diff --git a/login/Change_PW.aspx.vb b/login/Change_PW.aspx.vb index b997711..35d6e6e 100644 --- a/login/Change_PW.aspx.vb +++ b/login/Change_PW.aspx.vb @@ -234,9 +234,9 @@ Partial Class login_Change_PW 'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;" End If Dim istokenhash As String = gensaltToken(usrname, tempstr, Email, Session.IsNewSession) - Dim istokenDBhash As String = gensaltToken(UsrIdDB, pwDB, EmailDB, Session.IsNewSession) - If regexval_txt_Pw.IsValid = True And IsPWRequal = False Then - If String.Equals(istokenhash, istokenDBhash, StringComparison.CurrentCulture) = True Then + Dim istokenDBhash As String = gensaltToken(UsernameDB, pwDB, EmailDB, Session.IsNewSession) + If regexval_txt_Pw.IsValid = True Then + If String.Equals(istokenhash, istokenDBhash) = False Then Using con As New SqlConnection(ConnectionString) Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET [Password]=@Password WHERE [Username]=@Username AND [UserId]=@UserId") ' cmd.CommandType = CommandType.StoredProcedure @@ -248,9 +248,10 @@ Partial Class login_Change_PW If String.IsNullOrEmpty(usrname) = False Then cmd.ExecuteNonQuery() btn_submitpw.Visible = True + btn_submitpw.Text = "zum Login" Else VERAG_VARIABLES.seterrorcount(25) - 'lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb() + "Error at changing the Password." + lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb() + "Passwords shouldn't match!" End If End Using con.Close() @@ -268,6 +269,13 @@ Partial Class login_Change_PW regexval_txt_Pw.ForeColor = Drawing.Color.Green regexval_txt_Pw.Text = "Passwort has been changed successfully!" + btn_submitpw.Text = "Back to Login!" + btn_submitpw.PostBackUrl = "login_FLEX.aspx" + confirmPasswordReq.Enabled = False + confirmPasswordReq_M.Enabled = False + reqPasswtxt.Enabled = False + reqPassw1txt.Enabled = False + 'Response.Redirect("login_FLEX.apsx") 'MsgBox(Msg, Style, Title) ' If MsgBox(Msg, Style, Title).Ok Then 'Response.Redirect("login_FLEX.aspx") @@ -277,6 +285,9 @@ Partial Class login_Change_PW VERAG_VARIABLES.seterrorcount(2) btn_submitpw.Text = "Back to Login!" btn_submitpw.PostBackUrl = "login_FLEX.apsx" + reqPasswtxt.Enabled = False + reqPassw1txt.Enabled = False + 'Response.Redirect("login_FLEX.aspx") 'regexval_txt_Pw.Text = VERAG_VARIABLES.geterrornumb + "Passwords could not be found!" ' Msg = "PW nicht erfolgreich geändert!" ' Style = vbAbortRetryIgnore + vbCritical + vbDefaultButton1 @@ -393,8 +404,7 @@ Partial Class login_Change_PW Dim dr As SqlDataReader = cmd.ExecuteReader() If dr.HasRows Then dr.Read() - If String.Equals(txt_Pw_M.Text, dr("Password").ToString, StringComparison.CurrentCulture) = False Or String.Equals(txt_Pw_WH_M.Text, dr("Password").ToString, StringComparison.CurrentCulture) = False Then - tempstr = txt_Pw_M.Text + tempstr = txt_Pw_M.Text EmailDB = dr("Email").ToString pwDB = dr("Password").ToString usrnmDB = dr("Username").ToString @@ -415,11 +425,8 @@ Partial Class login_Change_PW If String.Equals(THEUsrID, customerIDDB, StringComparison.CurrentCulture) = True Then isctmrIDright = True End If - Else - lbl_messagetext_M.ForeColor = Drawing.Color.Red - lbl_messagetext_M.Text = "The chosen password should not be the old one!" - End If - If String.Compare(usrname, dr("Username")) = True Then + + If String.Compare(usrname, dr("Username")) = True Then isusernameright = True End If End If @@ -448,8 +455,8 @@ Partial Class login_Change_PW Using con As New SqlConnection(ConnectionString) Dim istokenhash As String = gensaltToken(usrname, tempstr, Email, Session.IsNewSession) Dim istokenDBhash As String = gensaltToken(usrnmDB, pwDB, EmailDB, Session.IsNewSession) - If regexval_txt_Pw.IsValid = True And ispwrEqual = False Then - If String.Equals(istokenhash, istokenDBhash, StringComparison.CurrentCulture) = True Then + If regexval_txt_Pw.IsValid = True Then + If String.Equals(istokenhash, istokenDBhash, StringComparison.CurrentCulture) = False Then Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET Password=@Password WHERE Username=@Username AND UserId=@UserId") ' cmd.CommandType = CommandType.StoredProcedure cmd.Parameters.AddWithValue("@Username", usrname) @@ -461,9 +468,17 @@ Partial Class login_Change_PW cmd.ExecuteNonQuery() regexval_txt_Pw_M.ForeColor = Drawing.Color.Green regexval_txt_Pw_M.Text = "Password has been changed sucessfully!" + btn_submitpw.Text = "Back to Login!" + btn_submitpw.PostBackUrl = "login_FLEX.aspx" + confirmPasswordReq_M.Enabled = False + confirmPasswordReq_M.Enabled = False + reqPasswtxt_M.Enabled = False Else - btn_submitpw_M.Text = "Back to Login!" - btn_submitpw_M.PostBackUrl = "login_FLEX.apsx" + btn_submitpw.Text = "Back to Login!" + btn_submitpw.PostBackUrl = "login_FLEX.aspx" + confirmPasswordReq.Enabled = False + confirmPasswordReq_M.Enabled = False + reqPasswtxt_M.Enabled = False End If End Using End If @@ -482,8 +497,11 @@ Partial Class login_Change_PW regexval_txt_Pw_M.ForeColor = Drawing.Color.MediumVioletRed VERAG_VARIABLES.seterrorcount(2) regexval_txt_Pw_M.Text = VERAG_VARIABLES.geterrornumb + "Passwort konnte nicht erfolgreich geändert werden!" - btn_submitpw_M.Text = "Back to Login!" - btn_submitpw_M.PostBackUrl = "login_FLEX.apsx" + + btn_submitpw.Text = "Back to Login!" + btn_submitpw.PostBackUrl = "login_FLEX.aspx" + confirmPasswordReq.Enabled = False + confirmPasswordReq_M.Enabled = False 'Button hierher ' Msg = "PW nicht erfolgreich geändert!" @@ -506,32 +524,33 @@ Partial Class login_Change_PW Function gensaltToken(username As String, password As String, email As String, isnewSession As Boolean) As String If isnewSession = False Then Dim token As String + If String.IsNullOrEmpty(username) = False AndAlso String.IsNullOrEmpty(email) = False Then + Dim intzahl = RandomInteger(Math.Pow(2, 6), Math.Pow(2, 8)) + Dim intzahl2 = RandomInteger(Math.Pow(2, 6), Math.Pow(2, 8)) + Dim Rand As Random = New Random + If String.IsNullOrEmpty(password) = False Then + Try + Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl) + Dim tok As String = password + token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 1991, intzahl)) + Return token + Catch Ex As Exception + 'Dim Msg, Style, Title As String + 'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given." + 'Style = vbRetry + vbExclamation + vbDefaultButton1 + 'Title = "Error05: Token-Generierung" + 'MsgBox(Msg, Style, Title) + 'If MsgBox(Msg, Style, Title).Retry Then + 'genToken(username, password, email) + Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl2) + Dim tok As String = password + token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 1991, intzahl2)) + Return token - Dim intzahl = RandomInteger(Math.Pow(2, 5), Math.Pow(2, 8)) - Dim intzahl2 = RandomInteger(Math.Pow(2, 5), Math.Pow(2, 6)) - Dim Rand As Random = New Random - If String.IsNullOrEmpty(password) = False Then - Try - Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl) - Dim tok As String = password - token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 1991, intzahl)) - Return token - Catch Ex As Exception - 'Dim Msg, Style, Title As String - 'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given." - 'Style = vbRetry + vbExclamation + vbDefaultButton1 - 'Title = "Error05: Token-Generierung" - 'MsgBox(Msg, Style, Title) - 'If MsgBox(Msg, Style, Title).Retry Then - 'genToken(username, password, email) - Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl2) - Dim tok As String = password - token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 1991, intzahl2)) - Return token - - End Try - Else - Return String.Empty + End Try + Else + Return String.Empty + End If End If Else Return "Error in Session ID. It has changed. Please check admin!"