diff --git a/login/Change_PW.aspx b/login/Change_PW.aspx
index 6e44b63..a618e30 100644
--- a/login/Change_PW.aspx
+++ b/login/Change_PW.aspx
@@ -1,4 +1,4 @@
-<%@ Page Language="VB" AutoEventWireup="false" CodeFile="Change_PW.aspx.vb" Inherits="login_Change_PW" %>
+<%@ Page Language="VB" AutoEventWireup="false" CodeFile="Change_PW.aspx.vb" Debug="true" Inherits="login_Change_PW" %>
diff --git a/login/Change_PW.aspx.vb b/login/Change_PW.aspx.vb
index 8745983..a054b60 100644
--- a/login/Change_PW.aspx.vb
+++ b/login/Change_PW.aspx.vb
@@ -23,9 +23,9 @@ Partial Class login_Change_PW
' Using cmd As New SqlCommand("Validate_User")
Using cmd As New SqlCommand("SELECT KundenNr,Username FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND KundenNr=@KundenNr")
' cmd.CommandType = CommandType.StoredProcedure
- Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par2"))
+ Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2"))
Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3"))
- Dim decr As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par1"))
+
cmd.Parameters.AddWithValue("@Username", usrname)
cmd.Parameters.AddWithValue("@KundenNr", UsrID)
cmd.Connection = con
@@ -35,7 +35,7 @@ Partial Class login_Change_PW
If dr.HasRows Then
dr.Read()
If String.IsNullOrEmpty(usrname) = False Then
- If getDateoftoken(decr) = True AndAlso usrname = dr("Username") AndAlso UsrID = dr("KundenNr") Then
+ If getDateoftoken(Request.QueryString("Par1")) = True AndAlso usrname = dr("Username") AndAlso UsrID = dr("KundenNr") Then
Try
If IsPostBack Then
@@ -90,9 +90,9 @@ Partial Class login_Change_PW
End Sub
Function getDateoftoken(tokenname As String) As Boolean
- Dim data() As Byte = Convert.FromBase64String(tokenname)
+ Dim data() As Byte = Convert.FromBase64String(VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(tokenname))
Dim wenn As DateTime = DateTime.FromBinary(BitConverter.ToInt64(data, 0))
- Dim nameoftoken = tokenname
+ Dim nameoftoken = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(tokenname)
If wenn < DateTime.UtcNow.AddMinutes(-30) Then
nameoftoken = String.Empty
tokenname = nameoftoken
@@ -115,7 +115,7 @@ Partial Class login_Change_PW
VERAG_VARIABLES.seterrorcount(500)
Dim Betreff As String = "Session ID" + VERAG_VARIABLES.geterrornumb
- htmlbody = " Der User " + VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par2")) + "hat eine ungültige oder geänderte Session-ID
| User | | neue ID | | " + VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par2")) + " | " + Session.SessionID + " |
"
+ htmlbody = " Der User " + VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")) + "hat eine ungültige oder geänderte Session-ID
| User | | neue ID | | " + VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")) + " | " + Session.SessionID + " |
"
VERAG_PROG_ALLGEMEIN.cProgramFunctions.sendMail(mailto, Betreff, htmlbody)
Return False
@@ -135,8 +135,8 @@ Partial Class login_Change_PW
If String.IsNullOrEmpty(txt_Pw.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_M.Text) = True AndAlso String.IsNullOrEmpty(txt_Pw_WH_M.Text) = True Then
- If String.IsNullOrEmpty(txt_Pw.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = False Then
- txt_Pw_WH.Enabled = False
+
+ txt_Pw_WH.Enabled = False
reqPassw1txt_M.Enabled = False
reqPasswtxt_M.Enabled = False
reqPasswtxt.Enabled = True
@@ -146,7 +146,7 @@ Partial Class login_Change_PW
txt_Pw_WH.Enabled = True
reqPassw1txt.Validate()
End If
- End If
+
Dim ConnectionString = ""
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
@@ -163,7 +163,7 @@ Partial Class login_Change_PW
' Using cmd As New SqlCommand("Validate_User")
Using cmd As New SqlCommand("SELECT KundenNr,Username,Password FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND KundenNr=@KundenNr")
' cmd.CommandType = CommandType.StoredProcedure
- Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par2"))
+ Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2"))
Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3"))
cmd.Parameters.AddWithValue("@Username", usrname)
cmd.Parameters.AddWithValue("@KundenNr", UsrID)
@@ -173,7 +173,7 @@ Partial Class login_Change_PW
Dim dr As SqlDataReader = cmd.ExecuteReader()
If dr.HasRows Then
dr.Read()
- If txt_Pw.Text = Not dr("Password") Or txt_Pw_WH.Text = Not dr("Password") Then
+ If String.Compare(txt_Pw.Text, dr("Password").ToString) = -1 Or String.Compare(txt_Pw_WH.Text, dr("Password").ToString) = -1 Then
tempstr = txt_Pw.Text
Else
lbl_messagetext.Text = "Die gewählten Passwörter dürfen nicht dem alten entsprechen!"
@@ -192,23 +192,23 @@ Partial Class login_Change_PW
tempstr = "Error01"
End If
- If String.IsNullOrEmpty(txt_Pw_M.Text) = True And String.IsNullOrEmpty(txt_Pw_WH_M.Text) = True And tempstr = Not "Error01" Then
+ If String.Compare(txt_Pw.Text, tempstr) = 1 AndAlso String.Compare(txt_Pw_WH.Text, tempstr) = 1 AndAlso String.IsNullOrEmpty(txt_Pw_M.Text) = True And String.IsNullOrEmpty(txt_Pw_WH_M.Text) = True And String.Compare(tempstr, "Error01") = -1 Then
- If String.IsNullOrEmpty(txt_Pw.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = False Then
- txt_Pw_WH_M.Enabled = False
- reqPasswtxt.Enabled = False
- reqPassw1txt.Enabled = False
- reqPassw1txt.Enabled = True
- reqPasswtxt.Enabled = True
- reqPasswtxt.Validate()
- If reqPasswtxt.IsValid = True Then
- txt_Pw_WH.Enabled = True
- reqPassw1txt.Validate()
- End If
+
+ txt_Pw_WH_M.Enabled = False
+ reqPasswtxt.Enabled = False
+ reqPassw1txt.Enabled = False
+ reqPassw1txt.Enabled = True
+ reqPasswtxt.Enabled = True
+ reqPasswtxt.Validate()
+ If reqPasswtxt.IsValid = True Then
+ txt_Pw_WH.Enabled = True
+ reqPassw1txt.Validate()
End If
+
Try
Dim ConnectionString = ""
- Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par2"))
+ Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2"))
Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3"))
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956"
@@ -219,14 +219,16 @@ Partial Class login_Change_PW
End If
If reqPassw1txt_M.IsValid = True Then
Using con As New SqlConnection(ConnectionString)
+ con.Open()
Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET [Password]=@Password WHERE [Username]=@Username AND [KundenNr]=@KundenNr")
' cmd.CommandType = CommandType.StoredProcedure
cmd.Parameters.AddWithValue("@Username", usrname)
- cmd.Parameters.AddWithValue("@Password", tempstr)
+ cmd.Parameters.AddWithValue("@Password", txt_Pw.Text)
cmd.Parameters.AddWithValue("@KundenNr", UsrID)
cmd.Connection = con
cmd.ExecuteNonQuery()
End Using
+ con.Close()
End Using
Else
VERAG_VARIABLES.seterrorcount(22)
@@ -311,7 +313,6 @@ Partial Class login_Change_PW
Protected Sub btn_submitpw_M_Click(sender As Object, e As EventArgs)
Dim tempstr As String = ""
- Dim Msg, Style, Title As String
Dim ConnectionString = ""
If String.IsNullOrEmpty(txt_Pw_M.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_WH_M.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw.Text) = True AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = True Then
reqPasswtxt.Enabled = False
@@ -333,9 +334,9 @@ Partial Class login_Change_PW
End If
Using con As New SqlConnection(ConnectionString)
' Using cmd As New SqlCommand("Validate_User")
- Using cmd As New SqlCommand("SELECT KundenNr,Username, Password FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND KundenNr=@KundenNr")
+ Using cmd As New SqlCommand("SELECT KundenNr,Username,Password FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND KundenNr=@KundenNr")
' cmd.CommandType = CommandType.StoredProcedure
- Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par2")).ToString
+ Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")).ToString
Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")).ToString
cmd.Parameters.AddWithValue("@Username", usrname)
cmd.Parameters.AddWithValue("@KundenNr", UsrID)
@@ -359,10 +360,10 @@ Partial Class login_Change_PW
Else
tempstr = "Error01"
End If
- If txt_Pw_WH_M.Text = tempstr AndAlso String.IsNullOrEmpty(txt_Pw.Text) = True And String.IsNullOrEmpty(txt_Pw_WH.Text) = True And Not tempstr = "Error01" Then
+ If String.Compare(txt_Pw_WH_M.Text, tempstr) = 0 AndAlso String.Compare(txt_Pw_M.Text, tempstr) = 0 AndAlso String.IsNullOrEmpty(txt_Pw.Text) = True And String.IsNullOrEmpty(txt_Pw_WH.Text) = True And StrComp(tempstr, "Error01") = -1 Then
Try
ConnectionString = ""
- Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par2")).ToString
+ Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")).ToString
Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")).ToString
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956"
diff --git a/login/ForgotPW.aspx.vb b/login/ForgotPW.aspx.vb
index 2593ba7..90afbf6 100644
--- a/login/ForgotPW.aspx.vb
+++ b/login/ForgotPW.aspx.vb
@@ -498,11 +498,11 @@ Partial Class ForgotPW
Dim Ausschusstext2 As String = "und Zinsen zuletzt auf Zölle angerechnet. Zahlbar und klagbar in Schärding oder Ried. Steuer-Zoll-und Tarifauskünfte sind unverbindlich."
Dim Ausschusstext3 As String = "We operate exclusively on the basis of the General Freight Forwarding Terms and Conditions in the respectively applicable version. Payments are initially"
Dim Ausschusstext4 As String = "charged on freight, fees and interests and at last on customs duties. The place of jurisdiction: Schärding / Ried. Tax, customs and tariff information are not binding."
- htmlbody = String.Format("Dear {0},
Please follow the Link to reset your password:
" + Environment.NewLine + "http://" + getdomianenvironment + ServPort + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(userID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("True") + "" + Environment.NewLine + "
Notice:
The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!
Kind regards,
VERAG | EDV Support
" + mailpic + "
VERAG Spedition AG | A 4975 Suben, Nr. 100
T.+43 7711 2777-xx |support@verag.ag |" + emailnr + "FN xxxxxxx
" + Ausschusstext + "
" + Ausschusstext2 + "
" + Ausschusstext3 + "
" + Ausschusstext4 + "
", username, password)
- ElseIf String.IsNullOrWhiteSpace(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = True Then
+ htmlbody = String.Format("Dear {0},
Please follow the Link to reset your password:
" + Environment.NewLine + "http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(tokenname) + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(userID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "" + Environment.NewLine + "
Notice:
The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!
Kind regards,
VERAG | EDV Support
" + mailpic + "
VERAG Spedition AG | A 4975 Suben, Nr. 100
T.+43 7711 2777-xx |support@verag.ag |" + emailnr + "FN xxxxxxx
" + Ausschusstext + "
" + Ausschusstext2 + "
" + Ausschusstext3 + "
" + Ausschusstext4 + "
", username, password)
+ ElseIf String.IsNullOrEmpty(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = False Then
getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME")
'MsgBox(getdomianenvironment)
- ServPort = String.Empty
+ ServPort = ":" + Request.ServerVariables("SERVER_PORT")
'pagename = Request.ServerVariables("SCRIPT_NAME")
mailto = email
Betreff = "Passwort reset"
@@ -511,7 +511,7 @@ Partial Class ForgotPW
Dim Ausschusstext2 As String = "und Zinsen zuletzt auf Zölle angerechnet. Zahlbar und klagbar in Schärding oder Ried. Steuer-Zoll-und Tarifauskünfte sind unverbindlich."
Dim Ausschusstext3 As String = "We operate exclusively on the basis of the General Freight Forwarding Terms and Conditions in the respectively applicable version. Payments are initially"
Dim Ausschusstext4 As String = "charged on freight, fees and interests and at last on customs duties. The place of jurisdiction: Schärding / Ried. Tax, customs and tariff information are not binding."
- htmlbody = String.Format("Dear {0},
Please follow the Link to reset your password:
" + Environment.NewLine + "http://" + getdomianenvironment + ServPort + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(userID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("True") + "" + Environment.NewLine + "
Notice:
The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!
Kind regards,
VERAG | EDV Support
" + mailpic + "
VERAG Spedition AG | A 4975 Suben, Nr. 100
T.+43 7711 2777-xx |support@verag.ag | " + emailnr + "FN xxxxxxx
" + Ausschusstext + "
" + Ausschusstext2 + "
" + Ausschusstext3 + "
" + Ausschusstext4 + "
", username, password)
+ htmlbody = String.Format("Dear {0},
Please follow the Link to reset your password:
" + Environment.NewLine + "http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(userID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "" + Environment.NewLine + "
Notice:
The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!
Kind regards,
VERAG | EDV Support
" + mailpic + "
VERAG Spedition AG | A 4975 Suben, Nr. 100
T.+43 7711 2777-xx |support@verag.ag | " + emailnr + "FN xxxxxxx
" + Ausschusstext + "
" + Ausschusstext2 + "
" + Ausschusstext3 + "
" + Ausschusstext4 + "
", username, password)
ElseIf String.IsNullOrWhiteSpace(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = True Then
'MsgBox("Error09:" + Environment.NewLine + "The Domain could not be vaildated. Check Link please or contact the Administrator of the program.")
lblMessage_M.ForeColor = Color.OrangeRed
@@ -590,7 +590,7 @@ Partial Class ForgotPW
Dim Ausschusstext2 As String = "und Zinsen zuletzt auf Zölle angerechnet. Zahlbar und klagbar in Schärding oder Ried. Steuer-Zoll-und Tarifauskünfte sind unverbindlich."
Dim Ausschusstext3 As String = "We operate exclusively on the basis of the General Freight Forwarding Terms and Conditions in the respectively applicable version. Payments are initially"
Dim Ausschusstext4 As String = "charged on freight, fees and interests and at last on customs duties. The place of jurisdiction: Schärding / Ried. Tax, customs and tariff information are not binding."
- htmlbody = String.Format("Dear {0},
Please follow the Link to reset your password:
" + Environment.NewLine + "http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(tokenname) + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(userID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "" + Environment.NewLine + "
Notice:
The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!
Kind regards,
VERAG | EDV Support
" + mailpic + "
VERAG Spedition AG | A 4975 Suben, Nr. 100
T.+43 7711 2777-xx |support@verag.ag |" + emailnr + "FN xxxxxxx
" + Ausschusstext + "
" + Ausschusstext2 + "
" + Ausschusstext3 + "
" + Ausschusstext4 + "
", username, password)
+ htmlbody = String.Format("Dear {0},
Please follow the Link to reset your password:
" + Environment.NewLine + "http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(userID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "" + Environment.NewLine + "
Notice:
The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!
Kind regards,
VERAG | EDV Support
" + mailpic + "
VERAG Spedition AG | A 4975 Suben, Nr. 100
T.+43 7711 2777-xx |support@verag.ag |" + emailnr + "FN xxxxxxx
" + Ausschusstext + "
" + Ausschusstext2 + "
" + Ausschusstext3 + "
" + Ausschusstext4 + "
", username, password)
ElseIf String.IsNullOrEmpty(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = False Then
getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME")
'MsgBox(getdomianenvironment)