Änderngen fehlerfall geänderte Session ID

login/ForgotPW.aspx.vb

@@ -184,14 +184,14 @@ Partial Class ForgotPW
                 End Using
 
                 If Session.Item("TokenforEmail") = Nothing Then
-                    tokenname = genToken(username, password, email, customerID, isusrnmright, isCustomeridright, isemailright)
+                    tokenname = genToken(username, password, email, customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession)
                     Session.Add("TokenforEmail", tokenname)
                     Session.Add("SessID", VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(Session.SessionID))
                 Else
                     tokenname = Session.Item("TokenforEmail")
                 End If
 
-                If SendEmail(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusrnmright, isCustomeridright, isemailright) = True Then
+                If SendEmail(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession) = True Then
                     'password = RandomString(New Random, 10)
                     If (getDateoftoken(tokenname) = True) Then
                         'Dim msgboxstyle = vbDefaultButton1 + vbOK
@@ -205,7 +205,7 @@ Partial Class ForgotPW
                         'MsgBox("Token is not valid anymore. Please generate a new one by sending a new e-mail!")
 
                         If Session.Item("TokenforEmail") = Nothing Then
-                            tokenname = genToken(username, password, email, customerID, isusrnmright, isCustomeridright, isemailright)
+                            tokenname = genToken(username, password, email, customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession)
                             Session.Add("TokenforEmail", tokenname)
                         Else
                             tokenname = Session.Item("TokenforEmail")
@@ -215,7 +215,7 @@ Partial Class ForgotPW
                     'MsgBox("Mail would be sent successfully!")
                     lblMessage.ForeColor = Color.Green
                     lblMessage.Text = "The password has been sent sucessfully on the given valid e-mail address."
-                ElseIf SendEmail(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusrnmright, isCustomeridright, isemailright) = True Then
+                ElseIf SendEmail(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession) = True Then
                     'MsgBox("Mail would not be sent successfully!")
                     lblMessage.ForeColor = Color.Red
                     If String.IsNullOrWhiteSpace(username) = True Then
@@ -405,14 +405,14 @@ Partial Class ForgotPW
                 End Using
 
                 If Session.Item("TokenforEmail") = Nothing Then
-                    tokenname = genToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright)
+                    tokenname = genToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession)
                     Session.Add("TokenforEmail", tokenname)
                     Session.Add("SessID", VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(Session.SessionID))
                 Else
                     tokenname = Session.Item("TokenforEmail")
                 End If
 
-                If SendEmail_M(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusernameright, isuserIDright, isuserEmailright) = True Then
+                If SendEmail_M(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession) = True Then
                     'password = RandomString(New Random, 10)
                     If (getDateoftoken(tokenname) = True) Then
                         'Dim msgboxstyle = vbDefaultButton1 + vbOK
@@ -426,7 +426,7 @@ Partial Class ForgotPW
                         'MsgBox("Token is not valid anymore. Please generate a new one by sending a new e-mail!")
 
                         If Session.Item("TokenforEmail") = Nothing Then
-                            tokenname = genToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright)
+                            tokenname = genToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession)
                             Session.Add("TokenforEmail", tokenname)
                         Else
                             tokenname = Session.Item("TokenforEmail")
@@ -436,7 +436,7 @@ Partial Class ForgotPW
                     'MsgBox("Mail would be sent successfully!")
                     lblMessage_M.ForeColor = Color.Green
                     lblMessage_M.Text = "The password has been sent sucessfully on the given valid e-mail address."
-                ElseIf SendEmail_M(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusernameright, isuserIDright, isuserEmailright) = True Then
+                ElseIf SendEmail_M(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession) = True Then
                     'MsgBox("Mail would not be sent successfully!")
                     lblMessage_M.ForeColor = Color.Red
                     If String.IsNullOrWhiteSpace(username) = True Then
@@ -461,7 +461,7 @@ Partial Class ForgotPW
         End Try
     End Sub
 
-    Function SendEmail_M(username As String, password As String, email As String, tokenname As String, userID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean) As Boolean
+    Function SendEmail_M(username As String, password As String, email As String, tokenname As String, userID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean, sessionisnew As Boolean) As Boolean
         Dim getdomianenvironment As String = String.Empty
         Dim pagename As String = String.Empty
         Dim ServPort As String = String.Empty
@@ -469,7 +469,7 @@ Partial Class ForgotPW
         Dim Betreff As String = String.Empty
         Dim htmlbody As String = String.Empty
         Dim emailnr = VERAG_PROG_ALLGEMEIN.cAllgemein.FIRMA_ID.ToString
-        If isusrnmright = True And iscstmIDright = True AndAlso isemailright = True Then
+        If isusrnmright = True And iscstmIDright = True AndAlso isemailright = True And sessionisnew = False Then
             If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
                 'MsgBox(getdomianenvironment)
                 getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME")
@@ -506,7 +506,7 @@ Partial Class ForgotPW
 
             Try
                 If Session.Item("TokenforEmail") = Nothing Then
-                    tokenname = genToken(username, password, email, userID, isusrnmright, iscstmIDright, isemailright)
+                    tokenname = genToken(username, password, email, userID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession)
                     Session.Add("TokenforEmail", tokenname)
                 Else
                     tokenname = Session.Item("TokenforEmail").ToString()
@@ -531,7 +531,7 @@ Partial Class ForgotPW
                     lblMessage_M.Text = "Error02: Mail not delivered!"
                     'MsgBox("Error02: Mail not delivered!" & vbCrLf & "New Token has been generated.")
                     If Session.Item("TokenforEmail") = Nothing Then
-                        tokenname = genToken(username, password, email, userID, isusrnmright, iscstmIDright, isemailright)
+                        tokenname = genToken(username, password, email, userID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession)
                         Session.Add("TokenforEmail", tokenname)
                         Session.Add("USerID", userID)
                     Else
@@ -549,7 +549,7 @@ Partial Class ForgotPW
         End If
     End Function
 
-    Function SendEmail(username As String, password As String, email As String, tokenname As String, userID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean) As Boolean
+    Function SendEmail(username As String, password As String, email As String, tokenname As String, userID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean, sessionisnew As Boolean) As Boolean
         Dim getdomianenvironment As String = String.Empty
         Dim pagename As String = String.Empty
         Dim ServPort As String = String.Empty
@@ -557,7 +557,7 @@ Partial Class ForgotPW
         Dim Betreff As String = String.Empty
         Dim htmlbody As String = String.Empty
         Dim emailnr = VERAG_PROG_ALLGEMEIN.cAllgemein.FIRMA_ID.ToString
-        If isusrnmright = True And iscstmIDright = True AndAlso isemailright = True Then
+        If isusrnmright = True And iscstmIDright = True AndAlso isemailright = True And sessionisnew = False Then
             If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
                 MsgBox(getdomianenvironment)
                 getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME")
@@ -594,7 +594,7 @@ Partial Class ForgotPW
 
             Try
                 If Session.Item("TokenforEmail") = Nothing Then
-                    tokenname = genToken(username, password, email, userID, isusrnmright, iscstmIDright, isemailright)
+                    tokenname = genToken(username, password, email, userID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession)
                     Session.Add("TokenforEmail", tokenname)
                 Else
                     tokenname = Session.Item("TokenforEmail").ToString()
@@ -619,7 +619,7 @@ Partial Class ForgotPW
                     lblMessage.Text = "Error02: Mail not delivered!"
                     'MsgBox("Error02: Mail not delivered!" & vbCrLf & "New Token has been generated.")
                     If Session.Item("TokenforEmail") = Nothing Then
-                        tokenname = genToken(username, password, email, userID, isusrnmright, iscstmIDright, isemailright)
+                        tokenname = genToken(username, password, email, userID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession)
                         Session.Add("TokenforEmail", tokenname)
                         Session.Add("USerID", userID)
                     Else
@@ -638,7 +638,8 @@ Partial Class ForgotPW
         End If
     End Function
 
-    Function genToken(username As String, password As String, email As String, CustomerID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean) As String
+    Function genToken(username As String, password As String, email As String, CustomerID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean, isnewSession As Boolean) As String
+        If isnewSession = False Then
             Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary())
             Dim Key() As Byte = Guid.NewGuid().ToByteArray()
             Dim token As String
@@ -656,7 +657,7 @@ Partial Class ForgotPW
                     'If MsgBox(Msg, Style, Title).Retry Then
                     'genToken(username, password, email)
                     token = VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(Convert.ToBase64String(time.Concat(Key).ToArray()))
-                If SendEmail(username, password, email, token, CustomerID, isusrnmright, iscstmIDright, isemailright) = True Then
+                    If SendEmail(username, password, email, token, CustomerID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession) = True Then
                         'MsgBox("Email could not been sent because of an internal encryption error.", vbOK + vbInformation + vbDefaultButton1, "Token-Generation Error")
                     Else
                         'MsgBox("Email has been sent successful." & vbCr & "Please check your E-Mails!", vbOK + vbInformation + vbDefaultButton1, "Token-Generation successful!")
@@ -669,7 +670,7 @@ Partial Class ForgotPW
                     If jetzt < wenn Then
                         Return "NotYet"
                     Else
-                    token = genToken(username, password, email, CustomerID, isusrnmright, iscstmIDright, isemailright)
+                        token = genToken(username, password, email, CustomerID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession)
                         Return token
                         'End If
                     End If
@@ -677,6 +678,9 @@ Partial Class ForgotPW
             Else
                 Return String.Empty
             End If
+        Else
+            Return "Error in Session. Please check admin!"
+        End If
     End Function
 
     Function getDateoftoken(tokenname As String) As Boolean
@@ -701,6 +705,18 @@ Partial Class ForgotPW
             Return True
         ElseIf nameoftoken = "NotYet" Then
             Return True
+        ElseIf nameoftoken = "Error in Session. Please check admin!" Then
+            Dim mailto As String = "support@verag.ag"
+            Dim htmlbody As String
+            VERAG_VARIABLES.seterrorcount(500)
+            Dim Betreff As String = "Session ID" + VERAG_VARIABLES.geterrornumb
+            If String.IsNullOrEmpty(txt_Username.Text) = False And String.IsNullOrEmpty(txt_Username_M.Text) = True Then
+                htmlbody = "<p> Der User " + txt_Username.Text + "hat eine ungültige oder geänderte Session-ID </p> <table><th><td>User</td></th><th><td>neue ID</td></th><tr><td>" + txt_Username.Text + "</td><td>" + Session.SessionID + "</td></tr></table>"
+            ElseIf String.IsNullOrEmpty(txt_Username_M.Text) = False And String.IsNullOrEmpty(txt_Username.Text) = True Then
+                htmlbody = "<p> Der User " + txt_Username_M.Text + "hat eine ungültige oder geänderte Session-ID </p> <table><th><td>User</td></th><th><td>neue ID</td></th><tr><td>" + txt_Username_M.Text + "</td><td>" + Session.SessionID + "</td></tr></table>"
+            End If
+            VERAG_PROG_ALLGEMEIN.cProgramFunctions.sendMail(mailto, Betreff, htmlbody)
+                Return False
             Else
                 Return True
         End If