From c052a2cbf7f24d359999205616cd15439a809fe2 Mon Sep 17 00:00:00 2001 From: ja Date: Thu, 11 Nov 2021 16:44:32 +0100 Subject: [PATCH] =?UTF-8?q?=C3=A4nderungen=20aber=20button=20nicht=20gefix?= =?UTF-8?q?ed?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- login/Change_PW.aspx | 2 +- login/Change_PW.aspx.vb | 195 ++++++++++++++++++++++++++++++---------- 2 files changed, 147 insertions(+), 50 deletions(-) diff --git a/login/Change_PW.aspx b/login/Change_PW.aspx index 9e36bdc..be50071 100644 --- a/login/Change_PW.aspx +++ b/login/Change_PW.aspx @@ -223,7 +223,7 @@ - + diff --git a/login/Change_PW.aspx.vb b/login/Change_PW.aspx.vb index e185c38..6dec28a 100644 --- a/login/Change_PW.aspx.vb +++ b/login/Change_PW.aspx.vb @@ -33,7 +33,7 @@ Partial Class login_Change_PW Dim dr As SqlDataReader = cmd.ExecuteReader() If dr.HasRows Then dr.Read() - If VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1")) = Not Nothing AndAlso VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")) = Not Nothing AndAlso VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par3") = Not Nothing) Then + If VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1")) = Not Nothing AndAlso VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par2")) = usrname AndAlso VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3") = UsrID) Then If getDateoftoken(VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1"))) = True Then Try txt_Pw_WH.Enabled = True @@ -47,7 +47,7 @@ Partial Class login_Change_PW lbl_messagetext.Text = exc.Message End Try Else - btn_submitpw.Enabled = False + 'btn_submitpw.Enabled = False txt_Pw.BackColor = Drawing.Color.Gray txt_Pw.ForeColor = Drawing.Color.DarkGray txt_Pw_WH.Enabled = False @@ -73,7 +73,7 @@ Partial Class login_Change_PW regexval_txt_Pw_WH.Validate() confirmPasswordReq.Validate() If confirmPasswordReq.IsValid Then - btn_submitpw.Enabled = True + ' btn_submitpw.Enabled = True Else lbl_messagetext.ForeColor = Drawing.Color.Red lbl_messagetext.Text = "Passwort stimmt nicht überein." @@ -129,28 +129,51 @@ Partial Class login_Change_PW Dim tempstr As String = "" Dim Msg, Style, Title As String - If String.IsNullOrEmpty(txt_Pw.Text) = Not True AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = Not True AndAlso String.IsNullOrEmpty(txt_Pw_M.Text) = Not True AndAlso String.IsNullOrEmpty(txt_Pw_WH_M.Text) = Not True Then + If String.IsNullOrEmpty(txt_Pw.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_M.Text) = True AndAlso String.IsNullOrEmpty(txt_Pw_WH_M.Text) = True Then reqPasswtxt_M.Enabled = False reqPasswtxt_M.Enabled = False reqPasswtxt.Enabled = True reqPassw1txt.Enabled = True reqPasswtxt.Validate() reqPassw1txt.Validate() + Dim ConnectionString = "" - If reqPasswtxt.IsValid And reqPassw1txt.IsValid Then - tempstr = txt_Pw.Text + If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then + VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = True + 'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956" + ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" + Else + VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = False + ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" + 'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;" End If - ElseIf String.IsNullOrEmpty(txt_Pw.Text) = True AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = True AndAlso String.IsNullOrEmpty(txt_Pw_M.Text) = Not True AndAlso String.IsNullOrEmpty(txt_Pw_WH_M.Text) = Not True Then - reqPasswtxt.Enabled = False - reqPassw1txt_M.Enabled = False - reqPasswtxt_M.Enabled = True - reqPassw1txt_M.Enabled = True - reqPasswtxt_M.Validate() - reqPassw1txt_M.Validate() + Using con As New SqlConnection(ConnectionString) + ' Using cmd As New SqlCommand("Validate_User") + Using cmd As New SqlCommand("SELECT KundenNr,Username, Passwort FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND KundenNr=@KundenNr") + ' cmd.CommandType = CommandType.StoredProcedure + Dim usrname = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par2")) + Dim UsrID = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")) + cmd.Parameters.AddWithValue("@Username", usrname) + cmd.Parameters.AddWithValue("@KundenNr", UsrID) + cmd.Connection = con + con.Open() + ' userId = Convert.ToInt32(cmd.ExecuteScalar()) + Dim dr As SqlDataReader = cmd.ExecuteReader() + If dr.HasRows Then + dr.Read() + If txt_Pw.Text = dr("Passwort") Or txt_Pw_WH.Text = dr("Passwort") Then + If reqPasswtxt.IsValid And reqPassw1txt.IsValid Then + tempstr = txt_Pw.Text + End If + Else + lbl_messagetext.Text = "Die gewählten Passwörter dürfen nicht dem alten entsprechen!" + End If + End If + dr.Close() + End Using + con.Close() + End Using - If reqPasswtxt_M.IsValid And reqPassw1txt_M.IsValid Then - tempstr = txt_Pw_M.Text - End If Else tempstr = "Error01" End If @@ -190,39 +213,7 @@ Partial Class login_Change_PW ' If MsgBox(Msg, Style, Title).Ok Then 'Response.Redirect("login_FLEX.aspx") 'End If - ElseIf txt_Pw_M.Text = tempstr And txt_Pw_WH_M.Text = tempstr AndAlso String.IsNullOrEmpty(txt_Pw.Text) = True And String.IsNullOrEmpty(txt_Pw_M.Text) = True And tempstr = Not "Error01" Then - Try - Dim ConnectionString = "" - Dim usrname = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par2")) - Dim UsrID = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")) - If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then - 'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956" - ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" - Else - ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" - 'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;" - End If - Using con As New SqlConnection(ConnectionString) - Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET Password=@Password WHERE Username=@Username AND KundenNr=@KundenNr") - ' cmd.CommandType = CommandType.StoredProcedure - cmd.Parameters.AddWithValue("@Username", usrname) - cmd.Parameters.AddWithValue("@Password", tempstr) - cmd.Parameters.AddWithValue("@KundenNr", UsrID) - cmd.Connection = con - cmd.ExecuteNonQuery() - End Using - End Using - Catch ex As Exception - lbl_messagetext.Text = ex.Message - End Try - regexval_txt_Pw.ForeColor = Drawing.Color.Green - regexval_txt_Pw.Text = "Password has been changed successfully!" - 'MsgBox(Msg, Style, Title) - - ' If MsgBox(Msg, Style, Title).Ok Then - 'Response.Redirect("login_FLEX.aspx") - 'End If ElseIf tempstr = "Error01" Then regexval_txt_Pw.ForeColor = Drawing.Color.MediumVioletRed VERAG_VARIABLES.seterrorcount(2) @@ -259,11 +250,117 @@ Partial Class login_Change_PW regexval_txt_Pw_WH_M.Validate() confirmPasswordReq_M.Validate() If confirmPasswordReq_M.IsValid Then - btn_submitpw_M.Enabled = True + 'btn_submitpw_M.Enabled = True Else lbl_messagetext_M.ForeColor = Drawing.Color.Red lbl_messagetext_M.Text = "Passwort stimmt nicht überein." 'btn_submitpw.Enabled = False End If End Sub + + Protected Sub btn_submitpw_M_Click(sender As Object, e As EventArgs) + Dim tempstr As String = "" + Dim Msg, Style, Title As String + + If String.IsNullOrEmpty(txt_Pw_M.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_WH_M.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw.Text) = True AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = True Then + reqPasswtxt.Enabled = False + reqPasswtxt.Enabled = False + reqPasswtxt_M.Enabled = True + reqPassw1txt_M.Enabled = True + reqPasswtxt_M.Validate() + reqPassw1txt_M.Validate() + Dim ConnectionString = "" + + If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then + VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = True + 'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956" + ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" + Else + VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = False + ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" + 'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;" + End If + Using con As New SqlConnection(ConnectionString) + ' Using cmd As New SqlCommand("Validate_User") + Using cmd As New SqlCommand("SELECT KundenNr,Username, Passwort FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND KundenNr=@KundenNr") + ' cmd.CommandType = CommandType.StoredProcedure + Dim usrname = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par2")) + Dim UsrID = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")) + cmd.Parameters.AddWithValue("@Username", usrname) + cmd.Parameters.AddWithValue("@KundenNr", UsrID) + cmd.Connection = con + con.Open() + ' userId = Convert.ToInt32(cmd.ExecuteScalar()) + Dim dr As SqlDataReader = cmd.ExecuteReader() + If dr.HasRows Then + dr.Read() + If txt_Pw_M.Text = dr("Passwort") Or txt_Pw_WH_M.Text = dr("Passwort") Then + If reqPasswtxt_M.IsValid And reqPassw1txt_M.IsValid Then + tempstr = txt_Pw_M.Text + End If + Else + lbl_messagetext_M.Text = "Die gewählten Passwörter dürfen nicht dem alten entsprechen!" + End If + End If + dr.Close() + End Using + con.Close() + End Using + Else + tempstr = "Error01" + End If + If txt_Pw_M.Text = tempstr And txt_Pw_WH_M.Text = tempstr AndAlso String.IsNullOrEmpty(txt_Pw.Text) = True And String.IsNullOrEmpty(txt_Pw.Text) = True And tempstr = Not "Error01" Then + Try + Dim ConnectionString = "" + Dim usrname = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par2")) + Dim UsrID = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")) + If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then + 'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956" + ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" + Else + ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" + 'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;" + End If + Using con As New SqlConnection(ConnectionString) + Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET Password=@Password WHERE Username=@Username AND KundenNr=@KundenNr") + ' cmd.CommandType = CommandType.StoredProcedure + cmd.Parameters.AddWithValue("@Username", usrname) + cmd.Parameters.AddWithValue("@Password", tempstr) + cmd.Parameters.AddWithValue("@KundenNr", UsrID) + cmd.Connection = con + cmd.ExecuteNonQuery() + regexval_txt_Pw_M.ForeColor = Drawing.Color.Green + regexval_txt_Pw_M.Text = "Password has been changed successfully!" + End Using + End Using + Catch ex As Exception + lbl_messagetext_M.Text = ex.Message + End Try + + + 'MsgBox(Msg, Style, Title) + + ' If MsgBox(Msg, Style, Title).Ok Then + 'Response.Redirect("login_FLEX.aspx") + 'End If + ElseIf tempstr = "Error01" Then + regexval_txt_Pw_M.ForeColor = Drawing.Color.MediumVioletRed + VERAG_VARIABLES.seterrorcount(2) + regexval_txt_Pw_M.Text = VERAG_VARIABLES.geterrornumb + "Password has not been changed successfully!" + ' Msg = "PW nicht erfolgreich geändert!" + ' Style = vbAbortRetryIgnore + vbCritical + vbDefaultButton1 + ' Title = "Error" + 'MsgBox(Msg, Style, Title) + 'If MsgBox(Msg, Style, Title).Retry Then + 'Response.Redirect(Request.RawUrl) + 'ElseIf MsgBox(Msg, Style, Title).Abort Then + ' Response.Redirect("../newPageJulius_Sidebar.aspx") + 'ElseIf MsgBox(Msg, Style, Title).Ignore Then + ' Try + + ' Catch ex As Exception + + ' End Try + End If + End Sub End Class \ No newline at end of file