From 64c52071630000a3da1cf5f3c9bfcba4bc90e1e4 Mon Sep 17 00:00:00 2001 From: ja Date: Mon, 15 Nov 2021 15:22:31 +0100 Subject: [PATCH] =?UTF-8?q?=C3=84nderungen=20Korrektur=20abfragen=20der=20?= =?UTF-8?q?Strings?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- login/Change_PW.aspx.vb | 28 ++++++++++++++++------------ login/ForgotPW.aspx.vb | 6 +++--- 2 files changed, 19 insertions(+), 15 deletions(-) diff --git a/login/Change_PW.aspx.vb b/login/Change_PW.aspx.vb index f1870c9..a5fccdf 100644 --- a/login/Change_PW.aspx.vb +++ b/login/Change_PW.aspx.vb @@ -25,7 +25,6 @@ Partial Class login_Change_PW ' cmd.CommandType = CommandType.StoredProcedure Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")) Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")) - cmd.Parameters.AddWithValue("@Username", usrname) cmd.Parameters.AddWithValue("@KundenNr", UsrID) cmd.Connection = con @@ -137,7 +136,7 @@ Partial Class login_Change_PW txt_Pw_WH.Enabled = False - reqPassw1txt_M.Enabled = False + reqPassw1txt_M.Enabled = False reqPasswtxt_M.Enabled = False reqPasswtxt.Enabled = True reqPassw1txt.Enabled = True @@ -189,7 +188,7 @@ Partial Class login_Change_PW End If Else - tempstr = "Error01" + tempstr = "Error01" End If If String.Compare(txt_Pw.Text, tempstr) = 1 AndAlso String.Compare(txt_Pw_WH.Text, tempstr) = 1 AndAlso String.IsNullOrEmpty(txt_Pw_M.Text) = True And String.IsNullOrEmpty(txt_Pw_WH_M.Text) = True And String.Compare(tempstr, "Error01") = -1 Then @@ -218,7 +217,7 @@ Partial Class login_Change_PW 'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;" End If If reqPassw1txt_M.IsValid = True Then - If String.Compare(txt_Pw_WH.Text, tempstr) = 0 AndAlso String.Compare(txt_Pw.Text, tempstr) = 0 AndAlso String.IsNullOrEmpty(txt_Pw_M.Text) = True And String.IsNullOrEmpty(txt_Pw_WH_M.Text) = True And StrComp(tempstr, "Error01") = -1 Then + If String.Equals(txt_Pw_WH.Text, tempstr) = True AndAlso String.Equals(txt_Pw.Text, tempstr) = True AndAlso String.IsNullOrEmpty(txt_Pw_M.Text) = True And String.IsNullOrEmpty(txt_Pw_WH_M.Text) = True And String.Equals(tempstr, "Error01") = False Then Using con As New SqlConnection(ConnectionString) con.Open() Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET [Password]=@Password WHERE [Username]=@Username AND [KundenNr]=@KundenNr") @@ -227,13 +226,15 @@ Partial Class login_Change_PW cmd.Parameters.AddWithValue("@Password", txt_Pw_WH.Text) cmd.Parameters.AddWithValue("@KundenNr", UsrID) cmd.Connection = con - cmd.ExecuteNonQuery() + If String.Equals(usrname, VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par2")), CompareMethod.Text) = True Then + cmd.ExecuteNonQuery() + End If End Using con.Close() End Using End If Else - VERAG_VARIABLES.seterrorcount(22) + VERAG_VARIABLES.seterrorcount(22) lbl_messagetext_M.ForeColor = Drawing.Color.Red lbl_messagetext_M.Text = VERAG_VARIABLES.geterrornumb() + "Error bei der Validierung des Kennwortes." End If @@ -348,7 +349,7 @@ Partial Class login_Change_PW Dim dr As SqlDataReader = cmd.ExecuteReader() If dr.HasRows Then dr.Read() - If Not txt_Pw_M.Text = dr("Password").ToString Or Not txt_Pw_WH_M.Text = dr("Password").ToString Then + If String.Equals(txt_Pw_M.Text, dr("Password").ToString) = False Or String.Equals(txt_Pw_WH_M.Text, dr("Password").ToString) = False Then tempstr = txt_Pw_M.Text Else lbl_messagetext_M.ForeColor = Drawing.Color.Red @@ -362,7 +363,7 @@ Partial Class login_Change_PW Else tempstr = "Error01" End If - If String.Compare(txt_Pw_WH_M.Text, tempstr) = 0 AndAlso String.Compare(txt_Pw_M.Text, tempstr) = 0 AndAlso String.IsNullOrEmpty(txt_Pw.Text) = True And String.IsNullOrEmpty(txt_Pw_WH.Text) = True And StrComp(tempstr, "Error01") = -1 Then + If String.Equals(txt_Pw_WH_M.Text, tempstr) = True AndAlso String.Equals(txt_Pw_M.Text, tempstr) = True AndAlso String.IsNullOrEmpty(txt_Pw.Text) = True And String.IsNullOrEmpty(txt_Pw_WH.Text) = True And String.Equals(tempstr, "Error01") = False Then Try ConnectionString = "" Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")).ToString @@ -375,16 +376,19 @@ Partial Class login_Change_PW 'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;" End If Using con As New SqlConnection(ConnectionString) - con.Open() + Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET Password=@Password WHERE Username=@Username AND KundenNr=@KundenNr") ' cmd.CommandType = CommandType.StoredProcedure cmd.Parameters.AddWithValue("@Username", usrname) cmd.Parameters.AddWithValue("@Password", txt_Pw_WH_M.Text) cmd.Parameters.AddWithValue("@KundenNr", UsrID) cmd.Connection = con - cmd.ExecuteNonQuery() - regexval_txt_Pw_M.ForeColor = Drawing.Color.Green - regexval_txt_Pw_M.Text = "Passwort wurde erfolgreich geändert!" + con.Open() + If String.Equals(usrname, VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt("Par2"), CompareMethod.Text) = True Then + cmd.ExecuteNonQuery() + regexval_txt_Pw_M.ForeColor = Drawing.Color.Green + regexval_txt_Pw_M.Text = "Passwort wurde erfolgreich geändert!" + End If End Using con.Close() End Using diff --git a/login/ForgotPW.aspx.vb b/login/ForgotPW.aspx.vb index 7f05f0c..db21e27 100644 --- a/login/ForgotPW.aspx.vb +++ b/login/ForgotPW.aspx.vb @@ -345,7 +345,7 @@ Partial Class ForgotPW Using con As New SqlConnection(ConnectionString) ' Using cmd As New SqlCommand("Validate_User") - Using cmd As New SqlCommand("SELECT Username,Password,Email,KundenNr FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND Email=@Email AND KundenNr=@CUSTOMERId") + Using cmd As New SqlCommand("SELECT Username,Password,Email,UserId FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND Email=@Email AND UserId=@CUSTOMERId") ' cmd.CommandType = CommandType.StoredProcedure cmd.Parameters.AddWithValue("@Username", username) cmd.Parameters.AddWithValue("@Email", email) @@ -358,9 +358,9 @@ Partial Class ForgotPW username = dr("Username").ToString() password = dr("Password").ToString() email = dr("Email").ToString() - customerID = dr("KundenNr").ToString() + customerID = dr("UserId").ToString() Try - If (txt_CustomerID_M.Text = dr("KundenNr").ToString() AndAlso String.IsNullOrEmpty(txt_CustomerID.Text) = True) And String.IsNullOrEmpty(customerID) = False Then + If (txt_CustomerID_M.Text = dr("UserId").ToString() AndAlso String.IsNullOrEmpty(txt_CustomerID.Text) = True) And String.IsNullOrEmpty(customerID) = False Then customerID = txt_CustomerID_M.Text lblMessage_M.ForeColor = Color.Green isuserIDright = True