Änderungen
This commit is contained in:
ja
@@ -22,11 +22,12 @@ Partial Class login_Change_PW
|
||||
|
||||
Using con As New SqlConnection(ConnectionString)
|
||||
' Using cmd As New SqlCommand("Validate_User")
|
||||
Using cmd As New SqlCommand("SELECT UserId,Username,KundenNr FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND UserId=@UserId")
|
||||
Using cmd As New SqlCommand("SELECT UserId,Password,Username FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND UserId=@UserId")
|
||||
' cmd.CommandType = CommandType.StoredProcedure
|
||||
Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2"))
|
||||
Dim KundenNr As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3"))
|
||||
Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par4"))
|
||||
Dim Email As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par5"))
|
||||
cmd.Parameters.AddWithValue("@Username", usrname)
|
||||
cmd.Parameters.AddWithValue("@UserId", UsrID)
|
||||
cmd.Connection = con
|
||||
@@ -35,7 +36,6 @@ Partial Class login_Change_PW
|
||||
Dim dr As SqlDataReader = cmd.ExecuteReader()
|
||||
If dr.HasRows Then
|
||||
dr.Read()
|
||||
|
||||
If getDateoftoken(Request.QueryString("Par1")) = True AndAlso usrname = dr("Username") AndAlso KundenNr = dr("KundenNr") AndAlso UsrID = dr("UserId") Then
|
||||
Try
|
||||
If IsPostBack Then
|
||||
@@ -65,9 +65,10 @@ Partial Class login_Change_PW
|
||||
End If
|
||||
Catch exc As Exception
|
||||
lbl_messagetext.Text = exc.Message
|
||||
End Try
|
||||
End Try
|
||||
|
||||
Else
|
||||
VERAG_VARIABLES.initerrorcount()
|
||||
VERAG_VARIABLES.initerrorcount()
|
||||
VERAG_VARIABLES.seterrorcount(1)
|
||||
lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb + "Link is invalid. Please send a new E-Mail!"
|
||||
btn_submitpw.Text = "Return to Login!"
|
||||
@@ -87,7 +88,7 @@ Partial Class login_Change_PW
|
||||
Dim nameoftoken = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(tokenname)
|
||||
If wenn < DateTime.UtcNow.AddMinutes(-30) Then
|
||||
nameoftoken = String.Empty
|
||||
tokenname = nameoftoken
|
||||
|
||||
'MsgBox("Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!")
|
||||
lbl_messagetext.Text = "Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!"
|
||||
Session.Remove("TokenforEmail")
|
||||
@@ -375,7 +376,6 @@ Partial Class login_Change_PW
|
||||
End If
|
||||
If String.IsNullOrEmpty(txt_Pw_M.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_WH_M.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw.Text) = True AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = True Then
|
||||
|
||||
|
||||
If reqPasswtxt_M.IsValid = True AndAlso reqPassw1txt_M.IsValid = True Then
|
||||
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
|
||||
VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = True
|
||||
@@ -557,6 +557,113 @@ Partial Class login_Change_PW
|
||||
Return "Error in Session ID. It has changed. Please check admin!"
|
||||
End If
|
||||
End Function
|
||||
|
||||
Function gennewsaltToken(username As String, password As String, email As String, CustomerID As String, isnewSession As Boolean, theUserID As String) As String
|
||||
If isnewSession = False Then
|
||||
Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary())
|
||||
Dim Key() As Byte = Guid.NewGuid().ToByteArray()
|
||||
Dim token As String
|
||||
|
||||
Dim intzahl = RandomInteger(Math.Pow(2, 7), Math.Pow(2, 14))
|
||||
Dim intzahl2 = RandomInteger(Math.Pow(2, 7), Math.Pow(2, 14))
|
||||
Dim Rand As Random = New Random
|
||||
If String.IsNullOrEmpty(theUserID) = False Then
|
||||
Try
|
||||
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl)
|
||||
Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray())
|
||||
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10191, intzahl))
|
||||
salt = String.Empty
|
||||
tok = String.Empty
|
||||
Return token
|
||||
Catch Ex As Exception
|
||||
'Dim Msg, Style, Title As String
|
||||
'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given."
|
||||
'Style = vbRetry + vbExclamation + vbDefaultButton1
|
||||
'Title = "Error05: Token-Generierung"
|
||||
'MsgBox(Msg, Style, Title)
|
||||
'If MsgBox(Msg, Style, Title).Retry Then
|
||||
'genToken(username, password, email)
|
||||
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl2)
|
||||
Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray())
|
||||
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10191, intzahl2))
|
||||
salt = String.Empty
|
||||
tok = String.Empty
|
||||
Return token
|
||||
|
||||
End Try
|
||||
Else
|
||||
Return String.Empty
|
||||
End If
|
||||
Else
|
||||
Return "Error in Session ID. It has changed. Please check admin!"
|
||||
End If
|
||||
End Function
|
||||
|
||||
Function gensaltToken(STrings As String) As String
|
||||
If String.IsNullOrEmpty(STrings) = False Then
|
||||
Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary())
|
||||
Dim Key() As Byte = Guid.NewGuid().ToByteArray()
|
||||
Dim token As String
|
||||
|
||||
Dim intzahl = RandomInteger(Math.Pow(2, 5), Math.Pow(2, 7))
|
||||
Dim Rand As Random = New Random
|
||||
|
||||
Try
|
||||
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl)
|
||||
Dim tok As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(STrings)
|
||||
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10191, intzahl))
|
||||
salt = String.Empty
|
||||
tok = String.Empty
|
||||
Return token
|
||||
Catch Ex As Exception
|
||||
Dim intzahl2 = RandomInteger(Math.Pow(2, 5), Math.Pow(2, 7))
|
||||
'Dim Msg, Style, Title As String
|
||||
'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given."
|
||||
'Style = vbRetry + vbExclamation + vbDefaultButton1
|
||||
'Title = "Error05: Token-Generierung"
|
||||
'MsgBox(Msg, Style, Title)
|
||||
'If MsgBox(Msg, Style, Title).Retry Then
|
||||
'genToken(username, password, email)
|
||||
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl2)
|
||||
Dim tok As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(STrings)
|
||||
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10191, intzahl2))
|
||||
salt = String.Empty
|
||||
tok = String.Empty
|
||||
Return token
|
||||
|
||||
End Try
|
||||
Else
|
||||
Dim token As String
|
||||
|
||||
Dim intzahl = RandomInteger(Math.Pow(2, 7), Math.Pow(2, 14))
|
||||
Dim Rand As Random = New Random
|
||||
|
||||
Try
|
||||
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl)
|
||||
Dim tok As String = STrings
|
||||
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10191, intzahl))
|
||||
salt = String.Empty
|
||||
tok = String.Empty
|
||||
Return token
|
||||
Catch Ex As Exception
|
||||
Dim intzahl2 = RandomInteger(Math.Pow(2, 7), Math.Pow(2, 14))
|
||||
'Dim Msg, Style, Title As String
|
||||
'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given."
|
||||
'Style = vbRetry + vbExclamation + vbDefaultButton1
|
||||
'Title = "Error05: Token-Generierung"
|
||||
'MsgBox(Msg, Style, Title)
|
||||
'If MsgBox(Msg, Style, Title).Retry Then
|
||||
'genToken(username, password, email)
|
||||
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl2)
|
||||
Dim tok As String = STrings
|
||||
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10191, intzahl2))
|
||||
salt = String.Empty
|
||||
tok = String.Empty
|
||||
Return token
|
||||
|
||||
End Try
|
||||
End If
|
||||
End Function
|
||||
Public Function RandomInteger(ByVal min As Integer, ByVal _
|
||||
max As Integer) As Integer
|
||||
Dim rand As New RNGCryptoServiceProvider()
|
||||
|
||||
Reference in New Issue
Block a user