edv/VERAG_Homepage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Änderungen

Browse Source
This commit is contained in:
ja
2021-12-02 14:55:11 +01:00
parent 8529caaa5c
commit 6c2064cf3b
1 changed files with 113 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

115
login/Change_PW.aspx.vb
View File

@@ -22,11 +22,12 @@ Partial Class login_Change_PW
Using con As New SqlConnection(ConnectionString) Using con As New SqlConnection(ConnectionString)
' Using cmd As New SqlCommand("Validate_User") ' Using cmd As New SqlCommand("Validate_User")
Using cmd As New SqlCommand("SELECT UserId,Username,KundenNr FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND UserId=@UserId") Using cmd As New SqlCommand("SELECT UserId,Password,Username FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND UserId=@UserId")
' cmd.CommandType = CommandType.StoredProcedure ' cmd.CommandType = CommandType.StoredProcedure
Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")) Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2"))
Dim KundenNr As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")) Dim KundenNr As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3"))
Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par4")) Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par4"))
Dim Email As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par5"))
cmd.Parameters.AddWithValue("@Username", usrname) cmd.Parameters.AddWithValue("@Username", usrname)
cmd.Parameters.AddWithValue("@UserId", UsrID) cmd.Parameters.AddWithValue("@UserId", UsrID)
cmd.Connection = con cmd.Connection = con
@@ -35,7 +36,6 @@ Partial Class login_Change_PW
Dim dr As SqlDataReader = cmd.ExecuteReader() Dim dr As SqlDataReader = cmd.ExecuteReader()
If dr.HasRows Then If dr.HasRows Then
dr.Read() dr.Read()
If getDateoftoken(Request.QueryString("Par1")) = True AndAlso usrname = dr("Username") AndAlso KundenNr = dr("KundenNr") AndAlso UsrID = dr("UserId") Then If getDateoftoken(Request.QueryString("Par1")) = True AndAlso usrname = dr("Username") AndAlso KundenNr = dr("KundenNr") AndAlso UsrID = dr("UserId") Then
Try Try
If IsPostBack Then If IsPostBack Then
@@ -66,6 +66,7 @@ Partial Class login_Change_PW
Catch exc As Exception Catch exc As Exception
lbl_messagetext.Text = exc.Message lbl_messagetext.Text = exc.Message
End Try End Try
Else Else
VERAG_VARIABLES.initerrorcount() VERAG_VARIABLES.initerrorcount()
VERAG_VARIABLES.seterrorcount(1) VERAG_VARIABLES.seterrorcount(1)
@@ -87,7 +88,7 @@ Partial Class login_Change_PW
Dim nameoftoken = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(tokenname) Dim nameoftoken = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(tokenname)
If wenn < DateTime.UtcNow.AddMinutes(-30) Then If wenn < DateTime.UtcNow.AddMinutes(-30) Then
nameoftoken = String.Empty nameoftoken = String.Empty
tokenname = nameoftoken
'MsgBox("Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!") 'MsgBox("Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!")
lbl_messagetext.Text = "Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!" lbl_messagetext.Text = "Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!"
Session.Remove("TokenforEmail") Session.Remove("TokenforEmail")
@@ -375,7 +376,6 @@ Partial Class login_Change_PW
End If End If
If String.IsNullOrEmpty(txt_Pw_M.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_WH_M.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw.Text) = True AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = True Then If String.IsNullOrEmpty(txt_Pw_M.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_WH_M.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw.Text) = True AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = True Then
If reqPasswtxt_M.IsValid = True AndAlso reqPassw1txt_M.IsValid = True Then If reqPasswtxt_M.IsValid = True AndAlso reqPassw1txt_M.IsValid = True Then
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = True VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = True
@@ -557,6 +557,113 @@ Partial Class login_Change_PW
Return "Error in Session ID. It has changed. Please check admin!" Return "Error in Session ID. It has changed. Please check admin!"
End If End If
End Function End Function
Function gennewsaltToken(username As String, password As String, email As String, CustomerID As String, isnewSession As Boolean, theUserID As String) As String
If isnewSession = False Then
Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary())
Dim Key() As Byte = Guid.NewGuid().ToByteArray()
Dim token As String
Dim intzahl = RandomInteger(Math.Pow(2, 7), Math.Pow(2, 14))
Dim intzahl2 = RandomInteger(Math.Pow(2, 7), Math.Pow(2, 14))
Dim Rand As Random = New Random
If String.IsNullOrEmpty(theUserID) = False Then
Try
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl)
Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray())
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10191, intzahl))
salt = String.Empty
tok = String.Empty
Return token
Catch Ex As Exception
'Dim Msg, Style, Title As String
'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given."
'Style = vbRetry + vbExclamation + vbDefaultButton1
'Title = "Error05: Token-Generierung"
'MsgBox(Msg, Style, Title)
'If MsgBox(Msg, Style, Title).Retry Then
'genToken(username, password, email)
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl2)
Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray())
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10191, intzahl2))
salt = String.Empty
tok = String.Empty
Return token
End Try
Else
Return String.Empty
End If
Else
Return "Error in Session ID. It has changed. Please check admin!"
End If
End Function
Function gensaltToken(STrings As String) As String
If String.IsNullOrEmpty(STrings) = False Then
Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary())
Dim Key() As Byte = Guid.NewGuid().ToByteArray()
Dim token As String
Dim intzahl = RandomInteger(Math.Pow(2, 5), Math.Pow(2, 7))
Dim Rand As Random = New Random
Try
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl)
Dim tok As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(STrings)
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10191, intzahl))
salt = String.Empty
tok = String.Empty
Return token
Catch Ex As Exception
Dim intzahl2 = RandomInteger(Math.Pow(2, 5), Math.Pow(2, 7))
'Dim Msg, Style, Title As String
'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given."
'Style = vbRetry + vbExclamation + vbDefaultButton1
'Title = "Error05: Token-Generierung"
'MsgBox(Msg, Style, Title)
'If MsgBox(Msg, Style, Title).Retry Then
'genToken(username, password, email)
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl2)
Dim tok As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(STrings)
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10191, intzahl2))
salt = String.Empty
tok = String.Empty
Return token
End Try
Else
Dim token As String
Dim intzahl = RandomInteger(Math.Pow(2, 7), Math.Pow(2, 14))
Dim Rand As Random = New Random
Try
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl)
Dim tok As String = STrings
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10191, intzahl))
salt = String.Empty
tok = String.Empty
Return token
Catch Ex As Exception
Dim intzahl2 = RandomInteger(Math.Pow(2, 7), Math.Pow(2, 14))
'Dim Msg, Style, Title As String
'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given."
'Style = vbRetry + vbExclamation + vbDefaultButton1
'Title = "Error05: Token-Generierung"
'MsgBox(Msg, Style, Title)
'If MsgBox(Msg, Style, Title).Retry Then
'genToken(username, password, email)
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl2)
Dim tok As String = STrings
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10191, intzahl2))
salt = String.Empty
tok = String.Empty
Return token
End Try
End If
End Function
Public Function RandomInteger(ByVal min As Integer, ByVal _ Public Function RandomInteger(ByVal min As Integer, ByVal _
max As Integer) As Integer max As Integer) As Integer
Dim rand As New RNGCryptoServiceProvider() Dim rand As New RNGCryptoServiceProvider()