From cdd8364d26de81cf2650dab8c6936efec6c726ef Mon Sep 17 00:00:00 2001
From: ja <ja@verag.ag>
Date: Thu, 14 Oct 2021 08:56:30 +0200
Subject: [PATCH] Update Token generation

---
 login/ForgotPW.aspx.vb | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/login/ForgotPW.aspx.vb b/login/ForgotPW.aspx.vb
index 84b403b..fef512b 100644
--- a/login/ForgotPW.aspx.vb
+++ b/login/ForgotPW.aspx.vb
@@ -39,7 +39,7 @@ Partial Class login_ForgotPW
 
             Using con As New SqlConnection(ConnectionString)
                 ' Using cmd As New SqlCommand("Validate_User")
-                Using cmd As New SqlCommand("SELECT Username,Password FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username")
+                Using cmd As New SqlCommand("SELECT Username,Password,Email FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username")
                     ' cmd.CommandType = CommandType.StoredProcedure
                     cmd.Parameters.AddWithValue("@Username", username)
                     cmd.Connection = con
@@ -55,9 +55,20 @@ Partial Class login_ForgotPW
                                 check_UserName_regex.IsValid = True
                             Else
                                 check_UserName_regex.MatchTimeout = 3000
-                                check_UserName_regex.ErrorMessage = "No valid Username found!"
+                                check_UserName_regex.ErrorMessage = "No valid Username found in out database!"
                                 check_UserName_regex.IsValid = False
                             End If
+                            If txtEmail.Text = dr("Email").ToString() Then
+                                regexval_txt_Email.IsValid = True
+                                regexval_txt_Email_2.IsValid = True
+                                lblMessage.ForeColor = Color.Green
+                                lblMessage.Text = "The given e-mail exists in our database."
+                            Else
+                                regexval_txt_Email.IsValid = False
+                                regexval_txt_Email_2.IsValid = False
+                                lblMessage.ForeColor = Color.Red
+                                lblMessage.Text = "The given e-mail does not exist in our database."
+                            End If
                             regexval_txt_Email.Validate()
                         Catch ex As Exception
                             Dim Msg, Style, Title As String
@@ -101,11 +112,11 @@ Partial Class login_ForgotPW
                 'MsgBox("Mail would not be sent successfully!")
                 lblMessage.ForeColor = Color.Red
                 If String.IsNullOrWhiteSpace(username) = True Then
-                    lblMessage.Text = "The Username was not found in our database."
+                    lblMessage.Text = "Error10: Username not recognized Error!"
                 ElseIf String.IsNullOrWhiteSpace(email) = True Then
-                    lblMessage.Text = "The given e-mail does not exist in our database."
+                    lblMessage.Text = "Error11: Email not recognized Error!"
                 ElseIf String.IsNullOrWhiteSpace(password) = True Then
-                    lblMessage.Text = "The searched password was not found in our database."
+                    lblMessage.Text = "An internal password searching error occured in our systems ."
                 End If
 
             End If