diff --git a/Customers/Default2.aspx b/Customers/Default2.aspx index 9126842..d0de7aa 100644 --- a/Customers/Default2.aspx +++ b/Customers/Default2.aspx @@ -1,13 +1,16 @@ <%@ Page Title="" Language="VB" MasterPageFile="~/Customers/Customers.master" AutoEventWireup="false" CodeFile="Default2.aspx.vb" Inherits="Customers_Default2" %> - +<%If String.Equals(Page.User.Identity.Name, "Admin") = False Then + FormsAuthentication.RedirectToLoginPage() + End If %> + - + diff --git a/login/Change_PW.aspx b/login/Change_PW.aspx index d3f0a0a..7ec5196 100644 --- a/login/Change_PW.aspx +++ b/login/Change_PW.aspx @@ -242,8 +242,12 @@ - - + + + + + + diff --git a/login/Change_PW.aspx.vb b/login/Change_PW.aspx.vb index 8a572e3..8d1028d 100644 --- a/login/Change_PW.aspx.vb +++ b/login/Change_PW.aspx.vb @@ -21,10 +21,11 @@ Partial Class login_Change_PW Using con As New SqlConnection(ConnectionString) ' Using cmd As New SqlCommand("Validate_User") - Using cmd As New SqlCommand("SELECT UserId,Username FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND UserId=@UserId") + Using cmd As New SqlCommand("SELECT UserId,Username,KundenNr FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND UserId=@UserId") ' cmd.CommandType = CommandType.StoredProcedure Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")) - Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")) + Dim KundenNr As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")) + Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par4")) cmd.Parameters.AddWithValue("@Username", usrname) cmd.Parameters.AddWithValue("@UserId", UsrID) cmd.Connection = con @@ -34,9 +35,8 @@ Partial Class login_Change_PW If dr.HasRows Then dr.Read() If String.IsNullOrEmpty(usrname) = False Then - If getDateoftoken(Request.QueryString("Par1")) = True AndAlso usrname = dr("Username") AndAlso UsrID = dr("UserId") Then + If getDateoftoken(Request.QueryString("Par1")) = True AndAlso usrname = dr("Username") AndAlso String.Equals(KundenNr, dr("KundenNr")) = True Then Try - If IsPostBack Then If String.IsNullOrEmpty(txt_Pw.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = False Then txt_Pw_WH.Enabled = False @@ -134,17 +134,16 @@ Partial Class login_Change_PW If String.IsNullOrEmpty(txt_Pw.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_M.Text) = True AndAlso String.IsNullOrEmpty(txt_Pw_WH_M.Text) = True Then - txt_Pw_WH.Enabled = False reqPassw1txt_M.Enabled = False - reqPasswtxt_M.Enabled = False - reqPasswtxt.Enabled = True - reqPassw1txt.Enabled = True - reqPasswtxt.Validate() - If reqPasswtxt.IsValid = True Then - txt_Pw_WH.Enabled = True - reqPassw1txt.Validate() - End If + reqPasswtxt_M.Enabled = False + reqPasswtxt.Enabled = True + reqPassw1txt.Enabled = True + reqPasswtxt.Validate() + If reqPasswtxt.IsValid = True Then + txt_Pw_WH.Enabled = True + reqPassw1txt.Validate() + End If Dim ConnectionString = "" @@ -342,10 +341,11 @@ Partial Class login_Change_PW End If Using con As New SqlConnection(ConnectionString) ' Using cmd As New SqlCommand("Validate_User") - Using cmd As New SqlCommand("SELECT UserId,Username,Password FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND UserId=@UserId") + Using cmd As New SqlCommand("SELECT UserId,Username,Password FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND UserId=@UserId And UserId=@UserId") ' cmd.CommandType = CommandType.StoredProcedure Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")).ToString Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")).ToString + Dim THEUsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par4")).ToString cmd.Parameters.AddWithValue("@Username", usrname) cmd.Parameters.AddWithValue("@UserId", UsrID) cmd.Connection = con @@ -401,7 +401,6 @@ Partial Class login_Change_PW lbl_messagetext_M.Text = ex.Message End Try - 'MsgBox(Msg, Style, Title) ' If MsgBox(Msg, Style, Title).Ok Then diff --git a/login/Error.aspx b/login/Error.aspx new file mode 100644 index 0000000..afa07c6 --- /dev/null +++ b/login/Error.aspx @@ -0,0 +1,178 @@ +<%@ Page Language="VB" AutoEventWireup="false" CodeFile="Error.aspx.vb" Inherits="login_Default" %> + + + + + + + Error 404 VERAG + + <%@ import Namespace="MySql.Data.MySqlClient"%> + <%'Dim url As String = Session.Keys.Item("urltochangepw")%> + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ +
+ +
+
+ + + + +
+ Error + + +
+
+ +
+ +
+
+ + + + +
+ Error + + +
+
+
+
+
+ + diff --git a/login/Error.aspx.vb b/login/Error.aspx.vb new file mode 100644 index 0000000..e93d5ca --- /dev/null +++ b/login/Error.aspx.vb @@ -0,0 +1,5 @@ + +Partial Class login_Default + Inherits System.Web.UI.Page + +End Class diff --git a/login/ForgotPW.aspx b/login/ForgotPW.aspx index 8f7d45d..96adeac 100644 --- a/login/ForgotPW.aspx +++ b/login/ForgotPW.aspx @@ -286,7 +286,7 @@ - + - + @@ -342,7 +342,7 @@ - + diff --git a/login/ForgotPW.aspx.vb b/login/ForgotPW.aspx.vb index 29220b2..a169689 100644 --- a/login/ForgotPW.aspx.vb +++ b/login/ForgotPW.aspx.vb @@ -27,6 +27,7 @@ Partial Class ForgotPW Dim isusrnmright As Boolean = False Dim isCustomeridright As Boolean = False Dim isemailright As Boolean = False + Dim UserID As String = String.Empty If String.IsNullOrEmpty(txtEmail.Text) = False And String.IsNullOrEmpty(txt_Username.Text) = False And String.IsNullOrEmpty(txt_CustomerID.Text) = False And String.IsNullOrEmpty(txtEmail_M.Text) = True And String.IsNullOrEmpty(txt_Username_M.Text) = True And String.IsNullOrEmpty(txt_CustomerID_M.Text) = True Then valreqtxtusername.Enabled = True valreqtxtEmail.Enabled = True @@ -116,7 +117,7 @@ Partial Class ForgotPW Using con As New SqlConnection(ConnectionString) ' Using cmd As New SqlCommand("Validate_User") - Using cmd As New SqlCommand("SELECT Username,Password,Email,UserId FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND Email=@Email AND UserId=@CUSTOMERId") + Using cmd As New SqlCommand("SELECT UserId,Username,Password,Email,KundenNr FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND Email=@Email AND KundenNr=@CUSTOMERId") ' cmd.CommandType = CommandType.StoredProcedure cmd.Parameters.AddWithValue("@Username", username) cmd.Parameters.AddWithValue("@Email", email) @@ -129,10 +130,11 @@ Partial Class ForgotPW username = dr("Username").ToString() password = dr("Password").ToString() email = dr("Email").ToString() - customerID = dr("UserId").ToString() + customerID = dr("KundenNr").ToString() + UserID = dr("UserId").ToString() Try - If txt_Username.Text = dr("Username").ToString() AndAlso String.IsNullOrEmpty(txt_Username_M.Text) = True And String.IsNullOrEmpty(customerID) = False Then + If txt_Username.Text = dr("Username").ToString() AndAlso String.IsNullOrEmpty(txt_Username_M.Text) = True And String.IsNullOrEmpty(customerID) = False And String.IsNullOrEmpty(UserID) = False Then username = txt_Username.Text isusrnmright = True ElseIf String.IsNullOrEmpty(txt_Username.Text) = True Then @@ -146,38 +148,36 @@ Partial Class ForgotPW isusrnmright = False End Try End If - If (txtEmail.Text = dr("Email").ToString() AndAlso String.IsNullOrEmpty(txtEmail_M.Text) = True) And String.IsNullOrEmpty(customerID) = False Then + If (txtEmail.Text = dr("Email").ToString() AndAlso String.IsNullOrEmpty(txtEmail_M.Text) = True) And String.IsNullOrEmpty(UserID) = False Then email = txtEmail.Text lblMessage.ForeColor = Color.Green isemailright = True lblMessage.Text = "Die Email besteht in der Datenbank." ElseIf String.IsNullOrEmpty(email) = True Then - lblMessage_M.ForeColor = Color.Red + lblMessage.ForeColor = Color.Red isemailright = False VERAG_VARIABLES.seterrorcount(6) - lblMessage_M.Text = VERAG_VARIABLES.geterrornumb + "Die eingegebene E-Mail passt nicht zum Datenbankeintrag. Bitte erneut versuchen." + lblMessage.Text = VERAG_VARIABLES.geterrornumb + "Die eingegebene E-Mail passt nicht zum Datenbankeintrag. Bitte erneut versuchen." Else lblMessage_M.ForeColor = Color.Red isemailright = False VERAG_VARIABLES.seterrorcount(7) - lblMessage_M.Text = VERAG_VARIABLES.geterrornumb + "Die E-Mail existiert in unserer Datenbank nicht." + lblMessage.Text = VERAG_VARIABLES.geterrornumb + "Die E-Mail existiert in unserer Datenbank nicht." End If - If (txt_CustomerID.Text = dr("UserId").ToString() AndAlso String.IsNullOrEmpty(txt_CustomerID_M.Text) = True) And String.IsNullOrEmpty(customerID) = False Then - email = txtEmail.Text + If (txt_CustomerID.Text = dr("KundenNr").ToString() AndAlso String.IsNullOrEmpty(txt_CustomerID_M.Text) = True) And String.IsNullOrEmpty(UserID) = False Then + customerID = txt_CustomerID.Text lblMessage.ForeColor = Color.Green isCustomeridright = True - VERAG_VARIABLES.seterrorcount(8) - lblMessage.Text = VERAG_VARIABLES.geterrornumb + "Die Benutzer-ID ist fehlerhaft" ElseIf String.IsNullOrEmpty(customerID) = True Then lblMessage_M.ForeColor = Color.Red isCustomeridright = False VERAG_VARIABLES.seterrorcount(9) - lblMessage_M.Text = VERAG_VARIABLES.geterrornumb + "Die einegebene Nutzernummer steht nicht in unserer Datenbank." + lblMessage.Text = VERAG_VARIABLES.geterrornumb + "Die einegebene Nutzernummer steht nicht in unserer Datenbank." Else - lblMessage_M.ForeColor = Color.Red + lblMessage.ForeColor = Color.Red isCustomeridright = False - VERAG_VARIABLES.seterrorcount(10) - lblMessage_M.Text = VERAG_VARIABLES.geterrornumb + "Die Nutzernummer ist nicht in der Datenbank vorhanden." + VERAG_VARIABLES.seterrorcount(8) + lblMessage.Text = VERAG_VARIABLES.geterrornumb + "Die Nutzernummer ist nicht in der Datenbank vorhanden." End If Catch ex As Exception VERAG_VARIABLES.seterrorcount(408) @@ -195,14 +195,14 @@ Partial Class ForgotPW End Using If Session.Item("TokenforEmail") = Nothing Then - tokenname = genToken(username, password, email, customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession) + tokenname = genToken(username, password, email, customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession, UserID) Session.Add("TokenforEmail", tokenname) Session.Add("SessID", VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(Session.SessionID)) Else tokenname = Session.Item("TokenforEmail") End If - If SendEmail(username, password, email, tokenname, customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession) = True Then + If SendEmail(username, password, email, tokenname, customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession, UserID) = True Then 'password = RandomString(New Random, 10) If (getDateoftoken(tokenname) = True) Then 'Dim msgboxstyle = vbDefaultButton1 + vbOK @@ -217,7 +217,7 @@ Partial Class ForgotPW 'MsgBox("Token is not valid anymore. Please generate a new one by sending a new e-mail!") If Session.Item("TokenforEmail") = Nothing Then - tokenname = genToken(username, password, email, customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession) + tokenname = genToken(username, password, email, customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession, UserID) Session.Add("TokenforEmail", tokenname) Else tokenname = Session.Item("TokenforEmail") @@ -226,8 +226,8 @@ Partial Class ForgotPW 'SendEmail(username, password, email) 'MsgBox("Mail would be sent successfully!") lblMessage.ForeColor = Color.Green - lblMessage.Text = "DasPasswort wurde erfolgreich an die hinterlegte E-Mail gesendet. Bitte prüfen Sie den Posteingang sowie den Spam-Ordner." - ElseIf SendEmail(username, password, email, tokenname, customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession) = True Then + lblMessage.Text = "Das Passwort wurde erfolgreich an die hinterlegte E-Mail gesendet. Bitte prüfen Sie den Posteingang sowie den Spam-Ordner." + ElseIf SendEmail(username, password, email, tokenname, customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession, UserID) = True Then 'MsgBox("Mail would not be sent successfully!") lblMessage.ForeColor = Color.Red If String.IsNullOrWhiteSpace(username) = True Then @@ -262,6 +262,7 @@ Partial Class ForgotPW Dim email As String = String.Empty Dim tokenname As String = String.Empty Dim customerID As String = String.Empty + Dim UserID As String = String.Empty Dim isusernameright As Boolean = False Dim isuserIDright As Boolean = False Dim isuserEmailright As Boolean = False @@ -353,7 +354,7 @@ Partial Class ForgotPW Using con As New SqlConnection(ConnectionString) ' Using cmd As New SqlCommand("Validate_User") - Using cmd As New SqlCommand("SELECT Username,Password,Email,UserId FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND Email=@Email AND UserId=@CUSTOMERId") + Using cmd As New SqlCommand("SELECT Username,Password,Email,KundenNr,UserId FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND Email=@Email AND KundenNr=@CUSTOMERId") ' cmd.CommandType = CommandType.StoredProcedure cmd.Parameters.AddWithValue("@Username", username) cmd.Parameters.AddWithValue("@Email", email) @@ -366,9 +367,10 @@ Partial Class ForgotPW username = dr("Username").ToString() password = dr("Password").ToString() email = dr("Email").ToString() - customerID = dr("UserId").ToString() + customerID = dr("KundenNr").ToString() + UserID = dr("UserId").ToString() Try - If (txt_CustomerID_M.Text = dr("UserId").ToString() AndAlso String.IsNullOrEmpty(txt_CustomerID.Text) = True) And String.IsNullOrEmpty(customerID) = False Then + If (txt_CustomerID_M.Text = dr("KundenNr").ToString() AndAlso String.IsNullOrEmpty(txt_CustomerID.Text) = True) And String.IsNullOrEmpty(customerID) = False And String.IsNullOrEmpty(UserID) = False Then customerID = txt_CustomerID_M.Text lblMessage_M.ForeColor = Color.Green isuserIDright = True @@ -429,14 +431,14 @@ Partial Class ForgotPW End Using If Session.Item("TokenforEmail") = Nothing Then - tokenname = genToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession) + tokenname = genToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession, UserID) Session.Add("TokenforEmail", tokenname) Session.Add("SessID", VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(Session.SessionID)) Else tokenname = Session.Item("TokenforEmail") End If - If SendEmail_M(username, password, email, tokenname, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession) = True Then + If SendEmail_M(username, password, email, tokenname, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession, UserID) = True Then 'password = RandomString(New Random, 10) If (getDateoftoken(tokenname) = True) Then 'Dim msgboxstyle = vbDefaultButton1 + vbOK @@ -451,7 +453,7 @@ Partial Class ForgotPW 'MsgBox("Token is not valid anymore. Please generate a new one by sending a new e-mail!") If Session.Item("TokenforEmail") = Nothing Then - tokenname = genToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession) + tokenname = genToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession, UserID) Session.Add("TokenforEmail", tokenname) Else tokenname = Session.Item("TokenforEmail") @@ -461,7 +463,7 @@ Partial Class ForgotPW 'MsgBox("Mail would be sent successfully!") lblMessage_M.ForeColor = Color.Green lblMessage_M.Text = "The password has been sent sucessfully on the given valid e-mail address." - ElseIf SendEmail_M(username, password, email, tokenname, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession) = True Then + ElseIf SendEmail_M(username, password, email, tokenname, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession, UserID) = True Then 'MsgBox("Mail would not be sent successfully!") lblMessage_M.ForeColor = Color.Red If String.IsNullOrWhiteSpace(username) = True Then @@ -485,7 +487,7 @@ Partial Class ForgotPW End If End Sub - Function SendEmail_M(username As String, password As String, email As String, tokenname As String, userID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean, sessionisnew As Boolean) As Boolean + Function SendEmail_M(username As String, password As String, email As String, tokenname As String, customerID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean, sessionisnew As Boolean, theUserID As String) As Boolean Dim getdomianenvironment As String = String.Empty Dim pagename As String = String.Empty Dim ServPort As String = String.Empty @@ -493,7 +495,7 @@ Partial Class ForgotPW Dim Betreff As String = String.Empty Dim htmlbody As String = String.Empty Dim emailnr = VERAG_PROG_ALLGEMEIN.cAllgemein.FIRMA_ID.ToString - If isusrnmright = True And iscstmIDright = True AndAlso isemailright = True And sessionisnew = False Then + If isusrnmright = True And iscstmIDright = True AndAlso isemailright = True And sessionisnew = False AndAlso String.IsNullOrEmpty(theUserID) = False And String.IsNullOrEmpty(customerID) = False Then If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then 'MsgBox(getdomianenvironment) getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME") @@ -506,7 +508,7 @@ Partial Class ForgotPW Dim Ausschusstext2 As String = "und Zinsen zuletzt auf Zölle angerechnet. Zahlbar und klagbar in Schärding oder Ried. Steuer-Zoll-und Tarifauskünfte sind unverbindlich." Dim Ausschusstext3 As String = "We operate exclusively on the basis of the General Freight Forwarding Terms and Conditions in the respectively applicable version. Payments are initially" Dim Ausschusstext4 As String = "charged on freight, fees and interests and at last on customs duties. The place of jurisdiction: Schärding / Ried. Tax, customs and tariff information are not binding." - htmlbody = String.Format("Dear {0},

Please follow the Link to reset your password:

" + Environment.NewLine + "http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(tokenname) + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(userID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "" + Environment.NewLine + "

Notice:
The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!


Kind regards,
VERAG | EDV Support
" + mailpic + "
VERAG Spedition AG | A 4975 Suben, Nr. 100
T.+43 7711 2777-xx |support@verag.ag |" + emailnr + "FN xxxxxxx
" + Ausschusstext + "
" + Ausschusstext2 + "
" + Ausschusstext3 + "
" + Ausschusstext4 + "
", username, password) + htmlbody = String.Format("Dear {0},

Please follow the Link to reset your password:

" + Environment.NewLine + "http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(tokenname) + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "" + Environment.NewLine + "

Notice:
The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!


Kind regards,
VERAG | EDV Support
" + mailpic + "
VERAG Spedition AG | A 4975 Suben, Nr. 100
T.+43 7711 2777-xx |support@verag.ag |" + emailnr + "FN xxxxxxx
" + Ausschusstext + "
" + Ausschusstext2 + "
" + Ausschusstext3 + "
" + Ausschusstext4 + "
", username, password) ElseIf String.IsNullOrEmpty(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = False Then getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME") 'MsgBox(getdomianenvironment) @@ -519,7 +521,7 @@ Partial Class ForgotPW Dim Ausschusstext2 As String = "und Zinsen zuletzt auf Zölle angerechnet. Zahlbar und klagbar in Schärding oder Ried. Steuer-Zoll-und Tarifauskünfte sind unverbindlich." Dim Ausschusstext3 As String = "We operate exclusively on the basis of the General Freight Forwarding Terms and Conditions in the respectively applicable version. Payments are initially" Dim Ausschusstext4 As String = "charged on freight, fees and interests and at last on customs duties. The place of jurisdiction: Schärding / Ried. Tax, customs and tariff information are not binding." - htmlbody = String.Format("Dear {0},

Please follow the Link to reset your password:

" + Environment.NewLine + "http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(userID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "" + Environment.NewLine + "

Notice:
The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!

Kind regards,
VERAG | EDV Support
" + mailpic + "
VERAG Spedition AG | A 4975 Suben, Nr. 100
T.+43 7711 2777-xx |support@verag.ag | " + emailnr + "FN xxxxxxx
" + Ausschusstext + "
" + Ausschusstext2 + "
" + Ausschusstext3 + "
" + Ausschusstext4 + "
", username, password) + htmlbody = String.Format("Dear {0},

Please follow the Link to reset your password:

" + Environment.NewLine + "http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "" + Environment.NewLine + "

Notice:
The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!

Kind regards,
VERAG | EDV Support
" + mailpic + "
VERAG Spedition AG | A 4975 Suben, Nr. 100
T.+43 7711 2777-xx |support@verag.ag | " + emailnr + "FN xxxxxxx
" + Ausschusstext + "
" + Ausschusstext2 + "
" + Ausschusstext3 + "
" + Ausschusstext4 + "
", username, password) ElseIf String.IsNullOrWhiteSpace(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = True Then 'MsgBox("Error09:" + Environment.NewLine + "The Domain could not be vaildated. Check Link please or contact the Administrator of the program.") lblMessage_M.ForeColor = Color.OrangeRed @@ -531,7 +533,7 @@ Partial Class ForgotPW Try If Session.Item("TokenforEmail") = Nothing Then - tokenname = genToken(username, password, email, userID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession) + tokenname = genToken(username, password, email, customerID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession, theUserID) Session.Add("TokenforEmail", tokenname) Else tokenname = Session.Item("TokenforEmail").ToString() @@ -558,9 +560,9 @@ Partial Class ForgotPW lblMessage_M.Text = VERAG_VARIABLES.geterrornumb + "Mail not delivered!" 'MsgBox("Error02: Mail not delivered!" & vbCrLf & "New Token has been generated.") If Session.Item("TokenforEmail") = Nothing Then - tokenname = genToken(username, password, email, userID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession) + tokenname = genToken(username, password, email, customerID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession, theUserID) Session.Add("TokenforEmail", tokenname) - Session.Add("USerID", userID) + Session.Add("USerID", customerID) Else tokenname = Session.Item("TokenforEmail").ToString() End If @@ -577,7 +579,7 @@ Partial Class ForgotPW End If End Function - Function SendEmail(username As String, password As String, email As String, tokenname As String, userID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean, sessionisnew As Boolean) As Boolean + Function SendEmail(username As String, password As String, email As String, tokenname As String, customerID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean, sessionisnew As Boolean, theUserID As String) As Boolean Dim getdomianenvironment As String = String.Empty Dim pagename As String = String.Empty Dim ServPort As String = String.Empty @@ -585,7 +587,7 @@ Partial Class ForgotPW Dim Betreff As String = String.Empty Dim htmlbody As String = String.Empty Dim emailnr = VERAG_PROG_ALLGEMEIN.cAllgemein.FIRMA_ID.ToString - If isusrnmright = True And iscstmIDright = True AndAlso isemailright = True And sessionisnew = False Then + If isusrnmright = True And iscstmIDright = True AndAlso isemailright = True And sessionisnew = False AndAlso String.IsNullOrEmpty(theUserID) = False And String.IsNullOrEmpty(customerID) = False Then If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then 'MsgBox(getdomianenvironment) getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME") @@ -598,7 +600,7 @@ Partial Class ForgotPW Dim Ausschusstext2 As String = "und Zinsen zuletzt auf Zölle angerechnet. Zahlbar und klagbar in Schärding oder Ried. Steuer-Zoll-und Tarifauskünfte sind unverbindlich." Dim Ausschusstext3 As String = "We operate exclusively on the basis of the General Freight Forwarding Terms and Conditions in the respectively applicable version. Payments are initially" Dim Ausschusstext4 As String = "charged on freight, fees and interests and at last on customs duties. The place of jurisdiction: Schärding / Ried. Tax, customs and tariff information are not binding." - htmlbody = String.Format("Dear {0},

Please follow the Link to reset your password:

" + Environment.NewLine + "http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(userID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "" + Environment.NewLine + "

Notice:
The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!


Kind regards,
VERAG | EDV Support
" + mailpic + "
VERAG Spedition AG | A 4975 Suben, Nr. 100
T.+43 7711 2777-xx |support@verag.ag |" + emailnr + "FN xxxxxxx
" + Ausschusstext + "
" + Ausschusstext2 + "
" + Ausschusstext3 + "
" + Ausschusstext4 + "
", username, password) + htmlbody = String.Format("Dear {0},

Please follow the Link to reset your password:

" + Environment.NewLine + "http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "" + Environment.NewLine + "

Notice:
The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!


Kind regards,
VERAG | EDV Support
" + mailpic + "
VERAG Spedition AG | A 4975 Suben, Nr. 100
T.+43 7711 2777-xx |support@verag.ag |" + emailnr + "FN xxxxxxx
" + Ausschusstext + "
" + Ausschusstext2 + "
" + Ausschusstext3 + "
" + Ausschusstext4 + "
", username, password) ElseIf String.IsNullOrEmpty(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = False Then getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME") 'MsgBox(getdomianenvironment) @@ -611,7 +613,7 @@ Partial Class ForgotPW Dim Ausschusstext2 As String = "und Zinsen zuletzt auf Zölle angerechnet. Zahlbar und klagbar in Schärding oder Ried. Steuer-Zoll-und Tarifauskünfte sind unverbindlich." Dim Ausschusstext3 As String = "We operate exclusively on the basis of the General Freight Forwarding Terms and Conditions in the respectively applicable version. Payments are initially" Dim Ausschusstext4 As String = "charged on freight, fees and interests and at last on customs duties. The place of jurisdiction: Schärding / Ried. Tax, customs and tariff information are not binding." - htmlbody = String.Format("Dear {0},

Please follow the Link to reset your password:

" + Environment.NewLine + "http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(userID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "" + Environment.NewLine + "

Notice:
The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!

Kind regards,
VERAG | EDV Support
" + mailpic + "
VERAG Spedition AG | A 4975 Suben, Nr. 100
T.+43 7711 2777-xx |support@verag.ag | " + emailnr + "FN xxxxxxx
" + Ausschusstext + "
" + Ausschusstext2 + "
" + Ausschusstext3 + "
" + Ausschusstext4 + "
", username, password) + htmlbody = String.Format("Dear {0},

Please follow the Link to reset your password:

" + Environment.NewLine + "http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "" + Environment.NewLine + "

Notice:
The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!

Kind regards,
VERAG | EDV Support
" + mailpic + "
VERAG Spedition AG | A 4975 Suben, Nr. 100
T.+43 7711 2777-xx |support@verag.ag | " + emailnr + "FN xxxxxxx
" + Ausschusstext + "
" + Ausschusstext2 + "
" + Ausschusstext3 + "
" + Ausschusstext4 + "
", username, password) ElseIf String.IsNullOrWhiteSpace(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = True Then 'MsgBox("Error09:" + Environment.NewLine + "The Domain could not be vaildated. Check Link please or contact the Administrator of the program.") lblMessage.ForeColor = Color.OrangeRed @@ -623,7 +625,7 @@ Partial Class ForgotPW Try If Session.Item("TokenforEmail") = Nothing Then - tokenname = genToken(username, password, email, userID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession) + tokenname = genToken(username, password, email, customerID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession, theUserID) Session.Add("TokenforEmail", tokenname) Else tokenname = Session.Item("TokenforEmail").ToString() @@ -649,9 +651,9 @@ Partial Class ForgotPW lblMessage.Text = "Error02: Mail not delivered!" 'MsgBox("Error02: Mail not delivered!" & vbCrLf & "New Token has been generated.") If Session.Item("TokenforEmail") = Nothing Then - tokenname = genToken(username, password, email, userID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession) + tokenname = genToken(username, password, email, customerID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession, theUserID) Session.Add("TokenforEmail", tokenname) - Session.Add("USerID", userID) + Session.Add("USerID", customerID) Else tokenname = Session.Item("TokenforEmail").ToString() End If @@ -669,12 +671,12 @@ Partial Class ForgotPW End If End Function - Function genToken(username As String, password As String, email As String, CustomerID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean, isnewSession As Boolean) As String + Function genToken(username As String, password As String, email As String, CustomerID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean, isnewSession As Boolean, theUserID As String) As String If isnewSession = False Then Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary()) Dim Key() As Byte = Guid.NewGuid().ToByteArray() Dim token As String - If isusrnmright = True And iscstmIDright = True And isemailright = True Then + If isusrnmright = True And iscstmIDright = True And isemailright = True AndAlso String.IsNullOrEmpty(theUserID) = False Then Try token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(Convert.ToBase64String(time.Concat(Key).ToArray())) Return token @@ -688,7 +690,7 @@ Partial Class ForgotPW 'If MsgBox(Msg, Style, Title).Retry Then 'genToken(username, password, email) token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(Convert.ToBase64String(time.Concat(Key).ToArray())) - If SendEmail(username, password, email, token, CustomerID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession) = True Then + If SendEmail(username, password, email, token, CustomerID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession, theUserID) = True Then 'MsgBox("Email could not been sent because of an internal encryption error.", vbOK + vbInformation + vbDefaultButton1, "Token-Generation Error") Else 'MsgBox("Email has been sent successful." & vbCr & "Please check your E-Mails!", vbOK + vbInformation + vbDefaultButton1, "Token-Generation successful!") @@ -701,7 +703,7 @@ Partial Class ForgotPW If jetzt < wenn Then Return "NotYet" Else - token = genToken(username, password, email, CustomerID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession) + token = genToken(username, password, email, CustomerID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession, theUserID) Return token 'End If End If diff --git a/login/login_FLEX.aspx.vb b/login/login_FLEX.aspx.vb index eacf20d..dcecd84 100644 --- a/login/login_FLEX.aspx.vb +++ b/login/login_FLEX.aspx.vb @@ -76,7 +76,7 @@ Partial Class login_FLEX Customer_ID = tb_M.Text Else VERAG_VARIABLES.seterrorcount(2) - regexusername_M.ErrorMessage = VERAG_VARIABLES.geterrornumb + "Username does not have any special characters in it." + regexusername_M.ErrorMessage = VERAG_VARIABLES.geterrornumb + "Customer-ID does not have any special characters in it." End If End If End If @@ -173,7 +173,6 @@ Partial Class login_FLEX VERAG_VARIABLES.seterrorcount(9) Login1.FailureText = VERAG_VARIABLES.geterrornumb + "Password is not in the database!" End If - MsgBox("Erfolgreich validiert.") Session.Add("test", UserNaMe) Session.Add("CustomerID", Customer_ID)