Änderungen Login System schreibtjetzt auch die einlogzeit in die Datenbank und die Kundennummer wurd durch die USerID ersetzt
This commit is contained in:
ja
@@ -21,12 +21,12 @@ Partial Class login_Change_PW
|
||||
|
||||
Using con As New SqlConnection(ConnectionString)
|
||||
' Using cmd As New SqlCommand("Validate_User")
|
||||
Using cmd As New SqlCommand("SELECT KundenNr,Username FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND KundenNr=@KundenNr")
|
||||
Using cmd As New SqlCommand("SELECT UserId,Username FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND UserId=@UserId")
|
||||
' cmd.CommandType = CommandType.StoredProcedure
|
||||
Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2"))
|
||||
Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3"))
|
||||
cmd.Parameters.AddWithValue("@Username", usrname)
|
||||
cmd.Parameters.AddWithValue("@KundenNr", UsrID)
|
||||
cmd.Parameters.AddWithValue("@UserId", UsrID)
|
||||
cmd.Connection = con
|
||||
con.Open()
|
||||
' userId = Convert.ToInt32(cmd.ExecuteScalar())
|
||||
@@ -34,7 +34,7 @@ Partial Class login_Change_PW
|
||||
If dr.HasRows Then
|
||||
dr.Read()
|
||||
If String.IsNullOrEmpty(usrname) = False Then
|
||||
If getDateoftoken(Request.QueryString("Par1")) = True AndAlso usrname = dr("Username") AndAlso UsrID = dr("KundenNr") Then
|
||||
If getDateoftoken(Request.QueryString("Par1")) = True AndAlso usrname = dr("Username") AndAlso UsrID = dr("UserId") Then
|
||||
Try
|
||||
|
||||
If IsPostBack Then
|
||||
@@ -160,19 +160,19 @@ Partial Class login_Change_PW
|
||||
If reqPassw1txt.IsValid = True Then
|
||||
Using con As New SqlConnection(ConnectionString)
|
||||
' Using cmd As New SqlCommand("Validate_User")
|
||||
Using cmd As New SqlCommand("SELECT KundenNr,Username,Password FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND KundenNr=@KundenNr")
|
||||
Using cmd As New SqlCommand("SELECT UserId,Username,Password FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND UserId=@UserId")
|
||||
' cmd.CommandType = CommandType.StoredProcedure
|
||||
Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2"))
|
||||
Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3"))
|
||||
cmd.Parameters.AddWithValue("@Username", usrname)
|
||||
cmd.Parameters.AddWithValue("@KundenNr", UsrID)
|
||||
cmd.Parameters.AddWithValue("@UserId", UsrID)
|
||||
cmd.Connection = con
|
||||
con.Open()
|
||||
' userId = Convert.ToInt32(cmd.ExecuteScalar())
|
||||
Dim dr As SqlDataReader = cmd.ExecuteReader()
|
||||
If dr.HasRows Then
|
||||
dr.Read()
|
||||
If String.Compare(txt_Pw.Text, dr("Password").ToString) = -1 Or String.Compare(txt_Pw_WH.Text, dr("Password").ToString) = -1 Then
|
||||
If String.Equals(txt_Pw.Text, dr("Password").ToString) = False Or String.Equals(txt_Pw_WH.Text, dr("Password").ToString) = False Then
|
||||
tempstr = txt_Pw.Text
|
||||
Else
|
||||
lbl_messagetext.Text = "Die gewählten Passwörter dürfen nicht dem alten entsprechen!"
|
||||
@@ -191,7 +191,7 @@ Partial Class login_Change_PW
|
||||
tempstr = "Error01"
|
||||
End If
|
||||
|
||||
If String.Compare(txt_Pw.Text, tempstr) = 1 AndAlso String.Compare(txt_Pw_WH.Text, tempstr) = 1 AndAlso String.IsNullOrEmpty(txt_Pw_M.Text) = True And String.IsNullOrEmpty(txt_Pw_WH_M.Text) = True And String.Compare(tempstr, "Error01") = -1 Then
|
||||
If String.Equals(txt_Pw.Text, tempstr, StringComparison.CurrentCulture) = True AndAlso String.Equals(txt_Pw_WH.Text, tempstr, StringComparison.CurrentCulture) = True AndAlso String.IsNullOrEmpty(txt_Pw_M.Text) = True And String.IsNullOrEmpty(txt_Pw_WH_M.Text) = True And String.Equals(tempstr, "Error01", StringComparison.CurrentCulture) = False Then
|
||||
|
||||
|
||||
txt_Pw_WH_M.Enabled = False
|
||||
@@ -219,15 +219,20 @@ Partial Class login_Change_PW
|
||||
If reqPassw1txt_M.IsValid = True Then
|
||||
If String.Equals(txt_Pw_WH.Text, tempstr) = True AndAlso String.Equals(txt_Pw.Text, tempstr) = True AndAlso String.IsNullOrEmpty(txt_Pw_M.Text) = True And String.IsNullOrEmpty(txt_Pw_WH_M.Text) = True And String.Equals(tempstr, "Error01") = False Then
|
||||
Using con As New SqlConnection(ConnectionString)
|
||||
con.Open()
|
||||
Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET [Password]=@Password WHERE [Username]=@Username AND [KundenNr]=@KundenNr")
|
||||
|
||||
Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET [Password]=@Password WHERE [Username]=@Username AND [UserId]=@UserId")
|
||||
' cmd.CommandType = CommandType.StoredProcedure
|
||||
cmd.Parameters.AddWithValue("@Username", usrname)
|
||||
cmd.Parameters.AddWithValue("@Password", txt_Pw_WH.Text)
|
||||
cmd.Parameters.AddWithValue("@KundenNr", UsrID)
|
||||
cmd.Parameters.AddWithValue("@UserId", UsrID)
|
||||
cmd.Connection = con
|
||||
If String.Equals(usrname, VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par2")), CompareMethod.Text) = True Then
|
||||
con.Open()
|
||||
If String.IsNullOrEmpty(usrname) = False Then
|
||||
cmd.ExecuteNonQuery()
|
||||
btn_submitpw.Visible = True
|
||||
Else
|
||||
VERAG_VARIABLES.seterrorcount(25)
|
||||
lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb() + "Fehler bei der Behebung des Passwortwechsels."
|
||||
End If
|
||||
End Using
|
||||
con.Close()
|
||||
@@ -337,19 +342,19 @@ Partial Class login_Change_PW
|
||||
End If
|
||||
Using con As New SqlConnection(ConnectionString)
|
||||
' Using cmd As New SqlCommand("Validate_User")
|
||||
Using cmd As New SqlCommand("SELECT KundenNr,Username,Password FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND KundenNr=@KundenNr")
|
||||
Using cmd As New SqlCommand("SELECT UserId,Username,Password FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND UserId=@UserId")
|
||||
' cmd.CommandType = CommandType.StoredProcedure
|
||||
Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")).ToString
|
||||
Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")).ToString
|
||||
cmd.Parameters.AddWithValue("@Username", usrname)
|
||||
cmd.Parameters.AddWithValue("@KundenNr", UsrID)
|
||||
cmd.Parameters.AddWithValue("@UserId", UsrID)
|
||||
cmd.Connection = con
|
||||
con.Open()
|
||||
' userId = Convert.ToInt32(cmd.ExecuteScalar())
|
||||
Dim dr As SqlDataReader = cmd.ExecuteReader()
|
||||
If dr.HasRows Then
|
||||
dr.Read()
|
||||
If String.Equals(txt_Pw_M.Text, dr("Password").ToString) = False Or String.Equals(txt_Pw_WH_M.Text, dr("Password").ToString) = False Then
|
||||
If String.Equals(txt_Pw_M.Text, dr("Password").ToString, StringComparison.CurrentCulture) = False Or String.Equals(txt_Pw_WH_M.Text, dr("Password").ToString, StringComparison.CurrentCulture) = False Then
|
||||
tempstr = txt_Pw_M.Text
|
||||
Else
|
||||
lbl_messagetext_M.ForeColor = Drawing.Color.Red
|
||||
@@ -377,11 +382,11 @@ Partial Class login_Change_PW
|
||||
End If
|
||||
Using con As New SqlConnection(ConnectionString)
|
||||
|
||||
Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET Password=@Password WHERE Username=@Username AND KundenNr=@KundenNr")
|
||||
Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET Password=@Password WHERE Username=@Username AND UserId=@UserId")
|
||||
' cmd.CommandType = CommandType.StoredProcedure
|
||||
cmd.Parameters.AddWithValue("@Username", usrname)
|
||||
cmd.Parameters.AddWithValue("@Password", txt_Pw_WH_M.Text)
|
||||
cmd.Parameters.AddWithValue("@KundenNr", UsrID)
|
||||
cmd.Parameters.AddWithValue("@UserId", UsrID)
|
||||
cmd.Connection = con
|
||||
con.Open()
|
||||
If String.Equals(usrname, VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt("Par2"), CompareMethod.Text) = True Then
|
||||
|
||||
@@ -316,11 +316,16 @@
|
||||
<tr style="color:#003680; height:38px;">
|
||||
<td align="right" colspan="2">
|
||||
<asp:Label ID="lblMessage" runat="server"/>
|
||||
<asp:RegularExpressionValidator ID="valid_getNumberInput" ControlToValidate="txt_CustomerID" style="font-size:17px" ForeColor="Red" ValidationGroup="val-desk" runat="server" Display="Dynamic" SetFocusOnError="false" ErrorMessage="The Customer-ID is not valid." ValidationExpression="[0-9]{4,10}"></asp:RegularExpressionValidator>
|
||||
<asp:RegularExpressionValidator ID="valid_getNumberInput" ControlToValidate="txt_CustomerID" style="font-size:17px" ForeColor="Red" ValidationGroup="val-desk" runat="server" Display="Dynamic" SetFocusOnError="false" ErrorMessage="The Customer-ID is not valid." ValidationExpression="[0-9]{1,10}"></asp:RegularExpressionValidator>
|
||||
<asp:RegularExpressionValidator ID="check_UserName_regex" ErrorMessage="The Username don't meet the requirements. Try again." ControlToValidate="txt_Username" ValidationGroup="val-desk" runat="server" Display="Dynamic" SetFocusOnError="false" ForeColor="Red" ValidationExpression="([a-zA-Z1-9]{4,30})"></asp:RegularExpressionValidator>
|
||||
<asp:RegularExpressionValidator ControlToValidate="txtEmail" runat="server" ID="regexval_txt_Email_2" ValidationGroup="val-desk" ValidationExpression="[\w\.]{0,2}\@[\w]+(?:\.[\w]{3}|\.[\w]{2}\.[\w]{2}|\.[\w]{2})\b" Display="Dynamic" ForeColor="Red" ErrorMessage="Die Zeichenfolge stimmt nicht mit den Kriterien einer E-Mail überein" SetFocusOnError="true"></asp:RegularExpressionValidator>
|
||||
<asp:RegularExpressionValidator ControlToValidate="txtEmail" runat="server" ID="regexval_txt_Email" ValidationGroup="val-desk" ValidationExpression="[\w\.]{0,2}\@(\bverag.ag\b)" Display="Dynamic" SetFocusOnError="true" style="font-size:1em" ErrorMessage="Die Zeichenfolge stimmt nicht mit den Kriterien der Domäne überein" ForeColor="Red"></asp:RegularExpressionValidator>
|
||||
</td></tr>
|
||||
<tr>
|
||||
<td>
|
||||
<asp:Button Text="back" ID="btn_BACKafterlogin" style="background-color:#003680;color:#fff;visibility:hidden" runat="server" />
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
||||
<!--Smartphone-Bildschirme-->
|
||||
@@ -358,7 +363,7 @@
|
||||
<tr style="color:#003680; height:50px;">
|
||||
<td align="right" colspan="2">
|
||||
<asp:Label ID="lblMessage_M" Font-Size="24px" runat="server" />
|
||||
<asp:RegularExpressionValidator ID="valid_getNumber_M_Input" ControlToValidate="txt_CustomerID_M" ValidationGroup="val-mobil" ForeColor="Red" Font-Size="24px" runat="server" style="margin-left:22px;" Display="Dynamic" SetFocusOnError="false" ValidationExpression="[0-9]{4,10}" ErrorMessage="The Customer-ID is not valid."></asp:RegularExpressionValidator>
|
||||
<asp:RegularExpressionValidator ID="valid_getNumber_M_Input" ControlToValidate="txt_CustomerID_M" ValidationGroup="val-mobil" ForeColor="Red" Font-Size="24px" runat="server" style="margin-left:22px;" Display="Dynamic" SetFocusOnError="false" ValidationExpression="[0-9]{1,10}" ErrorMessage="The Customer-ID is not valid."></asp:RegularExpressionValidator>
|
||||
<asp:RegularExpressionValidator ControlToValidate="txtEmail_M" ForeColor="Red" Font-Size="24px" runat="server" ID="regexval_2_txt_Email_M" ValidationGroup="val-mobil" ValidationExpression="[\w\.]+\@[\w]+(?:\.[\w]{3}|\.[\w]{2}\.[\w]{2}|\.[\w]{2})\b" Display="Dynamic" ErrorMessage="Die Zeichenfolge stimmt nicht mit den Kriterien einer E-Mail überein" SetFocusOnError="true"></asp:RegularExpressionValidator>
|
||||
<asp:RegularExpressionValidator ControlToValidate="txtEmail_M" ForeColor="Red" Font-Size="24px" runat="server" ID="regexval_txt_Email_M" ValidationGroup="val-mobil" ValidationExpression="[a-zA-Z]{2}\@(\bverag.ag\b)" Display="Dynamic" ErrorMessage="" SetFocusOnError="true"></asp:RegularExpressionValidator>
|
||||
<asp:RegularExpressionValidator ID="check_UserName_regex_M" ForeColor="Red" Font-Size="24px" ErrorMessage="Try again. The Username don't meet the rquirements." ControlToValidate="txt_Username_M" ValidationGroup="val-mobil" runat="server" Display="Dynamic" SetFocusOnError="true" ValidationExpression="([a-zA-Z1-9]{4,30})"></asp:RegularExpressionValidator>
|
||||
|
||||
@@ -113,7 +113,7 @@ Partial Class ForgotPW
|
||||
|
||||
Using con As New SqlConnection(ConnectionString)
|
||||
' Using cmd As New SqlCommand("Validate_User")
|
||||
Using cmd As New SqlCommand("SELECT Username,Password,Email,KundenNr FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND Email=@Email AND KundenNr=@CUSTOMERId")
|
||||
Using cmd As New SqlCommand("SELECT Username,Password,Email,UserId FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND Email=@Email AND UserId=@CUSTOMERId")
|
||||
' cmd.CommandType = CommandType.StoredProcedure
|
||||
cmd.Parameters.AddWithValue("@Username", username)
|
||||
cmd.Parameters.AddWithValue("@Email", email)
|
||||
@@ -126,7 +126,7 @@ Partial Class ForgotPW
|
||||
username = dr("Username").ToString()
|
||||
password = dr("Password").ToString()
|
||||
email = dr("Email").ToString()
|
||||
customerID = dr("KundenNr").ToString()
|
||||
customerID = dr("UserId").ToString()
|
||||
|
||||
Try
|
||||
If txt_Username.Text = dr("Username").ToString() AndAlso String.IsNullOrEmpty(txt_Username_M.Text) = True And String.IsNullOrEmpty(customerID) = False Then
|
||||
@@ -150,25 +150,25 @@ Partial Class ForgotPW
|
||||
ElseIf String.IsNullOrEmpty(email) = True Then
|
||||
lblMessage_M.ForeColor = Color.Red
|
||||
isemailright = False
|
||||
lblMessage_M.Text = "The given User does not exist in our database."
|
||||
lblMessage_M.Text = "The given Email does not exist in our database."
|
||||
Else
|
||||
lblMessage_M.ForeColor = Color.Red
|
||||
isemailright = False
|
||||
lblMessage_M.Text = "The given e-mail does not exist in our database."
|
||||
End If
|
||||
If (txt_CustomerID.Text = dr("KundenNr").ToString() AndAlso String.IsNullOrEmpty(txt_CustomerID_M.Text) = True) And String.IsNullOrEmpty(customerID) = False Then
|
||||
If (txt_CustomerID.Text = dr("UserId").ToString() AndAlso String.IsNullOrEmpty(txt_CustomerID_M.Text) = True) And String.IsNullOrEmpty(customerID) = False Then
|
||||
email = txtEmail.Text
|
||||
lblMessage.ForeColor = Color.Green
|
||||
isCustomeridright = True
|
||||
lblMessage.Text = "The given Customer-ID exists in our database."
|
||||
lblMessage.Text = "The given UserId exists in our database."
|
||||
ElseIf String.IsNullOrEmpty(customerID) = True Then
|
||||
lblMessage_M.ForeColor = Color.Red
|
||||
isCustomeridright = False
|
||||
lblMessage_M.Text = "The given Customer-ID does not exist in our database."
|
||||
lblMessage_M.Text = "The given User-ID does not exist in our database."
|
||||
Else
|
||||
lblMessage_M.ForeColor = Color.Red
|
||||
isCustomeridright = False
|
||||
lblMessage_M.Text = "The given Customer-ID does not exist in our database."
|
||||
lblMessage_M.Text = "The given User-ID does not exist in our database."
|
||||
End If
|
||||
Catch ex As Exception
|
||||
Dim Msg, Style, Title As String
|
||||
|
||||
@@ -312,7 +312,7 @@
|
||||
<td align="center" style="color:Red;" colspan="2">
|
||||
<asp:Literal ID="FailureText" runat="server" EnableViewState="False"></asp:Literal>
|
||||
<asp:RegularExpressionValidator ID="check_UserName_regex" ControlToValidate="UserName" Font-Size="17px" ForeColor="Red" ValidationGroup="Login" runat="server" Display="Dynamic" SetFocusOnError="true" ErrorMessage="Username does not meet the requirements." ValidationExpression="^([a-zA-Z1-9]{4,30})$"></asp:RegularExpressionValidator>
|
||||
<asp:RegularExpressionValidator ID="valid_getNumberInput" ControlToValidate="txt_CustomerID" style="font-size:17px" ForeColor="Red" ValidationGroup="Login" runat="server" Display="Dynamic" SetFocusOnError="false" ErrorMessage="The Customer-ID is not valid." ValidationExpression="[0-9]{4,10}"></asp:RegularExpressionValidator>
|
||||
<asp:RegularExpressionValidator ID="valid_getNumberInput" ControlToValidate="txt_CustomerID" style="font-size:17px" ForeColor="Red" ValidationGroup="Login" runat="server" Display="Dynamic" SetFocusOnError="false" ErrorMessage="The Customer-ID is not valid." ValidationExpression="[0-9]{1,10}"></asp:RegularExpressionValidator>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
@@ -187,6 +187,16 @@ Partial Class login_FLEX
|
||||
dr.Close()
|
||||
con.Close()
|
||||
End Using
|
||||
Using cmd2 As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET [LastLoginDate]=@Date WHERE [Username]=@Username AND [UserId]=@UserId AND Password=@Password")
|
||||
cmd2.Parameters.AddWithValue("Date", Date.Now.ToString)
|
||||
cmd2.Parameters.AddWithValue("Username", UserNaMe)
|
||||
cmd2.Parameters.AddWithValue("UserID", Customer_ID)
|
||||
cmd2.Parameters.AddWithValue("Password", passw)
|
||||
cmd2.Connection = con
|
||||
con.Open()
|
||||
cmd2.ExecuteNonQuery()
|
||||
con.Close()
|
||||
End Using
|
||||
End Using
|
||||
If String.IsNullOrEmpty(tb2_M.Text) = False AndAlso String.IsNullOrEmpty(tb2.Text) = True Then
|
||||
FormsAuthentication.SetAuthCookie(Login1.UserName, cb_M.Checked)
|
||||
|
||||
Reference in New Issue
Block a user