Fixed Fehler bei Email token problem wo unbefugter zugriff mithilfe der generierten aber nicht explizit gelöschten Tokens möglich war.
This commit is contained in:
ja
@@ -55,27 +55,28 @@ Partial Class login_ForgotPW
|
||||
If dr.Read() Then
|
||||
username = dr("Username").ToString()
|
||||
password = dr("Password").ToString()
|
||||
email = dr("Email").ToString()
|
||||
Try
|
||||
If txt_Username.Text = dr("Username").ToString() Then
|
||||
|
||||
check_UserName_regex.IsValid = True
|
||||
username = txt_Username.Text
|
||||
Else
|
||||
check_UserName_regex.MatchTimeout = 3000
|
||||
check_UserName_regex.ErrorMessage = "No valid Username found in out database!"
|
||||
check_UserName_regex.IsValid = False
|
||||
End If
|
||||
If txtEmail.Text = dr("Email").ToString() Then
|
||||
regexval_txt_Email.IsValid = True
|
||||
regexval_txt_Email_2.IsValid = True
|
||||
regexval_txt_Email.Validate()
|
||||
email = txtEmail.Text
|
||||
|
||||
lblMessage.ForeColor = Color.Green
|
||||
lblMessage.Text = "The given e-mail exists in our database."
|
||||
Else
|
||||
regexval_txt_Email.IsValid = False
|
||||
regexval_txt_Email_2.IsValid = False
|
||||
|
||||
lblMessage.ForeColor = Color.Red
|
||||
lblMessage.Text = "The given e-mail does not exist in our database."
|
||||
End If
|
||||
regexval_txt_Email.Validate()
|
||||
|
||||
Catch ex As Exception
|
||||
Dim Msg, Style, Title As String
|
||||
Msg = "E-Mail validation failed!" & vbCrLf + "Please try again!"
|
||||
@@ -92,42 +93,51 @@ Partial Class login_ForgotPW
|
||||
End Using
|
||||
con.Close()
|
||||
End Using
|
||||
If Session.Item("TokenforEmail") = Nothing Then
|
||||
tokenname = genToken(username, password, email)
|
||||
Session.Add("TokenforEmail", tokenname)
|
||||
Else
|
||||
tokenname = Session.Item("TokenforEmail").ToString()
|
||||
End If
|
||||
|
||||
tokenname = genToken(username, password, email)
|
||||
Session.Add("TokenforEmail", tokenname)
|
||||
If SendEmail(username, password, email, tokenname) = True Then
|
||||
'password = RandomString(New Random, 10)
|
||||
If (getDateoftoken(tokenname) = True) Then
|
||||
'Dim msgboxstyle = vbDefaultButton1 + vbOK
|
||||
'MsgBox(tokenname, msgboxstyle)
|
||||
lblMessage.ForeColor = Color.Green
|
||||
lblMessage.Text = "Token generated successfully."
|
||||
'MsgBox("Token generated successfully.")
|
||||
Else
|
||||
lblMessage.ForeColor = Color.Red
|
||||
lblMessage.Text = "Token is not valid anymore. Please generate a new one by sending a new e-mail!"
|
||||
'password = RandomString(New Random, 10)
|
||||
If (getDateoftoken(tokenname) = True) Then
|
||||
'Dim msgboxstyle = vbDefaultButton1 + vbOK
|
||||
'MsgBox(tokenname, msgboxstyle)
|
||||
lblMessage.ForeColor = Color.Green
|
||||
lblMessage.Text = "Token generated successfully."
|
||||
'MsgBox("Token generated successfully.")
|
||||
Else
|
||||
lblMessage.ForeColor = Color.Red
|
||||
lblMessage.Text = "Token is not valid anymore. Please generate a new one by sending a new e-mail!"
|
||||
'MsgBox("Token is not valid anymore. Please generate a new one by sending a new e-mail!")
|
||||
|
||||
tokenname = genToken(username, password, email)
|
||||
If Session.Item("TokenforEmail") = Nothing Then
|
||||
tokenname = genToken(username, password, email)
|
||||
Session.Add("TokenforEmail", tokenname)
|
||||
Else
|
||||
tokenname = Session.Item("TokenforEmail").ToString()
|
||||
End If
|
||||
End If
|
||||
'SendEmail(username, password, email)
|
||||
'MsgBox("Mail would be sent successfully!")
|
||||
lblMessage.ForeColor = Color.Green
|
||||
lblMessage.Text = "The password has been sent sucessfully on the given valid e-mail address."
|
||||
ElseIf SendEmail(username, password, email, tokenname) = False Then
|
||||
'MsgBox("Mail would not be sent successfully!")
|
||||
'SendEmail(username, password, email)
|
||||
'MsgBox("Mail would be sent successfully!")
|
||||
lblMessage.ForeColor = Color.Green
|
||||
lblMessage.Text = "The password has been sent sucessfully on the given valid e-mail address."
|
||||
ElseIf SendEmail(username, password, email, tokenname) = False Then
|
||||
'MsgBox("Mail would not be sent successfully!")
|
||||
lblMessage.ForeColor = Color.Red
|
||||
If String.IsNullOrWhiteSpace(username) = True Then
|
||||
lblMessage.Text = "Error10: Username not recognized Error!"
|
||||
ElseIf String.IsNullOrWhiteSpace(email) = True Then
|
||||
lblMessage.Text = "Error11: Email not recognized Error!"
|
||||
ElseIf String.IsNullOrWhiteSpace(password) = True Then
|
||||
lblMessage.Text = "An internal password searching error occured in our systems ."
|
||||
End If
|
||||
End If
|
||||
Else
|
||||
'MsgBox("The form has not been filled completeley.", MsgBoxStyle.Critical, "Error08")
|
||||
lblMessage.ForeColor = Color.Red
|
||||
If String.IsNullOrWhiteSpace(username) = True Then
|
||||
lblMessage.Text = "Error10: Username not recognized Error!"
|
||||
ElseIf String.IsNullOrWhiteSpace(email) = True Then
|
||||
lblMessage.Text = "Error11: Email not recognized Error!"
|
||||
ElseIf String.IsNullOrWhiteSpace(password) = True Then
|
||||
lblMessage.Text = "An internal password searching error occured in our systems ."
|
||||
End If
|
||||
End If
|
||||
Else
|
||||
'MsgBox("The form has not been filled completeley.", MsgBoxStyle.Critical, "Error08")
|
||||
lblMessage.ForeColor = Color.Red
|
||||
lblMessage.Text = "The form has not been filled completeley."
|
||||
End If
|
||||
End Sub
|
||||
@@ -174,9 +184,14 @@ Partial Class login_ForgotPW
|
||||
'MsgBox("/" + ServPort + Request.ServerVariables("URL"))
|
||||
|
||||
Try
|
||||
Dim tokennametemp = genToken(username, password, email)
|
||||
If Session.Item("TokenforEmail") = Nothing Then
|
||||
tokenname = genToken(username, password, email)
|
||||
Session.Add("TokenforEmail", tokenname)
|
||||
Else
|
||||
tokenname = Session.Item("TokenforEmail").ToString()
|
||||
End If
|
||||
'Dim Strtemp = Session.Keys.Item("urltochangepw")
|
||||
If getDateoftoken(tokennametemp) = True Then
|
||||
If getDateoftoken(tokenname) = True Then
|
||||
' Dim attachment As Attachment = New Attachment(File.OpenRead(excel), "Kundenliste.xlsx")
|
||||
' Msg.Attachments.Add(attachment)
|
||||
If String.IsNullOrEmpty(mailto) = False AndAlso String.IsNullOrEmpty(Betreff) = False AndAlso String.IsNullOrEmpty(htmlbody) = False Then
|
||||
@@ -186,7 +201,7 @@ Partial Class login_ForgotPW
|
||||
lblMessage.ForeColor = Color.OrangeRed
|
||||
lblMessage.Text = "Error07: Die Paramter wurden nicht alle gesetzt. Bitte Felder überprüfen!"
|
||||
End If
|
||||
lblMessage.ForeColor = Color.OrangeRed
|
||||
lblMessage.ForeColor = Color.Green
|
||||
lblMessage.Text = "Success" + Environment.NewLine + " Mail sent. Please check your inbox."
|
||||
'MsgBox("SENT")
|
||||
Return True
|
||||
@@ -194,7 +209,12 @@ Partial Class login_ForgotPW
|
||||
lblMessage.ForeColor = Color.Red
|
||||
lblMessage.Text = "Error02: Mail not delivered!"
|
||||
'MsgBox("Error02: Mail not delivered!" & vbCrLf & "New Token has been generated.")
|
||||
tokennametemp = genToken(username, password, email)
|
||||
If Session.Item("TokenforEmail") = Nothing Then
|
||||
tokenname = genToken(username, password, email)
|
||||
Session.Add("TokenforEmail", tokenname)
|
||||
Else
|
||||
tokenname = Session.Item("TokenforEmail").ToString()
|
||||
End If
|
||||
VERAG_PROG_ALLGEMEIN.cProgramFunctions.sendMail(mailto, Betreff, htmlbody, tokenname)
|
||||
Return False
|
||||
End If
|
||||
@@ -243,7 +263,7 @@ Partial Class login_ForgotPW
|
||||
Function getDateoftoken(tokenname As String) As Boolean
|
||||
Dim data() As Byte = Convert.FromBase64String(tokenname)
|
||||
Dim wenn As DateTime = DateTime.FromBinary(BitConverter.ToInt64(data, 0))
|
||||
If wenn > DateTime.UtcNow.AddMinutes(-30) Then
|
||||
If wenn < DateTime.UtcNow.AddMinutes(-30) Then
|
||||
tokenname = String.Empty
|
||||
'MsgBox("Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!")
|
||||
Session.Remove("TokenforEmail")
|
||||
|
||||
Reference in New Issue
Block a user