From f597d6af7444542fac5a1ae121e1c5cfe1d44e2b Mon Sep 17 00:00:00 2001 From: ja Date: Thu, 2 Dec 2021 14:02:28 +0100 Subject: [PATCH] =?UTF-8?q?=C3=84nderungen?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- login/Change_PW.aspx.vb | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/login/Change_PW.aspx.vb b/login/Change_PW.aspx.vb index 35d6e6e..0212dea 100644 --- a/login/Change_PW.aspx.vb +++ b/login/Change_PW.aspx.vb @@ -233,10 +233,10 @@ Partial Class login_Change_PW ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" 'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;" End If - Dim istokenhash As String = gensaltToken(usrname, tempstr, Email, Session.IsNewSession) - Dim istokenDBhash As String = gensaltToken(UsernameDB, pwDB, EmailDB, Session.IsNewSession) + Dim isPasswhash As String = gensaltPassw(usrname, tempstr, Email, Session.IsNewSession) + Dim isPasswDBhash As String = gensaltPassw(UsernameDB, pwDB, EmailDB, Session.IsNewSession) If regexval_txt_Pw.IsValid = True Then - If String.Equals(istokenhash, istokenDBhash) = False Then + If String.Equals(isPasswhash, isPasswDBhash) = False Then Using con As New SqlConnection(ConnectionString) Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET [Password]=@Password WHERE [Username]=@Username AND [UserId]=@UserId") ' cmd.CommandType = CommandType.StoredProcedure @@ -453,10 +453,10 @@ Partial Class login_Change_PW End If Using con As New SqlConnection(ConnectionString) - Dim istokenhash As String = gensaltToken(usrname, tempstr, Email, Session.IsNewSession) - Dim istokenDBhash As String = gensaltToken(usrnmDB, pwDB, EmailDB, Session.IsNewSession) + Dim isPasswhash As String = gensaltPassw(usrname, tempstr, Email, Session.IsNewSession) + Dim isPasswDBhash As String = gensaltPassw(usrnmDB, pwDB, EmailDB, Session.IsNewSession) If regexval_txt_Pw.IsValid = True Then - If String.Equals(istokenhash, istokenDBhash, StringComparison.CurrentCulture) = False Then + If String.Equals(isPasswhash, isPasswDBhash, StringComparison.CurrentCulture) = False Then Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET Password=@Password WHERE Username=@Username AND UserId=@UserId") ' cmd.CommandType = CommandType.StoredProcedure cmd.Parameters.AddWithValue("@Username", usrname) @@ -521,12 +521,11 @@ Partial Class login_Change_PW End If End If End Sub - Function gensaltToken(username As String, password As String, email As String, isnewSession As Boolean) As String + Function gensaltPassw(username As String, password As String, email As String, isnewSession As Boolean) As String If isnewSession = False Then Dim token As String If String.IsNullOrEmpty(username) = False AndAlso String.IsNullOrEmpty(email) = False Then Dim intzahl = RandomInteger(Math.Pow(2, 6), Math.Pow(2, 8)) - Dim intzahl2 = RandomInteger(Math.Pow(2, 6), Math.Pow(2, 8)) Dim Rand As Random = New Random If String.IsNullOrEmpty(password) = False Then Try @@ -535,6 +534,7 @@ Partial Class login_Change_PW token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 1991, intzahl)) Return token Catch Ex As Exception + Dim intzahl2 = RandomInteger(Math.Pow(2, 6), Math.Pow(2, 8)) 'Dim Msg, Style, Title As String 'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given." 'Style = vbRetry + vbExclamation + vbDefaultButton1 @@ -552,6 +552,7 @@ Partial Class login_Change_PW Return String.Empty End If End If + Return String.Empty Else Return "Error in Session ID. It has changed. Please check admin!" End If @@ -563,5 +564,4 @@ Partial Class login_Change_PW rand.GetBytes(one_byte) Return min + (max - min) * (one_byte(0) / 255) End Function - End Class \ No newline at end of file