edv/VERAG_Homepage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Änderung des Buttons und MD5 hash überprüfung erfolgreich

Browse Source
This commit is contained in:
ja
2021-12-02 13:56:16 +01:00
parent b2e087efcf
commit 5929dbf53c
1 changed files with 61 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

103
login/Change_PW.aspx.vb
View File

@@ -234,9 +234,9 @@ Partial Class login_Change_PW
'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
End If
Dim istokenhash As String = gensaltToken(usrname, tempstr, Email, Session.IsNewSession)
Dim istokenDBhash As String = gensaltToken(UsrIdDB, pwDB, EmailDB, Session.IsNewSession)
If regexval_txt_Pw.IsValid = True And IsPWRequal = False Then
If String.Equals(istokenhash, istokenDBhash, StringComparison.CurrentCulture) = True Then
Dim istokenDBhash As String = gensaltToken(UsernameDB, pwDB, EmailDB, Session.IsNewSession)
If regexval_txt_Pw.IsValid = True Then
If String.Equals(istokenhash, istokenDBhash) = False Then
Using con As New SqlConnection(ConnectionString)
Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET [Password]=@Password WHERE [Username]=@Username AND [UserId]=@UserId")
' cmd.CommandType = CommandType.StoredProcedure
@@ -248,9 +248,10 @@ Partial Class login_Change_PW
If String.IsNullOrEmpty(usrname) = False Then
cmd.ExecuteNonQuery()
btn_submitpw.Visible = True
btn_submitpw.Text = "zum Login"
Else
VERAG_VARIABLES.seterrorcount(25)
'lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb() + "Error at changing the Password."
lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb() + "Passwords shouldn't match!"
End If
End Using
con.Close()
@@ -268,6 +269,13 @@ Partial Class login_Change_PW
regexval_txt_Pw.ForeColor = Drawing.Color.Green
regexval_txt_Pw.Text = "Passwort has been changed successfully!"
btn_submitpw.Text = "Back to Login!"
btn_submitpw.PostBackUrl = "login_FLEX.aspx"
confirmPasswordReq.Enabled = False
confirmPasswordReq_M.Enabled = False
reqPasswtxt.Enabled = False
reqPassw1txt.Enabled = False
'Response.Redirect("login_FLEX.apsx")
'MsgBox(Msg, Style, Title)
' If MsgBox(Msg, Style, Title).Ok Then
'Response.Redirect("login_FLEX.aspx")
@@ -277,6 +285,9 @@ Partial Class login_Change_PW
VERAG_VARIABLES.seterrorcount(2)
btn_submitpw.Text = "Back to Login!"
btn_submitpw.PostBackUrl = "login_FLEX.apsx"
reqPasswtxt.Enabled = False
reqPassw1txt.Enabled = False
'Response.Redirect("login_FLEX.aspx")
'regexval_txt_Pw.Text = VERAG_VARIABLES.geterrornumb + "Passwords could not be found!"
' Msg = "PW nicht erfolgreich geändert!"
' Style = vbAbortRetryIgnore + vbCritical + vbDefaultButton1
@@ -393,8 +404,7 @@ Partial Class login_Change_PW
Dim dr As SqlDataReader = cmd.ExecuteReader()
If dr.HasRows Then
dr.Read()
If String.Equals(txt_Pw_M.Text, dr("Password").ToString, StringComparison.CurrentCulture) = False Or String.Equals(txt_Pw_WH_M.Text, dr("Password").ToString, StringComparison.CurrentCulture) = False Then
tempstr = txt_Pw_M.Text
tempstr = txt_Pw_M.Text
EmailDB = dr("Email").ToString
pwDB = dr("Password").ToString
usrnmDB = dr("Username").ToString
@@ -415,11 +425,8 @@ Partial Class login_Change_PW
If String.Equals(THEUsrID, customerIDDB, StringComparison.CurrentCulture) = True Then
isctmrIDright = True
End If
Else
lbl_messagetext_M.ForeColor = Drawing.Color.Red
lbl_messagetext_M.Text = "The chosen password should not be the old one!"
End If
If String.Compare(usrname, dr("Username")) = True Then
If String.Compare(usrname, dr("Username")) = True Then
isusernameright = True
End If
End If
@@ -448,8 +455,8 @@ Partial Class login_Change_PW
Using con As New SqlConnection(ConnectionString)
Dim istokenhash As String = gensaltToken(usrname, tempstr, Email, Session.IsNewSession)
Dim istokenDBhash As String = gensaltToken(usrnmDB, pwDB, EmailDB, Session.IsNewSession)
If regexval_txt_Pw.IsValid = True And ispwrEqual = False Then
If String.Equals(istokenhash, istokenDBhash, StringComparison.CurrentCulture) = True Then
If regexval_txt_Pw.IsValid = True Then
If String.Equals(istokenhash, istokenDBhash, StringComparison.CurrentCulture) = False Then
Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET Password=@Password WHERE Username=@Username AND UserId=@UserId")
' cmd.CommandType = CommandType.StoredProcedure
cmd.Parameters.AddWithValue("@Username", usrname)
@@ -461,9 +468,17 @@ Partial Class login_Change_PW
cmd.ExecuteNonQuery()
regexval_txt_Pw_M.ForeColor = Drawing.Color.Green
regexval_txt_Pw_M.Text = "Password has been changed sucessfully!"
btn_submitpw.Text = "Back to Login!"
btn_submitpw.PostBackUrl = "login_FLEX.aspx"
confirmPasswordReq_M.Enabled = False
confirmPasswordReq_M.Enabled = False
reqPasswtxt_M.Enabled = False
Else
btn_submitpw_M.Text = "Back to Login!"
btn_submitpw_M.PostBackUrl = "login_FLEX.apsx"
btn_submitpw.Text = "Back to Login!"
btn_submitpw.PostBackUrl = "login_FLEX.aspx"
confirmPasswordReq.Enabled = False
confirmPasswordReq_M.Enabled = False
reqPasswtxt_M.Enabled = False
End If
End Using
End If
@@ -482,8 +497,11 @@ Partial Class login_Change_PW
regexval_txt_Pw_M.ForeColor = Drawing.Color.MediumVioletRed
VERAG_VARIABLES.seterrorcount(2)
regexval_txt_Pw_M.Text = VERAG_VARIABLES.geterrornumb + "Passwort konnte nicht erfolgreich geändert werden!"
btn_submitpw_M.Text = "Back to Login!"
btn_submitpw_M.PostBackUrl = "login_FLEX.apsx"
btn_submitpw.Text = "Back to Login!"
btn_submitpw.PostBackUrl = "login_FLEX.aspx"
confirmPasswordReq.Enabled = False
confirmPasswordReq_M.Enabled = False
'Button hierher
' Msg = "PW nicht erfolgreich geändert!"
@@ -506,32 +524,33 @@ Partial Class login_Change_PW
Function gensaltToken(username As String, password As String, email As String, isnewSession As Boolean) As String
If isnewSession = False Then
Dim token As String
If String.IsNullOrEmpty(username) = False AndAlso String.IsNullOrEmpty(email) = False Then
Dim intzahl = RandomInteger(Math.Pow(2, 6), Math.Pow(2, 8))
Dim intzahl2 = RandomInteger(Math.Pow(2, 6), Math.Pow(2, 8))
Dim Rand As Random = New Random
If String.IsNullOrEmpty(password) = False Then
Try
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl)
Dim tok As String = password
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 1991, intzahl))
Return token
Catch Ex As Exception
'Dim Msg, Style, Title As String
'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given."
'Style = vbRetry + vbExclamation + vbDefaultButton1
'Title = "Error05: Token-Generierung"
'MsgBox(Msg, Style, Title)
'If MsgBox(Msg, Style, Title).Retry Then
'genToken(username, password, email)
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl2)
Dim tok As String = password
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 1991, intzahl2))
Return token
Dim intzahl = RandomInteger(Math.Pow(2, 5), Math.Pow(2, 8))
Dim intzahl2 = RandomInteger(Math.Pow(2, 5), Math.Pow(2, 6))
Dim Rand As Random = New Random
If String.IsNullOrEmpty(password) = False Then
Try
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl)
Dim tok As String = password
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 1991, intzahl))
Return token
Catch Ex As Exception
'Dim Msg, Style, Title As String
'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given."
'Style = vbRetry + vbExclamation + vbDefaultButton1
'Title = "Error05: Token-Generierung"
'MsgBox(Msg, Style, Title)
'If MsgBox(Msg, Style, Title).Retry Then
'genToken(username, password, email)
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl2)
Dim tok As String = password
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 1991, intzahl2))
Return token
End Try
Else
Return String.Empty
End Try
Else
Return String.Empty
End If
End If
Else
Return "Error in Session ID. It has changed. Please check admin!"