From b2e087efcf8f6fd30aa9c00c078b27b45aea1944 Mon Sep 17 00:00:00 2001 From: ja Date: Thu, 2 Dec 2021 12:02:25 +0100 Subject: [PATCH] =?UTF-8?q?=C3=84nderungen=20GUI=20und=20Implementierung?= =?UTF-8?q?=20Hashfunktion=20in=20Praxis=20bei=20PW-Wechsel?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- login/Change_PW.aspx.vb | 211 +++++++++++++++++++++++++++++-------- login/ForgotPW.aspx.vb | 61 ++++++----- newpageJulius_Sidebar.aspx | 12 +-- 3 files changed, 205 insertions(+), 79 deletions(-) diff --git a/login/Change_PW.aspx.vb b/login/Change_PW.aspx.vb index ace2e4d..b997711 100644 --- a/login/Change_PW.aspx.vb +++ b/login/Change_PW.aspx.vb @@ -1,5 +1,6 @@  Imports System.Data.SqlClient +Imports System.Security.Cryptography Partial Class login_Change_PW Inherits System.Web.UI.Page @@ -123,7 +124,17 @@ Partial Class login_Change_PW Protected Sub btn_submitpw_Click(sender As Object, e As EventArgs) Dim tempstr As String = "" - Dim Msg, Style, Title As String + Dim UsernameDB As String = String.Empty + Dim pwDB As String = String.Empty + Dim EmailDB As String = String.Empty + Dim UsrIdDB As String = String.Empty + Dim CustomerIDDB As String = String.Empty + Dim UsrIDIsright As Boolean = False + Dim isemailright As Boolean = False + Dim isusrnmright As Boolean = False + Dim iscstmrIDight As Boolean = False + Dim IsPWRequal As Boolean = True + 'Dim Msg, Style, Title As String reqPassw1txt_M.Enabled = False reqPasswtxt_M.Enabled = False reqPasswtxt.Enabled = True @@ -138,7 +149,6 @@ Partial Class login_Change_PW txt_Pw_WH.Enabled = False - Dim ConnectionString = "" If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then @@ -153,12 +163,14 @@ Partial Class login_Change_PW If reqPassw1txt.IsValid = True Then Using con As New SqlConnection(ConnectionString) ' Using cmd As New SqlCommand("Validate_User") - Using cmd As New SqlCommand("SELECT UserId,Username,Password FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND UserId=@UserId") + Using cmd As New SqlCommand("SELECT UserId,Username,Password,Email,UserId,KundenNr FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND UserId=@UserId") ' cmd.CommandType = CommandType.StoredProcedure Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")) Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")) + Dim THEUsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par4")) + Dim email As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par5")) cmd.Parameters.AddWithValue("@Username", usrname) - cmd.Parameters.AddWithValue("@UserId", UsrID) + cmd.Parameters.AddWithValue("@UserId", THEUsrID) cmd.Connection = con con.Open() Dim dr As SqlDataReader = cmd.ExecuteReader() @@ -166,9 +178,29 @@ Partial Class login_Change_PW dr.Read() If String.Equals(txt_Pw_WH.Text, dr("Password").ToString) = False Then tempstr = txt_Pw_WH.Text + UsernameDB = dr("Username").ToString + pwDB = dr("Password").ToString + EmailDB = dr("Email").ToString + UsrIdDB = dr("UserId").ToString + CustomerIDDB = dr("KundenNr").ToString Else lbl_messagetext.Text = "The new password should differ from the old one!" End If + If String.Equals(THEUsrID, UsrIdDB, StringComparison.CurrentCulture) = True Then + UsrIDIsright = True + End If + If String.Equals(txt_Pw.Text, pwDB, StringComparison.CurrentCulture) = False Then + IsPWRequal = False + End If + If String.Equals(usrname, UsernameDB, StringComparison.CurrentCulture) = True Then + isusrnmright = True + End If + If String.Equals(UsrID, CustomerIDDB, StringComparison.CurrentCulture) = True Then + iscstmrIDight = True + End If + If String.Equals(email, EmailDB, StringComparison.CurrentCulture) = True Then + isemailright = True + End If End If dr.Close() End Using @@ -185,13 +217,15 @@ Partial Class login_Change_PW tempstr = "Error01" End If - If String.Equals(txt_Pw.Text, tempstr) = True AndAlso String.Equals(txt_Pw_WH.Text, tempstr) = True AndAlso String.IsNullOrEmpty(txt_Pw_M.Text) = True And String.IsNullOrEmpty(txt_Pw_WH_M.Text) = True And String.Equals(tempstr, "Error01") = False And tempstr = "Error02" Then + If String.Equals(txt_Pw.Text, tempstr) = True AndAlso String.Equals(txt_Pw_WH.Text, tempstr) = True AndAlso String.IsNullOrEmpty(txt_Pw_M.Text) = True And String.IsNullOrEmpty(txt_Pw_WH_M.Text) = True And String.Equals(tempstr, "Error01") = False And Not tempstr = "Error02" Then If regexval_txt_Pw.IsValid = True Then Try Dim ConnectionString = "" Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")) Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")) + Dim THEUsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par4")) + Dim Email As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par5")) If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then 'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956" ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" @@ -199,26 +233,29 @@ Partial Class login_Change_PW ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" 'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;" End If - If regexval_txt_Pw.IsValid = True Then - Using con As New SqlConnection(ConnectionString) - Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET [Password]=@Password WHERE [Username]=@Username AND [UserId]=@UserId") - ' cmd.CommandType = CommandType.StoredProcedure - cmd.Parameters.AddWithValue("@Username", usrname) - cmd.Parameters.AddWithValue("@Password", txt_Pw_WH.Text) - cmd.Parameters.AddWithValue("@UserId", UsrID) - cmd.Connection = con - con.Open() - If String.IsNullOrEmpty(usrname) = False Then - cmd.ExecuteNonQuery() - btn_submitpw.Visible = True - Else - VERAG_VARIABLES.seterrorcount(25) - 'lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb() + "Error at changing the Password." - End If + Dim istokenhash As String = gensaltToken(usrname, tempstr, Email, Session.IsNewSession) + Dim istokenDBhash As String = gensaltToken(UsrIdDB, pwDB, EmailDB, Session.IsNewSession) + If regexval_txt_Pw.IsValid = True And IsPWRequal = False Then + If String.Equals(istokenhash, istokenDBhash, StringComparison.CurrentCulture) = True Then + Using con As New SqlConnection(ConnectionString) + Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET [Password]=@Password WHERE [Username]=@Username AND [UserId]=@UserId") + ' cmd.CommandType = CommandType.StoredProcedure + cmd.Parameters.AddWithValue("@Username", usrname) + cmd.Parameters.AddWithValue("@Password", txt_Pw_WH.Text) + cmd.Parameters.AddWithValue("@UserId", UsrID) + cmd.Connection = con + con.Open() + If String.IsNullOrEmpty(usrname) = False Then + cmd.ExecuteNonQuery() + btn_submitpw.Visible = True + Else + VERAG_VARIABLES.seterrorcount(25) + 'lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb() + "Error at changing the Password." + End If + End Using + con.Close() End Using - con.Close() - End Using - + End If Else VERAG_VARIABLES.seterrorcount(22) 'lbl_messagetext_M.ForeColor = Drawing.Color.Red @@ -228,9 +265,7 @@ Partial Class login_Change_PW lbl_messagetext.Text = ex.Message End Try End If - Msg = "PW erfolgreich geändert!" - Style = vbOKOnly + vbInformation + vbDefaultButton1 - Title = "Information" + regexval_txt_Pw.ForeColor = Drawing.Color.Green regexval_txt_Pw.Text = "Passwort has been changed successfully!" 'MsgBox(Msg, Style, Title) @@ -305,6 +340,16 @@ Partial Class login_Change_PW Protected Sub btn_submitpw_M_Click(sender As Object, e As EventArgs) Dim tempstr As String = "" + Dim pwDB As String = String.Empty + Dim EmailDB As String = String.Empty + Dim usrnmDB As String = String.Empty + Dim TheUsrIdDB As String = String.Empty + Dim customerIDDB As String = String.Empty + Dim isusernameright As Boolean = False + Dim isemailright As Boolean = False + Dim ispwrEqual As Boolean = False + Dim isUSrIDright As Boolean = False + Dim isctmrIDright As Boolean = False Dim ConnectionString = "" confirmPasswordReq.Enabled = False confirmPasswordReq_M.Enabled = True @@ -330,15 +375,18 @@ Partial Class login_Change_PW ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" 'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;" End If + Using con As New SqlConnection(ConnectionString) ' Using cmd As New SqlCommand("Validate_User") - Using cmd As New SqlCommand("SELECT UserId,Username,Password FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND UserId=@UserId And UserId=@UserId") + Using cmd As New SqlCommand("SELECT UserId,Username,Password,Email,KundeNr FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND UserId=@UserId And UserId=@UserId") ' cmd.CommandType = CommandType.StoredProcedure Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")).ToString Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")).ToString - Dim THEUsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par4")).ToString + Dim THEUsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par4")).ToString + Dim Email As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par5")).ToString cmd.Parameters.AddWithValue("@Username", usrname) cmd.Parameters.AddWithValue("@UserId", UsrID) + cmd.Connection = con con.Open() ' userId = Convert.ToInt32(cmd.ExecuteScalar()) @@ -347,10 +395,33 @@ Partial Class login_Change_PW dr.Read() If String.Equals(txt_Pw_M.Text, dr("Password").ToString, StringComparison.CurrentCulture) = False Or String.Equals(txt_Pw_WH_M.Text, dr("Password").ToString, StringComparison.CurrentCulture) = False Then tempstr = txt_Pw_M.Text + EmailDB = dr("Email").ToString + pwDB = dr("Password").ToString + usrnmDB = dr("Username").ToString + TheUsrIdDB = dr("UserId").ToString + customerIDDB = dr("KundenNr").ToString + If String.Equals(usrname, usrnmDB, StringComparison.CurrentCulture) = True Then + isusernameright = True + End If + If String.Equals(Email, EmailDB, StringComparison.CurrentCulture) = True Then + isemailright = True + End If + If String.Equals(txt_Pw_M.Text, pwDB, StringComparison.CurrentCulture) = False Then + ispwrEqual = False + End If + If String.Equals(UsrID, TheUsrIdDB, StringComparison.CurrentCulture) = True Then + isUSrIDright = True + End If + If String.Equals(THEUsrID, customerIDDB, StringComparison.CurrentCulture) = True Then + isctmrIDright = True + End If Else lbl_messagetext_M.ForeColor = Drawing.Color.Red lbl_messagetext_M.Text = "The chosen password should not be the old one!" End If + If String.Compare(usrname, dr("Username")) = True Then + isusernameright = True + End If End If dr.Close() End Using @@ -364,6 +435,8 @@ Partial Class login_Change_PW ConnectionString = "" Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")).ToString Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")).ToString + Dim THEUsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par4")).ToString + Dim Email As String = Request.QueryString("Par5").ToString If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then 'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956" ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" @@ -371,24 +444,30 @@ Partial Class login_Change_PW ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" 'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;" End If - Using con As New SqlConnection(ConnectionString) - Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET Password=@Password WHERE Username=@Username AND UserId=@UserId") - ' cmd.CommandType = CommandType.StoredProcedure - cmd.Parameters.AddWithValue("@Username", usrname) - cmd.Parameters.AddWithValue("@Password", tempstr) - cmd.Parameters.AddWithValue("@UserId", UsrID) - cmd.Connection = con - con.Open() - If String.Equals(usrname, VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt("Par2"), CompareMethod.Text) = True Then - cmd.ExecuteNonQuery() - regexval_txt_Pw_M.ForeColor = Drawing.Color.Green - regexval_txt_Pw_M.Text = "Password has been changed sucessfully!" - Else - btn_submitpw_M.Text = "Back to Login!" - btn_submitpw_M.PostBackUrl = "login_FLEX.apsx" + Using con As New SqlConnection(ConnectionString) + Dim istokenhash As String = gensaltToken(usrname, tempstr, Email, Session.IsNewSession) + Dim istokenDBhash As String = gensaltToken(usrnmDB, pwDB, EmailDB, Session.IsNewSession) + If regexval_txt_Pw.IsValid = True And ispwrEqual = False Then + If String.Equals(istokenhash, istokenDBhash, StringComparison.CurrentCulture) = True Then + Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET Password=@Password WHERE Username=@Username AND UserId=@UserId") + ' cmd.CommandType = CommandType.StoredProcedure + cmd.Parameters.AddWithValue("@Username", usrname) + cmd.Parameters.AddWithValue("@Password", tempstr) + cmd.Parameters.AddWithValue("@UserId", UsrID) + cmd.Connection = con + con.Open() + If String.Equals(usrname, VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt("Par2"), CompareMethod.Text) = True Then + cmd.ExecuteNonQuery() + regexval_txt_Pw_M.ForeColor = Drawing.Color.Green + regexval_txt_Pw_M.Text = "Password has been changed sucessfully!" + Else + btn_submitpw_M.Text = "Back to Login!" + btn_submitpw_M.PostBackUrl = "login_FLEX.apsx" + End If + End Using End If - End Using + End If con.Close() End Using Catch ex As Exception @@ -424,4 +503,46 @@ Partial Class login_Change_PW End If End If End Sub + Function gensaltToken(username As String, password As String, email As String, isnewSession As Boolean) As String + If isnewSession = False Then + Dim token As String + + Dim intzahl = RandomInteger(Math.Pow(2, 5), Math.Pow(2, 8)) + Dim intzahl2 = RandomInteger(Math.Pow(2, 5), Math.Pow(2, 6)) + Dim Rand As Random = New Random + If String.IsNullOrEmpty(password) = False Then + Try + Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl) + Dim tok As String = password + token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 1991, intzahl)) + Return token + Catch Ex As Exception + 'Dim Msg, Style, Title As String + 'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given." + 'Style = vbRetry + vbExclamation + vbDefaultButton1 + 'Title = "Error05: Token-Generierung" + 'MsgBox(Msg, Style, Title) + 'If MsgBox(Msg, Style, Title).Retry Then + 'genToken(username, password, email) + Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl2) + Dim tok As String = password + token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 1991, intzahl2)) + Return token + + End Try + Else + Return String.Empty + End If + Else + Return "Error in Session ID. It has changed. Please check admin!" + End If + End Function + Public Function RandomInteger(ByVal min As Integer, ByVal _ + max As Integer) As Integer + Dim rand As New RNGCryptoServiceProvider() + Dim one_byte() As Byte = {0} + rand.GetBytes(one_byte) + Return min + (max - min) * (one_byte(0) / 255) + End Function + End Class \ No newline at end of file diff --git a/login/ForgotPW.aspx.vb b/login/ForgotPW.aspx.vb index f56b726..7804e76 100644 --- a/login/ForgotPW.aspx.vb +++ b/login/ForgotPW.aspx.vb @@ -6,6 +6,7 @@ Imports System.Data.SqlClient Imports System.Data Imports System.Threading Imports System.Threading.Tasks +Imports System.Security.Cryptography Partial Class ForgotPW Inherits System.Web.UI.Page @@ -460,8 +461,8 @@ Partial Class ForgotPW 'md5temptoken = Await Findtokenhashsalt(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession, UserID) - 'md5temptoken = gensaltToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession, UserID) - 'MsgBox("Token:" + tokenname + Environment.NewLine + "md5" + md5temptoken) + md5temptoken = gensaltToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession, UserID) + MsgBox("Token:" + tokenname + Environment.NewLine + "md5" + md5temptoken) If SendEmail_M(username, password, email, tokenname, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession, UserID) = True Then 'password = RandomString(New Random, 10) @@ -533,7 +534,7 @@ Partial Class ForgotPW Dim Ausschusstext2 As String = "und Zinsen zuletzt auf Zölle angerechnet. Zahlbar und klagbar in Schärding oder Ried. Steuer-Zoll-und Tarifauskünfte sind unverbindlich." Dim Ausschusstext3 As String = "We operate exclusively on the basis of the General Freight Forwarding Terms and Conditions in the respectively applicable version. Payments are initially" Dim Ausschusstext4 As String = "charged on freight, fees and interests and at last on customs duties. The place of jurisdiction: Schärding / Ried. Tax, customs and tariff information are not binding." - htmlbody = String.Format("Dear {0}," + Environment.NewLine + Environment.NewLine + " Please follow the Link to reset your password:
" + Environment.NewLine + "http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(tokenname) + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "" + Environment.NewLine + "

Notice:
The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!
To resend the E_Mail: Follow this Link

Kind regards,
VERAG | EDV Support
" + mailpic + "
VERAG Spedition AG | A 4975 Suben, Nr. 100
T.+43 7711 2777-xx |support@verag.ag |" + emailnr + "FN xxxxxxx
" + Ausschusstext + "
" + Ausschusstext2 + "
" + Ausschusstext3 + "
" + Ausschusstext4 + "
", username, password) + htmlbody = String.Format("Dear {0}," + Environment.NewLine + Environment.NewLine + " Please follow the Link to reset your password:
" + Environment.NewLine + "http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(tokenname) + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "&Par5=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(email) + "" + Environment.NewLine + "

Notice:
The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!
To resend the E-Mail: Follow this Link

Kind regards,
VERAG | EDV Support
" + mailpic + "
VERAG Spedition AG | A 4975 Suben, Nr. 100
T.+43 7711 2777-xx |support@verag.ag |" + emailnr + "FN xxxxxxx
" + Ausschusstext + "
" + Ausschusstext2 + "
" + Ausschusstext3 + "
" + Ausschusstext4 + "
", username, password) ElseIf String.IsNullOrEmpty(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = False Then getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME") 'MsgBox(getdomianenvironment) @@ -546,7 +547,7 @@ Partial Class ForgotPW Dim Ausschusstext2 As String = "und Zinsen zuletzt auf Zölle angerechnet. Zahlbar und klagbar in Schärding oder Ried. Steuer-Zoll-und Tarifauskünfte sind unverbindlich." Dim Ausschusstext3 As String = "We operate exclusively on the basis of the General Freight Forwarding Terms and Conditions in the respectively applicable version. Payments are initially" Dim Ausschusstext4 As String = "charged on freight, fees and interests and at last on customs duties. The place of jurisdiction: Schärding / Ried. Tax, customs and tariff information are not binding." - htmlbody = String.Format("Dear {0}," + Environment.NewLine + Environment.NewLine + " Please follow the Link to reset your password:
" + Environment.NewLine + "http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "" + Environment.NewLine + "

Notice:
The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!
To resend the E_Mail: Follow this Link
Kind regards,
VERAG | EDV Support
" + mailpic + "
VERAG Spedition AG | A 4975 Suben, Nr. 100
T.+43 7711 2777-xx |support@verag.ag | " + emailnr + "FN xxxxxxx
" + Ausschusstext + "
" + Ausschusstext2 + "
" + Ausschusstext3 + "
" + Ausschusstext4 + "
", username, password) + htmlbody = String.Format("Dear {0}," + Environment.NewLine + Environment.NewLine + " Please follow the Link to reset your password:
" + Environment.NewLine + "http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "&Par5=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(email) + "" + Environment.NewLine + "

Notice:
The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!
To resend the E-Mail: Follow this Link
Kind regards,
VERAG | EDV Support
" + mailpic + "
VERAG Spedition AG | A 4975 Suben, Nr. 100
T.+43 7711 2777-xx |support@verag.ag | " + emailnr + "FN xxxxxxx
" + Ausschusstext + "
" + Ausschusstext2 + "
" + Ausschusstext3 + "
" + Ausschusstext4 + "
", username, password) ElseIf String.IsNullOrWhiteSpace(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = True Then 'MsgBox("Error09:" + Environment.NewLine + "The Domain could not be vaildated. Check Link please or contact the Administrator of the program.") lblMessage_M.ForeColor = Color.OrangeRed @@ -632,7 +633,7 @@ Partial Class ForgotPW Dim Ausschusstext2 As String = "und Zinsen zuletzt auf Zölle angerechnet. Zahlbar und klagbar in Schärding oder Ried. Steuer-Zoll-und Tarifauskünfte sind unverbindlich." Dim Ausschusstext3 As String = "We operate exclusively on the basis of the General Freight Forwarding Terms and Conditions in the respectively applicable version. Payments are initially" Dim Ausschusstext4 As String = "charged on freight, fees and interests and at last on customs duties. The place of jurisdiction: Schärding / Ried. Tax, customs and tariff information are not binding." - htmlbody = String.Format("Dear {0},

Please follow the Link to reset your password:

" + Environment.NewLine + "http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "" + Environment.NewLine + "

Notice:
The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!
To resend the E-Mail: http://" + getdomianenvironment + ServPort + "/login/ForgotPW.aspx

Kind regards,
VERAG | EDV Support
" + mailpic + "
VERAG Spedition AG | A 4975 Suben, Nr. 100
T.+43 7711 2777-xx |support@verag.ag |" + emailnr + "FN xxxxxxx
" + Ausschusstext + "
" + Ausschusstext2 + "
" + Ausschusstext3 + "
" + Ausschusstext4 + "
", username, password) + htmlbody = String.Format("Dear {0},

Please follow the Link to reset your password:

" + Environment.NewLine + "http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "&Par5=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(email) + "" + Environment.NewLine + "

Notice:
The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!
To resend the E-Mail: http://" + getdomianenvironment + ServPort + "/login/ForgotPW.aspx

Kind regards,
VERAG | EDV Support
" + mailpic + "
VERAG Spedition AG | A 4975 Suben, Nr. 100
T.+43 7711 2777-xx |support@verag.ag |" + emailnr + "FN xxxxxxx
" + Ausschusstext + "
" + Ausschusstext2 + "
" + Ausschusstext3 + "
" + Ausschusstext4 + "
", username, password) ElseIf String.IsNullOrEmpty(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = False Then getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME") 'MsgBox(getdomianenvironment) @@ -645,7 +646,7 @@ Partial Class ForgotPW Dim Ausschusstext2 As String = "und Zinsen zuletzt auf Zölle angerechnet. Zahlbar und klagbar in Schärding oder Ried. Steuer-Zoll-und Tarifauskünfte sind unverbindlich." Dim Ausschusstext3 As String = "We operate exclusively on the basis of the General Freight Forwarding Terms and Conditions in the respectively applicable version. Payments are initially" Dim Ausschusstext4 As String = "charged on freight, fees and interests and at last on customs duties. The place of jurisdiction: Schärding / Ried. Tax, customs and tariff information are not binding." - htmlbody = String.Format("Dear {0},

Please follow the Link to reset your password:

" + Environment.NewLine + "http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "" + Environment.NewLine + "

Notice:
The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!
To resend the E-Mail: http://" + getdomianenvironment + "/login/ForgotPW.aspx

Kind regards,
VERAG | EDV Support
" + mailpic + "
VERAG Spedition AG | A 4975 Suben, Nr. 100
T.+43 7711 2777-xx |support@verag.ag | " + emailnr + "FN xxxxxxx
" + Ausschusstext + "
" + Ausschusstext2 + "
" + Ausschusstext3 + "
" + Ausschusstext4 + "
", username, password) + htmlbody = String.Format("Dear {0},

Please follow the Link to reset your password:

" + Environment.NewLine + "http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "&Par5=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(email) + "" + Environment.NewLine + "

Notice:
The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!
To resend the E-Mail: http://" + getdomianenvironment + "/login/ForgotPW.aspx

Kind regards,
VERAG | EDV Support
" + mailpic + "
VERAG Spedition AG | A 4975 Suben, Nr. 100
T.+43 7711 2777-xx |support@verag.ag | " + emailnr + "FN xxxxxxx
" + Ausschusstext + "
" + Ausschusstext2 + "
" + Ausschusstext3 + "
" + Ausschusstext4 + "
", username, password) ElseIf String.IsNullOrWhiteSpace(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = True Then 'MsgBox("Error09:" + Environment.NewLine + "The Domain could not be vaildated. Check Link please or contact the Administrator of the program.") lblMessage.ForeColor = Color.OrangeRed @@ -747,25 +748,29 @@ Partial Class ForgotPW Return "Error in Session ID. It has changed. Please check admin!" End If End Function + + Public Function RandomInteger(ByVal min As Integer, ByVal _ + max As Integer) As Integer + Dim rand As New RNGCryptoServiceProvider() + Dim one_byte() As Byte = {0} + rand.GetBytes(one_byte) + Return min + (max - min) * (one_byte(0) / 255) + End Function + Function gensaltToken(username As String, password As String, email As String, CustomerID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean, isnewSession As Boolean, theUserID As String) As String If isnewSession = False Then Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary()) Dim Key() As Byte = Guid.NewGuid().ToByteArray() Dim token As String - Dim MyMin As Integer = 25, MyMax As Integer = 788755, My1stRandomNumber As Integer, My2ndRandomNumber As Integer - ' Create a random number generator - Dim Generator As System.Random = New System.Random() - ' Get a random number >= MyMin and <= MyMax - My1stRandomNumber = Generator.Next(MyMin, MyMax + 1) ' Note: Next function returns numbers _less than_ max, so pass in max + 1 to include max as a possible value - - ' Get another random number (don't create a new generator, use the same one) - My2ndRandomNumber = Generator.Next(MyMin, MyMax + 1) + Dim intzahl = RandomInteger(Math.Pow(2, 5), Math.Pow(2, 8)) + Dim intzahl2 = RandomInteger(Math.Pow(2, 5), Math.Pow(2, 6)) + Dim Rand As Random = New Random If isusrnmright = True And iscstmIDright = True And isemailright = True AndAlso String.IsNullOrEmpty(theUserID) = False Then Try - Dim salt As String = VERAG_VARIABLES.GenerateSalt(My1stRandomNumber) + Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl) Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray()) - token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 1991, My1stRandomNumber)) + token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 1991, intzahl)) Return token Catch Ex As Exception 'Dim Msg, Style, Title As String @@ -775,9 +780,9 @@ Partial Class ForgotPW 'MsgBox(Msg, Style, Title) 'If MsgBox(Msg, Style, Title).Retry Then 'genToken(username, password, email) - Dim salt As String = VERAG_VARIABLES.GenerateSalt(My1stRandomNumber) + Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl2) Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray()) - token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 1991, My2ndRandomNumber)) + token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 1991, intzahl2)) Return token End Try @@ -829,16 +834,16 @@ Partial Class ForgotPW End Function - 'Function RandomString(r As Random, max As Integer) As String - 'Dim s As String = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!§$%&/?=" - 'Dim sb As New StringBuilder - 'Dim cnt As Integer = r.Next(4, max) - 'For i As Integer = 1 To cnt - 'Dim idx As Integer = r.Next(0, s.Length) - ' sb.Append(s.Substring(idx, 1)) - 'Next - 'Return sb.ToString() - 'End Function + Function RandomString(r As Random, max As Integer) As String + Dim s As String = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!§$%&/?=" + Dim sb As New StringBuilder + Dim cnt As Integer = r.Next(4, max) + For i As Integer = 1 To cnt + Dim idx As Integer = r.Next(0, s.Length) + sb.Append(s.Substring(idx, 1)) + Next + Return sb.ToString() + End Function Protected Sub btn_Testmail_Click(sender As Object, e As EventArgs) Dim username As String = "userwithlongername" diff --git a/newpageJulius_Sidebar.aspx b/newpageJulius_Sidebar.aspx index 220d2f7..7fa4b08 100644 --- a/newpageJulius_Sidebar.aspx +++ b/newpageJulius_Sidebar.aspx @@ -164,23 +164,23 @@ background-repeat: no-repeat; background-attachment:fixed; background-size:cover; - width:385.98px; + width:388.98px; /* background-color:#043381;*/ } #content{ - width:385.98px; + width:390.98px; } frame2{ - width:385.98px; + width:390.98px; } leftLinks{ - width:385.98px; + width:390.98px; } #main_page{ - width:385.98px; + width:390.98px; } #content_all{ - width:385.98px; + width:390.98px; } } @media (max-width: 323px){