Änderungen GUI und Implementierung Hashfunktion in Praxis bei PW-Wechsel
This commit is contained in:
ja
@@ -1,5 +1,6 @@
|
||||
|
||||
Imports System.Data.SqlClient
|
||||
Imports System.Security.Cryptography
|
||||
|
||||
Partial Class login_Change_PW
|
||||
Inherits System.Web.UI.Page
|
||||
@@ -123,7 +124,17 @@ Partial Class login_Change_PW
|
||||
|
||||
Protected Sub btn_submitpw_Click(sender As Object, e As EventArgs)
|
||||
Dim tempstr As String = ""
|
||||
Dim Msg, Style, Title As String
|
||||
Dim UsernameDB As String = String.Empty
|
||||
Dim pwDB As String = String.Empty
|
||||
Dim EmailDB As String = String.Empty
|
||||
Dim UsrIdDB As String = String.Empty
|
||||
Dim CustomerIDDB As String = String.Empty
|
||||
Dim UsrIDIsright As Boolean = False
|
||||
Dim isemailright As Boolean = False
|
||||
Dim isusrnmright As Boolean = False
|
||||
Dim iscstmrIDight As Boolean = False
|
||||
Dim IsPWRequal As Boolean = True
|
||||
'Dim Msg, Style, Title As String
|
||||
reqPassw1txt_M.Enabled = False
|
||||
reqPasswtxt_M.Enabled = False
|
||||
reqPasswtxt.Enabled = True
|
||||
@@ -138,7 +149,6 @@ Partial Class login_Change_PW
|
||||
|
||||
txt_Pw_WH.Enabled = False
|
||||
|
||||
|
||||
Dim ConnectionString = ""
|
||||
|
||||
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
|
||||
@@ -153,12 +163,14 @@ Partial Class login_Change_PW
|
||||
If reqPassw1txt.IsValid = True Then
|
||||
Using con As New SqlConnection(ConnectionString)
|
||||
' Using cmd As New SqlCommand("Validate_User")
|
||||
Using cmd As New SqlCommand("SELECT UserId,Username,Password FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND UserId=@UserId")
|
||||
Using cmd As New SqlCommand("SELECT UserId,Username,Password,Email,UserId,KundenNr FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND UserId=@UserId")
|
||||
' cmd.CommandType = CommandType.StoredProcedure
|
||||
Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2"))
|
||||
Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3"))
|
||||
Dim THEUsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par4"))
|
||||
Dim email As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par5"))
|
||||
cmd.Parameters.AddWithValue("@Username", usrname)
|
||||
cmd.Parameters.AddWithValue("@UserId", UsrID)
|
||||
cmd.Parameters.AddWithValue("@UserId", THEUsrID)
|
||||
cmd.Connection = con
|
||||
con.Open()
|
||||
Dim dr As SqlDataReader = cmd.ExecuteReader()
|
||||
@@ -166,9 +178,29 @@ Partial Class login_Change_PW
|
||||
dr.Read()
|
||||
If String.Equals(txt_Pw_WH.Text, dr("Password").ToString) = False Then
|
||||
tempstr = txt_Pw_WH.Text
|
||||
UsernameDB = dr("Username").ToString
|
||||
pwDB = dr("Password").ToString
|
||||
EmailDB = dr("Email").ToString
|
||||
UsrIdDB = dr("UserId").ToString
|
||||
CustomerIDDB = dr("KundenNr").ToString
|
||||
Else
|
||||
lbl_messagetext.Text = "The new password should differ from the old one!"
|
||||
End If
|
||||
If String.Equals(THEUsrID, UsrIdDB, StringComparison.CurrentCulture) = True Then
|
||||
UsrIDIsright = True
|
||||
End If
|
||||
If String.Equals(txt_Pw.Text, pwDB, StringComparison.CurrentCulture) = False Then
|
||||
IsPWRequal = False
|
||||
End If
|
||||
If String.Equals(usrname, UsernameDB, StringComparison.CurrentCulture) = True Then
|
||||
isusrnmright = True
|
||||
End If
|
||||
If String.Equals(UsrID, CustomerIDDB, StringComparison.CurrentCulture) = True Then
|
||||
iscstmrIDight = True
|
||||
End If
|
||||
If String.Equals(email, EmailDB, StringComparison.CurrentCulture) = True Then
|
||||
isemailright = True
|
||||
End If
|
||||
End If
|
||||
dr.Close()
|
||||
End Using
|
||||
@@ -185,13 +217,15 @@ Partial Class login_Change_PW
|
||||
tempstr = "Error01"
|
||||
End If
|
||||
|
||||
If String.Equals(txt_Pw.Text, tempstr) = True AndAlso String.Equals(txt_Pw_WH.Text, tempstr) = True AndAlso String.IsNullOrEmpty(txt_Pw_M.Text) = True And String.IsNullOrEmpty(txt_Pw_WH_M.Text) = True And String.Equals(tempstr, "Error01") = False And tempstr = "Error02" Then
|
||||
If String.Equals(txt_Pw.Text, tempstr) = True AndAlso String.Equals(txt_Pw_WH.Text, tempstr) = True AndAlso String.IsNullOrEmpty(txt_Pw_M.Text) = True And String.IsNullOrEmpty(txt_Pw_WH_M.Text) = True And String.Equals(tempstr, "Error01") = False And Not tempstr = "Error02" Then
|
||||
|
||||
If regexval_txt_Pw.IsValid = True Then
|
||||
Try
|
||||
Dim ConnectionString = ""
|
||||
Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2"))
|
||||
Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3"))
|
||||
Dim THEUsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par4"))
|
||||
Dim Email As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par5"))
|
||||
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
|
||||
'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956"
|
||||
ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
|
||||
@@ -199,26 +233,29 @@ Partial Class login_Change_PW
|
||||
ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
|
||||
'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
|
||||
End If
|
||||
If regexval_txt_Pw.IsValid = True Then
|
||||
Using con As New SqlConnection(ConnectionString)
|
||||
Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET [Password]=@Password WHERE [Username]=@Username AND [UserId]=@UserId")
|
||||
' cmd.CommandType = CommandType.StoredProcedure
|
||||
cmd.Parameters.AddWithValue("@Username", usrname)
|
||||
cmd.Parameters.AddWithValue("@Password", txt_Pw_WH.Text)
|
||||
cmd.Parameters.AddWithValue("@UserId", UsrID)
|
||||
cmd.Connection = con
|
||||
con.Open()
|
||||
If String.IsNullOrEmpty(usrname) = False Then
|
||||
cmd.ExecuteNonQuery()
|
||||
btn_submitpw.Visible = True
|
||||
Else
|
||||
VERAG_VARIABLES.seterrorcount(25)
|
||||
'lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb() + "Error at changing the Password."
|
||||
End If
|
||||
Dim istokenhash As String = gensaltToken(usrname, tempstr, Email, Session.IsNewSession)
|
||||
Dim istokenDBhash As String = gensaltToken(UsrIdDB, pwDB, EmailDB, Session.IsNewSession)
|
||||
If regexval_txt_Pw.IsValid = True And IsPWRequal = False Then
|
||||
If String.Equals(istokenhash, istokenDBhash, StringComparison.CurrentCulture) = True Then
|
||||
Using con As New SqlConnection(ConnectionString)
|
||||
Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET [Password]=@Password WHERE [Username]=@Username AND [UserId]=@UserId")
|
||||
' cmd.CommandType = CommandType.StoredProcedure
|
||||
cmd.Parameters.AddWithValue("@Username", usrname)
|
||||
cmd.Parameters.AddWithValue("@Password", txt_Pw_WH.Text)
|
||||
cmd.Parameters.AddWithValue("@UserId", UsrID)
|
||||
cmd.Connection = con
|
||||
con.Open()
|
||||
If String.IsNullOrEmpty(usrname) = False Then
|
||||
cmd.ExecuteNonQuery()
|
||||
btn_submitpw.Visible = True
|
||||
Else
|
||||
VERAG_VARIABLES.seterrorcount(25)
|
||||
'lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb() + "Error at changing the Password."
|
||||
End If
|
||||
End Using
|
||||
con.Close()
|
||||
End Using
|
||||
con.Close()
|
||||
End Using
|
||||
|
||||
End If
|
||||
Else
|
||||
VERAG_VARIABLES.seterrorcount(22)
|
||||
'lbl_messagetext_M.ForeColor = Drawing.Color.Red
|
||||
@@ -228,9 +265,7 @@ Partial Class login_Change_PW
|
||||
lbl_messagetext.Text = ex.Message
|
||||
End Try
|
||||
End If
|
||||
Msg = "PW erfolgreich geändert!"
|
||||
Style = vbOKOnly + vbInformation + vbDefaultButton1
|
||||
Title = "Information"
|
||||
|
||||
regexval_txt_Pw.ForeColor = Drawing.Color.Green
|
||||
regexval_txt_Pw.Text = "Passwort has been changed successfully!"
|
||||
'MsgBox(Msg, Style, Title)
|
||||
@@ -305,6 +340,16 @@ Partial Class login_Change_PW
|
||||
|
||||
Protected Sub btn_submitpw_M_Click(sender As Object, e As EventArgs)
|
||||
Dim tempstr As String = ""
|
||||
Dim pwDB As String = String.Empty
|
||||
Dim EmailDB As String = String.Empty
|
||||
Dim usrnmDB As String = String.Empty
|
||||
Dim TheUsrIdDB As String = String.Empty
|
||||
Dim customerIDDB As String = String.Empty
|
||||
Dim isusernameright As Boolean = False
|
||||
Dim isemailright As Boolean = False
|
||||
Dim ispwrEqual As Boolean = False
|
||||
Dim isUSrIDright As Boolean = False
|
||||
Dim isctmrIDright As Boolean = False
|
||||
Dim ConnectionString = ""
|
||||
confirmPasswordReq.Enabled = False
|
||||
confirmPasswordReq_M.Enabled = True
|
||||
@@ -330,15 +375,18 @@ Partial Class login_Change_PW
|
||||
ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
|
||||
'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
|
||||
End If
|
||||
|
||||
Using con As New SqlConnection(ConnectionString)
|
||||
' Using cmd As New SqlCommand("Validate_User")
|
||||
Using cmd As New SqlCommand("SELECT UserId,Username,Password FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND UserId=@UserId And UserId=@UserId")
|
||||
Using cmd As New SqlCommand("SELECT UserId,Username,Password,Email,KundeNr FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND UserId=@UserId And UserId=@UserId")
|
||||
' cmd.CommandType = CommandType.StoredProcedure
|
||||
Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")).ToString
|
||||
Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")).ToString
|
||||
Dim THEUsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par4")).ToString
|
||||
Dim THEUsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par4")).ToString
|
||||
Dim Email As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par5")).ToString
|
||||
cmd.Parameters.AddWithValue("@Username", usrname)
|
||||
cmd.Parameters.AddWithValue("@UserId", UsrID)
|
||||
|
||||
cmd.Connection = con
|
||||
con.Open()
|
||||
' userId = Convert.ToInt32(cmd.ExecuteScalar())
|
||||
@@ -347,10 +395,33 @@ Partial Class login_Change_PW
|
||||
dr.Read()
|
||||
If String.Equals(txt_Pw_M.Text, dr("Password").ToString, StringComparison.CurrentCulture) = False Or String.Equals(txt_Pw_WH_M.Text, dr("Password").ToString, StringComparison.CurrentCulture) = False Then
|
||||
tempstr = txt_Pw_M.Text
|
||||
EmailDB = dr("Email").ToString
|
||||
pwDB = dr("Password").ToString
|
||||
usrnmDB = dr("Username").ToString
|
||||
TheUsrIdDB = dr("UserId").ToString
|
||||
customerIDDB = dr("KundenNr").ToString
|
||||
If String.Equals(usrname, usrnmDB, StringComparison.CurrentCulture) = True Then
|
||||
isusernameright = True
|
||||
End If
|
||||
If String.Equals(Email, EmailDB, StringComparison.CurrentCulture) = True Then
|
||||
isemailright = True
|
||||
End If
|
||||
If String.Equals(txt_Pw_M.Text, pwDB, StringComparison.CurrentCulture) = False Then
|
||||
ispwrEqual = False
|
||||
End If
|
||||
If String.Equals(UsrID, TheUsrIdDB, StringComparison.CurrentCulture) = True Then
|
||||
isUSrIDright = True
|
||||
End If
|
||||
If String.Equals(THEUsrID, customerIDDB, StringComparison.CurrentCulture) = True Then
|
||||
isctmrIDright = True
|
||||
End If
|
||||
Else
|
||||
lbl_messagetext_M.ForeColor = Drawing.Color.Red
|
||||
lbl_messagetext_M.Text = "The chosen password should not be the old one!"
|
||||
End If
|
||||
If String.Compare(usrname, dr("Username")) = True Then
|
||||
isusernameright = True
|
||||
End If
|
||||
End If
|
||||
dr.Close()
|
||||
End Using
|
||||
@@ -364,6 +435,8 @@ Partial Class login_Change_PW
|
||||
ConnectionString = ""
|
||||
Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")).ToString
|
||||
Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")).ToString
|
||||
Dim THEUsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par4")).ToString
|
||||
Dim Email As String = Request.QueryString("Par5").ToString
|
||||
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
|
||||
'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956"
|
||||
ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
|
||||
@@ -371,24 +444,30 @@ Partial Class login_Change_PW
|
||||
ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
|
||||
'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
|
||||
End If
|
||||
Using con As New SqlConnection(ConnectionString)
|
||||
|
||||
Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET Password=@Password WHERE Username=@Username AND UserId=@UserId")
|
||||
' cmd.CommandType = CommandType.StoredProcedure
|
||||
cmd.Parameters.AddWithValue("@Username", usrname)
|
||||
cmd.Parameters.AddWithValue("@Password", tempstr)
|
||||
cmd.Parameters.AddWithValue("@UserId", UsrID)
|
||||
cmd.Connection = con
|
||||
con.Open()
|
||||
If String.Equals(usrname, VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt("Par2"), CompareMethod.Text) = True Then
|
||||
cmd.ExecuteNonQuery()
|
||||
regexval_txt_Pw_M.ForeColor = Drawing.Color.Green
|
||||
regexval_txt_Pw_M.Text = "Password has been changed sucessfully!"
|
||||
Else
|
||||
btn_submitpw_M.Text = "Back to Login!"
|
||||
btn_submitpw_M.PostBackUrl = "login_FLEX.apsx"
|
||||
Using con As New SqlConnection(ConnectionString)
|
||||
Dim istokenhash As String = gensaltToken(usrname, tempstr, Email, Session.IsNewSession)
|
||||
Dim istokenDBhash As String = gensaltToken(usrnmDB, pwDB, EmailDB, Session.IsNewSession)
|
||||
If regexval_txt_Pw.IsValid = True And ispwrEqual = False Then
|
||||
If String.Equals(istokenhash, istokenDBhash, StringComparison.CurrentCulture) = True Then
|
||||
Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET Password=@Password WHERE Username=@Username AND UserId=@UserId")
|
||||
' cmd.CommandType = CommandType.StoredProcedure
|
||||
cmd.Parameters.AddWithValue("@Username", usrname)
|
||||
cmd.Parameters.AddWithValue("@Password", tempstr)
|
||||
cmd.Parameters.AddWithValue("@UserId", UsrID)
|
||||
cmd.Connection = con
|
||||
con.Open()
|
||||
If String.Equals(usrname, VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt("Par2"), CompareMethod.Text) = True Then
|
||||
cmd.ExecuteNonQuery()
|
||||
regexval_txt_Pw_M.ForeColor = Drawing.Color.Green
|
||||
regexval_txt_Pw_M.Text = "Password has been changed sucessfully!"
|
||||
Else
|
||||
btn_submitpw_M.Text = "Back to Login!"
|
||||
btn_submitpw_M.PostBackUrl = "login_FLEX.apsx"
|
||||
End If
|
||||
End Using
|
||||
End If
|
||||
End Using
|
||||
End If
|
||||
con.Close()
|
||||
End Using
|
||||
Catch ex As Exception
|
||||
@@ -424,4 +503,46 @@ Partial Class login_Change_PW
|
||||
End If
|
||||
End If
|
||||
End Sub
|
||||
Function gensaltToken(username As String, password As String, email As String, isnewSession As Boolean) As String
|
||||
If isnewSession = False Then
|
||||
Dim token As String
|
||||
|
||||
Dim intzahl = RandomInteger(Math.Pow(2, 5), Math.Pow(2, 8))
|
||||
Dim intzahl2 = RandomInteger(Math.Pow(2, 5), Math.Pow(2, 6))
|
||||
Dim Rand As Random = New Random
|
||||
If String.IsNullOrEmpty(password) = False Then
|
||||
Try
|
||||
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl)
|
||||
Dim tok As String = password
|
||||
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 1991, intzahl))
|
||||
Return token
|
||||
Catch Ex As Exception
|
||||
'Dim Msg, Style, Title As String
|
||||
'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given."
|
||||
'Style = vbRetry + vbExclamation + vbDefaultButton1
|
||||
'Title = "Error05: Token-Generierung"
|
||||
'MsgBox(Msg, Style, Title)
|
||||
'If MsgBox(Msg, Style, Title).Retry Then
|
||||
'genToken(username, password, email)
|
||||
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl2)
|
||||
Dim tok As String = password
|
||||
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 1991, intzahl2))
|
||||
Return token
|
||||
|
||||
End Try
|
||||
Else
|
||||
Return String.Empty
|
||||
End If
|
||||
Else
|
||||
Return "Error in Session ID. It has changed. Please check admin!"
|
||||
End If
|
||||
End Function
|
||||
Public Function RandomInteger(ByVal min As Integer, ByVal _
|
||||
max As Integer) As Integer
|
||||
Dim rand As New RNGCryptoServiceProvider()
|
||||
Dim one_byte() As Byte = {0}
|
||||
rand.GetBytes(one_byte)
|
||||
Return min + (max - min) * (one_byte(0) / 255)
|
||||
End Function
|
||||
|
||||
End Class
|
||||
Reference in New Issue
Block a user