edv/VERAG_Homepage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Änderungen GUI und Implementierung Hashfunktion in Praxis bei PW-Wechsel

Browse Source
This commit is contained in:
ja
2021-12-02 12:02:25 +01:00
parent 3b8c7484c8
commit b2e087efcf
3 changed files with 205 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

211
login/Change_PW.aspx.vb
View File

@@ -1,5 +1,6 @@
 
Imports System.Data.SqlClient Imports System.Data.SqlClient
Imports System.Security.Cryptography
Partial Class login_Change_PW Partial Class login_Change_PW
Inherits System.Web.UI.Page Inherits System.Web.UI.Page
@@ -123,7 +124,17 @@ Partial Class login_Change_PW
Protected Sub btn_submitpw_Click(sender As Object, e As EventArgs) Protected Sub btn_submitpw_Click(sender As Object, e As EventArgs)
Dim tempstr As String = "" Dim tempstr As String = ""
Dim Msg, Style, Title As String Dim UsernameDB As String = String.Empty
Dim pwDB As String = String.Empty
Dim EmailDB As String = String.Empty
Dim UsrIdDB As String = String.Empty
Dim CustomerIDDB As String = String.Empty
Dim UsrIDIsright As Boolean = False
Dim isemailright As Boolean = False
Dim isusrnmright As Boolean = False
Dim iscstmrIDight As Boolean = False
Dim IsPWRequal As Boolean = True
'Dim Msg, Style, Title As String
reqPassw1txt_M.Enabled = False reqPassw1txt_M.Enabled = False
reqPasswtxt_M.Enabled = False reqPasswtxt_M.Enabled = False
reqPasswtxt.Enabled = True reqPasswtxt.Enabled = True
@@ -138,7 +149,6 @@ Partial Class login_Change_PW
txt_Pw_WH.Enabled = False txt_Pw_WH.Enabled = False
Dim ConnectionString = "" Dim ConnectionString = ""
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
@@ -153,12 +163,14 @@ Partial Class login_Change_PW
If reqPassw1txt.IsValid = True Then If reqPassw1txt.IsValid = True Then
Using con As New SqlConnection(ConnectionString) Using con As New SqlConnection(ConnectionString)
' Using cmd As New SqlCommand("Validate_User") ' Using cmd As New SqlCommand("Validate_User")
Using cmd As New SqlCommand("SELECT UserId,Username,Password FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND UserId=@UserId") Using cmd As New SqlCommand("SELECT UserId,Username,Password,Email,UserId,KundenNr FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND UserId=@UserId")
' cmd.CommandType = CommandType.StoredProcedure ' cmd.CommandType = CommandType.StoredProcedure
Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")) Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2"))
Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")) Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3"))
Dim THEUsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par4"))
Dim email As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par5"))
cmd.Parameters.AddWithValue("@Username", usrname) cmd.Parameters.AddWithValue("@Username", usrname)
cmd.Parameters.AddWithValue("@UserId", UsrID) cmd.Parameters.AddWithValue("@UserId", THEUsrID)
cmd.Connection = con cmd.Connection = con
con.Open() con.Open()
Dim dr As SqlDataReader = cmd.ExecuteReader() Dim dr As SqlDataReader = cmd.ExecuteReader()
@@ -166,9 +178,29 @@ Partial Class login_Change_PW
dr.Read() dr.Read()
If String.Equals(txt_Pw_WH.Text, dr("Password").ToString) = False Then If String.Equals(txt_Pw_WH.Text, dr("Password").ToString) = False Then
tempstr = txt_Pw_WH.Text tempstr = txt_Pw_WH.Text
UsernameDB = dr("Username").ToString
pwDB = dr("Password").ToString
EmailDB = dr("Email").ToString
UsrIdDB = dr("UserId").ToString
CustomerIDDB = dr("KundenNr").ToString
Else Else
lbl_messagetext.Text = "The new password should differ from the old one!" lbl_messagetext.Text = "The new password should differ from the old one!"
End If End If
If String.Equals(THEUsrID, UsrIdDB, StringComparison.CurrentCulture) = True Then
UsrIDIsright = True
End If
If String.Equals(txt_Pw.Text, pwDB, StringComparison.CurrentCulture) = False Then
IsPWRequal = False
End If
If String.Equals(usrname, UsernameDB, StringComparison.CurrentCulture) = True Then
isusrnmright = True
End If
If String.Equals(UsrID, CustomerIDDB, StringComparison.CurrentCulture) = True Then
iscstmrIDight = True
End If
If String.Equals(email, EmailDB, StringComparison.CurrentCulture) = True Then
isemailright = True
End If
End If End If
dr.Close() dr.Close()
End Using End Using
@@ -185,13 +217,15 @@ Partial Class login_Change_PW
tempstr = "Error01" tempstr = "Error01"
End If End If
If String.Equals(txt_Pw.Text, tempstr) = True AndAlso String.Equals(txt_Pw_WH.Text, tempstr) = True AndAlso String.IsNullOrEmpty(txt_Pw_M.Text) = True And String.IsNullOrEmpty(txt_Pw_WH_M.Text) = True And String.Equals(tempstr, "Error01") = False And tempstr = "Error02" Then If String.Equals(txt_Pw.Text, tempstr) = True AndAlso String.Equals(txt_Pw_WH.Text, tempstr) = True AndAlso String.IsNullOrEmpty(txt_Pw_M.Text) = True And String.IsNullOrEmpty(txt_Pw_WH_M.Text) = True And String.Equals(tempstr, "Error01") = False And Not tempstr = "Error02" Then
If regexval_txt_Pw.IsValid = True Then If regexval_txt_Pw.IsValid = True Then
Try Try
Dim ConnectionString = "" Dim ConnectionString = ""
Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")) Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2"))
Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")) Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3"))
Dim THEUsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par4"))
Dim Email As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par5"))
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956" 'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956"
ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
@@ -199,26 +233,29 @@ Partial Class login_Change_PW
ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;" 'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
End If End If
If regexval_txt_Pw.IsValid = True Then Dim istokenhash As String = gensaltToken(usrname, tempstr, Email, Session.IsNewSession)
Using con As New SqlConnection(ConnectionString) Dim istokenDBhash As String = gensaltToken(UsrIdDB, pwDB, EmailDB, Session.IsNewSession)
Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET [Password]=@Password WHERE [Username]=@Username AND [UserId]=@UserId") If regexval_txt_Pw.IsValid = True And IsPWRequal = False Then
' cmd.CommandType = CommandType.StoredProcedure If String.Equals(istokenhash, istokenDBhash, StringComparison.CurrentCulture) = True Then
cmd.Parameters.AddWithValue("@Username", usrname) Using con As New SqlConnection(ConnectionString)
cmd.Parameters.AddWithValue("@Password", txt_Pw_WH.Text) Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET [Password]=@Password WHERE [Username]=@Username AND [UserId]=@UserId")
cmd.Parameters.AddWithValue("@UserId", UsrID) ' cmd.CommandType = CommandType.StoredProcedure
cmd.Connection = con cmd.Parameters.AddWithValue("@Username", usrname)
con.Open() cmd.Parameters.AddWithValue("@Password", txt_Pw_WH.Text)
If String.IsNullOrEmpty(usrname) = False Then cmd.Parameters.AddWithValue("@UserId", UsrID)
cmd.ExecuteNonQuery() cmd.Connection = con
btn_submitpw.Visible = True con.Open()
Else If String.IsNullOrEmpty(usrname) = False Then
VERAG_VARIABLES.seterrorcount(25) cmd.ExecuteNonQuery()
'lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb() + "Error at changing the Password." btn_submitpw.Visible = True
End If Else
VERAG_VARIABLES.seterrorcount(25)
'lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb() + "Error at changing the Password."
End If
End Using
con.Close()
End Using End Using
con.Close() End If
End Using
Else Else
VERAG_VARIABLES.seterrorcount(22) VERAG_VARIABLES.seterrorcount(22)
'lbl_messagetext_M.ForeColor = Drawing.Color.Red 'lbl_messagetext_M.ForeColor = Drawing.Color.Red
@@ -228,9 +265,7 @@ Partial Class login_Change_PW
lbl_messagetext.Text = ex.Message lbl_messagetext.Text = ex.Message
End Try End Try
End If End If
Msg = "PW erfolgreich geändert!"
Style = vbOKOnly + vbInformation + vbDefaultButton1
Title = "Information"
regexval_txt_Pw.ForeColor = Drawing.Color.Green regexval_txt_Pw.ForeColor = Drawing.Color.Green
regexval_txt_Pw.Text = "Passwort has been changed successfully!" regexval_txt_Pw.Text = "Passwort has been changed successfully!"
'MsgBox(Msg, Style, Title) 'MsgBox(Msg, Style, Title)
@@ -305,6 +340,16 @@ Partial Class login_Change_PW
Protected Sub btn_submitpw_M_Click(sender As Object, e As EventArgs) Protected Sub btn_submitpw_M_Click(sender As Object, e As EventArgs)
Dim tempstr As String = "" Dim tempstr As String = ""
Dim pwDB As String = String.Empty
Dim EmailDB As String = String.Empty
Dim usrnmDB As String = String.Empty
Dim TheUsrIdDB As String = String.Empty
Dim customerIDDB As String = String.Empty
Dim isusernameright As Boolean = False
Dim isemailright As Boolean = False
Dim ispwrEqual As Boolean = False
Dim isUSrIDright As Boolean = False
Dim isctmrIDright As Boolean = False
Dim ConnectionString = "" Dim ConnectionString = ""
confirmPasswordReq.Enabled = False confirmPasswordReq.Enabled = False
confirmPasswordReq_M.Enabled = True confirmPasswordReq_M.Enabled = True
@@ -330,15 +375,18 @@ Partial Class login_Change_PW
ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;" 'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
End If End If
Using con As New SqlConnection(ConnectionString) Using con As New SqlConnection(ConnectionString)
' Using cmd As New SqlCommand("Validate_User") ' Using cmd As New SqlCommand("Validate_User")
Using cmd As New SqlCommand("SELECT UserId,Username,Password FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND UserId=@UserId And UserId=@UserId") Using cmd As New SqlCommand("SELECT UserId,Username,Password,Email,KundeNr FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND UserId=@UserId And UserId=@UserId")
' cmd.CommandType = CommandType.StoredProcedure ' cmd.CommandType = CommandType.StoredProcedure
Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")).ToString Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")).ToString
Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")).ToString Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")).ToString
Dim THEUsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par4")).ToString Dim THEUsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par4")).ToString
Dim Email As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par5")).ToString
cmd.Parameters.AddWithValue("@Username", usrname) cmd.Parameters.AddWithValue("@Username", usrname)
cmd.Parameters.AddWithValue("@UserId", UsrID) cmd.Parameters.AddWithValue("@UserId", UsrID)
cmd.Connection = con cmd.Connection = con
con.Open() con.Open()
' userId = Convert.ToInt32(cmd.ExecuteScalar()) ' userId = Convert.ToInt32(cmd.ExecuteScalar())
@@ -347,10 +395,33 @@ Partial Class login_Change_PW
dr.Read() dr.Read()
If String.Equals(txt_Pw_M.Text, dr("Password").ToString, StringComparison.CurrentCulture) = False Or String.Equals(txt_Pw_WH_M.Text, dr("Password").ToString, StringComparison.CurrentCulture) = False Then If String.Equals(txt_Pw_M.Text, dr("Password").ToString, StringComparison.CurrentCulture) = False Or String.Equals(txt_Pw_WH_M.Text, dr("Password").ToString, StringComparison.CurrentCulture) = False Then
tempstr = txt_Pw_M.Text tempstr = txt_Pw_M.Text
EmailDB = dr("Email").ToString
pwDB = dr("Password").ToString
usrnmDB = dr("Username").ToString
TheUsrIdDB = dr("UserId").ToString
customerIDDB = dr("KundenNr").ToString
If String.Equals(usrname, usrnmDB, StringComparison.CurrentCulture) = True Then
isusernameright = True
End If
If String.Equals(Email, EmailDB, StringComparison.CurrentCulture) = True Then
isemailright = True
End If
If String.Equals(txt_Pw_M.Text, pwDB, StringComparison.CurrentCulture) = False Then
ispwrEqual = False
End If
If String.Equals(UsrID, TheUsrIdDB, StringComparison.CurrentCulture) = True Then
isUSrIDright = True
End If
If String.Equals(THEUsrID, customerIDDB, StringComparison.CurrentCulture) = True Then
isctmrIDright = True
End If
Else Else
lbl_messagetext_M.ForeColor = Drawing.Color.Red lbl_messagetext_M.ForeColor = Drawing.Color.Red
lbl_messagetext_M.Text = "The chosen password should not be the old one!" lbl_messagetext_M.Text = "The chosen password should not be the old one!"
End If End If
If String.Compare(usrname, dr("Username")) = True Then
isusernameright = True
End If
End If End If
dr.Close() dr.Close()
End Using End Using
@@ -364,6 +435,8 @@ Partial Class login_Change_PW
ConnectionString = "" ConnectionString = ""
Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")).ToString Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")).ToString
Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")).ToString Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")).ToString
Dim THEUsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par4")).ToString
Dim Email As String = Request.QueryString("Par5").ToString
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956" 'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956"
ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
@@ -371,24 +444,30 @@ Partial Class login_Change_PW
ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;" 'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
End If End If
Using con As New SqlConnection(ConnectionString)
Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET Password=@Password WHERE Username=@Username AND UserId=@UserId") Using con As New SqlConnection(ConnectionString)
' cmd.CommandType = CommandType.StoredProcedure Dim istokenhash As String = gensaltToken(usrname, tempstr, Email, Session.IsNewSession)
cmd.Parameters.AddWithValue("@Username", usrname) Dim istokenDBhash As String = gensaltToken(usrnmDB, pwDB, EmailDB, Session.IsNewSession)
cmd.Parameters.AddWithValue("@Password", tempstr) If regexval_txt_Pw.IsValid = True And ispwrEqual = False Then
cmd.Parameters.AddWithValue("@UserId", UsrID) If String.Equals(istokenhash, istokenDBhash, StringComparison.CurrentCulture) = True Then
cmd.Connection = con Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET Password=@Password WHERE Username=@Username AND UserId=@UserId")
con.Open() ' cmd.CommandType = CommandType.StoredProcedure
If String.Equals(usrname, VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt("Par2"), CompareMethod.Text) = True Then cmd.Parameters.AddWithValue("@Username", usrname)
cmd.ExecuteNonQuery() cmd.Parameters.AddWithValue("@Password", tempstr)
regexval_txt_Pw_M.ForeColor = Drawing.Color.Green cmd.Parameters.AddWithValue("@UserId", UsrID)
regexval_txt_Pw_M.Text = "Password has been changed sucessfully!" cmd.Connection = con
Else con.Open()
btn_submitpw_M.Text = "Back to Login!" If String.Equals(usrname, VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt("Par2"), CompareMethod.Text) = True Then
btn_submitpw_M.PostBackUrl = "login_FLEX.apsx" cmd.ExecuteNonQuery()
regexval_txt_Pw_M.ForeColor = Drawing.Color.Green
regexval_txt_Pw_M.Text = "Password has been changed sucessfully!"
Else
btn_submitpw_M.Text = "Back to Login!"
btn_submitpw_M.PostBackUrl = "login_FLEX.apsx"
End If
End Using
End If End If
End Using End If
con.Close() con.Close()
End Using End Using
Catch ex As Exception Catch ex As Exception
@@ -424,4 +503,46 @@ Partial Class login_Change_PW
End If End If
End If End If
End Sub End Sub
Function gensaltToken(username As String, password As String, email As String, isnewSession As Boolean) As String
If isnewSession = False Then
Dim token As String
Dim intzahl = RandomInteger(Math.Pow(2, 5), Math.Pow(2, 8))
Dim intzahl2 = RandomInteger(Math.Pow(2, 5), Math.Pow(2, 6))
Dim Rand As Random = New Random
If String.IsNullOrEmpty(password) = False Then
Try
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl)
Dim tok As String = password
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 1991, intzahl))
Return token
Catch Ex As Exception
'Dim Msg, Style, Title As String
'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given."
'Style = vbRetry + vbExclamation + vbDefaultButton1
'Title = "Error05: Token-Generierung"
'MsgBox(Msg, Style, Title)
'If MsgBox(Msg, Style, Title).Retry Then
'genToken(username, password, email)
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl2)
Dim tok As String = password
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 1991, intzahl2))
Return token
End Try
Else
Return String.Empty
End If
Else
Return "Error in Session ID. It has changed. Please check admin!"
End If
End Function
Public Function RandomInteger(ByVal min As Integer, ByVal _
max As Integer) As Integer
Dim rand As New RNGCryptoServiceProvider()
Dim one_byte() As Byte = {0}
rand.GetBytes(one_byte)
Return min + (max - min) * (one_byte(0) / 255)
End Function
End Class End Class

61
login/ForgotPW.aspx.vb
View File

@@ -6,6 +6,7 @@ Imports System.Data.SqlClient
Imports System.Data Imports System.Data
Imports System.Threading Imports System.Threading
Imports System.Threading.Tasks Imports System.Threading.Tasks
Imports System.Security.Cryptography
Partial Class ForgotPW Partial Class ForgotPW
Inherits System.Web.UI.Page Inherits System.Web.UI.Page
@@ -460,8 +461,8 @@ Partial Class ForgotPW
'md5temptoken = Await Findtokenhashsalt(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession, UserID) 'md5temptoken = Await Findtokenhashsalt(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession, UserID)
'md5temptoken = gensaltToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession, UserID) md5temptoken = gensaltToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession, UserID)
'MsgBox("Token:" + tokenname + Environment.NewLine + "md5" + md5temptoken) MsgBox("Token:" + tokenname + Environment.NewLine + "md5" + md5temptoken)
If SendEmail_M(username, password, email, tokenname, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession, UserID) = True Then If SendEmail_M(username, password, email, tokenname, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession, UserID) = True Then
'password = RandomString(New Random, 10) 'password = RandomString(New Random, 10)
@@ -533,7 +534,7 @@ Partial Class ForgotPW
Dim Ausschusstext2 As String = "und Zinsen zuletzt auf Zölle angerechnet. Zahlbar und klagbar in Schärding oder Ried. Steuer-Zoll-und Tarifauskünfte sind unverbindlich." Dim Ausschusstext2 As String = "und Zinsen zuletzt auf Zölle angerechnet. Zahlbar und klagbar in Schärding oder Ried. Steuer-Zoll-und Tarifauskünfte sind unverbindlich."
Dim Ausschusstext3 As String = "We operate exclusively on the basis of the General Freight Forwarding Terms and Conditions in the respectively applicable version. Payments are initially" Dim Ausschusstext3 As String = "We operate exclusively on the basis of the General Freight Forwarding Terms and Conditions in the respectively applicable version. Payments are initially"
Dim Ausschusstext4 As String = "charged on freight, fees and interests and at last on customs duties. The place of jurisdiction: Schärding / Ried. Tax, customs and tariff information are not binding." Dim Ausschusstext4 As String = "charged on freight, fees and interests and at last on customs duties. The place of jurisdiction: Schärding / Ried. Tax, customs and tariff information are not binding."
htmlbody = String.Format("Dear {0}," + Environment.NewLine + Environment.NewLine + " Please follow the Link to reset your password:<br />" + Environment.NewLine + "<a runat=" + "server" + " href=http://" + getdomianenvironment + ServPort + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + ">http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(tokenname) + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "</a>" + Environment.NewLine + "<br /><br />Notice:<br /><span style='color: #043381;font-size:14px'><i>The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!</i></span><br / >To resend the E_Mail: <a runat=" + "server" + " href=http://" + getdomianenvironment + ServPort + "/login/ForgotPW.aspx>Follow this Link</a><br /><br />Kind regards, <br /><span style='color: #043381'><b>VERAG | EDV Support</b></span><br /><span>" + mailpic + "</span><br /><span style='color: #043381'>VERAG Spedition AG | A 4975 Suben, Nr. 100</span><br /><span style='color: #043381'>T.<a href='tel:+43 7711 2777-xx'>+43 7711 2777-xx</a> |<a href='mailto:@support@verag.ag'>support@verag.ag</a> |" + emailnr + "FN xxxxxxx</span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext2 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext3 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext4 + "</i></span><br />", username, password) htmlbody = String.Format("Dear {0}," + Environment.NewLine + Environment.NewLine + " Please follow the Link to reset your password:<br />" + Environment.NewLine + "<a runat=" + "server" + " href=http://" + getdomianenvironment + ServPort + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "&Par5=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(email) + ">http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(tokenname) + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "&Par5=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(email) + "</a>" + Environment.NewLine + "<br /><br />Notice:<br /><span style='color: #043381;font-size:14px'><i>The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!</i></span><br / >To resend the E-Mail: <a runat=" + "server" + " href=http://" + getdomianenvironment + ServPort + "/login/ForgotPW.aspx>Follow this Link</a><br /><br />Kind regards, <br /><span style='color: #043381'><b>VERAG | EDV Support</b></span><br /><span>" + mailpic + "</span><br /><span style='color: #043381'>VERAG Spedition AG | A 4975 Suben, Nr. 100</span><br /><span style='color: #043381'>T.<a href='tel:+43 7711 2777-xx'>+43 7711 2777-xx</a> |<a href='mailto:@support@verag.ag'>support@verag.ag</a> |" + emailnr + "FN xxxxxxx</span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext2 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext3 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext4 + "</i></span><br />", username, password)
ElseIf String.IsNullOrEmpty(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = False Then ElseIf String.IsNullOrEmpty(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = False Then
getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME") getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME")
'MsgBox(getdomianenvironment) 'MsgBox(getdomianenvironment)
@@ -546,7 +547,7 @@ Partial Class ForgotPW
Dim Ausschusstext2 As String = "und Zinsen zuletzt auf Zölle angerechnet. Zahlbar und klagbar in Schärding oder Ried. Steuer-Zoll-und Tarifauskünfte sind unverbindlich." Dim Ausschusstext2 As String = "und Zinsen zuletzt auf Zölle angerechnet. Zahlbar und klagbar in Schärding oder Ried. Steuer-Zoll-und Tarifauskünfte sind unverbindlich."
Dim Ausschusstext3 As String = "We operate exclusively on the basis of the General Freight Forwarding Terms and Conditions in the respectively applicable version. Payments are initially" Dim Ausschusstext3 As String = "We operate exclusively on the basis of the General Freight Forwarding Terms and Conditions in the respectively applicable version. Payments are initially"
Dim Ausschusstext4 As String = "charged on freight, fees and interests and at last on customs duties. The place of jurisdiction: Schärding / Ried. Tax, customs and tariff information are not binding." Dim Ausschusstext4 As String = "charged on freight, fees and interests and at last on customs duties. The place of jurisdiction: Schärding / Ried. Tax, customs and tariff information are not binding."
htmlbody = String.Format("Dear {0}," + Environment.NewLine + Environment.NewLine + " Please follow the Link to reset your password:<br />" + Environment.NewLine + "<a runat=" + "server" + " href=http://" + getdomianenvironment + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + ">http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "</a>" + Environment.NewLine + "<br /><br />Notice:<br /><span style='color: #043381;font-size:14px'><i>The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!</i></span><br / >To resend the E_Mail: <a runat=" + "server" + " href=http://" + getdomianenvironment + "/login/ForgotPW.aspx>Follow this Link</a><br />Kind regards, <br /><span style='color: #043381'><b>VERAG | EDV Support</b></span><br /><span>" + mailpic + "</span><br /><span style='color: #043381'>VERAG Spedition AG | A 4975 Suben, Nr. 100</span><br /><span style='color: #043381'>T.<a href='tel:+43 7711 2777-xx'>+43 7711 2777-xx</a> |<a href='mailto:@support@verag.ag'>support@verag.ag</a> | " + emailnr + "FN xxxxxxx</span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext2 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext3 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext4 + "</i></span><br />", username, password) htmlbody = String.Format("Dear {0}," + Environment.NewLine + Environment.NewLine + " Please follow the Link to reset your password:<br />" + Environment.NewLine + "<a runat=" + "server" + " href=http://" + getdomianenvironment + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "&Par5=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(email) + ">http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "&Par5=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(email) + "</a>" + Environment.NewLine + "<br /><br />Notice:<br /><span style='color: #043381;font-size:14px'><i>The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!</i></span><br / >To resend the E-Mail: <a runat=" + "server" + " href=http://" + getdomianenvironment + "/login/ForgotPW.aspx>Follow this Link</a><br />Kind regards, <br /><span style='color: #043381'><b>VERAG | EDV Support</b></span><br /><span>" + mailpic + "</span><br /><span style='color: #043381'>VERAG Spedition AG | A 4975 Suben, Nr. 100</span><br /><span style='color: #043381'>T.<a href='tel:+43 7711 2777-xx'>+43 7711 2777-xx</a> |<a href='mailto:@support@verag.ag'>support@verag.ag</a> | " + emailnr + "FN xxxxxxx</span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext2 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext3 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext4 + "</i></span><br />", username, password)
ElseIf String.IsNullOrWhiteSpace(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = True Then ElseIf String.IsNullOrWhiteSpace(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = True Then
'MsgBox("Error09:" + Environment.NewLine + "The Domain could not be vaildated. Check Link please or contact the Administrator of the program.") 'MsgBox("Error09:" + Environment.NewLine + "The Domain could not be vaildated. Check Link please or contact the Administrator of the program.")
lblMessage_M.ForeColor = Color.OrangeRed lblMessage_M.ForeColor = Color.OrangeRed
@@ -632,7 +633,7 @@ Partial Class ForgotPW
Dim Ausschusstext2 As String = "und Zinsen zuletzt auf Zölle angerechnet. Zahlbar und klagbar in Schärding oder Ried. Steuer-Zoll-und Tarifauskünfte sind unverbindlich." Dim Ausschusstext2 As String = "und Zinsen zuletzt auf Zölle angerechnet. Zahlbar und klagbar in Schärding oder Ried. Steuer-Zoll-und Tarifauskünfte sind unverbindlich."
Dim Ausschusstext3 As String = "We operate exclusively on the basis of the General Freight Forwarding Terms and Conditions in the respectively applicable version. Payments are initially" Dim Ausschusstext3 As String = "We operate exclusively on the basis of the General Freight Forwarding Terms and Conditions in the respectively applicable version. Payments are initially"
Dim Ausschusstext4 As String = "charged on freight, fees and interests and at last on customs duties. The place of jurisdiction: Schärding / Ried. Tax, customs and tariff information are not binding." Dim Ausschusstext4 As String = "charged on freight, fees and interests and at last on customs duties. The place of jurisdiction: Schärding / Ried. Tax, customs and tariff information are not binding."
htmlbody = String.Format("Dear {0},<br /><br /> Please follow the Link to reset your password:<br /><br />" + Environment.NewLine + "<a runat=" + "server" + " href=http://" + getdomianenvironment + ServPort + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + ">http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "</a>" + Environment.NewLine + "<br /><br />Notice:<br /><span style='color: #043381;font-size:14px'><i>The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!</i></span><br / >To resend the E-Mail: <a runat=" + "server" + " href=http://" + getdomianenvironment + ServPort + "/login/ForgotPW.aspx>http://" + getdomianenvironment + ServPort + "/login/ForgotPW.aspx</a><br /><br />Kind regards, <br /><span style='color: #043381'><b>VERAG | EDV Support</b></span><br /><span>" + mailpic + "</span><br /><span style='color: #043381'>VERAG Spedition AG | A 4975 Suben, Nr. 100</span><br /><span style='color: #043381'>T.<a href='tel:+43 7711 2777-xx'>+43 7711 2777-xx</a> |<a href='mailto:@support@verag.ag'>support@verag.ag</a> |" + emailnr + "FN xxxxxxx</span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext2 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext3 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext4 + "</i></span><br />", username, password) htmlbody = String.Format("Dear {0},<br /><br /> Please follow the Link to reset your password:<br /><br />" + Environment.NewLine + "<a runat=" + "server" + " href=http://" + getdomianenvironment + ServPort + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "&Par5=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(email) + ">http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "&Par5=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(email) + "</a>" + Environment.NewLine + "<br /><br />Notice:<br /><span style='color: #043381;font-size:14px'><i>The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!</i></span><br / >To resend the E-Mail: <a runat=" + "server" + " href=http://" + getdomianenvironment + ServPort + "/login/ForgotPW.aspx>http://" + getdomianenvironment + ServPort + "/login/ForgotPW.aspx</a><br /><br />Kind regards, <br /><span style='color: #043381'><b>VERAG | EDV Support</b></span><br /><span>" + mailpic + "</span><br /><span style='color: #043381'>VERAG Spedition AG | A 4975 Suben, Nr. 100</span><br /><span style='color: #043381'>T.<a href='tel:+43 7711 2777-xx'>+43 7711 2777-xx</a> |<a href='mailto:@support@verag.ag'>support@verag.ag</a> |" + emailnr + "FN xxxxxxx</span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext2 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext3 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext4 + "</i></span><br />", username, password)
ElseIf String.IsNullOrEmpty(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = False Then ElseIf String.IsNullOrEmpty(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = False Then
getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME") getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME")
'MsgBox(getdomianenvironment) 'MsgBox(getdomianenvironment)
@@ -645,7 +646,7 @@ Partial Class ForgotPW
Dim Ausschusstext2 As String = "und Zinsen zuletzt auf Zölle angerechnet. Zahlbar und klagbar in Schärding oder Ried. Steuer-Zoll-und Tarifauskünfte sind unverbindlich." Dim Ausschusstext2 As String = "und Zinsen zuletzt auf Zölle angerechnet. Zahlbar und klagbar in Schärding oder Ried. Steuer-Zoll-und Tarifauskünfte sind unverbindlich."
Dim Ausschusstext3 As String = "We operate exclusively on the basis of the General Freight Forwarding Terms and Conditions in the respectively applicable version. Payments are initially" Dim Ausschusstext3 As String = "We operate exclusively on the basis of the General Freight Forwarding Terms and Conditions in the respectively applicable version. Payments are initially"
Dim Ausschusstext4 As String = "charged on freight, fees and interests and at last on customs duties. The place of jurisdiction: Schärding / Ried. Tax, customs and tariff information are not binding." Dim Ausschusstext4 As String = "charged on freight, fees and interests and at last on customs duties. The place of jurisdiction: Schärding / Ried. Tax, customs and tariff information are not binding."
htmlbody = String.Format("Dear {0},<br /><br /> Please follow the Link to reset your password:<br /><br />" + Environment.NewLine + "<a runat=" + "server" + " href=http://" + getdomianenvironment + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + ">http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "</a>" + Environment.NewLine + "<br /><br />Notice:<br /><span style='color: #043381;font-size:14px'><i>The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!</i></span><br / >To resend the E-Mail: <a runat=" + "server" + " href=http://" + getdomianenvironment + "/login/ForgotPW.aspx>http://" + getdomianenvironment + "/login/ForgotPW.aspx</a><br /><br />Kind regards, <br /><span style='color: #043381'><b>VERAG | EDV Support</b></span><br /><span>" + mailpic + "</span><br /><span style='color: #043381'>VERAG Spedition AG | A 4975 Suben, Nr. 100</span><br /><span style='color: #043381'>T.<a href='tel:+43 7711 2777-xx'>+43 7711 2777-xx</a> |<a href='mailto:@support@verag.ag'>support@verag.ag</a> | " + emailnr + "FN xxxxxxx</span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext2 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext3 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext4 + "</i></span><br />", username, password) htmlbody = String.Format("Dear {0},<br /><br /> Please follow the Link to reset your password:<br /><br />" + Environment.NewLine + "<a runat=" + "server" + " href=http://" + getdomianenvironment + "/login/Change_PW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "&Par5=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(email) + ">http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + tokenname + "&Par2=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(username) + "&Par3=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(customerID) + "&Mob=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt("False") + "&Par4=" + VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(theUserID) + "&Par5=" + VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(email) + "</a>" + Environment.NewLine + "<br /><br />Notice:<br /><span style='color: #043381;font-size:14px'><i>The Link is valid for 30 minutes until" + Space(1) + Date.Now.AddMinutes(30).ToString() + Space(1) + "only!</i></span><br / >To resend the E-Mail: <a runat=" + "server" + " href=http://" + getdomianenvironment + "/login/ForgotPW.aspx>http://" + getdomianenvironment + "/login/ForgotPW.aspx</a><br /><br />Kind regards, <br /><span style='color: #043381'><b>VERAG | EDV Support</b></span><br /><span>" + mailpic + "</span><br /><span style='color: #043381'>VERAG Spedition AG | A 4975 Suben, Nr. 100</span><br /><span style='color: #043381'>T.<a href='tel:+43 7711 2777-xx'>+43 7711 2777-xx</a> |<a href='mailto:@support@verag.ag'>support@verag.ag</a> | " + emailnr + "FN xxxxxxx</span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext2 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext3 + "</i></span><br /><span style='color: #043381;font-size:12px'><i>" + Ausschusstext4 + "</i></span><br />", username, password)
ElseIf String.IsNullOrWhiteSpace(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = True Then ElseIf String.IsNullOrWhiteSpace(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = True Then
'MsgBox("Error09:" + Environment.NewLine + "The Domain could not be vaildated. Check Link please or contact the Administrator of the program.") 'MsgBox("Error09:" + Environment.NewLine + "The Domain could not be vaildated. Check Link please or contact the Administrator of the program.")
lblMessage.ForeColor = Color.OrangeRed lblMessage.ForeColor = Color.OrangeRed
@@ -747,25 +748,29 @@ Partial Class ForgotPW
Return "Error in Session ID. It has changed. Please check admin!" Return "Error in Session ID. It has changed. Please check admin!"
End If End If
End Function End Function
Public Function RandomInteger(ByVal min As Integer, ByVal _
max As Integer) As Integer
Dim rand As New RNGCryptoServiceProvider()
Dim one_byte() As Byte = {0}
rand.GetBytes(one_byte)
Return min + (max - min) * (one_byte(0) / 255)
End Function
Function gensaltToken(username As String, password As String, email As String, CustomerID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean, isnewSession As Boolean, theUserID As String) As String Function gensaltToken(username As String, password As String, email As String, CustomerID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean, isnewSession As Boolean, theUserID As String) As String
If isnewSession = False Then If isnewSession = False Then
Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary()) Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary())
Dim Key() As Byte = Guid.NewGuid().ToByteArray() Dim Key() As Byte = Guid.NewGuid().ToByteArray()
Dim token As String Dim token As String
Dim MyMin As Integer = 25, MyMax As Integer = 788755, My1stRandomNumber As Integer, My2ndRandomNumber As Integer
' Create a random number generator
Dim Generator As System.Random = New System.Random()
' Get a random number >= MyMin and <= MyMax Dim intzahl = RandomInteger(Math.Pow(2, 5), Math.Pow(2, 8))
My1stRandomNumber = Generator.Next(MyMin, MyMax + 1) ' Note: Next function returns numbers _less than_ max, so pass in max + 1 to include max as a possible value Dim intzahl2 = RandomInteger(Math.Pow(2, 5), Math.Pow(2, 6))
Dim Rand As Random = New Random
' Get another random number (don't create a new generator, use the same one)
My2ndRandomNumber = Generator.Next(MyMin, MyMax + 1)
If isusrnmright = True And iscstmIDright = True And isemailright = True AndAlso String.IsNullOrEmpty(theUserID) = False Then If isusrnmright = True And iscstmIDright = True And isemailright = True AndAlso String.IsNullOrEmpty(theUserID) = False Then
Try Try
Dim salt As String = VERAG_VARIABLES.GenerateSalt(My1stRandomNumber) Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl)
Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray()) Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray())
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 1991, My1stRandomNumber)) token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 1991, intzahl))
Return token Return token
Catch Ex As Exception Catch Ex As Exception
'Dim Msg, Style, Title As String 'Dim Msg, Style, Title As String
@@ -775,9 +780,9 @@ Partial Class ForgotPW
'MsgBox(Msg, Style, Title) 'MsgBox(Msg, Style, Title)
'If MsgBox(Msg, Style, Title).Retry Then 'If MsgBox(Msg, Style, Title).Retry Then
'genToken(username, password, email) 'genToken(username, password, email)
Dim salt As String = VERAG_VARIABLES.GenerateSalt(My1stRandomNumber) Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl2)
Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray()) Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray())
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 1991, My2ndRandomNumber)) token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 1991, intzahl2))
Return token Return token
End Try End Try
@@ -829,16 +834,16 @@ Partial Class ForgotPW
End Function End Function
'Function RandomString(r As Random, max As Integer) As String Function RandomString(r As Random, max As Integer) As String
'Dim s As String = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!§$%&/?=" Dim s As String = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!§$%&/?="
'Dim sb As New StringBuilder Dim sb As New StringBuilder
'Dim cnt As Integer = r.Next(4, max) Dim cnt As Integer = r.Next(4, max)
'For i As Integer = 1 To cnt For i As Integer = 1 To cnt
'Dim idx As Integer = r.Next(0, s.Length) Dim idx As Integer = r.Next(0, s.Length)
' sb.Append(s.Substring(idx, 1)) sb.Append(s.Substring(idx, 1))
'Next Next
'Return sb.ToString() Return sb.ToString()
'End Function End Function
Protected Sub btn_Testmail_Click(sender As Object, e As EventArgs) Protected Sub btn_Testmail_Click(sender As Object, e As EventArgs)
Dim username As String = "userwithlongername" Dim username As String = "userwithlongername"

12
newpageJulius_Sidebar.aspx
View File

@@ -164,23 +164,23 @@
background-repeat: no-repeat; background-repeat: no-repeat;
background-attachment:fixed; background-attachment:fixed;
background-size:cover; background-size:cover;
width:385.98px; width:388.98px;
/* background-color:#043381;*/ /* background-color:#043381;*/
} }
#content{ #content{
width:385.98px; width:390.98px;
} }
frame2{ frame2{
width:385.98px; width:390.98px;
} }
leftLinks{ leftLinks{
width:385.98px; width:390.98px;
} }
#main_page{ #main_page{
width:385.98px; width:390.98px;
} }
#content_all{ #content_all{
width:385.98px; width:390.98px;
} }
} }
@media (max-width: 323px){ @media (max-width: 323px){