From d833a5dcffd5b53c93a93ca3621cc6cbfa1c014f Mon Sep 17 00:00:00 2001
From: ja <ja@verag.ag>
Date: Fri, 3 Dec 2021 15:34:56 +0100
Subject: [PATCH] =?UTF-8?q?=C3=84nderungen=20Algorithmus=20Serverlast=20se?=
 =?UTF-8?q?nken=20und=20Produktivit=C3=A4t=20steigern.=20Und=20GUI=20Anpas?=
 =?UTF-8?q?sungen=20Mobil.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 App_Code/VERAG_VARIABLES.vb | 34 ++++++++++++++++++++++------------
 Customers/CustomsAviso.aspx | 16 ++++++++--------
 login/ForgotPW.aspx         |  2 +-
 login/ForgotPW.aspx.vb      |  9 ++++++---
 login/login_FLEX.aspx.vb    | 23 ++++++++++++++---------
 5 files changed, 51 insertions(+), 33 deletions(-)

diff --git a/App_Code/VERAG_VARIABLES.vb b/App_Code/VERAG_VARIABLES.vb
index a3e0102..d8bb90b 100644
--- a/App_Code/VERAG_VARIABLES.vb
+++ b/App_Code/VERAG_VARIABLES.vb
@@ -4,7 +4,7 @@ Imports Konscious.Security.Cryptography
 Public Class VERAG_VARIABLES
     Public Shared errornumb As Integer = 0
     Shared Function getiterationnumber() As Integer
-        Return RandomInteger(Math.Pow(2, 2), Math.Pow(2, 8))
+        Return RandomInteger(Math.Pow(2, 4), Math.Pow(2, 11))
     End Function
 
     Shared Sub initerrorcount()
@@ -28,17 +28,27 @@ Public Class VERAG_VARIABLES
         'Convert.ToBase64String(saltBytes)
     End Function
     Public Shared Async Function HashPassword(ByVal password As String, ByVal salt As Byte(), ByVal nIterations As Integer, ByVal nHash As Integer) As Threading.Tasks.Task(Of Byte())
-        Dim Argon As Argon2id = New Argon2id(Encoding.UTF8.GetBytes(password))
-        Argon.Salt = salt
-        Argon.DegreeOfParallelism = 4
-        Argon.Iterations = nIterations
-        Argon.MemorySize = 4096
-        Return Await Argon.GetBytesAsync(nHash)
-        'Return Convert.ToBase64String(Argon.GetBytes(nHash))
-        Return Argon.GetBytes(nHash)
-        'Dim saltBytes = Convert.FromBase64String(salt)
-        'Using rfc2898DeriveBytes = New Rfc2898DeriveBytes(password, saltBytes, nIterations)
-        'End Using
+        'Dim Argon As Argon2id = New Argon2id(Encoding.UTF8.GetBytes(password))
+        If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
+            Dim Argon As Argon2d = New Argon2d(Encoding.UTF8.GetBytes(password))
+            Argon.Salt = salt
+            Argon.DegreeOfParallelism = 24
+            Argon.Iterations = nIterations
+            Argon.MemorySize = (nIterations / 1.05) + 1 * 150
+            Return Await Argon.GetBytesAsync(nHash)
+            'Return Convert.ToBase64String(Argon.GetBytes(nHash))
+            'Return Argon.GetBytes(nHash)
+            'Dim saltBytes = Convert.FromBase64String(salt)
+            'Using rfc2898DeriveBytes = New Rfc2898DeriveBytes(password, saltBytes, nIterations)
+            'End Using
+        Else
+            Dim Argon As Argon2d = New Argon2d(Encoding.UTF8.GetBytes(password))
+            Argon.Salt = salt
+            Argon.DegreeOfParallelism = 36
+            Argon.Iterations = nIterations
+            Argon.MemorySize = (nIterations / 0.385) + 1 * 250
+            Return Await Argon.GetBytesAsync(nHash)
+        End If
     End Function
 
     Public Shared Async Function Verifyhash(ByVal passw As String, ByVal salt As Byte(), ByVal hash As Byte(), ByVal nIterations As Integer, ByVal nHash As Integer) As Threading.Tasks.Task(Of Boolean)
diff --git a/Customers/CustomsAviso.aspx b/Customers/CustomsAviso.aspx
index 29a9b7e..3f0ad3e 100644
--- a/Customers/CustomsAviso.aspx
+++ b/Customers/CustomsAviso.aspx
@@ -272,22 +272,22 @@
                                                                 <div id="rowcol3" class="col-10 row" style="margin-right:/*1.52px;*/0.33480176211453744vw;">
                                                                  <div class="row">
                                                                     <asp:Label ID="lbl_LKWNr_M" runat="server" Text="LKW Nr"></asp:Label>                                        
-                                                                    <asp:TextBox ID="txt_LKWNr_M" AutoCompleteType="Search" AutoPostBack="false" runat="server" style="width:117px; margin-left:25px;" OnTextChanged="txt_LKWNr_M_TextChanged"></asp:TextBox> 
+                                                                    <asp:TextBox ID="txt_LKWNr_M" AutoCompleteType="Search" AutoPostBack="false" runat="server" style="width:185px; margin-left:10px;" OnTextChanged="txt_LKWNr_M_TextChanged"></asp:TextBox> 
                                                                      <asp:RegularExpressionValidator ControlToValidate="txt_LKWNr" runat="server" ID="regexval_txt_LKWNr_M" ValidationGroup="additional_TXTs" ForeColor="Red" ValidationExpression="^([A-Z0-9]{30})\d$" Display="Dynamic" ErrorMessage="Falsche Eingabe!" SetFocusOnError="true"></asp:RegularExpressionValidator>
                                                                  </div>
-                                                                 <div id="rowcol4" class="col-10 row" style="margin-right:/*1.52px;*/0.33480176211453744vw;">
-                                                                        <asp:Label ID="lbl_KdNrAuftrag_M" runat="server" Text="Kunden Auftrags Nr" style="margin-left:45px"></asp:Label>                                                                  
-                                                                        <asp:TextBox ID="txt_KdNrAuftrag_M" runat="server" AutoPostBack="false" AutoCompleteType="Search" style="width:117px; margin-left:6px;" OnTextChanged="txt_KdNrAuftrag_M_TextChanged"></asp:TextBox>
+                                                                 <div id="rowcol4" class="col-11 row" style="margin-right:/*1.52px;*/0.33480176211453744vw;">
+                                                                        <asp:Label ID="lbl_KdNrAuftrag_M" runat="server" Text="Kunden Auftrags Nr" style="width:155px;"></asp:Label>                                                                  
+                                                                        <asp:TextBox ID="txt_KdNrAuftrag_M" runat="server" AutoPostBack="false" AutoCompleteType="Search" style="width:185px; margin-left:10px;" OnTextChanged="txt_KdNrAuftrag_M_TextChanged"></asp:TextBox>
                                                                      <asp:RegularExpressionValidator ControlToValidate="txt_KdNrAuftrag_M" runat="server" ID="regval_txt_KdNrAuftrag_M" ValidationGroup="additional_TXTs" ValidationExpression="^[0-9]{7}$" Display="Dynamic" ForeColor="Red" ErrorMessage="Falsche Eingabe!" SetFocusOnError="true"></asp:RegularExpressionValidator>
                                                                     </div>
                                                                  <div  id="rowcol5" class="col-10 row" style="margin-right:/*1.52px;*/0.33480176211453744vw;">
                                                                         <asp:Label ID="lbl_Absender_M" runat="server" Text="Absender"></asp:Label>                              
-                                                                        <asp:TextBox ID="txt_Absender_M" runat="server" AutoPostBack="false" AutoCompleteType="DisplayName" style="width:155px; margin-left:8px;" OnTextChanged="txt_Absender_M_TextChanged"></asp:TextBox> 
+                                                                        <asp:TextBox ID="txt_Absender_M" runat="server" AutoPostBack="false" AutoCompleteType="DisplayName" style="width:185px; margin-left:10px;" OnTextChanged="txt_Absender_M_TextChanged"></asp:TextBox> 
                                                                      <asp:RegularExpressionValidator ControlToValidate="txt_Absender_M" runat="server" ID="regval_txt_Absender_M" ValidationGroup="additional_TXTs" ValidationExpression="^([A-Z0-9]{90})\d$" Display="Dynamic" ForeColor="Red" ErrorMessage="Falsche Eingabe!" SetFocusOnError="true"></asp:RegularExpressionValidator>
                                                                  </div>
                                                                     <div id="rowcol6" class="col-10 row" style="margin-right:/*1.52px;*/0.33480176211453744vw;">
-                                                                        <asp:Label ID="lbl_Empfaenger_M" runat="server" Text="Empfänger" style="margin-left:9px"></asp:Label>                                         
-                                                                        <asp:TextBox ID="txt_Empfaenger_M" runat="server" AutoPostBack="false" AutoCompleteType="DisplayName" style="width:155px; margin-left:52px;" OnTextChanged="txt_Empfaenger_M_TextChanged"></asp:TextBox>
+                                                                        <asp:Label ID="lbl_Empfaenger_M" runat="server" Text="Empfänger" style=""></asp:Label>                                         
+                                                                        <asp:TextBox ID="txt_Empfaenger_M" runat="server" AutoPostBack="false" AutoCompleteType="DisplayName" style="width:185px; margin-left:10px;" OnTextChanged="txt_Empfaenger_M_TextChanged"></asp:TextBox>
                                                                         <asp:RegularExpressionValidator ControlToValidate="txt_Empfaenger_M" runat="server" ID="regval_txt_Empfaenger_M" ValidationGroup="additional_TXTs" ValidationExpression="^([A-Z0-9]{90})\d$" ForeColor="Red" Display="Dynamic" ErrorMessage="Falsche Eingabe!" SetFocusOnError="true"></asp:RegularExpressionValidator>
                                                                     </div>                                                                     
                                                              </div>
@@ -299,7 +299,7 @@
                                 <div id="Abstand_laenger" style="height: /*24px*/ 1.873536299765808vh;"></div>     
                                        </div></div>
                        </div>                  
-                                    <asp:Button ID="btn_Auftraege" class="btn btn-primary" runat="server" Text="Erhalte Aufträge" style="background-color:#fff;color:#043381;height:30px;width:221px;font-size:1.33em;" />
+                                    <asp:Button ID="btn_Auftraege" class="btn btn-primary" runat="server" Text="Erhalte Aufträge" style="background-color:#fff;color:#043381;height:39px;width:221px;font-size:1.33em;" />
                               <div id="Abstand_lang" style="height: /*32px*/ 2.498048399687744vh;"></div>                                     
                             <div class="g-3">                                            
                                              <div id="conovertab" style="overflow-x:auto;margin-left:-7px"> 
diff --git a/login/ForgotPW.aspx b/login/ForgotPW.aspx
index 9eb69fc..433f283 100644
--- a/login/ForgotPW.aspx
+++ b/login/ForgotPW.aspx
@@ -1,4 +1,4 @@
-<%@ Page Language="VB" AutoEventWireup="false" Debug="True" CodeFile="ForgotPW.aspx.vb" Inherits="ForgotPW" Async="false" %>
+<%@ Page Language="VB" AutoEventWireup="false" Debug="True" CodeFile="ForgotPW.aspx.vb" Inherits="ForgotPW" Async="true" %>
 <%@ Reference VirtualPath="~/login/Change_PW.aspx" %>
 <!DOCTYPE html>
 
diff --git a/login/ForgotPW.aspx.vb b/login/ForgotPW.aspx.vb
index 00b2f41..ee72d35 100644
--- a/login/ForgotPW.aspx.vb
+++ b/login/ForgotPW.aspx.vb
@@ -11,11 +11,12 @@ Imports System.Security.Cryptography
 Partial Class ForgotPW
     Inherits System.Web.UI.Page
     Dim ConnectionString As String = String.Empty
-    Dim salt As String = String.Empty
+    Dim salt As Byte()
     Protected Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs) Handles Me.Load
         If Page.IsPostBack = True Then
             Page.MaintainScrollPositionOnPostBack = True
             VERAG_VARIABLES.initerrorcount()
+            salt = VERAG_VARIABLES.GenerateSalt(RandomInteger(Math.Pow(2, 3), Math.Pow(2, 10)))
         Else
             Page.MaintainScrollPositionOnPostBack = False
             VERAG_VARIABLES.initerrorcount()
@@ -26,7 +27,7 @@ Partial Class ForgotPW
     End Sub
 
 
-    Protected Sub btn_Send_Click(sender As Object, e As EventArgs)
+    Protected Async Sub btn_Send_Click(sender As Object, e As EventArgs)
         Try
             Dim username As String = String.Empty
             Dim password As String = String.Empty
@@ -213,7 +214,9 @@ Partial Class ForgotPW
                 Else
                     tokenname = Session.Item("TokenforEmail")
                 End If
-
+                Dim intzahl As Integer = VERAG_VARIABLES.RandomInteger(Math.Pow(2, 4), Math.Pow(2, 10))
+                Dim hashdata As Byte() = Await VERAG_VARIABLES.HashPassword(tokenname, salt, VERAG_VARIABLES.getiterationnumber, intzahl)
+                Session.Add("TokenHashtokenized", VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(Convert.ToBase64String(hashdata)))
                 If SendEmail(username, password, email, tokenname, customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession, UserID) = True Then
                     'password = RandomString(New Random, 10)
                     If (getDateoftoken(tokenname) = True) Then
diff --git a/login/login_FLEX.aspx.vb b/login/login_FLEX.aspx.vb
index 013e831..22e34bb 100644
--- a/login/login_FLEX.aspx.vb
+++ b/login/login_FLEX.aspx.vb
@@ -14,12 +14,13 @@ Partial Class login_FLEX
         VERAG_VARIABLES.initerrorcount()
         If Page.IsPostBack = True Then
             Page.MaintainScrollPositionOnPostBack = True
+            intzahl = VERAG_VARIABLES.RandomInteger(Math.Pow(2, 7), Math.Pow(2, 10))
+            intzahliterats = VERAG_VARIABLES.getiterationnumber
+            salt = VERAG_VARIABLES.GenerateSalt(intzahl)
         Else
             Page.MaintainScrollPositionOnPostBack = False
         End If
-        intzahl = VERAG_VARIABLES.RandomInteger(Math.Pow(2, 7), Math.Pow(2, 10))
-        intzahliterats = VERAG_VARIABLES.getiterationnumber
-        salt = VERAG_VARIABLES.GenerateSalt(intzahl)
+
     End Sub
     Protected Async Sub ValidateUser(sender As Object, e As EventArgs)
 
@@ -171,9 +172,14 @@ Partial Class login_FLEX
                                 Login1.FailureText = VERAG_VARIABLES.geterrornumb + "Username is not in the database!"
                             End If
                             If tb3.Text = dr("Password") Then
-                                passw = dr("Password").ToString
+                                Dim hashpw As Byte() = Await VERAG_VARIABLES.HashPassword(passw, salt, intzahliterats, intzahl)
+                                If Await VERAG_VARIABLES.Verifyhash(dr("Password").ToString, salt, hashpw, intzahliterats, intzahl) = True Then
+                                    passw = dr("Password").ToString
+                                Else
+                                    passw = String.Empty
+                                End If
                             Else
-                                VERAG_VARIABLES.seterrorcount(9)
+                                    VERAG_VARIABLES.seterrorcount(9)
                                 Login1.FailureText = VERAG_VARIABLES.geterrornumb + "Password is not in the database!"
                             End If
 
@@ -198,10 +204,9 @@ Partial Class login_FLEX
         'Dim str = gensaltToken(UserNaMe, passw, Customer_ID, Session.IsNewSession)
         'MsgBox(str)
         'End If
-        Dim hashpw As Byte() = Await VERAG_VARIABLES.HashPassword(passw, salt, intzahliterats, intzahl)
-        If Await VERAG_VARIABLES.Verifyhash(passw, salt, hashpw, intzahliterats, intzahl) = True Then
-            FormsAuthentication.RedirectFromLoginPage(UserNaMe, True)
-        End If
+
+        FormsAuthentication.RedirectFromLoginPage(UserNaMe, True)
+
 
     End Sub