat="server" TextMode="Password" Font-Names="Verdana"></asp:TextBox>
|
||||
<asp:TextBox id="txt_Pw_WH" OnTextChanged="txt_Pw_WH_TextChanged" runat="server" TextMode="Password" Font-Names="Verdana" AutoCompleteType="Disabled"></asp:TextBox>
|
||||
<span></span>
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
@@ -21,75 +21,80 @@ Partial Class login_ForgotPW
|
||||
End Sub
|
||||
|
||||
Protected Sub SendEmail(sender As Object, e As EventArgs)
|
||||
Dim username As String = txt_Username.Text
|
||||
Dim password As String = String.Empty
|
||||
Dim email As String = txtEmail.Text
|
||||
Dim tokenname As String = ""
|
||||
' cDBFunctions.GetNewOpenConnection()
|
||||
Dim ConnectionString = ""
|
||||
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
|
||||
'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956"
|
||||
ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
|
||||
Else
|
||||
ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
|
||||
'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
|
||||
End If
|
||||
|
||||
' Dim constr As String = ConfigurationManager.ConnectionStrings("constr").ConnectionString
|
||||
Using con As New SqlConnection(ConnectionString)
|
||||
' Using cmd As New SqlCommand("Validate_User")
|
||||
Using cmd As New SqlCommand("SELECT Username,Password FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username")
|
||||
' cmd.CommandType = CommandType.StoredProcedure
|
||||
cmd.Parameters.AddWithValue("@Username", username)
|
||||
cmd.Connection = con
|
||||
con.Open()
|
||||
'userId = Convert.ToInt32(cmd.ExecuteScalar())
|
||||
Dim dr As SqlDataReader = cmd.ExecuteReader()
|
||||
If dr.Read() Then
|
||||
username = dr("Username").ToString()
|
||||
password = dr("Password").ToString()
|
||||
Try
|
||||
If Not txt_Username.Text = "" AndAlso Not txtEmail.Text = "" Then
|
||||
|
||||
email = txtEmail.Text
|
||||
|
||||
Catch ex As Exception
|
||||
Dim Msg, Style, Title As String
|
||||
Msg = "E-mail Prüfung fehlgeschlagen!" & vbCrLf + "Bitte erneut versuchen!"
|
||||
Style = vbRetry + vbExclamation + vbDefaultButton1
|
||||
Title = "Fehler bei E-mail Authentifizierung!"
|
||||
MsgBox(Msg, Style, Title)
|
||||
|
||||
If MsgBox(Msg, Style, Title).Yes Then
|
||||
txtEmail.Text = ""
|
||||
txtEmail.Focus()
|
||||
ElseIf MsgBox(Msg, Style, Title).No Then
|
||||
|
||||
End If
|
||||
End Try
|
||||
|
||||
End If
|
||||
End Using
|
||||
con.Close()
|
||||
End Using
|
||||
tokenname = genToken(username, password, email)
|
||||
If SendEmail(username, password, email, tokenname) = True Then
|
||||
'password = RandomString(New Random, 10)
|
||||
If (getDateoftoken(tokenname) = True) Then
|
||||
Dim msgboxstyle = vbDefaultButton1 + vbOK
|
||||
|
||||
MsgBox(tokenname, msgboxstyle)
|
||||
Dim username As String = txt_Username.Text
|
||||
Dim password As String = String.Empty
|
||||
Dim email As String = txtEmail.Text
|
||||
Dim tokenname As String = ""
|
||||
' cDBFunctions.GetNewOpenConnection()
|
||||
Dim ConnectionString = ""
|
||||
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
|
||||
'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956"
|
||||
ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
|
||||
Else
|
||||
MsgBox("token nicht mehr Gültig! Neuer wird generiert!")
|
||||
tokenname = genToken(username, password, email)
|
||||
ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
|
||||
'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
|
||||
End If
|
||||
'SendEmail(username, password, email)
|
||||
MsgBox("Mail would be sent successfully!")
|
||||
lblMessage.ForeColor = Color.Green
|
||||
lblMessage.Text = "Passwort wurde erfolgreich an die angegebene E-Mail Adresse gesendet."
|
||||
ElseIf SendEmail(username, password, email, tokenname) = False Then
|
||||
MsgBox("Mail would not be sent successfully!")
|
||||
lblMessage.ForeColor = Color.Red
|
||||
lblMessage.Text = "Diese E-Mail ist nicht in unserer Datenbank vorhanden."
|
||||
' Dim constr As String = ConfigurationManager.ConnectionStrings("constr").ConnectionString
|
||||
Using con As New SqlConnection(ConnectionString)
|
||||
' Using cmd As New SqlCommand("Validate_User")
|
||||
Using cmd As New SqlCommand("SELECT Username,Password FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username")
|
||||
' cmd.CommandType = CommandType.StoredProcedure
|
||||
cmd.Parameters.AddWithValue("@Username", username)
|
||||
cmd.Connection = con
|
||||
con.Open()
|
||||
'userId = Convert.ToInt32(cmd.ExecuteScalar())
|
||||
Dim dr As SqlDataReader = cmd.ExecuteReader()
|
||||
If dr.Read() Then
|
||||
username = dr("Username").ToString()
|
||||
password = dr("Password").ToString()
|
||||
Try
|
||||
|
||||
email = txtEmail.Text
|
||||
|
||||
Catch ex As Exception
|
||||
Dim Msg, Style, Title As String
|
||||
Msg = "E-mail Prüfung fehlgeschlagen!" & vbCrLf + "Bitte erneut versuchen!"
|
||||
Style = vbRetry + vbExclamation + vbDefaultButton1
|
||||
Title = "Fehler bei E-mail Authentifizierung!"
|
||||
MsgBox(Msg, Style, Title)
|
||||
|
||||
If MsgBox(Msg, Style, Title).Yes Then
|
||||
txtEmail.Text = ""
|
||||
txtEmail.Focus()
|
||||
ElseIf MsgBox(Msg, Style, Title).No Then
|
||||
|
||||
End If
|
||||
End Try
|
||||
|
||||
End If
|
||||
End Using
|
||||
con.Close()
|
||||
End Using
|
||||
tokenname = genToken(username, password, email)
|
||||
If SendEmail(username, password, email, tokenname) = True Then
|
||||
'password = RandomString(New Random, 10)
|
||||
If (getDateoftoken(tokenname) = True) Then
|
||||
Dim msgboxstyle = vbDefaultButton1 + vbOK
|
||||
|
||||
MsgBox(tokenname, msgboxstyle)
|
||||
Else
|
||||
MsgBox("token nicht mehr Gültig! Neuer wird generiert!")
|
||||
tokenname = genToken(username, password, email)
|
||||
End If
|
||||
'SendEmail(username, password, email)
|
||||
MsgBox("Mail would be sent successfully!")
|
||||
lblMessage.ForeColor = Color.Green
|
||||
lblMessage.Text = "Passwort wurde erfolgreich an die angegebene E-Mail Adresse gesendet."
|
||||
ElseIf SendEmail(username, password, email, tokenname) = False Then
|
||||
MsgBox("Mail would not be sent successfully!")
|
||||
lblMessage.ForeColor = Color.Red
|
||||
lblMessage.Text = "Diese E-Mail ist nicht in unserer Datenbank vorhanden."
|
||||
End If
|
||||
Else
|
||||
MsgBox("Bitte alle Felder ausfüllen!")
|
||||
End If
|
||||
End Sub
|
||||
|
||||
@@ -148,42 +153,38 @@ Partial Class login_ForgotPW
|
||||
Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary())
|
||||
Dim Key() As Byte = Guid.NewGuid().ToByteArray()
|
||||
Dim token As String
|
||||
If username = Not Nothing AndAlso email = Not Nothing Then
|
||||
Try
|
||||
token = Convert.ToBase64String(time.Concat(Key).ToArray())
|
||||
Return token
|
||||
Catch Ex As Exception
|
||||
Dim Msg, Style, Title As String
|
||||
Msg = "Tokengenerierung fehlgeschlagen!" & vbCrLf & "Eine E-Mail wurde erneut an " + email + " zugesedet."
|
||||
Style = vbRetry + vbExclamation + vbDefaultButton1
|
||||
Title = "Fehler bei Token-Generierung"
|
||||
MsgBox(Msg, Style, Title)
|
||||
|
||||
If MsgBox(Msg, Style, Title).Retry Then
|
||||
genToken(username, password, email)
|
||||
If SendEmail(username, password, email, token) = False Then
|
||||
MsgBox("Email konnte wegen eines internen Verschlüsselungsfehlers nicht gesendet werden.", vbOK + vbInformation + vbDefaultButton1, "TokengenerierungsFehler")
|
||||
Else
|
||||
MsgBox("Email wurde erfolgreich gesendet." & vbCr & "Bitte Postfach überprüfen!", vbOK + vbInformation + vbDefaultButton1, "Tokengenerierungs erfolgreich!")
|
||||
End If
|
||||
Try
|
||||
token = Convert.ToBase64String(time.Concat(Key).ToArray())
|
||||
Return token
|
||||
Catch Ex As Exception
|
||||
Dim Msg, Style, Title As String
|
||||
Msg = "Tokengenerierung fehlgeschlagen!" & vbCrLf & "Eine E-Mail wurde erneut an " + email + " zugesedet."
|
||||
Style = vbRetry + vbExclamation + vbDefaultButton1
|
||||
Title = "Fehler bei Token-Generierung"
|
||||
MsgBox(Msg, Style, Title)
|
||||
|
||||
If MsgBox(Msg, Style, Title).Retry Then
|
||||
genToken(username, password, email)
|
||||
If SendEmail(username, password, email, token) = False Then
|
||||
MsgBox("Email konnte wegen eines internen Verschlüsselungsfehlers nicht gesendet werden.", vbOK + vbInformation + vbDefaultButton1, "TokengenerierungsFehler")
|
||||
Else
|
||||
MsgBox("Tokengenerierung nicht erfolgreich." & vbCrLf & "In 5 Sekunden nochmal versuchen!")
|
||||
Dim jetzt As DateTime = DateTime.UtcNow
|
||||
Dim wenn As DateTime = DateTime.UtcNow.AddSeconds(-5)
|
||||
|
||||
|
||||
If jetzt < wenn Then
|
||||
Return "NotYet"
|
||||
Else
|
||||
token = Convert.ToBase64String(time.Concat(Key).ToArray())
|
||||
Return token
|
||||
End If
|
||||
MsgBox("Email wurde erfolgreich gesendet." & vbCr & "Bitte Postfach überprüfen!", vbOK + vbInformation + vbDefaultButton1, "Tokengenerierungs erfolgreich!")
|
||||
End If
|
||||
End Try
|
||||
Else
|
||||
MsgBox("Bitte alle Fleder ausfüllen!")
|
||||
Return "Error04"
|
||||
End If
|
||||
Else
|
||||
MsgBox("Tokengenerierung nicht erfolgreich." & vbCrLf & "In 5 Sekunden nochmal versuchen!")
|
||||
Dim jetzt As DateTime = DateTime.UtcNow
|
||||
Dim wenn As DateTime = DateTime.UtcNow.AddSeconds(-5)
|
||||
|
||||
|
||||
If jetzt < wenn Then
|
||||
Return "NotYet"
|
||||
Else
|
||||
token = Convert.ToBase64String(time.Concat(Key).ToArray())
|
||||
Return token
|
||||
End If
|
||||
End If
|
||||
End Try
|
||||
End Function
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user