MD5-Hash erfolgreich generiert und implementiert.

login/ForgotPW.aspx.vb

@@ -454,7 +454,7 @@ Partial Class ForgotPW
             Else
                 tokenname = Session.Item("TokenforEmail")
             End If
-            Dim md5temptoken As String = gensaltToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession, UserID)
+            'Dim md5temptoken As String = gensaltToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession, UserID)
             'MsgBox("Token:" + tokenname + Environment.NewLine + "md5" + md5temptoken)
             If SendEmail_M(username, password, email, tokenname, customerID, isusernameright, isuserIDright, isuserEmailright, Session.IsNewSession, UserID) = True Then
                 'password = RandomString(New Random, 10)
@@ -778,7 +778,7 @@ Partial Class ForgotPW
                     If jetzt < wenn Then
                         Return "NotYet"
                     Else
-                        token = genToken(username, password, email, CustomerID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession, theUserID)
+                        token = gensaltToken(username, password, email, CustomerID, isusrnmright, iscstmIDright, isemailright, Session.IsNewSession, theUserID)
                         Return token
                         'End If
                     End If

login/login_FLEX.aspx.vb

@@ -8,7 +8,7 @@ Partial Class login_FLEX
     Dim Customer_ID As String = String.Empty
     Dim UserNaMe As String = String.Empty
     Dim passw As String = String.Empty
-
+    Dim USERID As String = String.Empty
     Protected Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load
         VERAG_VARIABLES.initerrorcount()
         If Page.IsPostBack = True Then
@@ -168,16 +168,16 @@ Partial Class login_FLEX
                                 Login1.FailureText = VERAG_VARIABLES.geterrornumb + "Username is not in the database!"
                             End If
                             If tb3.Text = dr("Password") Then
-                                passw = VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(dr("Password").ToString)
+                                passw = dr("Password").ToString
                             Else
                                 VERAG_VARIABLES.seterrorcount(9)
                                 Login1.FailureText = VERAG_VARIABLES.geterrornumb + "Password is not in the database!"
                             End If
+
                             'MsgBox("Erfolgreich validiert.")
                             Session.Add("test", UserNaMe)
                             Session.Add("CustomerID", Customer_ID)
                             Session.Add("PW", passw)
-
                             Exit Select
                     End Select
                 End If
@@ -195,12 +195,18 @@ Partial Class login_FLEX
                 con.Close()
             End Using
         End Using
+
         If String.IsNullOrEmpty(tb2_M.Text) = False AndAlso String.IsNullOrEmpty(tb2.Text) = True Then
             FormsAuthentication.SetAuthCookie(Login1.UserName, cb_M.Checked)
         ElseIf String.IsNullOrEmpty(tb2.Text) = False AndAlso String.IsNullOrEmpty(tb2_M.Text) = True Then
             FormsAuthentication.SetAuthCookie(Login2.UserName, cb.Checked)
         End If
+        'If (String.IsNullOrEmpty(passw) = False And String.IsNullOrEmpty(UserNaMe) = False And String.IsNullOrEmpty(Customer_ID) = False) Then
+        'Dim str = gensaltToken(UserNaMe, passw, Customer_ID, Session.IsNewSession)
+        'MsgBox(str)
+        'End If
         FormsAuthentication.RedirectFromLoginPage(UserNaMe, True)
+
     End Sub
 
     Protected Sub LoginButton_Click(sender As Object, e As EventArgs)
@@ -208,13 +214,63 @@ Partial Class login_FLEX
         Session.Add("test", UserNaMe)
         Session.Add("CustomerID", Customer_ID)
         Session.Add("PW", passw)
-
     End Sub
     Protected Sub LoginButton_M_Click(sender As Object, e As EventArgs)
         Validate("Login_M")
         Session.Add("test", UserNaMe)
         Session.Add("CustomerID", Customer_ID)
         Session.Add("PW", passw)
-
     End Sub
+    Function gensaltToken(username As String, password As String, CustomerID As String, isnewSession As Boolean) As String
+        If isnewSession = False Then
+            Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary())
+            Dim Key() As Byte = Guid.NewGuid().ToByteArray()
+            Dim token As String
+            Dim MyMin As Integer = 155, MyMax As Integer = 875, My1stRandomNumber As Integer, My2ndRandomNumber As Integer
+            ' Create a random number generator
+            Dim Generator As System.Random = New System.Random()
+            ' Get a random number >= MyMin and <= MyMax
+            My1stRandomNumber = Generator.Next(MyMin, MyMax + 1) ' Note: Next function returns numbers _less than_ max, so pass in max + 1 to include max as a possible value
+
+            ' Get another random number (don't create a new generator, use the same one)
+            My2ndRandomNumber = Generator.Next(MyMin, MyMax + 1)
+            If String.IsNullOrEmpty(username) = False And String.IsNullOrEmpty(passw) = False And String.IsNullOrEmpty(CustomerID) = False Then
+                Try
+                    Dim salt As String = VERAG_VARIABLES.GenerateSalt(My1stRandomNumber)
+                    Dim passw As String = password
+                    token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(passw, salt, 10101, My1stRandomNumber))
+                    Return token
+                Catch Ex As Exception
+                    'Dim Msg, Style, Title As String
+                    'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given."
+                    'Style = vbRetry + vbExclamation + vbDefaultButton1
+                    'Title = "Error05: Token-Generierung"
+                    'MsgBox(Msg, Style, Title)
+                    'If MsgBox(Msg, Style, Title).Retry Then
+                    'genToken(username, password, email)
+                    Dim salt As String = VERAG_VARIABLES.GenerateSalt(My1stRandomNumber)
+                    Dim passw As String = password
+                    token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(passw, salt, 10101, My2ndRandomNumber))
+
+
+                    'Else
+                    'MsgBox("Token-Generation has not been successful." & vbCrLf & "Please try again in five seconds!")
+                    Dim jetzt As DateTime = DateTime.UtcNow
+                    Dim wenn As DateTime = DateTime.UtcNow.AddSeconds(-5)
+
+                    If jetzt < wenn Then
+                        Return "NotYet"
+                    Else
+                        token = gensaltToken(username, password, CustomerID, Session.IsNewSession)
+                        Return token
+                        'End If
+                    End If
+                End Try
+            Else
+                Return String.Empty
+            End If
+        Else
+            Return "Error in Session ID. It has changed. Please check admin!"
+        End If
+    End Function
 End Class