Imports System.Data.SqlClient Partial Class login_Change_PW Inherits System.Web.UI.Page Protected Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load Dim url = Request.ServerVariables("URL") Session.Add("urltochangepw", url) Dim ConnectionString = "" If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = True 'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956" ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" Else VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = False ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" 'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;" End If Using con As New SqlConnection(ConnectionString) ' Using cmd As New SqlCommand("Validate_User") Using cmd As New SqlCommand("SELECT KundenNr,Username FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND KundenNr=@KundenNr") ' cmd.CommandType = CommandType.StoredProcedure Dim usrname = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par2")) Dim UsrID = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")) cmd.Parameters.AddWithValue("@Username", usrname) cmd.Parameters.AddWithValue("@KundenNr", UsrID) cmd.Connection = con con.Open() ' userId = Convert.ToInt32(cmd.ExecuteScalar()) Dim dr As SqlDataReader = cmd.ExecuteReader() If dr.HasRows Then dr.Read() If VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1")) = Not Nothing Then If getDateoftoken(VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par1"))) = True AndAlso VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par2")) = dr("Username") AndAlso VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")) = dr("KundenNr") Then Try If IsPostBack Then If String.IsNullOrEmpty(txt_Pw.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = False Then txt_Pw_WH.Enabled = False reqPassw1txt_M.Enabled = False reqPasswtxt_M.Enabled = False reqPasswtxt.Enabled = True reqPassw1txt.Enabled = True reqPasswtxt.Validate() If reqPasswtxt.IsValid = True Then txt_Pw_WH.Enabled = True reqPassw1txt.Validate() End If ElseIf String.IsNullOrEmpty(txt_Pw_M.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_WH_M.Text) = False Then txt_Pw_WH_M.Enabled = False reqPasswtxt.Enabled = False reqPassw1txt.Enabled = False reqPassw1txt_M.Enabled = True reqPasswtxt_M.Enabled = True reqPasswtxt_M.Validate() If reqPasswtxt_M.IsValid = True Then txt_Pw_WH_M.Enabled = True reqPassw1txt_M.Validate() End If End If End If Catch exc As Exception lbl_messagetext.Text = exc.Message End Try Else 'btn_submitpw.Enabled = False txt_Pw.BackColor = Drawing.Color.Gray txt_Pw.ForeColor = Drawing.Color.DarkGray txt_Pw_WH.Enabled = False txt_Pw_WH.BackColor = Drawing.Color.Gray txt_Pw_WH.ForeColor = Drawing.Color.DarkGray txt_Pw.Enabled = False regexval_txt_Pw_WH.Enabled = False End If Else VERAG_VARIABLES.initerrorcount() VERAG_VARIABLES.seterrorcount(1) lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb + "Link ist abgelaufen. Bitte neue E-Mail senden." Response.Redirect("ForgotPW.aspx") End If dr.Close() End If End Using con.Close() End Using End Sub Function getDateoftoken(tokenname As String) As Boolean Dim data() As Byte = Convert.FromBase64String(VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(tokenname)) Dim wenn As DateTime = DateTime.FromBinary(BitConverter.ToInt64(data, 0)) Dim nameoftoken = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(tokenname) If wenn < DateTime.UtcNow.AddMinutes(-30) Then nameoftoken = String.Empty If VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Mob").ToString()) = "True" Then VERAG_VARIABLES.seterrorcount(101) lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb + "Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!" ElseIf VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Mob").ToString()) = "False" Then VERAG_VARIABLES.seterrorcount(101) lbl_messagetext_M.Text = VERAG_VARIABLES.geterrornumb + "Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!" End If 'MsgBox("Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!") Session.Remove("TokenforEmail") Return False ElseIf nameoftoken = "Error04" Then nameoftoken = String.Empty Session.Remove("TokenforEmail") Return False ElseIf nameoftoken = "NotYet" Then Return True Else Return True End If End Function Protected Sub Image1_M_Click(sender As Object, e As ImageClickEventArgs) MsgBox("") End Sub Protected Sub btn_submitpw_Click(sender As Object, e As EventArgs) Dim tempstr As String = "" Dim Msg, Style, Title As String If String.IsNullOrEmpty(txt_Pw.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_M.Text) = True AndAlso String.IsNullOrEmpty(txt_Pw_WH_M.Text) = True Then If String.IsNullOrEmpty(txt_Pw.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = False Then txt_Pw_WH.Enabled = False reqPassw1txt_M.Enabled = False reqPasswtxt_M.Enabled = False reqPasswtxt.Enabled = True reqPassw1txt.Enabled = True reqPasswtxt.Validate() If reqPasswtxt.IsValid = True Then txt_Pw_WH.Enabled = True reqPassw1txt.Validate() End If End If Dim ConnectionString = "" If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = True 'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956" ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" Else VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = False ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" 'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;" End If If reqPassw1txt.IsValid = True Then Using con As New SqlConnection(ConnectionString) ' Using cmd As New SqlCommand("Validate_User") Using cmd As New SqlCommand("SELECT KundenNr,Username,Password FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND KundenNr=@KundenNr") ' cmd.CommandType = CommandType.StoredProcedure Dim usrname = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par2")) Dim UsrID = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")) cmd.Parameters.AddWithValue("@Username", usrname) cmd.Parameters.AddWithValue("@KundenNr", UsrID) cmd.Connection = con con.Open() ' userId = Convert.ToInt32(cmd.ExecuteScalar()) Dim dr As SqlDataReader = cmd.ExecuteReader() If dr.HasRows Then dr.Read() If txt_Pw.Text = Not dr("Password") Or txt_Pw_WH.Text = Not dr("Password") Then tempstr = txt_Pw.Text Else lbl_messagetext.Text = "Die gewählten Passwörter dürfen nicht dem alten entsprechen!" End If End If dr.Close() End Using con.Close() End Using Else VERAG_VARIABLES.seterrorcount(22) lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb + "Error in Passwort Validation." End If Else tempstr = "Error01" End If If txt_Pw.Text = tempstr And txt_Pw_WH.Text = tempstr AndAlso String.IsNullOrEmpty(txt_Pw_M.Text) = True And String.IsNullOrEmpty(txt_Pw_WH_M.Text) = True And tempstr = Not "Error01" Then If String.IsNullOrEmpty(txt_Pw.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = False Then txt_Pw_WH_M.Enabled = False reqPasswtxt.Enabled = False reqPassw1txt.Enabled = False reqPassw1txt.Enabled = True reqPasswtxt.Enabled = True reqPasswtxt.Validate() If reqPasswtxt.IsValid = True Then txt_Pw_WH.Enabled = True reqPassw1txt.Validate() End If End If Try Dim ConnectionString = "" Dim usrname = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par2")) Dim UsrID = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")) If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then 'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956" ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" Else ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" 'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;" End If If reqPassw1txt_M.IsValid = True Then Using con As New SqlConnection(ConnectionString) Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET [Password]=@Password WHERE [Username]=@Username AND [KundenNr]=@KundenNr") ' cmd.CommandType = CommandType.StoredProcedure cmd.Parameters.AddWithValue("@Username", usrname) cmd.Parameters.AddWithValue("@Password", tempstr) cmd.Parameters.AddWithValue("@KundenNr", UsrID) cmd.Connection = con cmd.ExecuteNonQuery() End Using End Using Else VERAG_VARIABLES.seterrorcount(22) lbl_messagetext_M.Text = VERAG_VARIABLES.geterrornumb() + "Error mit der Validierung des Kennwortes." End If Catch ex As Exception lbl_messagetext.Text = ex.Message End Try Msg = "PW erfolgreich geändert!" Style = vbOKOnly + vbInformation + vbDefaultButton1 Title = "Information" regexval_txt_Pw.ForeColor = Drawing.Color.Green regexval_txt_Pw.Text = "Password has been changed successfully!" 'MsgBox(Msg, Style, Title) ' If MsgBox(Msg, Style, Title).Ok Then 'Response.Redirect("login_FLEX.aspx") 'End If ElseIf tempstr = "Error01" Then regexval_txt_Pw.ForeColor = Drawing.Color.MediumVioletRed VERAG_VARIABLES.seterrorcount(2) regexval_txt_Pw.Text = VERAG_VARIABLES.geterrornumb + "Password has not been changed successfully!" ' Msg = "PW nicht erfolgreich geändert!" ' Style = vbAbortRetryIgnore + vbCritical + vbDefaultButton1 ' Title = "Error" 'MsgBox(Msg, Style, Title) 'If MsgBox(Msg, Style, Title).Retry Then 'Response.Redirect(Request.RawUrl) 'ElseIf MsgBox(Msg, Style, Title).Abort Then ' Response.Redirect("../newPageJulius_Sidebar.aspx") 'ElseIf MsgBox(Msg, Style, Title).Ignore Then ' Try ' Catch ex As Exception ' End Try End If End Sub Protected Sub txt_Pw_WH_TextChanged(sender As Object, e As EventArgs) regexval_txt_Pw_WH.Validate() confirmPasswordReq.Validate() If confirmPasswordReq.IsValid Then ' btn_submitpw.Enabled = True Else lbl_messagetext.ForeColor = Drawing.Color.Red lbl_messagetext.Text = "Passwort stimmt nicht überein." 'btn_submitpw.Enabled = False End If End Sub Protected Sub txt_Pw_TextChanged(sender As Object, e As EventArgs) regexval_txt_Pw.Validate() If regexval_txt_Pw.IsValid Then txt_Pw_WH.ReadOnly = False regexval_txt_Pw_WH.Enabled = True Else txt_Pw_WH.ReadOnly = True regexval_txt_Pw_WH.Enabled = False End If End Sub Protected Sub txt_Pw_M_TextChanged(sender As Object, e As EventArgs) regexval_txt_Pw_M.Validate() If regexval_txt_Pw_M.IsValid Then txt_Pw_WH_M.ReadOnly = False regexval_txt_Pw_WH_M.Enabled = True Else txt_Pw_WH_M.ReadOnly = True regexval_txt_Pw_WH_M.Enabled = False End If End Sub Protected Sub txt_Pw_WH_M_TextChanged(sender As Object, e As EventArgs) regexval_txt_Pw_WH_M.Validate() confirmPasswordReq_M.Validate() If confirmPasswordReq_M.IsValid Then 'btn_submitpw_M.Enabled = True Else lbl_messagetext_M.ForeColor = Drawing.Color.Red lbl_messagetext_M.Text = "Passwort stimmt nicht überein." 'btn_submitpw.Enabled = False End If End Sub Protected Sub btn_submitpw_M_Click(sender As Object, e As EventArgs) Dim tempstr As String = "" Dim Msg, Style, Title As String Dim ConnectionString = "" If String.IsNullOrEmpty(txt_Pw_M.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_WH_M.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw.Text) = True AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = True Then reqPasswtxt.Enabled = False reqPasswtxt.Enabled = False reqPasswtxt_M.Enabled = True reqPassw1txt_M.Enabled = True reqPasswtxt_M.Validate() reqPassw1txt_M.Validate() If reqPasswtxt_M.IsValid = True AndAlso reqPassw1txt_M.IsValid = True Then If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = True 'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956" ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" Else VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = False ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" 'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;" End If Using con As New SqlConnection(ConnectionString) ' Using cmd As New SqlCommand("Validate_User") Using cmd As New SqlCommand("SELECT KundenNr,Username, Passwort FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND KundenNr=@KundenNr") ' cmd.CommandType = CommandType.StoredProcedure Dim usrname = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par2")) Dim UsrID = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")) cmd.Parameters.AddWithValue("@Username", usrname) cmd.Parameters.AddWithValue("@KundenNr", UsrID) cmd.Connection = con con.Open() ' userId = Convert.ToInt32(cmd.ExecuteScalar()) Dim dr As SqlDataReader = cmd.ExecuteReader() If dr.HasRows Then dr.Read() If txt_Pw_M.Text = Not dr("Passwort") Or txt_Pw_WH_M.Text = Not dr("Passwort") Then tempstr = txt_Pw_M.Text Else lbl_messagetext_M.Text = "Die gewählten Passwörter dürfen nicht dem alten entsprechen!" End If End If dr.Close() End Using con.Close() End Using Else tempstr = "Error01" End If If txt_Pw_M.Text = tempstr And txt_Pw_WH_M.Text = tempstr AndAlso String.IsNullOrEmpty(txt_Pw.Text) = True And String.IsNullOrEmpty(txt_Pw_WH.Text) = True And tempstr = Not "Error01" Then Try ConnectionString = "" Dim usrname = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par2")) Dim UsrID = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")) If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then 'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956" ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" Else ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" 'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;" End If Using con As New SqlConnection(ConnectionString) Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET Password=@Password WHERE Username=@Username AND KundenNr=@KundenNr") ' cmd.CommandType = CommandType.StoredProcedure cmd.Parameters.AddWithValue("@Username", usrname) cmd.Parameters.AddWithValue("@Password", tempstr) cmd.Parameters.AddWithValue("@KundenNr", UsrID) cmd.Connection = con cmd.ExecuteNonQuery() regexval_txt_Pw_M.ForeColor = Drawing.Color.Green regexval_txt_Pw_M.Text = "Password has been changed successfully!" End Using End Using Catch ex As Exception lbl_messagetext_M.Text = ex.Message End Try 'MsgBox(Msg, Style, Title) ' If MsgBox(Msg, Style, Title).Ok Then 'Response.Redirect("login_FLEX.aspx") 'End If ElseIf tempstr = "Error01" Then regexval_txt_Pw_M.ForeColor = Drawing.Color.MediumVioletRed VERAG_VARIABLES.seterrorcount(2) regexval_txt_Pw_M.Text = VERAG_VARIABLES.geterrornumb + "Password has not been changed successfully!" ' Msg = "PW nicht erfolgreich geändert!" ' Style = vbAbortRetryIgnore + vbCritical + vbDefaultButton1 ' Title = "Error" 'MsgBox(Msg, Style, Title) 'If MsgBox(Msg, Style, Title).Retry Then 'Response.Redirect(Request.RawUrl) 'ElseIf MsgBox(Msg, Style, Title).Abort Then ' Response.Redirect("../newPageJulius_Sidebar.aspx") 'ElseIf MsgBox(Msg, Style, Title).Ignore Then ' Try ' Catch ex As Exception ' End Try End If End If End Sub End Class