diff --git a/login/ForgotPW.aspx.vb b/login/ForgotPW.aspx.vb index dbcb192..f07f27e 100644 --- a/login/ForgotPW.aspx.vb +++ b/login/ForgotPW.aspx.vb @@ -454,7 +454,7 @@ Partial Class ForgotPW Else tokenname = Session.Item("TokenforEmail") End If - Dim md5temptoken As String = gensaltToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession, UserID) + 'Dim md5temptoken As String = gensaltToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession, UserID) 'MsgBox("Token:" + tokenname + Environment.NewLine + "md5" + md5temptoken) If SendEmail_M(username, password, email, tokenname, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession, UserID) = True Then 'password = RandomString(New Random, 10) @@ -778,7 +778,7 @@ Partial Class ForgotPW If jetzt < wenn Then Return "NotYet" Else - token = genToken(username, password, email, CustomerID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession, theUserID) + token = gensaltToken(username, password, email, CustomerID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession, theUserID) Return token 'End If End If diff --git a/login/login_FLEX.aspx.vb b/login/login_FLEX.aspx.vb index 63fafaa..9096562 100644 --- a/login/login_FLEX.aspx.vb +++ b/login/login_FLEX.aspx.vb @@ -8,7 +8,7 @@ Partial Class login_FLEX Dim Customer_ID As String = String.Empty Dim UserNaMe As String = String.Empty Dim passw As String = String.Empty - + Dim USERID As String = String.Empty Protected Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load VERAG_VARIABLES.initerrorcount() If Page.IsPostBack = True Then @@ -168,16 +168,16 @@ Partial Class login_FLEX Login1.FailureText = VERAG_VARIABLES.geterrornumb + "Username is not in the database!" End If If tb3.Text = dr("Password") Then - passw = VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(dr("Password").ToString) + passw = dr("Password").ToString Else VERAG_VARIABLES.seterrorcount(9) Login1.FailureText = VERAG_VARIABLES.geterrornumb + "Password is not in the database!" End If + 'MsgBox("Erfolgreich validiert.") Session.Add("test", UserNaMe) Session.Add("CustomerID", Customer_ID) Session.Add("PW", passw) - Exit Select End Select End If @@ -195,12 +195,18 @@ Partial Class login_FLEX con.Close() End Using End Using + If String.IsNullOrEmpty(tb2_M.Text) = False AndAlso String.IsNullOrEmpty(tb2.Text) = True Then FormsAuthentication.SetAuthCookie(Login1.UserName, cb_M.Checked) ElseIf String.IsNullOrEmpty(tb2.Text) = False AndAlso String.IsNullOrEmpty(tb2_M.Text) = True Then FormsAuthentication.SetAuthCookie(Login2.UserName, cb.Checked) End If + 'If (String.IsNullOrEmpty(passw) = False And String.IsNullOrEmpty(UserNaMe) = False And String.IsNullOrEmpty(Customer_ID) = False) Then + 'Dim str = gensaltToken(UserNaMe, passw, Customer_ID, Session.IsNewSession) + 'MsgBox(str) + 'End If FormsAuthentication.RedirectFromLoginPage(UserNaMe, True) + End Sub Protected Sub LoginButton_Click(sender As Object, e As EventArgs) @@ -208,13 +214,63 @@ Partial Class login_FLEX Session.Add("test", UserNaMe) Session.Add("CustomerID", Customer_ID) Session.Add("PW", passw) - End Sub Protected Sub LoginButton_M_Click(sender As Object, e As EventArgs) Validate("Login_M") Session.Add("test", UserNaMe) Session.Add("CustomerID", Customer_ID) Session.Add("PW", passw) - End Sub + Function gensaltToken(username As String, password As String, CustomerID As String, isnewSession As Boolean) As String + If isnewSession = False Then + Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary()) + Dim Key() As Byte = Guid.NewGuid().ToByteArray() + Dim token As String + Dim MyMin As Integer = 155, MyMax As Integer = 875, My1stRandomNumber As Integer, My2ndRandomNumber As Integer + ' Create a random number generator + Dim Generator As System.Random = New System.Random() + ' Get a random number >= MyMin and <= MyMax + My1stRandomNumber = Generator.Next(MyMin, MyMax + 1) ' Note: Next function returns numbers _less than_ max, so pass in max + 1 to include max as a possible value + + ' Get another random number (don't create a new generator, use the same one) + My2ndRandomNumber = Generator.Next(MyMin, MyMax + 1) + If String.IsNullOrEmpty(username) = False And String.IsNullOrEmpty(passw) = False And String.IsNullOrEmpty(CustomerID) = False Then + Try + Dim salt As String = VERAG_VARIABLES.GenerateSalt(My1stRandomNumber) + Dim passw As String = password + token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(passw, salt, 10101, My1stRandomNumber)) + Return token + Catch Ex As Exception + 'Dim Msg, Style, Title As String + 'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given." + 'Style = vbRetry + vbExclamation + vbDefaultButton1 + 'Title = "Error05: Token-Generierung" + 'MsgBox(Msg, Style, Title) + 'If MsgBox(Msg, Style, Title).Retry Then + 'genToken(username, password, email) + Dim salt As String = VERAG_VARIABLES.GenerateSalt(My1stRandomNumber) + Dim passw As String = password + token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(passw, salt, 10101, My2ndRandomNumber)) + + + 'Else + 'MsgBox("Token-Generation has not been successful." & vbCrLf & "Please try again in five seconds!") + Dim jetzt As DateTime = DateTime.UtcNow + Dim wenn As DateTime = DateTime.UtcNow.AddSeconds(-5) + + If jetzt < wenn Then + Return "NotYet" + Else + token = gensaltToken(username, password, CustomerID, Session.IsNewSession) + Return token + 'End If + End If + End Try + Else + Return String.Empty + End If + Else + Return "Error in Session ID. It has changed. Please check admin!" + End If + End Function End Class \ No newline at end of file