215 lines
11 KiB
VB.net
215 lines
11 KiB
VB.net
Imports System.Net
|
|
Imports System.Net.Mail
|
|
Imports System.Drawing
|
|
Imports System.Configuration
|
|
Imports System.Data.SqlClient
|
|
Imports System.Data
|
|
|
|
Partial Class login_ForgotPW
|
|
Inherits System.Web.UI.Page
|
|
|
|
Protected Sub btn_Back_Click(sender As Object, e As EventArgs)
|
|
Response.Redirect("login/login_FLEX.aspx")
|
|
End Sub
|
|
|
|
Protected Sub btn_Send_Click(sender As Object, e As EventArgs)
|
|
Dim username As String = String.Empty
|
|
Dim password As String = String.Empty
|
|
Dim email As String = String.Empty
|
|
Dim tokenname As String = String.Empty
|
|
valreqtxtEmail.Validate()
|
|
check_UserName_regex.Validate()
|
|
If valreqtxtEmail.IsValid = True Then
|
|
email = txtEmail.Text
|
|
ElseIf valreqtxtEmail.IsValid = False Then
|
|
valreqtxtEmail.ErrorMessage = "ANnotation: The given Domain is not the company domain."
|
|
regexval_txt_Email.Validate()
|
|
valreqtxtEmail.IsValid = True
|
|
End If
|
|
If check_UserName_regex.IsValid = True Then
|
|
username = txt_Username.Text
|
|
Else
|
|
check_UserName_regex.ErrorMessage = "No valid Username found!"
|
|
End If
|
|
If String.IsNullOrEmpty(email) = False AndAlso String.IsNullOrEmpty(tokenname) = True AndAlso String.IsNullOrEmpty(password) = True AndAlso String.IsNullOrEmpty(username) = False Then
|
|
'cDBFunctions.GetNewOpenConnection()
|
|
Dim ConnectionString = String.Empty
|
|
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
|
|
'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956"
|
|
ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
|
|
Else
|
|
ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
|
|
'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
|
|
End If
|
|
' Dim constr As String = ConfigurationManager.ConnectionStrings("constr").ConnectionString
|
|
Using con As New SqlConnection(ConnectionString)
|
|
' Using cmd As New SqlCommand("Validate_User")
|
|
Using cmd As New SqlCommand("SELECT Username,Password FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username")
|
|
' cmd.CommandType = CommandType.StoredProcedure
|
|
cmd.Parameters.AddWithValue("@Username", username)
|
|
cmd.Connection = con
|
|
con.Open()
|
|
'userId = Convert.ToInt32(cmd.ExecuteScalar())
|
|
Dim dr As SqlDataReader = cmd.ExecuteReader()
|
|
If dr.Read() Then
|
|
username = dr("Username").ToString()
|
|
password = dr("Password").ToString()
|
|
Try
|
|
regexval_txt_Email.Validate()
|
|
Catch ex As Exception
|
|
Dim Msg, Style, Title As String
|
|
Msg = "E-Mail Prüfung fehlgeschlagen!" & vbCrLf + "Bitte erneut versuchen!"
|
|
Style = vbRetry + vbExclamation + vbDefaultButton1
|
|
Title = "Fehler bei E-Mail Authentifizierung!"
|
|
MsgBox(Msg, Style, Title)
|
|
If MsgBox(Msg, Style, Title).Yes Then
|
|
txtEmail.Text = String.Empty
|
|
txtEmail.Focus()
|
|
ElseIf MsgBox(Msg, Style, Title).No Then
|
|
End If
|
|
End Try
|
|
End If
|
|
End Using
|
|
con.Close()
|
|
End Using
|
|
|
|
tokenname = genToken(username, password, email)
|
|
Session.Add("TokenforEmail", tokenname)
|
|
If SendEmail(username, password, email, tokenname) = True Then
|
|
'password = RandomString(New Random, 10)
|
|
If (getDateoftoken(tokenname) = True) Then
|
|
Dim msgboxstyle = vbDefaultButton1 + vbOK
|
|
'MsgBox(tokenname, msgboxstyle)
|
|
MsgBox("Token erfolgreich generiert.")
|
|
Else
|
|
MsgBox("Token ist nicht mehr gültig! Es wird ein neuer generiert!")
|
|
tokenname = genToken(username, password, email)
|
|
End If
|
|
'SendEmail(username, password, email)
|
|
'MsgBox("Mail would be sent successfully!")
|
|
lblMessage.ForeColor = Color.Green
|
|
lblMessage.Text = "Passwort wurde erfolgreich an die angegebene E-Mail Adresse gesendet."
|
|
ElseIf SendEmail(username, password, email, tokenname) = False Then
|
|
'MsgBox("Mail would not be sent successfully!")
|
|
lblMessage.ForeColor = Color.Red
|
|
lblMessage.Text = "Diese E-Mail ist nicht in unserer Datenbank vorhanden."
|
|
End If
|
|
Else
|
|
MsgBox("Die Felder sind nicht alle befüllt worden.", MsgBoxStyle.Critical, "Error08")
|
|
End If
|
|
End Sub
|
|
|
|
'Function RandomString(r As Random, max As Integer) As String
|
|
'Dim s As String = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!§$%&/?="
|
|
'Dim sb As New StringBuilder
|
|
'Dim cnt As Integer = r.Next(4, max)
|
|
'For i As Integer = 1 To cnt
|
|
'Dim idx As Integer = r.Next(0, s.Length)
|
|
' sb.Append(s.Substring(idx, 1))
|
|
'Next
|
|
'Return sb.ToString()
|
|
'End Function
|
|
|
|
Function SendEmail(username As String, password As String, email As String, tokenname As String) As Boolean
|
|
Dim getdomianenvironment As String = String.Empty
|
|
Dim pagename As String = String.Empty
|
|
Dim ServPort As String = String.Empty
|
|
|
|
Dim mailto As String = String.Empty
|
|
Dim Betreff As String = String.Empty
|
|
Dim htmlbody As String = String.Empty
|
|
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
|
|
getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME")
|
|
ServPort = ":" + Request.ServerVariables("SERVER_PORT")
|
|
'pagename = Request.ServerVariables("SCRIPT_NAME")
|
|
mailto = email
|
|
Betreff = "Passwort reset"
|
|
htmlbody = String.Format("Sehr geehrte/r {0},<br /><br /> Bitte dem Link zum Zurücksetzen des Passwortes folgen:<br /><br /><br />.<br />" + Environment.NewLine + "<a runat=" + "server" + " href=http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(tokenname) + ">Link</a>" + Environment.NewLine + "<br />Mit freundlichen Grüßen <br />VERAG | EDV Support<br />support@verag.ag,", username, password)
|
|
Else
|
|
getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME")
|
|
ServPort = String.Empty
|
|
'pagename = Request.ServerVariables("SCRIPT_NAME")
|
|
mailto = email
|
|
Betreff = "Passwort reset"
|
|
htmlbody = String.Format("Sehr geehrte/r {0},<br /><br /> Bitte dem Link zum Zurücksetzen des Passwortes folgen:<br /><br /><br />.<br />" + Environment.NewLine + "<a runat=" + "server" + " href=http://" + getdomianenvironment + "/login/ChangePW.aspx?Par1=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(tokenname) + ">Link</a>" + Environment.NewLine + "<br />Mit freundlichen Grüßen <br />VERAG | EDV Support<br />support@verag.ag,", username, password)
|
|
End If
|
|
'Dim pg As String = Request.ServerVariables("URL")
|
|
'MsgBox("/" + ServPort + Request.ServerVariables("URL"))
|
|
|
|
Try
|
|
Dim tokennametemp = genToken(username, password, email)
|
|
'Dim Strtemp = Session.Keys.Item("urltochangepw")
|
|
If getDateoftoken(tokennametemp) = True Then
|
|
' Dim attachment As Attachment = New Attachment(File.OpenRead(excel), "Kundenliste.xlsx")
|
|
' Msg.Attachments.Add(attachment)
|
|
If String.IsNullOrEmpty(mailto) = False AndAlso String.IsNullOrEmpty(Betreff) = False AndAlso String.IsNullOrEmpty(htmlbody) = False Then
|
|
VERAG_PROG_ALLGEMEIN.cProgramFunctions.sendMail(mailto, Betreff, htmlbody)
|
|
Else
|
|
MsgBox("Error07: Die Paramter wurden nicht alle gesetzt. Bitte Felder überprüfen.", vbAbort, "Error07")
|
|
End If
|
|
MsgBox("SENT")
|
|
Return True
|
|
Else
|
|
MsgBox("Error02: Mail not delivered!" & vbCrLf & "Neuer Token wird generiert.")
|
|
tokennametemp = genToken(username, password, email)
|
|
VERAG_PROG_ALLGEMEIN.cProgramFunctions.sendMail(mailto, Betreff, htmlbody, tokenname)
|
|
Return False
|
|
End If
|
|
Catch ex As Exception
|
|
MsgBox(Err.Number & ex.Message & ex.StackTrace.ToString) 'Falls ein Fehler auftritt wird eine MsgBox angezeigt
|
|
End Try
|
|
Return False
|
|
End Function
|
|
|
|
Function genToken(username As String, password As String, email As String) As String
|
|
Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary())
|
|
Dim Key() As Byte = Guid.NewGuid().ToByteArray()
|
|
Dim token As String
|
|
Try
|
|
token = Convert.ToBase64String(time.Concat(Key).ToArray())
|
|
Return token
|
|
Catch Ex As Exception
|
|
Dim Msg, Style, Title As String
|
|
Msg = "Tokengenerierung fehlgeschlagen!" & vbCrLf & "Eine E-Mail wurde erneut an " + email + " zugesendet."
|
|
Style = vbRetry + vbExclamation + vbDefaultButton1
|
|
Title = "Fehler bei Token-Generierung"
|
|
MsgBox(Msg, Style, Title)
|
|
|
|
If MsgBox(Msg, Style, Title).Retry Then
|
|
genToken(username, password, email)
|
|
If SendEmail(username, password, email, token) = False Then
|
|
MsgBox("Email konnte wegen eines internen Verschlüsselungsfehlers nicht gesendet werden.", vbOK + vbInformation + vbDefaultButton1, "Tokengenerierung-Fehler")
|
|
Else
|
|
MsgBox("Email wurde erfolgreich gesendet." & vbCr & "Bitte Postfach überprüfen!", vbOK + vbInformation + vbDefaultButton1, "Tokengenerierung erfolgreich!")
|
|
End If
|
|
Else
|
|
MsgBox("Tokengenerierung nicht erfolgreich." & vbCrLf & "In 5 Sekunden nochmal versuchen!")
|
|
Dim jetzt As DateTime = DateTime.UtcNow
|
|
Dim wenn As DateTime = DateTime.UtcNow.AddSeconds(-5)
|
|
|
|
If jetzt < wenn Then
|
|
Return "NotYet"
|
|
Else
|
|
token = Convert.ToBase64String(time.Concat(Key).ToArray())
|
|
Return token
|
|
End If
|
|
End If
|
|
End Try
|
|
End Function
|
|
|
|
Function getDateoftoken(tokenname As String) As Boolean
|
|
Dim data() As Byte = Convert.FromBase64String(tokenname)
|
|
Dim wenn As DateTime = DateTime.FromBinary(BitConverter.ToInt64(data, 0))
|
|
If wenn < DateTime.UtcNow.AddMinutes(-30) Then
|
|
tokenname = String.Empty
|
|
MsgBox("Token nicht gefunden oder zu alt!" + Environment.NewLine + "Bitte erneut Mail senden!")
|
|
Return False
|
|
ElseIf tokenname = "NotYet" Then
|
|
Return False
|
|
ElseIf tokenname = "Error04" Then
|
|
Return False
|
|
Else
|
|
Return True
|
|
End If
|
|
End Function
|
|
End Class |