Änderungen

login/Change_PW.aspx.vb

@@ -25,6 +25,7 @@ Partial Class login_Change_PW
                 ' cmd.CommandType = CommandType.StoredProcedure
                 Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par2"))
                 Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3"))
+                Dim decr As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par1"))
                 cmd.Parameters.AddWithValue("@Username", usrname)
                 cmd.Parameters.AddWithValue("@KundenNr", UsrID)
                 cmd.Connection = con
@@ -33,8 +34,8 @@ Partial Class login_Change_PW
                 Dim dr As SqlDataReader = cmd.ExecuteReader()
                 If dr.HasRows Then
                     dr.Read()
-                    If VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1")) = Not Nothing Then
-                        If getDateoftoken(VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1"))) = True AndAlso usrname = dr("Username") AndAlso UsrID = dr("KundenNr") Then
+                    If String.IsNullOrEmpty(usrname) = False Then
+                        If getDateoftoken(decr) = True AndAlso usrname = dr("Username") AndAlso UsrID = dr("KundenNr") Then
                             Try
 
                                 If IsPostBack Then
@@ -89,28 +90,35 @@ Partial Class login_Change_PW
     End Sub
 
     Function getDateoftoken(tokenname As String) As Boolean
-        Dim data() As Byte = Convert.FromBase64String(VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(tokenname))
+        Dim data() As Byte = Convert.FromBase64String(tokenname)
         Dim wenn As DateTime = DateTime.FromBinary(BitConverter.ToInt64(data, 0))
-        Dim nameoftoken = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(tokenname)
+        Dim nameoftoken = tokenname
         If wenn < DateTime.UtcNow.AddMinutes(-30) Then
             nameoftoken = String.Empty
-            If VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Mob").ToString()) = "True" Then
-                VERAG_VARIABLES.seterrorcount(101)
-                lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb + "Token ist zu alt oder wurde nicht gefunden!" + Environment.NewLine + "Bitte erneut eine E-mail zusenden!"
-            ElseIf VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Mob").ToString()) = "False" Then
-                VERAG_VARIABLES.seterrorcount(101)
-                lbl_messagetext_M.Text = VERAG_VARIABLES.geterrornumb + "Token ist zu alt oder wurde nicht gefunden!" + Environment.NewLine + "Bitte erneut eine E-mail zusenden!"
-            End If
+            tokenname = nameoftoken
             'MsgBox("Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!")
+            lbl_messagetext.Text = "Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!"
 
             Session.Remove("TokenforEmail")
-            Return False
+            Return True
         ElseIf nameoftoken = "Error04" Then
             nameoftoken = String.Empty
+            tokenname = nameoftoken
             Session.Remove("TokenforEmail")
-            Return False
+            Return True
         ElseIf nameoftoken = "NotYet" Then
             Return True
+        ElseIf nameoftoken = "Error in Session ID. It has changed. Please check admin!" Then
+            ' Dim mailto As String = "support@verag.ag"
+            Dim mailto As String = "ja@verag.ag"
+            Dim htmlbody As String = String.Empty
+            VERAG_VARIABLES.seterrorcount(500)
+            Dim Betreff As String = "Session ID" + VERAG_VARIABLES.geterrornumb
+
+            htmlbody = "<p> Der User " + VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par2")) + "hat eine ungültige oder geänderte Session-ID </p> <table><th><td>User</td></th><th><td>neue ID</td></th><tr><td>" + VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par2")) + "</td><td>" + Session.SessionID + "</td></tr></table>"
+
+            VERAG_PROG_ALLGEMEIN.cProgramFunctions.sendMail(mailto, Betreff, htmlbody)
+            Return False
         Else
             Return True
         End If
@@ -337,7 +345,7 @@ Partial Class login_Change_PW
                         Dim dr As SqlDataReader = cmd.ExecuteReader()
                         If dr.HasRows Then
                             dr.Read()
-                            If txt_Pw_M.Text = Not dr("Password").ToString Or txt_Pw_WH_M.Text = Not dr("Password").ToString Then
+                            If Not txt_Pw_M.Text = dr("Password").ToString Or Not txt_Pw_WH_M.Text = dr("Password").ToString Then
                                 tempstr = txt_Pw_M.Text
                             Else
                                 lbl_messagetext_M.ForeColor = Drawing.Color.Red
@@ -364,6 +372,7 @@ Partial Class login_Change_PW
                         'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
                     End If
                     Using con As New SqlConnection(ConnectionString)
+                        con.Open()
                         Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET Password=@Password WHERE Username=@Username AND KundenNr=@KundenNr")
                             ' cmd.CommandType = CommandType.StoredProcedure
                             cmd.Parameters.AddWithValue("@Username", usrname)
@@ -374,6 +383,7 @@ Partial Class login_Change_PW
                             regexval_txt_Pw_M.ForeColor = Drawing.Color.Green
                             regexval_txt_Pw_M.Text = "Passwort wurde erfolgreich geändert!"
                         End Using
+                        con.Close()
                     End Using
                 Catch ex As Exception
                     lbl_messagetext_M.Text = ex.Message