edv/VERAG_Homepage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Änderngen fehlerfall geänderte Session ID

Browse Source
This commit is contained in:
ja
2021-11-11 10:11:20 +01:00
parent 3d32fd49b2
commit 7d9f297bba
1 changed files with 70 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

124
login/ForgotPW.aspx.vb
View File

@@ -184,14 +184,14 @@ Partial Class ForgotPW
End Using
If Session.Item("TokenforEmail") = Nothing Then
tokenname = genToken(username, password, email, customerID, isusrnmright, isCustomeridright, isemailright)
tokenname = genToken(username, password, email, customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession)
Session.Add("TokenforEmail", tokenname)
Session.Add("SessID", VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(Session.SessionID))
Else
tokenname = Session.Item("TokenforEmail")
End If
If SendEmail(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusrnmright, isCustomeridright, isemailright) = True Then
If SendEmail(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession) = True Then
'password = RandomString(New Random, 10)
If (getDateoftoken(tokenname) = True) Then
'Dim msgboxstyle = vbDefaultButton1 + vbOK
@@ -205,7 +205,7 @@ Partial Class ForgotPW
'MsgBox("Token is not valid anymore. Please generate a new one by sending a new e-mail!")
If Session.Item("TokenforEmail") = Nothing Then
tokenname = genToken(username, password, email, customerID, isusrnmright, isCustomeridright, isemailright)
tokenname = genToken(username, password, email, customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession)
Session.Add("TokenforEmail", tokenname)
Else
tokenname = Session.Item("TokenforEmail")
@@ -215,7 +215,7 @@ Partial Class ForgotPW
'MsgBox("Mail would be sent successfully!")
lblMessage.ForeColor = Color.Green
lblMessage.Text = "The password has been sent sucessfully on the given valid e-mail address."
ElseIf SendEmail(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusrnmright, isCustomeridright, isemailright) = True Then
ElseIf SendEmail(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession) = True Then
'MsgBox("Mail would not be sent successfully!")
lblMessage.ForeColor = Color.Red
If String.IsNullOrWhiteSpace(username) = True Then
@@ -405,14 +405,14 @@ Partial Class ForgotPW
End Using
If Session.Item("TokenforEmail") = Nothing Then
tokenname = genToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright)
tokenname = genToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession)
Session.Add("TokenforEmail", tokenname)
Session.Add("SessID", VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(Session.SessionID))
Else
tokenname = Session.Item("TokenforEmail")
End If
If SendEmail_M(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusernameright, isuserIDright, isuserEmailright) = True Then
If SendEmail_M(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession) = True Then
'password = RandomString(New Random, 10)
If (getDateoftoken(tokenname) = True) Then
'Dim msgboxstyle = vbDefaultButton1 + vbOK
@@ -426,7 +426,7 @@ Partial Class ForgotPW
'MsgBox("Token is not valid anymore. Please generate a new one by sending a new e-mail!")
If Session.Item("TokenforEmail") = Nothing Then
tokenname = genToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright)
tokenname = genToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession)
Session.Add("TokenforEmail", tokenname)
Else
tokenname = Session.Item("TokenforEmail")
@@ -436,7 +436,7 @@ Partial Class ForgotPW
'MsgBox("Mail would be sent successfully!")
lblMessage_M.ForeColor = Color.Green
lblMessage_M.Text = "The password has been sent sucessfully on the given valid e-mail address."
ElseIf SendEmail_M(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusernameright, isuserIDright, isuserEmailright) = True Then
ElseIf SendEmail_M(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession) = True Then
'MsgBox("Mail would not be sent successfully!")
lblMessage_M.ForeColor = Color.Red
If String.IsNullOrWhiteSpace(username) = True Then
@@ -461,7 +461,7 @@ Partial Class ForgotPW
End Try
End Sub
Function SendEmail_M(username As String, password As String, email As String, tokenname As String, userID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean) As Boolean
Function SendEmail_M(username As String, password As String, email As String, tokenname As String, userID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean, sessionisnew As Boolean) As Boolean
Dim getdomianenvironment As String = String.Empty
Dim pagename As String = String.Empty
Dim ServPort As String = String.Empty
@@ -469,7 +469,7 @@ Partial Class ForgotPW
Dim Betreff As String = String.Empty
Dim htmlbody As String = String.Empty
Dim emailnr = VERAG_PROG_ALLGEMEIN.cAllgemein.FIRMA_ID.ToString
If isusrnmright = True And iscstmIDright = True AndAlso isemailright = True Then
If isusrnmright = True And iscstmIDright = True AndAlso isemailright = True And sessionisnew = False Then
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
'MsgBox(getdomianenvironment)
getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME")
@@ -506,7 +506,7 @@ Partial Class ForgotPW
Try
If Session.Item("TokenforEmail") = Nothing Then
tokenname = genToken(username, password, email, userID, isusrnmright, iscstmIDright, isemailright)
tokenname = genToken(username, password, email, userID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession)
Session.Add("TokenforEmail", tokenname)
Else
tokenname = Session.Item("TokenforEmail").ToString()
@@ -531,7 +531,7 @@ Partial Class ForgotPW
lblMessage_M.Text = "Error02: Mail not delivered!"
'MsgBox("Error02: Mail not delivered!" & vbCrLf & "New Token has been generated.")
If Session.Item("TokenforEmail") = Nothing Then
tokenname = genToken(username, password, email, userID, isusrnmright, iscstmIDright, isemailright)
tokenname = genToken(username, password, email, userID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession)
Session.Add("TokenforEmail", tokenname)
Session.Add("USerID", userID)
Else
@@ -549,7 +549,7 @@ Partial Class ForgotPW
End If
End Function
Function SendEmail(username As String, password As String, email As String, tokenname As String, userID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean) As Boolean
Function SendEmail(username As String, password As String, email As String, tokenname As String, userID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean, sessionisnew As Boolean) As Boolean
Dim getdomianenvironment As String = String.Empty
Dim pagename As String = String.Empty
Dim ServPort As String = String.Empty
@@ -557,7 +557,7 @@ Partial Class ForgotPW
Dim Betreff As String = String.Empty
Dim htmlbody As String = String.Empty
Dim emailnr = VERAG_PROG_ALLGEMEIN.cAllgemein.FIRMA_ID.ToString
If isusrnmright = True And iscstmIDright = True AndAlso isemailright = True Then
If isusrnmright = True And iscstmIDright = True AndAlso isemailright = True And sessionisnew = False Then
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
MsgBox(getdomianenvironment)
getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME")
@@ -594,7 +594,7 @@ Partial Class ForgotPW
Try
If Session.Item("TokenforEmail") = Nothing Then
tokenname = genToken(username, password, email, userID, isusrnmright, iscstmIDright, isemailright)
tokenname = genToken(username, password, email, userID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession)
Session.Add("TokenforEmail", tokenname)
Else
tokenname = Session.Item("TokenforEmail").ToString()
@@ -619,7 +619,7 @@ Partial Class ForgotPW
lblMessage.Text = "Error02: Mail not delivered!"
'MsgBox("Error02: Mail not delivered!" & vbCrLf & "New Token has been generated.")
If Session.Item("TokenforEmail") = Nothing Then
tokenname = genToken(username, password, email, userID, isusrnmright, iscstmIDright, isemailright)
tokenname = genToken(username, password, email, userID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession)
Session.Add("TokenforEmail", tokenname)
Session.Add("USerID", userID)
Else
@@ -638,44 +638,48 @@ Partial Class ForgotPW
End If
End Function
Function genToken(username As String, password As String, email As String, CustomerID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean) As String
Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary())
Dim Key() As Byte = Guid.NewGuid().ToByteArray()
Dim token As String
If isusrnmright = True And iscstmIDright = True And isemailright = True Then
Try
token = VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(Convert.ToBase64String(time.Concat(Key).ToArray()))
Return token
Catch Ex As Exception
Dim Msg, Style, Title As String
Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given."
Style = vbRetry + vbExclamation + vbDefaultButton1
Title = "Error05: Token-Generierung"
'MsgBox(Msg, Style, Title)
'If MsgBox(Msg, Style, Title).Retry Then
'genToken(username, password, email)
token = VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(Convert.ToBase64String(time.Concat(Key).ToArray()))
If SendEmail(username, password, email, token, CustomerID, isusrnmright, iscstmIDright, isemailright) = True Then
'MsgBox("Email could not been sent because of an internal encryption error.", vbOK + vbInformation + vbDefaultButton1, "Token-Generation Error")
Else
'MsgBox("Email has been sent successful." & vbCr & "Please check your E-Mails!", vbOK + vbInformation + vbDefaultButton1, "Token-Generation successful!")
End If
'Else
'MsgBox("Token-Generation has not been successful." & vbCrLf & "Please try again in five seconds!")
Dim jetzt As DateTime = DateTime.UtcNow
Dim wenn As DateTime = DateTime.UtcNow.AddSeconds(-5)
If jetzt < wenn Then
Return "NotYet"
Else
token = genToken(username, password, email, CustomerID, isusrnmright, iscstmIDright, isemailright)
Function genToken(username As String, password As String, email As String, CustomerID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean, isnewSession As Boolean) As String
If isnewSession = False Then
Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary())
Dim Key() As Byte = Guid.NewGuid().ToByteArray()
Dim token As String
If isusrnmright = True And iscstmIDright = True And isemailright = True Then
Try
token = VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(Convert.ToBase64String(time.Concat(Key).ToArray()))
Return token
'End If
End If
End Try
Catch Ex As Exception
Dim Msg, Style, Title As String
Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given."
Style = vbRetry + vbExclamation + vbDefaultButton1
Title = "Error05: Token-Generierung"
'MsgBox(Msg, Style, Title)
'If MsgBox(Msg, Style, Title).Retry Then
'genToken(username, password, email)
token = VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(Convert.ToBase64String(time.Concat(Key).ToArray()))
If SendEmail(username, password, email, token, CustomerID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession) = True Then
'MsgBox("Email could not been sent because of an internal encryption error.", vbOK + vbInformation + vbDefaultButton1, "Token-Generation Error")
Else
'MsgBox("Email has been sent successful." & vbCr & "Please check your E-Mails!", vbOK + vbInformation + vbDefaultButton1, "Token-Generation successful!")
End If
'Else
'MsgBox("Token-Generation has not been successful." & vbCrLf & "Please try again in five seconds!")
Dim jetzt As DateTime = DateTime.UtcNow
Dim wenn As DateTime = DateTime.UtcNow.AddSeconds(-5)
If jetzt < wenn Then
Return "NotYet"
Else
token = genToken(username, password, email, CustomerID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession)
Return token
'End If
End If
End Try
Else
Return String.Empty
End If
Else
Return String.Empty
Return "Error in Session. Please check admin!"
End If
End Function
@@ -701,8 +705,20 @@ Partial Class ForgotPW
Return True
ElseIf nameoftoken = "NotYet" Then
Return True
Else
Return True
ElseIf nameoftoken = "Error in Session. Please check admin!" Then
Dim mailto As String = "support@verag.ag"
Dim htmlbody As String
VERAG_VARIABLES.seterrorcount(500)
Dim Betreff As String = "Session ID" + VERAG_VARIABLES.geterrornumb
If String.IsNullOrEmpty(txt_Username.Text) = False And String.IsNullOrEmpty(txt_Username_M.Text) = True Then
htmlbody = "<p> Der User " + txt_Username.Text + "hat eine ungültige oder geänderte Session-ID </p> <table><th><td>User</td></th><th><td>neue ID</td></th><tr><td>" + txt_Username.Text + "</td><td>" + Session.SessionID + "</td></tr></table>"
ElseIf String.IsNullOrEmpty(txt_Username_M.Text) = False And String.IsNullOrEmpty(txt_Username.Text) = True Then
htmlbody = "<p> Der User " + txt_Username_M.Text + "hat eine ungültige oder geänderte Session-ID </p> <table><th><td>User</td></th><th><td>neue ID</td></th><tr><td>" + txt_Username_M.Text + "</td><td>" + Session.SessionID + "</td></tr></table>"
End If
VERAG_PROG_ALLGEMEIN.cProgramFunctions.sendMail(mailto, Betreff, htmlbody)
Return False
Else
Return True
End If
End Function