diff --git a/login/Change_PW.aspx.vb b/login/Change_PW.aspx.vb index d00b036..5ade364 100644 --- a/login/Change_PW.aspx.vb +++ b/login/Change_PW.aspx.vb @@ -22,11 +22,12 @@ Partial Class login_Change_PW Using con As New SqlConnection(ConnectionString) ' Using cmd As New SqlCommand("Validate_User") - Using cmd As New SqlCommand("SELECT UserId,Username,KundenNr FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND UserId=@UserId") + Using cmd As New SqlCommand("SELECT UserId,Password,Username FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND UserId=@UserId") ' cmd.CommandType = CommandType.StoredProcedure Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")) Dim KundenNr As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")) Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par4")) + Dim Email As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par5")) cmd.Parameters.AddWithValue("@Username", usrname) cmd.Parameters.AddWithValue("@UserId", UsrID) cmd.Connection = con @@ -35,7 +36,6 @@ Partial Class login_Change_PW Dim dr As SqlDataReader = cmd.ExecuteReader() If dr.HasRows Then dr.Read() - If getDateoftoken(Request.QueryString("Par1")) = True AndAlso usrname = dr("Username") AndAlso KundenNr = dr("KundenNr") AndAlso UsrID = dr("UserId") Then Try If IsPostBack Then @@ -65,9 +65,10 @@ Partial Class login_Change_PW End If Catch exc As Exception lbl_messagetext.Text = exc.Message - End Try + End Try + Else - VERAG_VARIABLES.initerrorcount() + VERAG_VARIABLES.initerrorcount() VERAG_VARIABLES.seterrorcount(1) lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb + "Link is invalid. Please send a new E-Mail!" btn_submitpw.Text = "Return to Login!" @@ -87,7 +88,7 @@ Partial Class login_Change_PW Dim nameoftoken = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(tokenname) If wenn < DateTime.UtcNow.AddMinutes(-30) Then nameoftoken = String.Empty - tokenname = nameoftoken + 'MsgBox("Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!") lbl_messagetext.Text = "Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!" Session.Remove("TokenforEmail") @@ -375,7 +376,6 @@ Partial Class login_Change_PW End If If String.IsNullOrEmpty(txt_Pw_M.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_WH_M.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw.Text) = True AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = True Then - If reqPasswtxt_M.IsValid = True AndAlso reqPassw1txt_M.IsValid = True Then If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = True @@ -557,6 +557,113 @@ Partial Class login_Change_PW Return "Error in Session ID. It has changed. Please check admin!" End If End Function + + Function gennewsaltToken(username As String, password As String, email As String, CustomerID As String, isnewSession As Boolean, theUserID As String) As String + If isnewSession = False Then + Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary()) + Dim Key() As Byte = Guid.NewGuid().ToByteArray() + Dim token As String + + Dim intzahl = RandomInteger(Math.Pow(2, 7), Math.Pow(2, 14)) + Dim intzahl2 = RandomInteger(Math.Pow(2, 7), Math.Pow(2, 14)) + Dim Rand As Random = New Random + If String.IsNullOrEmpty(theUserID) = False Then + Try + Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl) + Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray()) + token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10191, intzahl)) + salt = String.Empty + tok = String.Empty + Return token + Catch Ex As Exception + 'Dim Msg, Style, Title As String + 'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given." + 'Style = vbRetry + vbExclamation + vbDefaultButton1 + 'Title = "Error05: Token-Generierung" + 'MsgBox(Msg, Style, Title) + 'If MsgBox(Msg, Style, Title).Retry Then + 'genToken(username, password, email) + Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl2) + Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray()) + token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10191, intzahl2)) + salt = String.Empty + tok = String.Empty + Return token + + End Try + Else + Return String.Empty + End If + Else + Return "Error in Session ID. It has changed. Please check admin!" + End If + End Function + + Function gensaltToken(STrings As String) As String + If String.IsNullOrEmpty(STrings) = False Then + Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary()) + Dim Key() As Byte = Guid.NewGuid().ToByteArray() + Dim token As String + + Dim intzahl = RandomInteger(Math.Pow(2, 5), Math.Pow(2, 7)) + Dim Rand As Random = New Random + + Try + Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl) + Dim tok As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(STrings) + token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10191, intzahl)) + salt = String.Empty + tok = String.Empty + Return token + Catch Ex As Exception + Dim intzahl2 = RandomInteger(Math.Pow(2, 5), Math.Pow(2, 7)) + 'Dim Msg, Style, Title As String + 'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given." + 'Style = vbRetry + vbExclamation + vbDefaultButton1 + 'Title = "Error05: Token-Generierung" + 'MsgBox(Msg, Style, Title) + 'If MsgBox(Msg, Style, Title).Retry Then + 'genToken(username, password, email) + Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl2) + Dim tok As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(STrings) + token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10191, intzahl2)) + salt = String.Empty + tok = String.Empty + Return token + + End Try + Else + Dim token As String + + Dim intzahl = RandomInteger(Math.Pow(2, 7), Math.Pow(2, 14)) + Dim Rand As Random = New Random + + Try + Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl) + Dim tok As String = STrings + token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10191, intzahl)) + salt = String.Empty + tok = String.Empty + Return token + Catch Ex As Exception + Dim intzahl2 = RandomInteger(Math.Pow(2, 7), Math.Pow(2, 14)) + 'Dim Msg, Style, Title As String + 'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given." + 'Style = vbRetry + vbExclamation + vbDefaultButton1 + 'Title = "Error05: Token-Generierung" + 'MsgBox(Msg, Style, Title) + 'If MsgBox(Msg, Style, Title).Retry Then + 'genToken(username, password, email) + Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl2) + Dim tok As String = STrings + token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10191, intzahl2)) + salt = String.Empty + tok = String.Empty + Return token + + End Try + End If + End Function Public Function RandomInteger(ByVal min As Integer, ByVal _ max As Integer) As Integer Dim rand As New RNGCryptoServiceProvider()