edv/VERAG_Homepage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Änderungen Algorithmus Serverlast senken und Produktivität steigern. Und GUI Anpassungen Mobil.

Browse Source
This commit is contained in:
ja
2021-12-03 15:34:56 +01:00
parent 39e94f95b7
commit d833a5dcff
5 changed files with 51 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
App_Code/VERAG_VARIABLES.vb
View File

@@ -4,7 +4,7 @@ Imports Konscious.Security.Cryptography
Public Class VERAG_VARIABLES Public Class VERAG_VARIABLES
Public Shared errornumb As Integer = 0 Public Shared errornumb As Integer = 0
Shared Function getiterationnumber() As Integer Shared Function getiterationnumber() As Integer
Return RandomInteger(Math.Pow(2, 2), Math.Pow(2, 8)) Return RandomInteger(Math.Pow(2, 4), Math.Pow(2, 11))
End Function End Function
Shared Sub initerrorcount() Shared Sub initerrorcount()
@@ -28,17 +28,27 @@ Public Class VERAG_VARIABLES
'Convert.ToBase64String(saltBytes) 'Convert.ToBase64String(saltBytes)
End Function End Function
Public Shared Async Function HashPassword(ByVal password As String, ByVal salt As Byte(), ByVal nIterations As Integer, ByVal nHash As Integer) As Threading.Tasks.Task(Of Byte()) Public Shared Async Function HashPassword(ByVal password As String, ByVal salt As Byte(), ByVal nIterations As Integer, ByVal nHash As Integer) As Threading.Tasks.Task(Of Byte())
Dim Argon As Argon2id = New Argon2id(Encoding.UTF8.GetBytes(password)) 'Dim Argon As Argon2id = New Argon2id(Encoding.UTF8.GetBytes(password))
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
Dim Argon As Argon2d = New Argon2d(Encoding.UTF8.GetBytes(password))
Argon.Salt = salt Argon.Salt = salt
Argon.DegreeOfParallelism = 4 Argon.DegreeOfParallelism = 24
Argon.Iterations = nIterations Argon.Iterations = nIterations
Argon.MemorySize = 4096 Argon.MemorySize = (nIterations / 1.05) + 1 * 150
Return Await Argon.GetBytesAsync(nHash) Return Await Argon.GetBytesAsync(nHash)
'Return Convert.ToBase64String(Argon.GetBytes(nHash)) 'Return Convert.ToBase64String(Argon.GetBytes(nHash))
Return Argon.GetBytes(nHash) 'Return Argon.GetBytes(nHash)
'Dim saltBytes = Convert.FromBase64String(salt) 'Dim saltBytes = Convert.FromBase64String(salt)
'Using rfc2898DeriveBytes = New Rfc2898DeriveBytes(password, saltBytes, nIterations) 'Using rfc2898DeriveBytes = New Rfc2898DeriveBytes(password, saltBytes, nIterations)
'End Using 'End Using
Else
Dim Argon As Argon2d = New Argon2d(Encoding.UTF8.GetBytes(password))
Argon.Salt = salt
Argon.DegreeOfParallelism = 36
Argon.Iterations = nIterations
Argon.MemorySize = (nIterations / 0.385) + 1 * 250
Return Await Argon.GetBytesAsync(nHash)
End If
End Function End Function
Public Shared Async Function Verifyhash(ByVal passw As String, ByVal salt As Byte(), ByVal hash As Byte(), ByVal nIterations As Integer, ByVal nHash As Integer) As Threading.Tasks.Task(Of Boolean) Public Shared Async Function Verifyhash(ByVal passw As String, ByVal salt As Byte(), ByVal hash As Byte(), ByVal nIterations As Integer, ByVal nHash As Integer) As Threading.Tasks.Task(Of Boolean)

16
Customers/CustomsAviso.aspx
View File

@@ -272,22 +272,22 @@
<div id="rowcol3" class="col-10 row" style="margin-right:/*1.52px;*/0.33480176211453744vw;"> <div id="rowcol3" class="col-10 row" style="margin-right:/*1.52px;*/0.33480176211453744vw;">
<div class="row"> <div class="row">
<asp:Label ID="lbl_LKWNr_M" runat="server" Text="LKW Nr"></asp:Label> <asp:Label ID="lbl_LKWNr_M" runat="server" Text="LKW Nr"></asp:Label>
<asp:TextBox ID="txt_LKWNr_M" AutoCompleteType="Search" AutoPostBack="false" runat="server" style="width:117px; margin-left:25px;" OnTextChanged="txt_LKWNr_M_TextChanged"></asp:TextBox> <asp:TextBox ID="txt_LKWNr_M" AutoCompleteType="Search" AutoPostBack="false" runat="server" style="width:185px; margin-left:10px;" OnTextChanged="txt_LKWNr_M_TextChanged"></asp:TextBox>
<asp:RegularExpressionValidator ControlToValidate="txt_LKWNr" runat="server" ID="regexval_txt_LKWNr_M" ValidationGroup="additional_TXTs" ForeColor="Red" ValidationExpression="^([A-Z0-9]{30})\d$" Display="Dynamic" ErrorMessage="Falsche Eingabe!" SetFocusOnError="true"></asp:RegularExpressionValidator> <asp:RegularExpressionValidator ControlToValidate="txt_LKWNr" runat="server" ID="regexval_txt_LKWNr_M" ValidationGroup="additional_TXTs" ForeColor="Red" ValidationExpression="^([A-Z0-9]{30})\d$" Display="Dynamic" ErrorMessage="Falsche Eingabe!" SetFocusOnError="true"></asp:RegularExpressionValidator>
</div> </div>
<div id="rowcol4" class="col-10 row" style="margin-right:/*1.52px;*/0.33480176211453744vw;"> <div id="rowcol4" class="col-11 row" style="margin-right:/*1.52px;*/0.33480176211453744vw;">
<asp:Label ID="lbl_KdNrAuftrag_M" runat="server" Text="Kunden Auftrags Nr" style="margin-left:45px"></asp:Label> <asp:Label ID="lbl_KdNrAuftrag_M" runat="server" Text="Kunden Auftrags Nr" style="width:155px;"></asp:Label>
<asp:TextBox ID="txt_KdNrAuftrag_M" runat="server" AutoPostBack="false" AutoCompleteType="Search" style="width:117px; margin-left:6px;" OnTextChanged="txt_KdNrAuftrag_M_TextChanged"></asp:TextBox> <asp:TextBox ID="txt_KdNrAuftrag_M" runat="server" AutoPostBack="false" AutoCompleteType="Search" style="width:185px; margin-left:10px;" OnTextChanged="txt_KdNrAuftrag_M_TextChanged"></asp:TextBox>
<asp:RegularExpressionValidator ControlToValidate="txt_KdNrAuftrag_M" runat="server" ID="regval_txt_KdNrAuftrag_M" ValidationGroup="additional_TXTs" ValidationExpression="^[0-9]{7}$" Display="Dynamic" ForeColor="Red" ErrorMessage="Falsche Eingabe!" SetFocusOnError="true"></asp:RegularExpressionValidator> <asp:RegularExpressionValidator ControlToValidate="txt_KdNrAuftrag_M" runat="server" ID="regval_txt_KdNrAuftrag_M" ValidationGroup="additional_TXTs" ValidationExpression="^[0-9]{7}$" Display="Dynamic" ForeColor="Red" ErrorMessage="Falsche Eingabe!" SetFocusOnError="true"></asp:RegularExpressionValidator>
</div> </div>
<div id="rowcol5" class="col-10 row" style="margin-right:/*1.52px;*/0.33480176211453744vw;"> <div id="rowcol5" class="col-10 row" style="margin-right:/*1.52px;*/0.33480176211453744vw;">
<asp:Label ID="lbl_Absender_M" runat="server" Text="Absender"></asp:Label> <asp:Label ID="lbl_Absender_M" runat="server" Text="Absender"></asp:Label>
<asp:TextBox ID="txt_Absender_M" runat="server" AutoPostBack="false" AutoCompleteType="DisplayName" style="width:155px; margin-left:8px;" OnTextChanged="txt_Absender_M_TextChanged"></asp:TextBox> <asp:TextBox ID="txt_Absender_M" runat="server" AutoPostBack="false" AutoCompleteType="DisplayName" style="width:185px; margin-left:10px;" OnTextChanged="txt_Absender_M_TextChanged"></asp:TextBox>
<asp:RegularExpressionValidator ControlToValidate="txt_Absender_M" runat="server" ID="regval_txt_Absender_M" ValidationGroup="additional_TXTs" ValidationExpression="^([A-Z0-9]{90})\d$" Display="Dynamic" ForeColor="Red" ErrorMessage="Falsche Eingabe!" SetFocusOnError="true"></asp:RegularExpressionValidator> <asp:RegularExpressionValidator ControlToValidate="txt_Absender_M" runat="server" ID="regval_txt_Absender_M" ValidationGroup="additional_TXTs" ValidationExpression="^([A-Z0-9]{90})\d$" Display="Dynamic" ForeColor="Red" ErrorMessage="Falsche Eingabe!" SetFocusOnError="true"></asp:RegularExpressionValidator>
</div> </div>
<div id="rowcol6" class="col-10 row" style="margin-right:/*1.52px;*/0.33480176211453744vw;"> <div id="rowcol6" class="col-10 row" style="margin-right:/*1.52px;*/0.33480176211453744vw;">
<asp:Label ID="lbl_Empfaenger_M" runat="server" Text="Empfänger" style="margin-left:9px"></asp:Label> <asp:Label ID="lbl_Empfaenger_M" runat="server" Text="Empfänger" style=""></asp:Label>
<asp:TextBox ID="txt_Empfaenger_M" runat="server" AutoPostBack="false" AutoCompleteType="DisplayName" style="width:155px; margin-left:52px;" OnTextChanged="txt_Empfaenger_M_TextChanged"></asp:TextBox> <asp:TextBox ID="txt_Empfaenger_M" runat="server" AutoPostBack="false" AutoCompleteType="DisplayName" style="width:185px; margin-left:10px;" OnTextChanged="txt_Empfaenger_M_TextChanged"></asp:TextBox>
<asp:RegularExpressionValidator ControlToValidate="txt_Empfaenger_M" runat="server" ID="regval_txt_Empfaenger_M" ValidationGroup="additional_TXTs" ValidationExpression="^([A-Z0-9]{90})\d$" ForeColor="Red" Display="Dynamic" ErrorMessage="Falsche Eingabe!" SetFocusOnError="true"></asp:RegularExpressionValidator> <asp:RegularExpressionValidator ControlToValidate="txt_Empfaenger_M" runat="server" ID="regval_txt_Empfaenger_M" ValidationGroup="additional_TXTs" ValidationExpression="^([A-Z0-9]{90})\d$" ForeColor="Red" Display="Dynamic" ErrorMessage="Falsche Eingabe!" SetFocusOnError="true"></asp:RegularExpressionValidator>
</div> </div>
</div> </div>
@@ -299,7 +299,7 @@
<div id="Abstand_laenger" style="height: /*24px*/ 1.873536299765808vh;"></div> <div id="Abstand_laenger" style="height: /*24px*/ 1.873536299765808vh;"></div>
</div></div> </div></div>
</div> </div>
<asp:Button ID="btn_Auftraege" class="btn btn-primary" runat="server" Text="Erhalte Aufträge" style="background-color:#fff;color:#043381;height:30px;width:221px;font-size:1.33em;" /> <asp:Button ID="btn_Auftraege" class="btn btn-primary" runat="server" Text="Erhalte Aufträge" style="background-color:#fff;color:#043381;height:39px;width:221px;font-size:1.33em;" />
<div id="Abstand_lang" style="height: /*32px*/ 2.498048399687744vh;"></div> <div id="Abstand_lang" style="height: /*32px*/ 2.498048399687744vh;"></div>
<div class="g-3"> <div class="g-3">
<div id="conovertab" style="overflow-x:auto;margin-left:-7px"> <div id="conovertab" style="overflow-x:auto;margin-left:-7px">

2
login/ForgotPW.aspx
View File

@@ -1,4 +1,4 @@
<%@ Page Language="VB" AutoEventWireup="false" Debug="True" CodeFile="ForgotPW.aspx.vb" Inherits="ForgotPW" Async="false" %> <%@ Page Language="VB" AutoEventWireup="false" Debug="True" CodeFile="ForgotPW.aspx.vb" Inherits="ForgotPW" Async="true" %>
<%@ Reference VirtualPath="~/login/Change_PW.aspx" %> <%@ Reference VirtualPath="~/login/Change_PW.aspx" %>
<!DOCTYPE html> <!DOCTYPE html>

9
login/ForgotPW.aspx.vb
View File

@@ -11,11 +11,12 @@ Imports System.Security.Cryptography
Partial Class ForgotPW Partial Class ForgotPW
Inherits System.Web.UI.Page Inherits System.Web.UI.Page
Dim ConnectionString As String = String.Empty Dim ConnectionString As String = String.Empty
Dim salt As String = String.Empty Dim salt As Byte()
Protected Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs) Handles Me.Load Protected Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs) Handles Me.Load
If Page.IsPostBack = True Then If Page.IsPostBack = True Then
Page.MaintainScrollPositionOnPostBack = True Page.MaintainScrollPositionOnPostBack = True
VERAG_VARIABLES.initerrorcount() VERAG_VARIABLES.initerrorcount()
salt = VERAG_VARIABLES.GenerateSalt(RandomInteger(Math.Pow(2, 3), Math.Pow(2, 10)))
Else Else
Page.MaintainScrollPositionOnPostBack = False Page.MaintainScrollPositionOnPostBack = False
VERAG_VARIABLES.initerrorcount() VERAG_VARIABLES.initerrorcount()
@@ -26,7 +27,7 @@ Partial Class ForgotPW
End Sub End Sub
Protected Sub btn_Send_Click(sender As Object, e As EventArgs) Protected Async Sub btn_Send_Click(sender As Object, e As EventArgs)
Try Try
Dim username As String = String.Empty Dim username As String = String.Empty
Dim password As String = String.Empty Dim password As String = String.Empty
@@ -213,7 +214,9 @@ Partial Class ForgotPW
Else Else
tokenname = Session.Item("TokenforEmail") tokenname = Session.Item("TokenforEmail")
End If End If
Dim intzahl As Integer = VERAG_VARIABLES.RandomInteger(Math.Pow(2, 4), Math.Pow(2, 10))
Dim hashdata As Byte() = Await VERAG_VARIABLES.HashPassword(tokenname, salt, VERAG_VARIABLES.getiterationnumber, intzahl)
Session.Add("TokenHashtokenized", VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(Convert.ToBase64String(hashdata)))
If SendEmail(username, password, email, tokenname, customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession, UserID) = True Then If SendEmail(username, password, email, tokenname, customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession, UserID) = True Then
'password = RandomString(New Random, 10) 'password = RandomString(New Random, 10)
If (getDateoftoken(tokenname) = True) Then If (getDateoftoken(tokenname) = True) Then

17
login/login_FLEX.aspx.vb
View File

@@ -14,12 +14,13 @@ Partial Class login_FLEX
VERAG_VARIABLES.initerrorcount() VERAG_VARIABLES.initerrorcount()
If Page.IsPostBack = True Then If Page.IsPostBack = True Then
Page.MaintainScrollPositionOnPostBack = True Page.MaintainScrollPositionOnPostBack = True
Else
Page.MaintainScrollPositionOnPostBack = False
End If
intzahl = VERAG_VARIABLES.RandomInteger(Math.Pow(2, 7), Math.Pow(2, 10)) intzahl = VERAG_VARIABLES.RandomInteger(Math.Pow(2, 7), Math.Pow(2, 10))
intzahliterats = VERAG_VARIABLES.getiterationnumber intzahliterats = VERAG_VARIABLES.getiterationnumber
salt = VERAG_VARIABLES.GenerateSalt(intzahl) salt = VERAG_VARIABLES.GenerateSalt(intzahl)
Else
Page.MaintainScrollPositionOnPostBack = False
End If
End Sub End Sub
Protected Async Sub ValidateUser(sender As Object, e As EventArgs) Protected Async Sub ValidateUser(sender As Object, e As EventArgs)
@@ -171,7 +172,12 @@ Partial Class login_FLEX
Login1.FailureText = VERAG_VARIABLES.geterrornumb + "Username is not in the database!" Login1.FailureText = VERAG_VARIABLES.geterrornumb + "Username is not in the database!"
End If End If
If tb3.Text = dr("Password") Then If tb3.Text = dr("Password") Then
Dim hashpw As Byte() = Await VERAG_VARIABLES.HashPassword(passw, salt, intzahliterats, intzahl)
If Await VERAG_VARIABLES.Verifyhash(dr("Password").ToString, salt, hashpw, intzahliterats, intzahl) = True Then
passw = dr("Password").ToString passw = dr("Password").ToString
Else
passw = String.Empty
End If
Else Else
VERAG_VARIABLES.seterrorcount(9) VERAG_VARIABLES.seterrorcount(9)
Login1.FailureText = VERAG_VARIABLES.geterrornumb + "Password is not in the database!" Login1.FailureText = VERAG_VARIABLES.geterrornumb + "Password is not in the database!"
@@ -198,10 +204,9 @@ Partial Class login_FLEX
'Dim str = gensaltToken(UserNaMe, passw, Customer_ID, Session.IsNewSession) 'Dim str = gensaltToken(UserNaMe, passw, Customer_ID, Session.IsNewSession)
'MsgBox(str) 'MsgBox(str)
'End If 'End If
Dim hashpw As Byte() = Await VERAG_VARIABLES.HashPassword(passw, salt, intzahliterats, intzahl)
If Await VERAG_VARIABLES.Verifyhash(passw, salt, hashpw, intzahliterats, intzahl) = True Then
FormsAuthentication.RedirectFromLoginPage(UserNaMe, True) FormsAuthentication.RedirectFromLoginPage(UserNaMe, True)
End If
End Sub End Sub