Änderungen im Design und SIcherheitserhöhung bei Tokengeneration

2021-10-11 13:39:39 +02:00
parent 23bdc56cbd
commit 540500661c
2 changed files with 101 additions and 100 deletions
--- a/login/ChangePW.aspx
+++ b/login/ChangePW.aspx
@@ -84,7 +84,7 @@
                      </tr>
                      <tr style="color:#003680;height:36.67px;">
                        <td colspan="4">
-                            <asp:TextBox id="txt_Pw" runat="server" TextMode="Password" Font-Names="Verdana" OnTextChanged="txt_Pw_TextChanged"></asp:TextBox> 
+                            <asp:TextBox id="txt_Pw" runat="server" TextMode="Password" Font-Names="Verdana" OnTextChanged="txt_Pw_TextChanged" AutoCompleteType="Disabled"></asp:TextBox> 
                            <span></span>
                            </td>
                          <tr style="color:#003680;height:38.67px;">
@@ -107,7 +107,7 @@
                     </tr>
                     <tr style="color:#003680;height:36.67px;">
                        <td>
-                            <asp:TextBox id="txt_Pw_WH" OnTextChanged="txt_Pw_WH_TextChanged" runat="server" TextMode="Password" Font-Names="Verdana"></asp:TextBox>  
+                            <asp:TextBox id="txt_Pw_WH" OnTextChanged="txt_Pw_WH_TextChanged" runat="server" TextMode="Password" Font-Names="Verdana" AutoCompleteType="Disabled"></asp:TextBox>  
                            <span></span>
                        </td>
                     </tr>
--- a/login/ForgotPW.aspx.vb
+++ b/login/ForgotPW.aspx.vb
@@ -21,6 +21,9 @@ Partial Class login_ForgotPW
    End Sub

    Protected Sub SendEmail(sender As Object, e As EventArgs)
+
+        If Not txt_Username.Text = "" AndAlso Not txtEmail.Text = "" Then
+
            Dim username As String = txt_Username.Text
            Dim password As String = String.Empty
            Dim email As String = txtEmail.Text
@@ -34,7 +37,6 @@ Partial Class login_ForgotPW
                ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
                'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
            End If
-
            ' Dim constr As String = ConfigurationManager.ConnectionStrings("constr").ConnectionString
            Using con As New SqlConnection(ConnectionString)
                ' Using cmd As New SqlCommand("Validate_User")
@@ -91,6 +93,9 @@ Partial Class login_ForgotPW
                lblMessage.ForeColor = Color.Red
                lblMessage.Text = "Diese E-Mail ist nicht in unserer Datenbank vorhanden."
            End If
+        Else
+            MsgBox("Bitte alle Felder ausfüllen!")
+        End If
    End Sub

    Function RandomString(r As Random, max As Integer) As String
@@ -148,7 +153,7 @@ Partial Class login_ForgotPW
        Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary())
        Dim Key() As Byte = Guid.NewGuid().ToByteArray()
        Dim token As String
-        If username = Not Nothing AndAlso email = Not Nothing Then
+
        Try
            token = Convert.ToBase64String(time.Concat(Key).ToArray())
            Return token
@@ -180,10 +185,6 @@ Partial Class login_ForgotPW
                End If
            End If
        End Try
-        Else
-            MsgBox("Bitte alle Fleder ausfüllen!")
-            Return "Error04"
-        End If
    End Function