Änderungen dass bestimmte Seiten nur vom Admin besucht werden können. Außerdem diverse Änderumgen:

- im Design der Seite ChangePW.aspx mit Tabelle sowie neubau der Eerrorseite, um zukünftige Errors dort anzeigen zu lassen statt der gelben Seite wo Pfade etc revealt werden könnten. - Reperatur der Prüfungen mit den neu übergebenen bzw den angepassten Variablen in der Codebehind Datei von ChangePW.aspx.vb - Übersetzung der Forgot PW Seite und Krrektur um die neuen Parameter nur temporär zu speichern (verschlüsselt) -
2021-11-16 11:33:44 +01:00
parent 8b10e82db3
commit 67ed982029
8 changed files with 259 additions and 69 deletions
--- a/login/Change_PW.aspx.vb
+++ b/login/Change_PW.aspx.vb
@@ -21,10 +21,11 @@ Partial Class login_Change_PW

        Using con As New SqlConnection(ConnectionString)
            ' Using cmd As New SqlCommand("Validate_User")
-            Using cmd As New SqlCommand("SELECT UserId,Username FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND UserId=@UserId")
+            Using cmd As New SqlCommand("SELECT UserId,Username,KundenNr FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND UserId=@UserId")
                ' cmd.CommandType = CommandType.StoredProcedure
                Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2"))
-                Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3"))
+                Dim KundenNr As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3"))
+                Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par4"))
                cmd.Parameters.AddWithValue("@Username", usrname)
                cmd.Parameters.AddWithValue("@UserId", UsrID)
                cmd.Connection = con
@@ -34,9 +35,8 @@ Partial Class login_Change_PW
                If dr.HasRows Then
                    dr.Read()
                    If String.IsNullOrEmpty(usrname) = False Then
-                        If getDateoftoken(Request.QueryString("Par1")) = True AndAlso usrname = dr("Username") AndAlso UsrID = dr("UserId") Then
+                        If getDateoftoken(Request.QueryString("Par1")) = True AndAlso usrname = dr("Username") AndAlso String.Equals(KundenNr, dr("KundenNr")) = True Then
                            Try
-
                                If IsPostBack Then
                                    If String.IsNullOrEmpty(txt_Pw.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = False Then
                                        txt_Pw_WH.Enabled = False
@@ -134,17 +134,16 @@ Partial Class login_Change_PW

        If String.IsNullOrEmpty(txt_Pw.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_M.Text) = True AndAlso String.IsNullOrEmpty(txt_Pw_WH_M.Text) = True Then

-
            txt_Pw_WH.Enabled = False
            reqPassw1txt_M.Enabled = False
-                reqPasswtxt_M.Enabled = False
-                reqPasswtxt.Enabled = True
-                reqPassw1txt.Enabled = True
-                reqPasswtxt.Validate()
-                If reqPasswtxt.IsValid = True Then
-                    txt_Pw_WH.Enabled = True
-                    reqPassw1txt.Validate()
-                End If
+            reqPasswtxt_M.Enabled = False
+            reqPasswtxt.Enabled = True
+            reqPassw1txt.Enabled = True
+            reqPasswtxt.Validate()
+            If reqPasswtxt.IsValid = True Then
+                txt_Pw_WH.Enabled = True
+                reqPassw1txt.Validate()
+            End If

            Dim ConnectionString = ""

@@ -342,10 +341,11 @@ Partial Class login_Change_PW
                End If
                Using con As New SqlConnection(ConnectionString)
                    ' Using cmd As New SqlCommand("Validate_User")
-                    Using cmd As New SqlCommand("SELECT UserId,Username,Password FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND UserId=@UserId")
+                    Using cmd As New SqlCommand("SELECT UserId,Username,Password FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND UserId=@UserId And UserId=@UserId")
                        ' cmd.CommandType = CommandType.StoredProcedure
                        Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")).ToString
                        Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")).ToString
+                        Dim THEUsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par4")).ToString
                        cmd.Parameters.AddWithValue("@Username", usrname)
                        cmd.Parameters.AddWithValue("@UserId", UsrID)
                        cmd.Connection = con
@@ -401,7 +401,6 @@ Partial Class login_Change_PW
                    lbl_messagetext_M.Text = ex.Message
                End Try

-
                'MsgBox(Msg, Style, Title)

                ' If MsgBox(Msg, Style, Title).Ok Then