Änderngen fehlerfall geänderte Session ID

login/ForgotPW.aspx.vb

@@ -184,14 +184,14 @@ Partial Class ForgotPW
                 End Using
 
                 If Session.Item("TokenforEmail") = Nothing Then
-                    tokenname = genToken(username, password, email, customerID, isusrnmright, isCustomeridright, isemailright)
+                    tokenname = genToken(username, password, email, customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession)
                     Session.Add("TokenforEmail", tokenname)
                     Session.Add("SessID", VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(Session.SessionID))
                 Else
                     tokenname = Session.Item("TokenforEmail")
                 End If
 
-                If SendEmail(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusrnmright, isCustomeridright, isemailright) = True Then
+                If SendEmail(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession) = True Then
                     'password = RandomString(New Random, 10)
                     If (getDateoftoken(tokenname) = True) Then
                         'Dim msgboxstyle = vbDefaultButton1 + vbOK
@@ -205,7 +205,7 @@ Partial Class ForgotPW
                         'MsgBox("Token is not valid anymore. Please generate a new one by sending a new e-mail!")
 
                         If Session.Item("TokenforEmail") = Nothing Then
-                            tokenname = genToken(username, password, email, customerID, isusrnmright, isCustomeridright, isemailright)
+                            tokenname = genToken(username, password, email, customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession)
                             Session.Add("TokenforEmail", tokenname)
                         Else
                             tokenname = Session.Item("TokenforEmail")
@@ -215,7 +215,7 @@ Partial Class ForgotPW
                     'MsgBox("Mail would be sent successfully!")
                     lblMessage.ForeColor = Color.Green
                     lblMessage.Text = "The password has been sent sucessfully on the given valid e-mail address."
-                ElseIf SendEmail(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusrnmright, isCustomeridright, isemailright) = True Then
+                ElseIf SendEmail(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession) = True Then
                     'MsgBox("Mail would not be sent successfully!")
                     lblMessage.ForeColor = Color.Red
                     If String.IsNullOrWhiteSpace(username) = True Then
@@ -405,14 +405,14 @@ Partial Class ForgotPW
                 End Using
 
                 If Session.Item("TokenforEmail") = Nothing Then
-                    tokenname = genToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright)
+                    tokenname = genToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession)
                     Session.Add("TokenforEmail", tokenname)
                     Session.Add("SessID", VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(Session.SessionID))
                 Else
                     tokenname = Session.Item("TokenforEmail")
                 End If
 
-                If SendEmail_M(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusernameright, isuserIDright, isuserEmailright) = True Then
+                If SendEmail_M(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession) = True Then
                     'password = RandomString(New Random, 10)
                     If (getDateoftoken(tokenname) = True) Then
                         'Dim msgboxstyle = vbDefaultButton1 + vbOK
@@ -426,7 +426,7 @@ Partial Class ForgotPW
                         'MsgBox("Token is not valid anymore. Please generate a new one by sending a new e-mail!")
 
                         If Session.Item("TokenforEmail") = Nothing Then
-                            tokenname = genToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright)
+                            tokenname = genToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession)
                             Session.Add("TokenforEmail", tokenname)
                         Else
                             tokenname = Session.Item("TokenforEmail")
@@ -436,7 +436,7 @@ Partial Class ForgotPW
                     'MsgBox("Mail would be sent successfully!")
                     lblMessage_M.ForeColor = Color.Green
                     lblMessage_M.Text = "The password has been sent sucessfully on the given valid e-mail address."
-                ElseIf SendEmail_M(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusernameright, isuserIDright, isuserEmailright) = True Then
+                ElseIf SendEmail_M(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession) = True Then
                     'MsgBox("Mail would not be sent successfully!")
                     lblMessage_M.ForeColor = Color.Red
                     If String.IsNullOrWhiteSpace(username) = True Then
@@ -461,7 +461,7 @@ Partial Class ForgotPW
         End Try
     End Sub
 
-    Function SendEmail_M(username As String, password As String, email As String, tokenname As String, userID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean) As Boolean
+    Function SendEmail_M(username As String, password As String, email As String, tokenname As String, userID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean, sessionisnew As Boolean) As Boolean
         Dim getdomianenvironment As String = String.Empty
         Dim pagename As String = String.Empty
         Dim ServPort As String = String.Empty
@@ -469,7 +469,7 @@ Partial Class ForgotPW
         Dim Betreff As String = String.Empty
         Dim htmlbody As String = String.Empty
         Dim emailnr = VERAG_PROG_ALLGEMEIN.cAllgemein.FIRMA_ID.ToString
-        If isusrnmright = True And iscstmIDright = True AndAlso isemailright = True Then
+        If isusrnmright = True And iscstmIDright = True AndAlso isemailright = True And sessionisnew = False Then
             If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
                 'MsgBox(getdomianenvironment)
                 getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME")
@@ -506,7 +506,7 @@ Partial Class ForgotPW
 
             Try
                 If Session.Item("TokenforEmail") = Nothing Then
-                    tokenname = genToken(username, password, email, userID, isusrnmright, iscstmIDright, isemailright)
+                    tokenname = genToken(username, password, email, userID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession)
                     Session.Add("TokenforEmail", tokenname)
                 Else
                     tokenname = Session.Item("TokenforEmail").ToString()
@@ -531,7 +531,7 @@ Partial Class ForgotPW
                     lblMessage_M.Text = "Error02: Mail not delivered!"
                     'MsgBox("Error02: Mail not delivered!" & vbCrLf & "New Token has been generated.")
                     If Session.Item("TokenforEmail") = Nothing Then
-                        tokenname = genToken(username, password, email, userID, isusrnmright, iscstmIDright, isemailright)
+                        tokenname = genToken(username, password, email, userID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession)
                         Session.Add("TokenforEmail", tokenname)
                         Session.Add("USerID", userID)
                     Else
@@ -549,7 +549,7 @@ Partial Class ForgotPW
         End If
     End Function
 
-    Function SendEmail(username As String, password As String, email As String, tokenname As String, userID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean) As Boolean
+    Function SendEmail(username As String, password As String, email As String, tokenname As String, userID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean, sessionisnew As Boolean) As Boolean
         Dim getdomianenvironment As String = String.Empty
         Dim pagename As String = String.Empty
         Dim ServPort As String = String.Empty
@@ -557,7 +557,7 @@ Partial Class ForgotPW
         Dim Betreff As String = String.Empty
         Dim htmlbody As String = String.Empty
         Dim emailnr = VERAG_PROG_ALLGEMEIN.cAllgemein.FIRMA_ID.ToString
-        If isusrnmright = True And iscstmIDright = True AndAlso isemailright = True Then
+        If isusrnmright = True And iscstmIDright = True AndAlso isemailright = True And sessionisnew = False Then
             If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
                 MsgBox(getdomianenvironment)
                 getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME")
@@ -594,7 +594,7 @@ Partial Class ForgotPW
 
             Try
                 If Session.Item("TokenforEmail") = Nothing Then
-                    tokenname = genToken(username, password, email, userID, isusrnmright, iscstmIDright, isemailright)
+                    tokenname = genToken(username, password, email, userID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession)
                     Session.Add("TokenforEmail", tokenname)
                 Else
                     tokenname = Session.Item("TokenforEmail").ToString()
@@ -619,7 +619,7 @@ Partial Class ForgotPW
                     lblMessage.Text = "Error02: Mail not delivered!"
                     'MsgBox("Error02: Mail not delivered!" & vbCrLf & "New Token has been generated.")
                     If Session.Item("TokenforEmail") = Nothing Then
-                        tokenname = genToken(username, password, email, userID, isusrnmright, iscstmIDright, isemailright)
+                        tokenname = genToken(username, password, email, userID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession)
                         Session.Add("TokenforEmail", tokenname)
                         Session.Add("USerID", userID)
                     Else
@@ -638,44 +638,48 @@ Partial Class ForgotPW
         End If
     End Function
 
-    Function genToken(username As String, password As String, email As String, CustomerID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean) As String
+    Function genToken(username As String, password As String, email As String, CustomerID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean, isnewSession As Boolean) As String
-        Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary())
+        If isnewSession = False Then
-        Dim Key() As Byte = Guid.NewGuid().ToByteArray()
+            Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary())
-        Dim token As String
+            Dim Key() As Byte = Guid.NewGuid().ToByteArray()
-        If isusrnmright = True And iscstmIDright = True And isemailright = True Then
+            Dim token As String
-            Try
+            If isusrnmright = True And iscstmIDright = True And isemailright = True Then
-                token = VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(Convert.ToBase64String(time.Concat(Key).ToArray()))
+                Try
-                Return token
+                    token = VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(Convert.ToBase64String(time.Concat(Key).ToArray()))
-            Catch Ex As Exception
-                Dim Msg, Style, Title As String
-                Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given."
-                Style = vbRetry + vbExclamation + vbDefaultButton1
-                Title = "Error05: Token-Generierung"
-                'MsgBox(Msg, Style, Title)
-
-                'If MsgBox(Msg, Style, Title).Retry Then
-                'genToken(username, password, email)
-                token = VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(Convert.ToBase64String(time.Concat(Key).ToArray()))
-                If SendEmail(username, password, email, token, CustomerID, isusrnmright, iscstmIDright, isemailright) = True Then
-                    'MsgBox("Email could not been sent because of an internal encryption error.", vbOK + vbInformation + vbDefaultButton1, "Token-Generation Error")
-                Else
-                    'MsgBox("Email has been sent successful." & vbCr & "Please check your E-Mails!", vbOK + vbInformation + vbDefaultButton1, "Token-Generation successful!")
-                End If
-                'Else
-                'MsgBox("Token-Generation has not been successful." & vbCrLf & "Please try again in five seconds!")
-                Dim jetzt As DateTime = DateTime.UtcNow
-                Dim wenn As DateTime = DateTime.UtcNow.AddSeconds(-5)
-
-                If jetzt < wenn Then
-                    Return "NotYet"
-                Else
-                    token = genToken(username, password, email, CustomerID, isusrnmright, iscstmIDright, isemailright)
                     Return token
-                    'End If
+                Catch Ex As Exception
-                End If
+                    Dim Msg, Style, Title As String
-            End Try
+                    Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given."
+                    Style = vbRetry + vbExclamation + vbDefaultButton1
+                    Title = "Error05: Token-Generierung"
+                    'MsgBox(Msg, Style, Title)
+
+                    'If MsgBox(Msg, Style, Title).Retry Then
+                    'genToken(username, password, email)
+                    token = VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(Convert.ToBase64String(time.Concat(Key).ToArray()))
+                    If SendEmail(username, password, email, token, CustomerID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession) = True Then
+                        'MsgBox("Email could not been sent because of an internal encryption error.", vbOK + vbInformation + vbDefaultButton1, "Token-Generation Error")
+                    Else
+                        'MsgBox("Email has been sent successful." & vbCr & "Please check your E-Mails!", vbOK + vbInformation + vbDefaultButton1, "Token-Generation successful!")
+                    End If
+                    'Else
+                    'MsgBox("Token-Generation has not been successful." & vbCrLf & "Please try again in five seconds!")
+                    Dim jetzt As DateTime = DateTime.UtcNow
+                    Dim wenn As DateTime = DateTime.UtcNow.AddSeconds(-5)
+
+                    If jetzt < wenn Then
+                        Return "NotYet"
+                    Else
+                        token = genToken(username, password, email, CustomerID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession)
+                        Return token
+                        'End If
+                    End If
+                End Try
+            Else
+                Return String.Empty
+            End If
         Else
-            Return String.Empty
+            Return "Error in Session. Please check admin!"
         End If
     End Function
 
@@ -701,8 +705,20 @@ Partial Class ForgotPW
             Return True
         ElseIf nameoftoken = "NotYet" Then
             Return True
-        Else
+        ElseIf nameoftoken = "Error in Session. Please check admin!" Then
-            Return True
+            Dim mailto As String = "support@verag.ag"
+            Dim htmlbody As String
+            VERAG_VARIABLES.seterrorcount(500)
+            Dim Betreff As String = "Session ID" + VERAG_VARIABLES.geterrornumb
+            If String.IsNullOrEmpty(txt_Username.Text) = False And String.IsNullOrEmpty(txt_Username_M.Text) = True Then
+                htmlbody = "<p> Der User " + txt_Username.Text + "hat eine ungültige oder geänderte Session-ID </p> <table><th><td>User</td></th><th><td>neue ID</td></th><tr><td>" + txt_Username.Text + "</td><td>" + Session.SessionID + "</td></tr></table>"
+            ElseIf String.IsNullOrEmpty(txt_Username_M.Text) = False And String.IsNullOrEmpty(txt_Username.Text) = True Then
+                htmlbody = "<p> Der User " + txt_Username_M.Text + "hat eine ungültige oder geänderte Session-ID </p> <table><th><td>User</td></th><th><td>neue ID</td></th><tr><td>" + txt_Username_M.Text + "</td><td>" + Session.SessionID + "</td></tr></table>"
+            End If
+            VERAG_PROG_ALLGEMEIN.cProgramFunctions.sendMail(mailto, Betreff, htmlbody)
+                Return False
+            Else
+                Return True
         End If
     End Function