edv/VERAG_Homepage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Änderungen im Design und SIcherheitserhöhung bei Tokengeneration

Browse Source
This commit is contained in:
ja
2021-10-11 13:39:39 +02:00
parent 23bdc56cbd
commit 540500661c
2 changed files with 101 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
login/ChangePW.aspx
View File

@@ -84,7 +84,7 @@
</tr> </tr>
<tr style="color:#003680;height:36.67px;"> <tr style="color:#003680;height:36.67px;">
<td colspan="4"> <td colspan="4">
<asp:TextBox id="txt_Pw" runat="server" TextMode="Password" Font-Names="Verdana" OnTextChanged="txt_Pw_TextChanged"></asp:TextBox> <asp:TextBox id="txt_Pw" runat="server" TextMode="Password" Font-Names="Verdana" OnTextChanged="txt_Pw_TextChanged" AutoCompleteType="Disabled"></asp:TextBox>
<span></span> <span></span>
</td> </td>
<tr style="color:#003680;height:38.67px;"> <tr style="color:#003680;height:38.67px;">
@@ -107,7 +107,7 @@
</tr> </tr>
<tr style="color:#003680;height:36.67px;"> <tr style="color:#003680;height:36.67px;">
<td> <td>
<asp:TextBox id="txt_Pw_WH" OnTextChanged="txt_Pw_WH_TextChanged" runat="server" TextMode="Password" Font-Names="Verdana"></asp:TextBox> <asp:TextBox id="txt_Pw_WH" OnTextChanged="txt_Pw_WH_TextChanged" runat="server" TextMode="Password" Font-Names="Verdana" AutoCompleteType="Disabled"></asp:TextBox>
<span></span> <span></span>
</td> </td>
</tr> </tr>

13
login/ForgotPW.aspx.vb
View File

@@ -21,6 +21,9 @@ Partial Class login_ForgotPW
End Sub End Sub
Protected Sub SendEmail(sender As Object, e As EventArgs) Protected Sub SendEmail(sender As Object, e As EventArgs)
If Not txt_Username.Text = "" AndAlso Not txtEmail.Text = "" Then
Dim username As String = txt_Username.Text Dim username As String = txt_Username.Text
Dim password As String = String.Empty Dim password As String = String.Empty
Dim email As String = txtEmail.Text Dim email As String = txtEmail.Text
@@ -34,7 +37,6 @@ Partial Class login_ForgotPW
ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;" 'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
End If End If
' Dim constr As String = ConfigurationManager.ConnectionStrings("constr").ConnectionString ' Dim constr As String = ConfigurationManager.ConnectionStrings("constr").ConnectionString
Using con As New SqlConnection(ConnectionString) Using con As New SqlConnection(ConnectionString)
' Using cmd As New SqlCommand("Validate_User") ' Using cmd As New SqlCommand("Validate_User")
@@ -91,6 +93,9 @@ Partial Class login_ForgotPW
lblMessage.ForeColor = Color.Red lblMessage.ForeColor = Color.Red
lblMessage.Text = "Diese E-Mail ist nicht in unserer Datenbank vorhanden." lblMessage.Text = "Diese E-Mail ist nicht in unserer Datenbank vorhanden."
End If End If
Else
MsgBox("Bitte alle Felder ausfüllen!")
End If
End Sub End Sub
Function RandomString(r As Random, max As Integer) As String Function RandomString(r As Random, max As Integer) As String
@@ -148,7 +153,7 @@ Partial Class login_ForgotPW
Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary()) Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary())
Dim Key() As Byte = Guid.NewGuid().ToByteArray() Dim Key() As Byte = Guid.NewGuid().ToByteArray()
Dim token As String Dim token As String
If username = Not Nothing AndAlso email = Not Nothing Then
Try Try
token = Convert.ToBase64String(time.Concat(Key).ToArray()) token = Convert.ToBase64String(time.Concat(Key).ToArray())
Return token Return token
@@ -180,10 +185,6 @@ Partial Class login_ForgotPW
End If End If
End If End If
End Try End Try
Else
MsgBox("Bitte alle Fleder ausfüllen!")
Return "Error04"
End If
End Function End Function