edv/VERAG_Homepage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Änderungen

Browse Source
This commit is contained in:
ja
2021-11-12 17:02:30 +01:00
parent 538c7a74c9
commit bdf8692deb
3 changed files with 106 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
login/Change_PW.aspx.vb
View File

@@ -25,6 +25,7 @@ Partial Class login_Change_PW
' cmd.CommandType = CommandType.StoredProcedure
Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par2"))
Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3"))
Dim decr As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par1"))
cmd.Parameters.AddWithValue("@Username", usrname)
cmd.Parameters.AddWithValue("@KundenNr", UsrID)
cmd.Connection = con
@@ -33,8 +34,8 @@ Partial Class login_Change_PW
Dim dr As SqlDataReader = cmd.ExecuteReader()
If dr.HasRows Then
dr.Read()
If VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1")) = Not Nothing Then
If getDateoftoken(VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1"))) = True AndAlso usrname = dr("Username") AndAlso UsrID = dr("KundenNr") Then
If String.IsNullOrEmpty(usrname) = False Then
If getDateoftoken(decr) = True AndAlso usrname = dr("Username") AndAlso UsrID = dr("KundenNr") Then
Try
If IsPostBack Then
@@ -89,28 +90,35 @@ Partial Class login_Change_PW
End Sub
Function getDateoftoken(tokenname As String) As Boolean
Dim data() As Byte = Convert.FromBase64String(VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(tokenname))
Dim data() As Byte = Convert.FromBase64String(tokenname)
Dim wenn As DateTime = DateTime.FromBinary(BitConverter.ToInt64(data, 0))
Dim nameoftoken = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(tokenname)
Dim nameoftoken = tokenname
If wenn < DateTime.UtcNow.AddMinutes(-30) Then
nameoftoken = String.Empty
If VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Mob").ToString()) = "True" Then
VERAG_VARIABLES.seterrorcount(101)
lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb + "Token ist zu alt oder wurde nicht gefunden!" + Environment.NewLine + "Bitte erneut eine E-mail zusenden!"
ElseIf VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Mob").ToString()) = "False" Then
VERAG_VARIABLES.seterrorcount(101)
lbl_messagetext_M.Text = VERAG_VARIABLES.geterrornumb + "Token ist zu alt oder wurde nicht gefunden!" + Environment.NewLine + "Bitte erneut eine E-mail zusenden!"
End If
tokenname = nameoftoken
'MsgBox("Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!")
lbl_messagetext.Text = "Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!"
Session.Remove("TokenforEmail")
Return False
Return True
ElseIf nameoftoken = "Error04" Then
nameoftoken = String.Empty
tokenname = nameoftoken
Session.Remove("TokenforEmail")
Return False
Return True
ElseIf nameoftoken = "NotYet" Then
Return True
ElseIf nameoftoken = "Error in Session ID. It has changed. Please check admin!" Then
' Dim mailto As String = "support@verag.ag"
Dim mailto As String = "ja@verag.ag"
Dim htmlbody As String = String.Empty
VERAG_VARIABLES.seterrorcount(500)
Dim Betreff As String = "Session ID" + VERAG_VARIABLES.geterrornumb
htmlbody = "<p> Der User " + VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par2")) + "hat eine ungültige oder geänderte Session-ID </p> <table><th><td>User</td></th><th><td>neue ID</td></th><tr><td>" + VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par2")) + "</td><td>" + Session.SessionID + "</td></tr></table>"
VERAG_PROG_ALLGEMEIN.cProgramFunctions.sendMail(mailto, Betreff, htmlbody)
Return False
Else
Return True
End If
@@ -337,7 +345,7 @@ Partial Class login_Change_PW
Dim dr As SqlDataReader = cmd.ExecuteReader()
If dr.HasRows Then
dr.Read()
If txt_Pw_M.Text = Not dr("Password").ToString Or txt_Pw_WH_M.Text = Not dr("Password").ToString Then
If Not txt_Pw_M.Text = dr("Password").ToString Or Not txt_Pw_WH_M.Text = dr("Password").ToString Then
tempstr = txt_Pw_M.Text
Else
lbl_messagetext_M.ForeColor = Drawing.Color.Red
@@ -364,6 +372,7 @@ Partial Class login_Change_PW
'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
End If
Using con As New SqlConnection(ConnectionString)
con.Open()
Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET Password=@Password WHERE Username=@Username AND KundenNr=@KundenNr")
' cmd.CommandType = CommandType.StoredProcedure
cmd.Parameters.AddWithValue("@Username", usrname)
@@ -374,6 +383,7 @@ Partial Class login_Change_PW
regexval_txt_Pw_M.ForeColor = Drawing.Color.Green
regexval_txt_Pw_M.Text = "Passwort wurde erfolgreich geändert!"
End Using
con.Close()
End Using
Catch ex As Exception
lbl_messagetext_M.Text = ex.Message

2
login/ForgotPW.aspx
View File

@@ -315,7 +315,7 @@
</td></tr>
<tr style="color:#003680; height:38px;">
<td align="right" colspan="2">
<asp:Label ID="lblMessage" runat="server" />
<asp:Label ID="lblMessage" runat="server"/>
<asp:RegularExpressionValidator ID="valid_getNumberInput" ControlToValidate="txt_CustomerID" style="font-size:17px" ForeColor="Red" ValidationGroup="val-desk" runat="server" Display="Dynamic" SetFocusOnError="false" ErrorMessage="The Customer-ID is not valid." ValidationExpression="[0-9]{4,10}"></asp:RegularExpressionValidator>
<asp:RegularExpressionValidator ID="check_UserName_regex" ErrorMessage="The Username don't meet the requirements. Try again." ControlToValidate="txt_Username" ValidationGroup="val-desk" runat="server" Display="Dynamic" SetFocusOnError="false" ForeColor="Red" ValidationExpression="([a-zA-Z1-9]{4,30})"></asp:RegularExpressionValidator>
<asp:RegularExpressionValidator ControlToValidate="txtEmail" runat="server" ID="regexval_txt_Email_2" ValidationGroup="val-desk" ValidationExpression="[\w\.]{0,2}\@[\w]+(?:\.[\w]{3}|\.[\w]{2}\.[\w]{2}|\.[\w]{2})\b" Display="Dynamic" ForeColor="Red" ErrorMessage="Die Zeichenfolge stimmt nicht mit den Kriterien einer E-Mail überein" SetFocusOnError="true"></asp:RegularExpressionValidator>

162
login/ForgotPW.aspx.vb
View File

@@ -195,7 +195,7 @@ Partial Class ForgotPW
tokenname = Session.Item("TokenforEmail")
End If
If SendEmail(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession) = True Then
If SendEmail(username, password, email, tokenname, customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession) = True Then
'password = RandomString(New Random, 10)
If (getDateoftoken(tokenname) = True) Then
'Dim msgboxstyle = vbDefaultButton1 + vbOK
@@ -220,7 +220,7 @@ Partial Class ForgotPW
'MsgBox("Mail would be sent successfully!")
lblMessage.ForeColor = Color.Green
lblMessage.Text = "The password has been sent sucessfully on the given valid e-mail address."
ElseIf SendEmail(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession) = True Then
ElseIf SendEmail(username, password, email, tokenname, customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession) = True Then
'MsgBox("Mail would not be sent successfully!")
lblMessage.ForeColor = Color.Red
If String.IsNullOrWhiteSpace(username) = True Then
@@ -251,85 +251,85 @@ Partial Class ForgotPW
Protected Sub btn_Send_M_Click(sender As Object, e As EventArgs)
Dim username As String = String.Empty
Dim password As String = String.Empty
Dim email As String = String.Empty
Dim tokenname As String = String.Empty
Dim customerID As String = String.Empty
Dim isusernameright As Boolean = False
Dim isuserIDright As Boolean = False
Dim isuserEmailright As Boolean = False
'Mobil
If String.IsNullOrEmpty(txtEmail_M.Text) = False And String.IsNullOrEmpty(txt_Username_M.Text) = False And String.IsNullOrEmpty(txt_CustomerID_M.Text) = False And String.IsNullOrEmpty(txtEmail.Text) = True And String.IsNullOrEmpty(txt_Username.Text) = True And String.IsNullOrEmpty(txt_CustomerID.Text) = True Then
valreqtxtusername.Enabled = False
valreqtxtEmail.Enabled = False
regexval_txt_Email_2.Enabled = False
regexval_txt_Email.Enabled = False
check_UserName_regex.Enabled = False
CustomerIDrequired.Enabled = False
valid_getNumberInput.Enabled = False
Dim password As String = String.Empty
Dim email As String = String.Empty
Dim tokenname As String = String.Empty
Dim customerID As String = String.Empty
Dim isusernameright As Boolean = False
Dim isuserIDright As Boolean = False
Dim isuserEmailright As Boolean = False
'Mobil
If String.IsNullOrEmpty(txtEmail_M.Text) = False And String.IsNullOrEmpty(txt_Username_M.Text) = False And String.IsNullOrEmpty(txt_CustomerID_M.Text) = False And String.IsNullOrEmpty(txtEmail.Text) = True And String.IsNullOrEmpty(txt_Username.Text) = True And String.IsNullOrEmpty(txt_CustomerID.Text) = True Then
valreqtxtusername.Enabled = False
valreqtxtEmail.Enabled = False
regexval_txt_Email_2.Enabled = False
regexval_txt_Email.Enabled = False
check_UserName_regex.Enabled = False
CustomerIDrequired.Enabled = False
valid_getNumberInput.Enabled = False
regexval_2_txt_Email_M.Enabled = True
regexval_txt_Email_M.Enabled = True
valreqtxtEmail_M.Enabled = True
valreqtxtusername_M.Enabled = True
check_UserName_regex_M.Enabled = True
CustomerID_M_required.Enabled = True
valid_getNumber_M_Input.Enabled = True
regexval_2_txt_Email_M.Enabled = True
regexval_txt_Email_M.Enabled = True
valreqtxtEmail_M.Enabled = True
valreqtxtusername_M.Enabled = True
check_UserName_regex_M.Enabled = True
CustomerID_M_required.Enabled = True
valid_getNumber_M_Input.Enabled = True
valreqtxtEmail_M.Validate()
If valreqtxtEmail_M.IsValid = True Then
regexval_txt_Email_M.Validate()
If regexval_txt_Email_M.IsValid = True Then
regexval_txt_Email_M.ForeColor = Drawing.Color.OrangeRed
VERAG_VARIABLES.seterrorcount(15)
regexval_txt_Email_M.ErrorMessage = VERAG_VARIABLES.geterrornumb + "The Domain does not match."
regexval_2_txt_Email_M.Validate()
If regexval_2_txt_Email_M.IsValid = True Then
email = txtEmail_M.Text
lblMessage_M.ForeColor = Drawing.Color.Lime
lblMessage_M.Text = "E-mail Address valid."
End If
Else
regexval_txt_Email.Validate()
If regexval_2_txt_Email_M.IsValid = True Then
lblMessage_M.ForeColor = Drawing.Color.Lime
lblMessage_M.Text = "E-mail Address valid."
email = txtEmail_M.Text
End If
End If
End If
CustomerID_M_required.Validate()
If CustomerID_M_required.IsValid = True Then
valid_getNumber_M_Input.Validate()
If valid_getNumber_M_Input.IsValid = True Then
customerID = txt_CustomerID_M.Text
Else
lblMessage_M.ForeColor = Drawing.Color.Red
VERAG_VARIABLES.seterrorcount(16)
lblMessage_M.Text = VERAG_VARIABLES.geterrornumb + "Customer-ID is not numeric or too long."
End If
End If
valreqtxtusername_M.Validate()
If valreqtxtusername_M.IsValid = True Then
check_UserName_regex_M.Validate()
If check_UserName_regex_M.IsValid = False Then
check_UserName_regex_M.ForeColor = Drawing.Color.Red
VERAG_VARIABLES.seterrorcount(17)
check_UserName_regex_M.ErrorMessage = VERAG_VARIABLES.geterrornumb + "The Username is too long."
Else
username = txt_Username_M.Text
valreqtxtEmail_M.Validate()
If valreqtxtEmail_M.IsValid = True Then
regexval_txt_Email_M.Validate()
If regexval_txt_Email_M.IsValid = True Then
regexval_txt_Email_M.ForeColor = Drawing.Color.OrangeRed
VERAG_VARIABLES.seterrorcount(15)
regexval_txt_Email_M.ErrorMessage = VERAG_VARIABLES.geterrornumb + "The Domain does not match."
regexval_2_txt_Email_M.Validate()
If regexval_2_txt_Email_M.IsValid = True Then
email = txtEmail_M.Text
lblMessage_M.ForeColor = Drawing.Color.Lime
lblMessage_M.Text = "Valid Username has been entered."
lblMessage_M.Text = "E-mail Address valid."
End If
Else
regexval_txt_Email.Validate()
If regexval_2_txt_Email_M.IsValid = True Then
lblMessage_M.ForeColor = Drawing.Color.Lime
lblMessage_M.Text = "E-mail Address valid."
email = txtEmail_M.Text
End If
End If
Else
'MsgBox("The form has not been filled completeley.", MsgBoxStyle.Critical, "Error08")
lblMessage_M.ForeColor = Color.Red
lblMessage_M.Text = "Error 08. The form has not been filled completeley."
End If
CustomerID_M_required.Validate()
If CustomerID_M_required.IsValid = True Then
valid_getNumber_M_Input.Validate()
If valid_getNumber_M_Input.IsValid = True Then
customerID = txt_CustomerID_M.Text
Else
lblMessage_M.ForeColor = Drawing.Color.Red
VERAG_VARIABLES.seterrorcount(16)
lblMessage_M.Text = VERAG_VARIABLES.geterrornumb + "Customer-ID is not numeric or too long."
End If
End If
valreqtxtusername_M.Validate()
If valreqtxtusername_M.IsValid = True Then
check_UserName_regex_M.Validate()
If check_UserName_regex_M.IsValid = False Then
check_UserName_regex_M.ForeColor = Drawing.Color.Red
VERAG_VARIABLES.seterrorcount(17)
check_UserName_regex_M.ErrorMessage = VERAG_VARIABLES.geterrornumb + "The Username is too long."
Else
username = txt_Username_M.Text
lblMessage_M.ForeColor = Drawing.Color.Lime
lblMessage_M.Text = "Valid Username has been entered."
End If
End If
Else
'MsgBox("The form has not been filled completeley.", MsgBoxStyle.Critical, "Error08")
lblMessage_M.ForeColor = Color.Red
lblMessage_M.Text = "Error 08. The form has not been filled completeley."
End If
'Erweiterte Degub Msg-Box
'MsgBox("Userdaten in App" + Environment.NewLine + email + Environment.NewLine + username + Environment.NewLine + "Userdaten desktop" + txt_Username.Text + Environment.NewLine + txtEmail.Text + Environment.NewLine + "Userdaten Mobil:" + Environment.NewLine + txtEmail_M.Text + Environment.NewLine + txt_Username_M.Text)
If String.IsNullOrEmpty(tokenname) = True And String.IsNullOrEmpty(password) = True Then
@@ -428,7 +428,7 @@ Partial Class ForgotPW
tokenname = Session.Item("TokenforEmail")
End If
If SendEmail_M(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession) = True Then
If SendEmail_M(username, password, email, tokenname, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession) = True Then
'password = RandomString(New Random, 10)
If (getDateoftoken(tokenname) = True) Then
'Dim msgboxstyle = vbDefaultButton1 + vbOK
@@ -453,7 +453,7 @@ Partial Class ForgotPW
'MsgBox("Mail would be sent successfully!")
lblMessage_M.ForeColor = Color.Green
lblMessage_M.Text = "The password has been sent sucessfully on the given valid e-mail address."
ElseIf SendEmail_M(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname), customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession) = True Then
ElseIf SendEmail_M(username, password, email, tokenname, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession) = True Then
'MsgBox("Mail would not be sent successfully!")
lblMessage_M.ForeColor = Color.Red
If String.IsNullOrWhiteSpace(username) = True Then
@@ -647,7 +647,7 @@ Partial Class ForgotPW
Else
tokenname = Session.Item("TokenforEmail").ToString()
End If
VERAG_PROG_ALLGEMEIN.cProgramFunctions.sendMail(mailto, Betreff, htmlbody, tokenname)
VERAG_PROG_ALLGEMEIN.cProgramFunctions.sendMail(mailto, Betreff, htmlbody)
Return True
End If
Catch ex As Exception
@@ -668,7 +668,7 @@ Partial Class ForgotPW
Dim token As String
If isusrnmright = True And iscstmIDright = True And isemailright = True Then
Try
token = VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(Convert.ToBase64String(time.Concat(Key).ToArray()))
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(Convert.ToBase64String(time.Concat(Key).ToArray()))
Return token
Catch Ex As Exception
Dim Msg, Style, Title As String
@@ -679,7 +679,7 @@ Partial Class ForgotPW
'If MsgBox(Msg, Style, Title).Retry Then
'genToken(username, password, email)
token = VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(Convert.ToBase64String(time.Concat(Key).ToArray()))
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(Convert.ToBase64String(time.Concat(Key).ToArray()))
If SendEmail(username, password, email, token, CustomerID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession) = True Then
'MsgBox("Email could not been sent because of an internal encryption error.", vbOK + vbInformation + vbDefaultButton1, "Token-Generation Error")
Else
@@ -707,9 +707,9 @@ Partial Class ForgotPW
End Function
Function getDateoftoken(tokenname As String) As Boolean
Dim data() As Byte = Convert.FromBase64String(VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname))
Dim data() As Byte = Convert.FromBase64String(VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(tokenname))
Dim wenn As DateTime = DateTime.FromBinary(BitConverter.ToInt64(data, 0))
Dim nameoftoken = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname)
Dim nameoftoken = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(tokenname)
If wenn < DateTime.UtcNow.AddMinutes(-30) Then
nameoftoken = String.Empty
tokenname = nameoftoken