Sicherheitslücke geschlossen bei der man ohne ANgabe von Email und oder Benutzername eine Token generieren lassen konnte. If-Abgfrage wurde hinzugefügt vor Generierung des Tokens.

2021-10-11 13:23:15 +02:00
parent 9b06928a0e
commit e4fe73a8a6
2 changed files with 40 additions and 34 deletions
--- a/login/login_FLEX.aspx
+++ b/login/login_FLEX.aspx
@@ -79,7 +79,7 @@
        <asp:Login ID = "Login1" runat = "server" OnAuthenticate= "ValidateUser" DestinationPageUrl="../Customers/CustomsAviso.aspx" >
            <LayoutTemplate>     
                <center>    
-                    <table  cellpadding="0">
+                    <table  cellpadding="0" style="margin: 6px 0px 6px 6px;">
                             <tr style="color:#003680; height:30px;">
                               <td align="left" style="color:#fff;font-kerning:auto;"> 
                                           <asp:Label ID="lbl_login" runat="server" style="color:#003680; font-size:20px;font-weight:700;" Text="Login"></asp:Label>
@@ -87,7 +87,7 @@
                               </tr>                           
                                <tr style="color:#003680; height:46px;">
                                        <td align="left">  
-                                             <asp:Label ID="CustomerIDLabel" runat="server" AssociatedControlID="CustomerID" CssClass="txt_design2">Kundennummer:</asp:Label>                                      
+                                             <asp:Label ID="CustomerIDLabel" runat="server" AssociatedControlID="CustomerID" CssClass="txt_design2">Kundennummer</asp:Label>                                      
                                            <asp:TextBox ID="CustomerID" runat="server" required="true" Width = "220" ValidationGroup="txt_checkUID" OnTextChanged="CustomerID_TextChanged1" Font-Size="1.125em"></asp:TextBox>  
                                        </td>
                                </tr>
@@ -102,22 +102,22 @@
                                </tr>  
                                <tr style="color:#003680; height:46px;">  
                                     <td align="left" colspan="2">
-                                        <asp:Label ID="UserNameLabel" runat="server" AssociatedControlID="UserName" CssClass="txt_design2">Benutzername:</asp:Label>                                           
+                                        <asp:Label ID="UserNameLabel" runat="server" AssociatedControlID="UserName" CssClass="txt_design2">Benutzername</asp:Label>                                           
                                        <asp:TextBox ID="UserName" runat="server" TextMode="SingleLine" Width = "220" ValidationGroup="txt_Username" required="true" Font-Size="1.125em"></asp:TextBox>
                                     </td>
                                </tr>
-                                <tr style="color:#003680; height:46px;">
+                                <tr style="color:#003680; height:15px;">
                                   <td align="left" colspan="4">             
                                       <asp:RequiredFieldValidator ID="UserNamerequired" runat="server" ControlToValidate="UserName" ErrorMessage="Der Benutzername ist erforderlich." ToolTip="Der Benutzername ist erforderlich." ValidationGroup="txt_Username">Der Benutzername ist erforderlich.</asp:RequiredFieldValidator> 
                                   </td>
                                </tr>
-                                <tr style="color:#003680; height:46px;">  
-                                    <td align="left" colspan="2">
-                                        <asp:Label ID="PasswordLabel" runat="server" AssociatedControlID="Password" CssClass="txt_design2">Kennwort:</asp:Label>
+                               <tr style="color:#003680; height:46px;">  
+                                     <td align="left" colspan="2">
+                                        <asp:Label ID="PasswordLabel" runat="server" AssociatedControlID="Password" CssClass="txt_design2">Kennwort</asp:Label>
                                        <asp:TextBox ID="Password" runat="server" TextMode="Password" required="true" Width = "220" Font-Size="1.125em" ValidationGroup="chk_PWField" MaxLength="30"></asp:TextBox>
                                    </td>
                                 </tr>
-                                 <tr style="color:#003680; height:46px;">
+                                 <tr style="color:#003680; height:15px;">
                                      <td align="left" colspan="2">
                                          <asp:RequiredFieldValidator ID="Passwordrequired" runat="server" ControlToValidate="Password" ErrorMessage="Das Kennwort ist erforderlich." ToolTip="Das Kennwort ist erforderlich." ValidationGroup="chk_PWField">Bitte Passwort angeben.</asp:RequiredFieldValidator>                                                                    
                                          <asp:RegularExpressionValidator ID="checkpwdREGEX" ControlToValidate="Password" ValidationGroup="chk_PWField" runat="server" Display="Dynamic" SetFocusOnError="true" ValidationExpression="<%=regexPWVal %>"></asp:RegularExpressionValidator>