edv/VERAG_Homepage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Änderungen im Design und SIcherheitserhöhung bei Tokengeneration

Browse Source
This commit is contained in:
ja
2021-10-11 13:39:39 +02:00
parent 23bdc56cbd
commit 540500661c
2 changed files with 101 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
login/ChangePW.aspx
View File

@@ -84,7 +84,7 @@
</tr> </tr>
<tr style="color:#003680;height:36.67px;"> <tr style="color:#003680;height:36.67px;">
<td colspan="4"> <td colspan="4">
<asp:TextBox id="txt_Pw" runat="server" TextMode="Password" Font-Names="Verdana" OnTextChanged="txt_Pw_TextChanged"></asp:TextBox> <asp:TextBox id="txt_Pw" runat="server" TextMode="Password" Font-Names="Verdana" OnTextChanged="txt_Pw_TextChanged" AutoCompleteType="Disabled"></asp:TextBox>
<span></span> <span></span>
</td> </td>
<tr style="color:#003680;height:38.67px;"> <tr style="color:#003680;height:38.67px;">
@@ -107,7 +107,7 @@
</tr> </tr>
<tr style="color:#003680;height:36.67px;"> <tr style="color:#003680;height:36.67px;">
<td> <td>
<asp:TextBox id="txt_Pw_WH" OnTextChanged="txt_Pw_WH_TextChanged" runat="server" TextMode="Password" Font-Names="Verdana"></asp:TextBox> <asp:TextBox id="txt_Pw_WH" OnTextChanged="txt_Pw_WH_TextChanged" runat="server" TextMode="Password" Font-Names="Verdana" AutoCompleteType="Disabled"></asp:TextBox>
<span></span> <span></span>
</td> </td>
</tr> </tr>

197
login/ForgotPW.aspx.vb
View File

@@ -21,75 +21,80 @@ Partial Class login_ForgotPW
End Sub End Sub
Protected Sub SendEmail(sender As Object, e As EventArgs) Protected Sub SendEmail(sender As Object, e As EventArgs)
Dim username As String = txt_Username.Text
Dim password As String = String.Empty
Dim email As String = txtEmail.Text
Dim tokenname As String = ""
' cDBFunctions.GetNewOpenConnection()
Dim ConnectionString = ""
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956"
ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
Else
ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
End If
' Dim constr As String = ConfigurationManager.ConnectionStrings("constr").ConnectionString If Not txt_Username.Text = "" AndAlso Not txtEmail.Text = "" Then
Using con As New SqlConnection(ConnectionString)
' Using cmd As New SqlCommand("Validate_User")
Using cmd As New SqlCommand("SELECT Username,Password FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username")
' cmd.CommandType = CommandType.StoredProcedure
cmd.Parameters.AddWithValue("@Username", username)
cmd.Connection = con
con.Open()
'userId = Convert.ToInt32(cmd.ExecuteScalar())
Dim dr As SqlDataReader = cmd.ExecuteReader()
If dr.Read() Then
username = dr("Username").ToString()
password = dr("Password").ToString()
Try
email = txtEmail.Text Dim username As String = txt_Username.Text
Dim password As String = String.Empty
Catch ex As Exception Dim email As String = txtEmail.Text
Dim Msg, Style, Title As String Dim tokenname As String = ""
Msg = "E-mail Prüfung fehlgeschlagen!" & vbCrLf + "Bitte erneut versuchen!" ' cDBFunctions.GetNewOpenConnection()
Style = vbRetry + vbExclamation + vbDefaultButton1 Dim ConnectionString = ""
Title = "Fehler bei E-mail Authentifizierung!" If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
MsgBox(Msg, Style, Title) 'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956"
ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
If MsgBox(Msg, Style, Title).Yes Then
txtEmail.Text = ""
txtEmail.Focus()
ElseIf MsgBox(Msg, Style, Title).No Then
End If
End Try
End If
End Using
con.Close()
End Using
tokenname = genToken(username, password, email)
If SendEmail(username, password, email, tokenname) = True Then
'password = RandomString(New Random, 10)
If (getDateoftoken(tokenname) = True) Then
Dim msgboxstyle = vbDefaultButton1 + vbOK
MsgBox(tokenname, msgboxstyle)
Else Else
MsgBox("token nicht mehr Gültig! Neuer wird generiert!") ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
tokenname = genToken(username, password, email) 'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
End If End If
'SendEmail(username, password, email) ' Dim constr As String = ConfigurationManager.ConnectionStrings("constr").ConnectionString
MsgBox("Mail would be sent successfully!") Using con As New SqlConnection(ConnectionString)
lblMessage.ForeColor = Color.Green ' Using cmd As New SqlCommand("Validate_User")
lblMessage.Text = "Passwort wurde erfolgreich an die angegebene E-Mail Adresse gesendet." Using cmd As New SqlCommand("SELECT Username,Password FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username")
ElseIf SendEmail(username, password, email, tokenname) = False Then ' cmd.CommandType = CommandType.StoredProcedure
MsgBox("Mail would not be sent successfully!") cmd.Parameters.AddWithValue("@Username", username)
lblMessage.ForeColor = Color.Red cmd.Connection = con
lblMessage.Text = "Diese E-Mail ist nicht in unserer Datenbank vorhanden." con.Open()
'userId = Convert.ToInt32(cmd.ExecuteScalar())
Dim dr As SqlDataReader = cmd.ExecuteReader()
If dr.Read() Then
username = dr("Username").ToString()
password = dr("Password").ToString()
Try
email = txtEmail.Text
Catch ex As Exception
Dim Msg, Style, Title As String
Msg = "E-mail Prüfung fehlgeschlagen!" & vbCrLf + "Bitte erneut versuchen!"
Style = vbRetry + vbExclamation + vbDefaultButton1
Title = "Fehler bei E-mail Authentifizierung!"
MsgBox(Msg, Style, Title)
If MsgBox(Msg, Style, Title).Yes Then
txtEmail.Text = ""
txtEmail.Focus()
ElseIf MsgBox(Msg, Style, Title).No Then
End If
End Try
End If
End Using
con.Close()
End Using
tokenname = genToken(username, password, email)
If SendEmail(username, password, email, tokenname) = True Then
'password = RandomString(New Random, 10)
If (getDateoftoken(tokenname) = True) Then
Dim msgboxstyle = vbDefaultButton1 + vbOK
MsgBox(tokenname, msgboxstyle)
Else
MsgBox("token nicht mehr Gültig! Neuer wird generiert!")
tokenname = genToken(username, password, email)
End If
'SendEmail(username, password, email)
MsgBox("Mail would be sent successfully!")
lblMessage.ForeColor = Color.Green
lblMessage.Text = "Passwort wurde erfolgreich an die angegebene E-Mail Adresse gesendet."
ElseIf SendEmail(username, password, email, tokenname) = False Then
MsgBox("Mail would not be sent successfully!")
lblMessage.ForeColor = Color.Red
lblMessage.Text = "Diese E-Mail ist nicht in unserer Datenbank vorhanden."
End If
Else
MsgBox("Bitte alle Felder ausfüllen!")
End If End If
End Sub End Sub
@@ -148,42 +153,38 @@ Partial Class login_ForgotPW
Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary()) Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary())
Dim Key() As Byte = Guid.NewGuid().ToByteArray() Dim Key() As Byte = Guid.NewGuid().ToByteArray()
Dim token As String Dim token As String
If username = Not Nothing AndAlso email = Not Nothing Then
Try
token = Convert.ToBase64String(time.Concat(Key).ToArray())
Return token
Catch Ex As Exception
Dim Msg, Style, Title As String
Msg = "Tokengenerierung fehlgeschlagen!" & vbCrLf & "Eine E-Mail wurde erneut an " + email + " zugesedet."
Style = vbRetry + vbExclamation + vbDefaultButton1
Title = "Fehler bei Token-Generierung"
MsgBox(Msg, Style, Title)
If MsgBox(Msg, Style, Title).Retry Then Try
genToken(username, password, email) token = Convert.ToBase64String(time.Concat(Key).ToArray())
If SendEmail(username, password, email, token) = False Then Return token
MsgBox("Email konnte wegen eines internen Verschlüsselungsfehlers nicht gesendet werden.", vbOK + vbInformation + vbDefaultButton1, "TokengenerierungsFehler") Catch Ex As Exception
Else Dim Msg, Style, Title As String
MsgBox("Email wurde erfolgreich gesendet." & vbCr & "Bitte Postfach überprüfen!", vbOK + vbInformation + vbDefaultButton1, "Tokengenerierungs erfolgreich!") Msg = "Tokengenerierung fehlgeschlagen!" & vbCrLf & "Eine E-Mail wurde erneut an " + email + " zugesedet."
End If Style = vbRetry + vbExclamation + vbDefaultButton1
Title = "Fehler bei Token-Generierung"
MsgBox(Msg, Style, Title)
If MsgBox(Msg, Style, Title).Retry Then
genToken(username, password, email)
If SendEmail(username, password, email, token) = False Then
MsgBox("Email konnte wegen eines internen Verschlüsselungsfehlers nicht gesendet werden.", vbOK + vbInformation + vbDefaultButton1, "TokengenerierungsFehler")
Else Else
MsgBox("Tokengenerierung nicht erfolgreich." & vbCrLf & "In 5 Sekunden nochmal versuchen!") MsgBox("Email wurde erfolgreich gesendet." & vbCr & "Bitte Postfach überprüfen!", vbOK + vbInformation + vbDefaultButton1, "Tokengenerierungs erfolgreich!")
Dim jetzt As DateTime = DateTime.UtcNow
Dim wenn As DateTime = DateTime.UtcNow.AddSeconds(-5)
If jetzt < wenn Then
Return "NotYet"
Else
token = Convert.ToBase64String(time.Concat(Key).ToArray())
Return token
End If
End If End If
End Try Else
Else MsgBox("Tokengenerierung nicht erfolgreich." & vbCrLf & "In 5 Sekunden nochmal versuchen!")
MsgBox("Bitte alle Fleder ausfüllen!") Dim jetzt As DateTime = DateTime.UtcNow
Return "Error04" Dim wenn As DateTime = DateTime.UtcNow.AddSeconds(-5)
End If
If jetzt < wenn Then
Return "NotYet"
Else
token = Convert.ToBase64String(time.Concat(Key).ToArray())
Return token
End If
End If
End Try
End Function End Function