From 7d9f297bba4be1511cb9cde4a2efb853a9ff3070 Mon Sep 17 00:00:00 2001 From: ja Date: Thu, 11 Nov 2021 10:11:20 +0100 Subject: [PATCH] =?UTF-8?q?=C3=84nderngen=20fehlerfall=20ge=C3=A4nderte=20?= =?UTF-8?q?Session=20ID?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- login/ForgotPW.aspx.vb | 124 +++++++++++++++++++++++------------------ 1 file changed, 70 insertions(+), 54 deletions(-) diff --git a/login/ForgotPW.aspx.vb b/login/ForgotPW.aspx.vb index 2c03dc5..4ffaf47 100644 --- a/login/ForgotPW.aspx.vb +++ b/login/ForgotPW.aspx.vb @@ -184,14 +184,14 @@ Partial Class ForgotPW End Using If Session.Item("TokenforEmail") = Nothing Then - tokenname = genToken(username, password, email, customerID, isusrnmright, isCustomeridright, isemailright) + tokenname = genToken(username, password, email, customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession) Session.Add("TokenforEmail", tokenname) Session.Add("SessID", VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(Session.SessionID)) Else tokenname = Session.Item("TokenforEmail") End If - If SendEmail(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusrnmright, isCustomeridright, isemailright) = True Then + If SendEmail(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession) = True Then 'password = RandomString(New Random, 10) If (getDateoftoken(tokenname) = True) Then 'Dim msgboxstyle = vbDefaultButton1 + vbOK @@ -205,7 +205,7 @@ Partial Class ForgotPW 'MsgBox("Token is not valid anymore. Please generate a new one by sending a new e-mail!") If Session.Item("TokenforEmail") = Nothing Then - tokenname = genToken(username, password, email, customerID, isusrnmright, isCustomeridright, isemailright) + tokenname = genToken(username, password, email, customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession) Session.Add("TokenforEmail", tokenname) Else tokenname = Session.Item("TokenforEmail") @@ -215,7 +215,7 @@ Partial Class ForgotPW 'MsgBox("Mail would be sent successfully!") lblMessage.ForeColor = Color.Green lblMessage.Text = "The password has been sent sucessfully on the given valid e-mail address." - ElseIf SendEmail(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusrnmright, isCustomeridright, isemailright) = True Then + ElseIf SendEmail(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession) = True Then 'MsgBox("Mail would not be sent successfully!") lblMessage.ForeColor = Color.Red If String.IsNullOrWhiteSpace(username) = True Then @@ -405,14 +405,14 @@ Partial Class ForgotPW End Using If Session.Item("TokenforEmail") = Nothing Then - tokenname = genToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright) + tokenname = genToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession) Session.Add("TokenforEmail", tokenname) Session.Add("SessID", VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(Session.SessionID)) Else tokenname = Session.Item("TokenforEmail") End If - If SendEmail_M(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusernameright, isuserIDright, isuserEmailright) = True Then + If SendEmail_M(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession) = True Then 'password = RandomString(New Random, 10) If (getDateoftoken(tokenname) = True) Then 'Dim msgboxstyle = vbDefaultButton1 + vbOK @@ -426,7 +426,7 @@ Partial Class ForgotPW 'MsgBox("Token is not valid anymore. Please generate a new one by sending a new e-mail!") If Session.Item("TokenforEmail") = Nothing Then - tokenname = genToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright) + tokenname = genToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession) Session.Add("TokenforEmail", tokenname) Else tokenname = Session.Item("TokenforEmail") @@ -436,7 +436,7 @@ Partial Class ForgotPW 'MsgBox("Mail would be sent successfully!") lblMessage_M.ForeColor = Color.Green lblMessage_M.Text = "The password has been sent sucessfully on the given valid e-mail address." - ElseIf SendEmail_M(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusernameright, isuserIDright, isuserEmailright) = True Then + ElseIf SendEmail_M(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession) = True Then 'MsgBox("Mail would not be sent successfully!") lblMessage_M.ForeColor = Color.Red If String.IsNullOrWhiteSpace(username) = True Then @@ -461,7 +461,7 @@ Partial Class ForgotPW End Try End Sub - Function SendEmail_M(username As String, password As String, email As String, tokenname As String, userID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean) As Boolean + Function SendEmail_M(username As String, password As String, email As String, tokenname As String, userID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean, sessionisnew As Boolean) As Boolean Dim getdomianenvironment As String = String.Empty Dim pagename As String = String.Empty Dim ServPort As String = String.Empty @@ -469,7 +469,7 @@ Partial Class ForgotPW Dim Betreff As String = String.Empty Dim htmlbody As String = String.Empty Dim emailnr = VERAG_PROG_ALLGEMEIN.cAllgemein.FIRMA_ID.ToString - If isusrnmright = True And iscstmIDright = True AndAlso isemailright = True Then + If isusrnmright = True And iscstmIDright = True AndAlso isemailright = True And sessionisnew = False Then If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then 'MsgBox(getdomianenvironment) getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME") @@ -506,7 +506,7 @@ Partial Class ForgotPW Try If Session.Item("TokenforEmail") = Nothing Then - tokenname = genToken(username, password, email, userID, isusrnmright, iscstmIDright, isemailright) + tokenname = genToken(username, password, email, userID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession) Session.Add("TokenforEmail", tokenname) Else tokenname = Session.Item("TokenforEmail").ToString() @@ -531,7 +531,7 @@ Partial Class ForgotPW lblMessage_M.Text = "Error02: Mail not delivered!" 'MsgBox("Error02: Mail not delivered!" & vbCrLf & "New Token has been generated.") If Session.Item("TokenforEmail") = Nothing Then - tokenname = genToken(username, password, email, userID, isusrnmright, iscstmIDright, isemailright) + tokenname = genToken(username, password, email, userID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession) Session.Add("TokenforEmail", tokenname) Session.Add("USerID", userID) Else @@ -549,7 +549,7 @@ Partial Class ForgotPW End If End Function - Function SendEmail(username As String, password As String, email As String, tokenname As String, userID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean) As Boolean + Function SendEmail(username As String, password As String, email As String, tokenname As String, userID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean, sessionisnew As Boolean) As Boolean Dim getdomianenvironment As String = String.Empty Dim pagename As String = String.Empty Dim ServPort As String = String.Empty @@ -557,7 +557,7 @@ Partial Class ForgotPW Dim Betreff As String = String.Empty Dim htmlbody As String = String.Empty Dim emailnr = VERAG_PROG_ALLGEMEIN.cAllgemein.FIRMA_ID.ToString - If isusrnmright = True And iscstmIDright = True AndAlso isemailright = True Then + If isusrnmright = True And iscstmIDright = True AndAlso isemailright = True And sessionisnew = False Then If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then MsgBox(getdomianenvironment) getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME") @@ -594,7 +594,7 @@ Partial Class ForgotPW Try If Session.Item("TokenforEmail") = Nothing Then - tokenname = genToken(username, password, email, userID, isusrnmright, iscstmIDright, isemailright) + tokenname = genToken(username, password, email, userID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession) Session.Add("TokenforEmail", tokenname) Else tokenname = Session.Item("TokenforEmail").ToString() @@ -619,7 +619,7 @@ Partial Class ForgotPW lblMessage.Text = "Error02: Mail not delivered!" 'MsgBox("Error02: Mail not delivered!" & vbCrLf & "New Token has been generated.") If Session.Item("TokenforEmail") = Nothing Then - tokenname = genToken(username, password, email, userID, isusrnmright, iscstmIDright, isemailright) + tokenname = genToken(username, password, email, userID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession) Session.Add("TokenforEmail", tokenname) Session.Add("USerID", userID) Else @@ -638,44 +638,48 @@ Partial Class ForgotPW End If End Function - Function genToken(username As String, password As String, email As String, CustomerID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean) As String - Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary()) - Dim Key() As Byte = Guid.NewGuid().ToByteArray() - Dim token As String - If isusrnmright = True And iscstmIDright = True And isemailright = True Then - Try - token = VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(Convert.ToBase64String(time.Concat(Key).ToArray())) - Return token - Catch Ex As Exception - Dim Msg, Style, Title As String - Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given." - Style = vbRetry + vbExclamation + vbDefaultButton1 - Title = "Error05: Token-Generierung" - 'MsgBox(Msg, Style, Title) - - 'If MsgBox(Msg, Style, Title).Retry Then - 'genToken(username, password, email) - token = VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(Convert.ToBase64String(time.Concat(Key).ToArray())) - If SendEmail(username, password, email, token, CustomerID, isusrnmright, iscstmIDright, isemailright) = True Then - 'MsgBox("Email could not been sent because of an internal encryption error.", vbOK + vbInformation + vbDefaultButton1, "Token-Generation Error") - Else - 'MsgBox("Email has been sent successful." & vbCr & "Please check your E-Mails!", vbOK + vbInformation + vbDefaultButton1, "Token-Generation successful!") - End If - 'Else - 'MsgBox("Token-Generation has not been successful." & vbCrLf & "Please try again in five seconds!") - Dim jetzt As DateTime = DateTime.UtcNow - Dim wenn As DateTime = DateTime.UtcNow.AddSeconds(-5) - - If jetzt < wenn Then - Return "NotYet" - Else - token = genToken(username, password, email, CustomerID, isusrnmright, iscstmIDright, isemailright) + Function genToken(username As String, password As String, email As String, CustomerID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean, isnewSession As Boolean) As String + If isnewSession = False Then + Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary()) + Dim Key() As Byte = Guid.NewGuid().ToByteArray() + Dim token As String + If isusrnmright = True And iscstmIDright = True And isemailright = True Then + Try + token = VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(Convert.ToBase64String(time.Concat(Key).ToArray())) Return token - 'End If - End If - End Try + Catch Ex As Exception + Dim Msg, Style, Title As String + Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given." + Style = vbRetry + vbExclamation + vbDefaultButton1 + Title = "Error05: Token-Generierung" + 'MsgBox(Msg, Style, Title) + + 'If MsgBox(Msg, Style, Title).Retry Then + 'genToken(username, password, email) + token = VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(Convert.ToBase64String(time.Concat(Key).ToArray())) + If SendEmail(username, password, email, token, CustomerID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession) = True Then + 'MsgBox("Email could not been sent because of an internal encryption error.", vbOK + vbInformation + vbDefaultButton1, "Token-Generation Error") + Else + 'MsgBox("Email has been sent successful." & vbCr & "Please check your E-Mails!", vbOK + vbInformation + vbDefaultButton1, "Token-Generation successful!") + End If + 'Else + 'MsgBox("Token-Generation has not been successful." & vbCrLf & "Please try again in five seconds!") + Dim jetzt As DateTime = DateTime.UtcNow + Dim wenn As DateTime = DateTime.UtcNow.AddSeconds(-5) + + If jetzt < wenn Then + Return "NotYet" + Else + token = genToken(username, password, email, CustomerID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession) + Return token + 'End If + End If + End Try + Else + Return String.Empty + End If Else - Return String.Empty + Return "Error in Session. Please check admin!" End If End Function @@ -701,8 +705,20 @@ Partial Class ForgotPW Return True ElseIf nameoftoken = "NotYet" Then Return True - Else - Return True + ElseIf nameoftoken = "Error in Session. Please check admin!" Then + Dim mailto As String = "support@verag.ag" + Dim htmlbody As String + VERAG_VARIABLES.seterrorcount(500) + Dim Betreff As String = "Session ID" + VERAG_VARIABLES.geterrornumb + If String.IsNullOrEmpty(txt_Username.Text) = False And String.IsNullOrEmpty(txt_Username_M.Text) = True Then + htmlbody = "

Der User " + txt_Username.Text + "hat eine ungültige oder geänderte Session-ID

Userneue ID
" + txt_Username.Text + "" + Session.SessionID + "
" + ElseIf String.IsNullOrEmpty(txt_Username_M.Text) = False And String.IsNullOrEmpty(txt_Username.Text) = True Then + htmlbody = "

Der User " + txt_Username_M.Text + "hat eine ungültige oder geänderte Session-ID

Userneue ID
" + txt_Username_M.Text + "" + Session.SessionID + "
" + End If + VERAG_PROG_ALLGEMEIN.cProgramFunctions.sendMail(mailto, Betreff, htmlbody) + Return False + Else + Return True End If End Function