edv/VERAG_Homepage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Änderungen

Browse Source
This commit is contained in:
ja
2021-12-02 14:02:28 +01:00
parent 5929dbf53c
commit f597d6af74
1 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
login/Change_PW.aspx.vb
View File

@@ -233,10 +233,10 @@ Partial Class login_Change_PW
ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;" 'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
End If End If
Dim istokenhash As String = gensaltToken(usrname, tempstr, Email, Session.IsNewSession) Dim isPasswhash As String = gensaltPassw(usrname, tempstr, Email, Session.IsNewSession)
Dim istokenDBhash As String = gensaltToken(UsernameDB, pwDB, EmailDB, Session.IsNewSession) Dim isPasswDBhash As String = gensaltPassw(UsernameDB, pwDB, EmailDB, Session.IsNewSession)
If regexval_txt_Pw.IsValid = True Then If regexval_txt_Pw.IsValid = True Then
If String.Equals(istokenhash, istokenDBhash) = False Then If String.Equals(isPasswhash, isPasswDBhash) = False Then
Using con As New SqlConnection(ConnectionString) Using con As New SqlConnection(ConnectionString)
Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET [Password]=@Password WHERE [Username]=@Username AND [UserId]=@UserId") Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET [Password]=@Password WHERE [Username]=@Username AND [UserId]=@UserId")
' cmd.CommandType = CommandType.StoredProcedure ' cmd.CommandType = CommandType.StoredProcedure
@@ -453,10 +453,10 @@ Partial Class login_Change_PW
End If End If
Using con As New SqlConnection(ConnectionString) Using con As New SqlConnection(ConnectionString)
Dim istokenhash As String = gensaltToken(usrname, tempstr, Email, Session.IsNewSession) Dim isPasswhash As String = gensaltPassw(usrname, tempstr, Email, Session.IsNewSession)
Dim istokenDBhash As String = gensaltToken(usrnmDB, pwDB, EmailDB, Session.IsNewSession) Dim isPasswDBhash As String = gensaltPassw(usrnmDB, pwDB, EmailDB, Session.IsNewSession)
If regexval_txt_Pw.IsValid = True Then If regexval_txt_Pw.IsValid = True Then
If String.Equals(istokenhash, istokenDBhash, StringComparison.CurrentCulture) = False Then If String.Equals(isPasswhash, isPasswDBhash, StringComparison.CurrentCulture) = False Then
Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET Password=@Password WHERE Username=@Username AND UserId=@UserId") Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET Password=@Password WHERE Username=@Username AND UserId=@UserId")
' cmd.CommandType = CommandType.StoredProcedure ' cmd.CommandType = CommandType.StoredProcedure
cmd.Parameters.AddWithValue("@Username", usrname) cmd.Parameters.AddWithValue("@Username", usrname)
@@ -521,12 +521,11 @@ Partial Class login_Change_PW
End If End If
End If End If
End Sub End Sub
Function gensaltToken(username As String, password As String, email As String, isnewSession As Boolean) As String Function gensaltPassw(username As String, password As String, email As String, isnewSession As Boolean) As String
If isnewSession = False Then If isnewSession = False Then
Dim token As String Dim token As String
If String.IsNullOrEmpty(username) = False AndAlso String.IsNullOrEmpty(email) = False Then If String.IsNullOrEmpty(username) = False AndAlso String.IsNullOrEmpty(email) = False Then
Dim intzahl = RandomInteger(Math.Pow(2, 6), Math.Pow(2, 8)) Dim intzahl = RandomInteger(Math.Pow(2, 6), Math.Pow(2, 8))
Dim intzahl2 = RandomInteger(Math.Pow(2, 6), Math.Pow(2, 8))
Dim Rand As Random = New Random Dim Rand As Random = New Random
If String.IsNullOrEmpty(password) = False Then If String.IsNullOrEmpty(password) = False Then
Try Try
@@ -535,6 +534,7 @@ Partial Class login_Change_PW
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 1991, intzahl)) token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 1991, intzahl))
Return token Return token
Catch Ex As Exception Catch Ex As Exception
Dim intzahl2 = RandomInteger(Math.Pow(2, 6), Math.Pow(2, 8))
'Dim Msg, Style, Title As String 'Dim Msg, Style, Title As String
'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given." 'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given."
'Style = vbRetry + vbExclamation + vbDefaultButton1 'Style = vbRetry + vbExclamation + vbDefaultButton1
@@ -552,6 +552,7 @@ Partial Class login_Change_PW
Return String.Empty Return String.Empty
End If End If
End If End If
Return String.Empty
Else Else
Return "Error in Session ID. It has changed. Please check admin!" Return "Error in Session ID. It has changed. Please check admin!"
End If End If
@@ -563,5 +564,4 @@ Partial Class login_Change_PW
rand.GetBytes(one_byte) rand.GetBytes(one_byte)
Return min + (max - min) * (one_byte(0) / 255) Return min + (max - min) * (one_byte(0) / 255)
End Function End Function
End Class End Class