diff --git a/login/Change_PW.aspx.vb b/login/Change_PW.aspx.vb index 3e50ce0..8745983 100644 --- a/login/Change_PW.aspx.vb +++ b/login/Change_PW.aspx.vb @@ -25,6 +25,7 @@ Partial Class login_Change_PW ' cmd.CommandType = CommandType.StoredProcedure Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par2")) Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")) + Dim decr As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par1")) cmd.Parameters.AddWithValue("@Username", usrname) cmd.Parameters.AddWithValue("@KundenNr", UsrID) cmd.Connection = con @@ -33,8 +34,8 @@ Partial Class login_Change_PW Dim dr As SqlDataReader = cmd.ExecuteReader() If dr.HasRows Then dr.Read() - If VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1")) = Not Nothing Then - If getDateoftoken(VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1"))) = True AndAlso usrname = dr("Username") AndAlso UsrID = dr("KundenNr") Then + If String.IsNullOrEmpty(usrname) = False Then + If getDateoftoken(decr) = True AndAlso usrname = dr("Username") AndAlso UsrID = dr("KundenNr") Then Try If IsPostBack Then @@ -89,28 +90,35 @@ Partial Class login_Change_PW End Sub Function getDateoftoken(tokenname As String) As Boolean - Dim data() As Byte = Convert.FromBase64String(VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(tokenname)) + Dim data() As Byte = Convert.FromBase64String(tokenname) Dim wenn As DateTime = DateTime.FromBinary(BitConverter.ToInt64(data, 0)) - Dim nameoftoken = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(tokenname) + Dim nameoftoken = tokenname If wenn < DateTime.UtcNow.AddMinutes(-30) Then nameoftoken = String.Empty - If VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Mob").ToString()) = "True" Then - VERAG_VARIABLES.seterrorcount(101) - lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb + "Token ist zu alt oder wurde nicht gefunden!" + Environment.NewLine + "Bitte erneut eine E-mail zusenden!" - ElseIf VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Mob").ToString()) = "False" Then - VERAG_VARIABLES.seterrorcount(101) - lbl_messagetext_M.Text = VERAG_VARIABLES.geterrornumb + "Token ist zu alt oder wurde nicht gefunden!" + Environment.NewLine + "Bitte erneut eine E-mail zusenden!" - End If + tokenname = nameoftoken 'MsgBox("Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!") + lbl_messagetext.Text = "Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!" Session.Remove("TokenforEmail") - Return False + Return True ElseIf nameoftoken = "Error04" Then nameoftoken = String.Empty + tokenname = nameoftoken Session.Remove("TokenforEmail") - Return False + Return True ElseIf nameoftoken = "NotYet" Then Return True + ElseIf nameoftoken = "Error in Session ID. It has changed. Please check admin!" Then + ' Dim mailto As String = "support@verag.ag" + Dim mailto As String = "ja@verag.ag" + Dim htmlbody As String = String.Empty + VERAG_VARIABLES.seterrorcount(500) + Dim Betreff As String = "Session ID" + VERAG_VARIABLES.geterrornumb + + htmlbody = "

Der User " + VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par2")) + "hat eine ungültige oder geänderte Session-ID

Userneue ID
" + VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par2")) + "" + Session.SessionID + "
" + + VERAG_PROG_ALLGEMEIN.cProgramFunctions.sendMail(mailto, Betreff, htmlbody) + Return False Else Return True End If @@ -337,7 +345,7 @@ Partial Class login_Change_PW Dim dr As SqlDataReader = cmd.ExecuteReader() If dr.HasRows Then dr.Read() - If txt_Pw_M.Text = Not dr("Password").ToString Or txt_Pw_WH_M.Text = Not dr("Password").ToString Then + If Not txt_Pw_M.Text = dr("Password").ToString Or Not txt_Pw_WH_M.Text = dr("Password").ToString Then tempstr = txt_Pw_M.Text Else lbl_messagetext_M.ForeColor = Drawing.Color.Red @@ -364,6 +372,7 @@ Partial Class login_Change_PW 'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;" End If Using con As New SqlConnection(ConnectionString) + con.Open() Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET Password=@Password WHERE Username=@Username AND KundenNr=@KundenNr") ' cmd.CommandType = CommandType.StoredProcedure cmd.Parameters.AddWithValue("@Username", usrname) @@ -374,6 +383,7 @@ Partial Class login_Change_PW regexval_txt_Pw_M.ForeColor = Drawing.Color.Green regexval_txt_Pw_M.Text = "Passwort wurde erfolgreich geändert!" End Using + con.Close() End Using Catch ex As Exception lbl_messagetext_M.Text = ex.Message diff --git a/login/ForgotPW.aspx b/login/ForgotPW.aspx index ec4b2c1..e214e0c 100644 --- a/login/ForgotPW.aspx +++ b/login/ForgotPW.aspx @@ -315,7 +315,7 @@ - + diff --git a/login/ForgotPW.aspx.vb b/login/ForgotPW.aspx.vb index fd5551c..2593ba7 100644 --- a/login/ForgotPW.aspx.vb +++ b/login/ForgotPW.aspx.vb @@ -195,7 +195,7 @@ Partial Class ForgotPW tokenname = Session.Item("TokenforEmail") End If - If SendEmail(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession) = True Then + If SendEmail(username, password, email, tokenname, customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession) = True Then 'password = RandomString(New Random, 10) If (getDateoftoken(tokenname) = True) Then 'Dim msgboxstyle = vbDefaultButton1 + vbOK @@ -220,7 +220,7 @@ Partial Class ForgotPW 'MsgBox("Mail would be sent successfully!") lblMessage.ForeColor = Color.Green lblMessage.Text = "The password has been sent sucessfully on the given valid e-mail address." - ElseIf SendEmail(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession) = True Then + ElseIf SendEmail(username, password, email, tokenname, customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession) = True Then 'MsgBox("Mail would not be sent successfully!") lblMessage.ForeColor = Color.Red If String.IsNullOrWhiteSpace(username) = True Then @@ -251,85 +251,85 @@ Partial Class ForgotPW Protected Sub btn_Send_M_Click(sender As Object, e As EventArgs) Dim username As String = String.Empty - Dim password As String = String.Empty - Dim email As String = String.Empty - Dim tokenname As String = String.Empty - Dim customerID As String = String.Empty - Dim isusernameright As Boolean = False - Dim isuserIDright As Boolean = False - Dim isuserEmailright As Boolean = False - 'Mobil - If String.IsNullOrEmpty(txtEmail_M.Text) = False And String.IsNullOrEmpty(txt_Username_M.Text) = False And String.IsNullOrEmpty(txt_CustomerID_M.Text) = False And String.IsNullOrEmpty(txtEmail.Text) = True And String.IsNullOrEmpty(txt_Username.Text) = True And String.IsNullOrEmpty(txt_CustomerID.Text) = True Then - valreqtxtusername.Enabled = False - valreqtxtEmail.Enabled = False - regexval_txt_Email_2.Enabled = False - regexval_txt_Email.Enabled = False - check_UserName_regex.Enabled = False - CustomerIDrequired.Enabled = False - valid_getNumberInput.Enabled = False + Dim password As String = String.Empty + Dim email As String = String.Empty + Dim tokenname As String = String.Empty + Dim customerID As String = String.Empty + Dim isusernameright As Boolean = False + Dim isuserIDright As Boolean = False + Dim isuserEmailright As Boolean = False + 'Mobil + If String.IsNullOrEmpty(txtEmail_M.Text) = False And String.IsNullOrEmpty(txt_Username_M.Text) = False And String.IsNullOrEmpty(txt_CustomerID_M.Text) = False And String.IsNullOrEmpty(txtEmail.Text) = True And String.IsNullOrEmpty(txt_Username.Text) = True And String.IsNullOrEmpty(txt_CustomerID.Text) = True Then + valreqtxtusername.Enabled = False + valreqtxtEmail.Enabled = False + regexval_txt_Email_2.Enabled = False + regexval_txt_Email.Enabled = False + check_UserName_regex.Enabled = False + CustomerIDrequired.Enabled = False + valid_getNumberInput.Enabled = False - regexval_2_txt_Email_M.Enabled = True - regexval_txt_Email_M.Enabled = True - valreqtxtEmail_M.Enabled = True - valreqtxtusername_M.Enabled = True - check_UserName_regex_M.Enabled = True - CustomerID_M_required.Enabled = True - valid_getNumber_M_Input.Enabled = True + regexval_2_txt_Email_M.Enabled = True + regexval_txt_Email_M.Enabled = True + valreqtxtEmail_M.Enabled = True + valreqtxtusername_M.Enabled = True + check_UserName_regex_M.Enabled = True + CustomerID_M_required.Enabled = True + valid_getNumber_M_Input.Enabled = True - valreqtxtEmail_M.Validate() - If valreqtxtEmail_M.IsValid = True Then - regexval_txt_Email_M.Validate() - If regexval_txt_Email_M.IsValid = True Then - regexval_txt_Email_M.ForeColor = Drawing.Color.OrangeRed - VERAG_VARIABLES.seterrorcount(15) - regexval_txt_Email_M.ErrorMessage = VERAG_VARIABLES.geterrornumb + "The Domain does not match." - regexval_2_txt_Email_M.Validate() - If regexval_2_txt_Email_M.IsValid = True Then - email = txtEmail_M.Text - lblMessage_M.ForeColor = Drawing.Color.Lime - lblMessage_M.Text = "E-mail Address valid." - End If - Else - regexval_txt_Email.Validate() - If regexval_2_txt_Email_M.IsValid = True Then - lblMessage_M.ForeColor = Drawing.Color.Lime - lblMessage_M.Text = "E-mail Address valid." - email = txtEmail_M.Text - End If - End If - End If - - CustomerID_M_required.Validate() - If CustomerID_M_required.IsValid = True Then - valid_getNumber_M_Input.Validate() - If valid_getNumber_M_Input.IsValid = True Then - customerID = txt_CustomerID_M.Text - Else - lblMessage_M.ForeColor = Drawing.Color.Red - VERAG_VARIABLES.seterrorcount(16) - lblMessage_M.Text = VERAG_VARIABLES.geterrornumb + "Customer-ID is not numeric or too long." - End If - End If - - valreqtxtusername_M.Validate() - If valreqtxtusername_M.IsValid = True Then - check_UserName_regex_M.Validate() - If check_UserName_regex_M.IsValid = False Then - check_UserName_regex_M.ForeColor = Drawing.Color.Red - VERAG_VARIABLES.seterrorcount(17) - check_UserName_regex_M.ErrorMessage = VERAG_VARIABLES.geterrornumb + "The Username is too long." - Else - username = txt_Username_M.Text + valreqtxtEmail_M.Validate() + If valreqtxtEmail_M.IsValid = True Then + regexval_txt_Email_M.Validate() + If regexval_txt_Email_M.IsValid = True Then + regexval_txt_Email_M.ForeColor = Drawing.Color.OrangeRed + VERAG_VARIABLES.seterrorcount(15) + regexval_txt_Email_M.ErrorMessage = VERAG_VARIABLES.geterrornumb + "The Domain does not match." + regexval_2_txt_Email_M.Validate() + If regexval_2_txt_Email_M.IsValid = True Then + email = txtEmail_M.Text lblMessage_M.ForeColor = Drawing.Color.Lime - lblMessage_M.Text = "Valid Username has been entered." + lblMessage_M.Text = "E-mail Address valid." + End If + Else + regexval_txt_Email.Validate() + If regexval_2_txt_Email_M.IsValid = True Then + lblMessage_M.ForeColor = Drawing.Color.Lime + lblMessage_M.Text = "E-mail Address valid." + email = txtEmail_M.Text End If End If - Else - 'MsgBox("The form has not been filled completeley.", MsgBoxStyle.Critical, "Error08") - lblMessage_M.ForeColor = Color.Red - lblMessage_M.Text = "Error 08. The form has not been filled completeley." End If + CustomerID_M_required.Validate() + If CustomerID_M_required.IsValid = True Then + valid_getNumber_M_Input.Validate() + If valid_getNumber_M_Input.IsValid = True Then + customerID = txt_CustomerID_M.Text + Else + lblMessage_M.ForeColor = Drawing.Color.Red + VERAG_VARIABLES.seterrorcount(16) + lblMessage_M.Text = VERAG_VARIABLES.geterrornumb + "Customer-ID is not numeric or too long." + End If + End If + + valreqtxtusername_M.Validate() + If valreqtxtusername_M.IsValid = True Then + check_UserName_regex_M.Validate() + If check_UserName_regex_M.IsValid = False Then + check_UserName_regex_M.ForeColor = Drawing.Color.Red + VERAG_VARIABLES.seterrorcount(17) + check_UserName_regex_M.ErrorMessage = VERAG_VARIABLES.geterrornumb + "The Username is too long." + Else + username = txt_Username_M.Text + lblMessage_M.ForeColor = Drawing.Color.Lime + lblMessage_M.Text = "Valid Username has been entered." + End If + End If + Else + 'MsgBox("The form has not been filled completeley.", MsgBoxStyle.Critical, "Error08") + lblMessage_M.ForeColor = Color.Red + lblMessage_M.Text = "Error 08. The form has not been filled completeley." + End If + 'Erweiterte Degub Msg-Box 'MsgBox("Userdaten in App" + Environment.NewLine + email + Environment.NewLine + username + Environment.NewLine + "Userdaten desktop" + txt_Username.Text + Environment.NewLine + txtEmail.Text + Environment.NewLine + "Userdaten Mobil:" + Environment.NewLine + txtEmail_M.Text + Environment.NewLine + txt_Username_M.Text) If String.IsNullOrEmpty(tokenname) = True And String.IsNullOrEmpty(password) = True Then @@ -428,7 +428,7 @@ Partial Class ForgotPW tokenname = Session.Item("TokenforEmail") End If - If SendEmail_M(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession) = True Then + If SendEmail_M(username, password, email, tokenname, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession) = True Then 'password = RandomString(New Random, 10) If (getDateoftoken(tokenname) = True) Then 'Dim msgboxstyle = vbDefaultButton1 + vbOK @@ -453,7 +453,7 @@ Partial Class ForgotPW 'MsgBox("Mail would be sent successfully!") lblMessage_M.ForeColor = Color.Green lblMessage_M.Text = "The password has been sent sucessfully on the given valid e-mail address." - ElseIf SendEmail_M(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession) = True Then + ElseIf SendEmail_M(username, password, email, tokenname, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession) = True Then 'MsgBox("Mail would not be sent successfully!") lblMessage_M.ForeColor = Color.Red If String.IsNullOrWhiteSpace(username) = True Then @@ -647,7 +647,7 @@ Partial Class ForgotPW Else tokenname = Session.Item("TokenforEmail").ToString() End If - VERAG_PROG_ALLGEMEIN.cProgramFunctions.sendMail(mailto, Betreff, htmlbody, tokenname) + VERAG_PROG_ALLGEMEIN.cProgramFunctions.sendMail(mailto, Betreff, htmlbody) Return True End If Catch ex As Exception @@ -668,7 +668,7 @@ Partial Class ForgotPW Dim token As String If isusrnmright = True And iscstmIDright = True And isemailright = True Then Try - token = VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(Convert.ToBase64String(time.Concat(Key).ToArray())) + token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(Convert.ToBase64String(time.Concat(Key).ToArray())) Return token Catch Ex As Exception Dim Msg, Style, Title As String @@ -679,7 +679,7 @@ Partial Class ForgotPW 'If MsgBox(Msg, Style, Title).Retry Then 'genToken(username, password, email) - token = VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(Convert.ToBase64String(time.Concat(Key).ToArray())) + token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(Convert.ToBase64String(time.Concat(Key).ToArray())) If SendEmail(username, password, email, token, CustomerID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession) = True Then 'MsgBox("Email could not been sent because of an internal encryption error.", vbOK + vbInformation + vbDefaultButton1, "Token-Generation Error") Else @@ -707,9 +707,9 @@ Partial Class ForgotPW End Function Function getDateoftoken(tokenname As String) As Boolean - Dim data() As Byte = Convert.FromBase64String(VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname)) + Dim data() As Byte = Convert.FromBase64String(VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(tokenname)) Dim wenn As DateTime = DateTime.FromBinary(BitConverter.ToInt64(data, 0)) - Dim nameoftoken = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname) + Dim nameoftoken = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(tokenname) If wenn < DateTime.UtcNow.AddMinutes(-30) Then nameoftoken = String.Empty tokenname = nameoftoken