edv/VERAG_Homepage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Änderungen

Browse Source
This commit is contained in:
ja
2021-11-12 17:02:30 +01:00
parent 538c7a74c9
commit bdf8692deb
3 changed files with 106 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
login/Change_PW.aspx.vb
View File

@@ -25,6 +25,7 @@ Partial Class login_Change_PW
' cmd.CommandType = CommandType.StoredProcedure ' cmd.CommandType = CommandType.StoredProcedure
Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par2")) Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par2"))
Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")) Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3"))
Dim decr As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par1"))
cmd.Parameters.AddWithValue("@Username", usrname) cmd.Parameters.AddWithValue("@Username", usrname)
cmd.Parameters.AddWithValue("@KundenNr", UsrID) cmd.Parameters.AddWithValue("@KundenNr", UsrID)
cmd.Connection = con cmd.Connection = con
@@ -33,8 +34,8 @@ Partial Class login_Change_PW
Dim dr As SqlDataReader = cmd.ExecuteReader() Dim dr As SqlDataReader = cmd.ExecuteReader()
If dr.HasRows Then If dr.HasRows Then
dr.Read() dr.Read()
If VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1")) = Not Nothing Then If String.IsNullOrEmpty(usrname) = False Then
If getDateoftoken(VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1"))) = True AndAlso usrname = dr("Username") AndAlso UsrID = dr("KundenNr") Then If getDateoftoken(decr) = True AndAlso usrname = dr("Username") AndAlso UsrID = dr("KundenNr") Then
Try Try
If IsPostBack Then If IsPostBack Then
@@ -89,28 +90,35 @@ Partial Class login_Change_PW
End Sub End Sub
Function getDateoftoken(tokenname As String) As Boolean Function getDateoftoken(tokenname As String) As Boolean
Dim data() As Byte = Convert.FromBase64String(VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(tokenname)) Dim data() As Byte = Convert.FromBase64String(tokenname)
Dim wenn As DateTime = DateTime.FromBinary(BitConverter.ToInt64(data, 0)) Dim wenn As DateTime = DateTime.FromBinary(BitConverter.ToInt64(data, 0))
Dim nameoftoken = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(tokenname) Dim nameoftoken = tokenname
If wenn < DateTime.UtcNow.AddMinutes(-30) Then If wenn < DateTime.UtcNow.AddMinutes(-30) Then
nameoftoken = String.Empty nameoftoken = String.Empty
If VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Mob").ToString()) = "True" Then tokenname = nameoftoken
VERAG_VARIABLES.seterrorcount(101)
lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb + "Token ist zu alt oder wurde nicht gefunden!" + Environment.NewLine + "Bitte erneut eine E-mail zusenden!"
ElseIf VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Mob").ToString()) = "False" Then
VERAG_VARIABLES.seterrorcount(101)
lbl_messagetext_M.Text = VERAG_VARIABLES.geterrornumb + "Token ist zu alt oder wurde nicht gefunden!" + Environment.NewLine + "Bitte erneut eine E-mail zusenden!"
End If
'MsgBox("Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!") 'MsgBox("Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!")
lbl_messagetext.Text = "Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!"
Session.Remove("TokenforEmail") Session.Remove("TokenforEmail")
Return False Return True
ElseIf nameoftoken = "Error04" Then ElseIf nameoftoken = "Error04" Then
nameoftoken = String.Empty nameoftoken = String.Empty
tokenname = nameoftoken
Session.Remove("TokenforEmail") Session.Remove("TokenforEmail")
Return False Return True
ElseIf nameoftoken = "NotYet" Then ElseIf nameoftoken = "NotYet" Then
Return True Return True
ElseIf nameoftoken = "Error in Session ID. It has changed. Please check admin!" Then
' Dim mailto As String = "support@verag.ag"
Dim mailto As String = "ja@verag.ag"
Dim htmlbody As String = String.Empty
VERAG_VARIABLES.seterrorcount(500)
Dim Betreff As String = "Session ID" + VERAG_VARIABLES.geterrornumb
htmlbody = "<p> Der User " + VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par2")) + "hat eine ungültige oder geänderte Session-ID </p> <table><th><td>User</td></th><th><td>neue ID</td></th><tr><td>" + VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par2")) + "</td><td>" + Session.SessionID + "</td></tr></table>"
VERAG_PROG_ALLGEMEIN.cProgramFunctions.sendMail(mailto, Betreff, htmlbody)
Return False
Else Else
Return True Return True
End If End If
@@ -337,7 +345,7 @@ Partial Class login_Change_PW
Dim dr As SqlDataReader = cmd.ExecuteReader() Dim dr As SqlDataReader = cmd.ExecuteReader()
If dr.HasRows Then If dr.HasRows Then
dr.Read() dr.Read()
If txt_Pw_M.Text = Not dr("Password").ToString Or txt_Pw_WH_M.Text = Not dr("Password").ToString Then If Not txt_Pw_M.Text = dr("Password").ToString Or Not txt_Pw_WH_M.Text = dr("Password").ToString Then
tempstr = txt_Pw_M.Text tempstr = txt_Pw_M.Text
Else Else
lbl_messagetext_M.ForeColor = Drawing.Color.Red lbl_messagetext_M.ForeColor = Drawing.Color.Red
@@ -364,6 +372,7 @@ Partial Class login_Change_PW
'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;" 'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
End If End If
Using con As New SqlConnection(ConnectionString) Using con As New SqlConnection(ConnectionString)
con.Open()
Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET Password=@Password WHERE Username=@Username AND KundenNr=@KundenNr") Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET Password=@Password WHERE Username=@Username AND KundenNr=@KundenNr")
' cmd.CommandType = CommandType.StoredProcedure ' cmd.CommandType = CommandType.StoredProcedure
cmd.Parameters.AddWithValue("@Username", usrname) cmd.Parameters.AddWithValue("@Username", usrname)
@@ -374,6 +383,7 @@ Partial Class login_Change_PW
regexval_txt_Pw_M.ForeColor = Drawing.Color.Green regexval_txt_Pw_M.ForeColor = Drawing.Color.Green
regexval_txt_Pw_M.Text = "Passwort wurde erfolgreich geändert!" regexval_txt_Pw_M.Text = "Passwort wurde erfolgreich geändert!"
End Using End Using
con.Close()
End Using End Using
Catch ex As Exception Catch ex As Exception
lbl_messagetext_M.Text = ex.Message lbl_messagetext_M.Text = ex.Message

18
login/ForgotPW.aspx.vb
View File

@@ -195,7 +195,7 @@ Partial Class ForgotPW
tokenname = Session.Item("TokenforEmail") tokenname = Session.Item("TokenforEmail")
End If End If
If SendEmail(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession) = True Then If SendEmail(username, password, email, tokenname, customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession) = True Then
'password = RandomString(New Random, 10) 'password = RandomString(New Random, 10)
If (getDateoftoken(tokenname) = True) Then If (getDateoftoken(tokenname) = True) Then
'Dim msgboxstyle = vbDefaultButton1 + vbOK 'Dim msgboxstyle = vbDefaultButton1 + vbOK
@@ -220,7 +220,7 @@ Partial Class ForgotPW
'MsgBox("Mail would be sent successfully!") 'MsgBox("Mail would be sent successfully!")
lblMessage.ForeColor = Color.Green lblMessage.ForeColor = Color.Green
lblMessage.Text = "The password has been sent sucessfully on the given valid e-mail address." lblMessage.Text = "The password has been sent sucessfully on the given valid e-mail address."
ElseIf SendEmail(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession) = True Then ElseIf SendEmail(username, password, email, tokenname, customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession) = True Then
'MsgBox("Mail would not be sent successfully!") 'MsgBox("Mail would not be sent successfully!")
lblMessage.ForeColor = Color.Red lblMessage.ForeColor = Color.Red
If String.IsNullOrWhiteSpace(username) = True Then If String.IsNullOrWhiteSpace(username) = True Then
@@ -428,7 +428,7 @@ Partial Class ForgotPW
tokenname = Session.Item("TokenforEmail") tokenname = Session.Item("TokenforEmail")
End If End If
If SendEmail_M(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession) = True Then If SendEmail_M(username, password, email, tokenname, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession) = True Then
'password = RandomString(New Random, 10) 'password = RandomString(New Random, 10)
If (getDateoftoken(tokenname) = True) Then If (getDateoftoken(tokenname) = True) Then
'Dim msgboxstyle = vbDefaultButton1 + vbOK 'Dim msgboxstyle = vbDefaultButton1 + vbOK
@@ -453,7 +453,7 @@ Partial Class ForgotPW
'MsgBox("Mail would be sent successfully!") 'MsgBox("Mail would be sent successfully!")
lblMessage_M.ForeColor = Color.Green lblMessage_M.ForeColor = Color.Green
lblMessage_M.Text = "The password has been sent sucessfully on the given valid e-mail address." lblMessage_M.Text = "The password has been sent sucessfully on the given valid e-mail address."
ElseIf SendEmail_M(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession) = True Then ElseIf SendEmail_M(username, password, email, tokenname, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession) = True Then
'MsgBox("Mail would not be sent successfully!") 'MsgBox("Mail would not be sent successfully!")
lblMessage_M.ForeColor = Color.Red lblMessage_M.ForeColor = Color.Red
If String.IsNullOrWhiteSpace(username) = True Then If String.IsNullOrWhiteSpace(username) = True Then
@@ -647,7 +647,7 @@ Partial Class ForgotPW
Else Else
tokenname = Session.Item("TokenforEmail").ToString() tokenname = Session.Item("TokenforEmail").ToString()
End If End If
VERAG_PROG_ALLGEMEIN.cProgramFunctions.sendMail(mailto, Betreff, htmlbody, tokenname) VERAG_PROG_ALLGEMEIN.cProgramFunctions.sendMail(mailto, Betreff, htmlbody)
Return True Return True
End If End If
Catch ex As Exception Catch ex As Exception
@@ -668,7 +668,7 @@ Partial Class ForgotPW
Dim token As String Dim token As String
If isusrnmright = True And iscstmIDright = True And isemailright = True Then If isusrnmright = True And iscstmIDright = True And isemailright = True Then
Try Try
token = VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(Convert.ToBase64String(time.Concat(Key).ToArray())) token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(Convert.ToBase64String(time.Concat(Key).ToArray()))
Return token Return token
Catch Ex As Exception Catch Ex As Exception
Dim Msg, Style, Title As String Dim Msg, Style, Title As String
@@ -679,7 +679,7 @@ Partial Class ForgotPW
'If MsgBox(Msg, Style, Title).Retry Then 'If MsgBox(Msg, Style, Title).Retry Then
'genToken(username, password, email) 'genToken(username, password, email)
token = VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(Convert.ToBase64String(time.Concat(Key).ToArray())) token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(Convert.ToBase64String(time.Concat(Key).ToArray()))
If SendEmail(username, password, email, token, CustomerID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession) = True Then If SendEmail(username, password, email, token, CustomerID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession) = True Then
'MsgBox("Email could not been sent because of an internal encryption error.", vbOK + vbInformation + vbDefaultButton1, "Token-Generation Error") 'MsgBox("Email could not been sent because of an internal encryption error.", vbOK + vbInformation + vbDefaultButton1, "Token-Generation Error")
Else Else
@@ -707,9 +707,9 @@ Partial Class ForgotPW
End Function End Function
Function getDateoftoken(tokenname As String) As Boolean Function getDateoftoken(tokenname As String) As Boolean
Dim data() As Byte = Convert.FromBase64String(VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname)) Dim data() As Byte = Convert.FromBase64String(VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(tokenname))
Dim wenn As DateTime = DateTime.FromBinary(BitConverter.ToInt64(data, 0)) Dim wenn As DateTime = DateTime.FromBinary(BitConverter.ToInt64(data, 0))
Dim nameoftoken = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname) Dim nameoftoken = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(tokenname)
If wenn < DateTime.UtcNow.AddMinutes(-30) Then If wenn < DateTime.UtcNow.AddMinutes(-30) Then
nameoftoken = String.Empty nameoftoken = String.Empty
tokenname = nameoftoken tokenname = nameoftoken