edv/VERAG_Homepage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4acaa9ff714f5df414a2ec2f8ef3ae586cad1434
VERAG_Homepage/login/Change_PW.aspx.vb
ja 4acaa9ff71 Änderungen
2021-12-06 11:56:26 +01:00

582 lines
32 KiB
VB.net
Raw Blame History

Imports System.Data.SqlClient
Imports System.Security.Cryptography
Imports System.Threading.Tasks
Imports Konscious.Security.Cryptography
Partial Class login_Change_PW
Inherits System.Web.UI.Page
Dim intzahl As Integer = RandomInteger(Math.Pow(2, 7), Math.Pow(2, 10))
Dim intzahliterats As Integer = VERAG_VARIABLES.getiterationnumber
Dim salt As Byte() = VERAG_VARIABLES.GenerateSalt(intzahl)
Protected Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load
Dim url = Request.ServerVariables("URL")
Session.Add("urltochangepw", url)
Dim ConnectionString = ""
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = True
'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956"
ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
Else
VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = False
ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
End If
Using con As New SqlConnection(ConnectionString)
' Using cmd As New SqlCommand("Validate_User")
Using cmd As New SqlCommand("SELECT UserId,Password,Username,KundenNr FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND UserId=@UserId")
' cmd.CommandType = CommandType.StoredProcedure
Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2"))
Dim KundenNr As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3"))
Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par4"))
Dim Email As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par5"))
cmd.Parameters.AddWithValue("@Username", usrname)
cmd.Parameters.AddWithValue("@UserId", UsrID)
cmd.Connection = con
con.Open()
' userId = Convert.ToInt32(cmd.ExecuteScalar())
Dim dr As SqlDataReader = cmd.ExecuteReader()
If dr.HasRows Then
dr.Read()
If getDateoftoken(Request.QueryString("Par1")) = True AndAlso usrname = dr("Username") AndAlso KundenNr = dr("KundenNr") AndAlso UsrID = dr("UserId") Then
Try
If IsPostBack Then
If String.IsNullOrEmpty(txt_Pw.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = False Then
txt_Pw_WH.Enabled = False
reqPassw1txt_M.Enabled = False
reqPasswtxt_M.Enabled = False
reqPasswtxt.Enabled = True
reqPassw1txt.Enabled = True
reqPasswtxt.Validate()
If reqPasswtxt.IsValid = True Then
txt_Pw_WH.Enabled = True
reqPassw1txt.Validate()
End If
ElseIf String.IsNullOrEmpty(txt_Pw_M.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_WH_M.Text) = False Then
txt_Pw_WH_M.Enabled = False
reqPasswtxt.Enabled = False
reqPassw1txt.Enabled = False
reqPassw1txt_M.Enabled = True
reqPasswtxt_M.Enabled = True
reqPasswtxt_M.Validate()
If reqPasswtxt_M.IsValid = True Then
txt_Pw_WH_M.Enabled = True
reqPassw1txt_M.Validate()
End If
End If
End If
Catch exc As Exception
lbl_messagetext.Text = exc.Message
End Try
Else
VERAG_VARIABLES.initerrorcount()
VERAG_VARIABLES.seterrorcount(1)
lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb + "Link is invalid. Please send a new E-Mail!"
btn_submitpw.Text = "Return to Login!"
btn_submitpw.PostBackUrl = "login_FLEX.aspx"
'Response.Redirect("ForgotPW.aspx")
End If
dr.Close()
End If
End Using
con.Close()
End Using
End Sub
Function getDateoftoken(tokenname As String) As Boolean
Dim data() As Byte = Convert.FromBase64String(VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(tokenname))
Dim wenn As DateTime = DateTime.FromBinary(BitConverter.ToInt64(data, 0))
Dim nameoftoken = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(tokenname)
If wenn < DateTime.UtcNow.AddMinutes(-30) Then
nameoftoken = String.Empty
'MsgBox("Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!")
lbl_messagetext.Text = "Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!"
Session.Remove("TokenforEmail")
btn_submitpw.Text = "Back to Login"
btn_submitpw.PostBackUrl = "login_FLEX.apsx"
Return True
ElseIf nameoftoken = "Error04" Then
nameoftoken = String.Empty
tokenname = nameoftoken
Session.Remove("TokenforEmail")
Return True
ElseIf nameoftoken = "NotYet" Then
Return True
ElseIf nameoftoken = "Error in Session ID. It has changed. Please check admin!" Then
' Dim mailto As String = "support@verag.ag"
Dim mailto As String = "ja@verag.ag"
Dim htmlbody As String = String.Empty
VERAG_VARIABLES.seterrorcount(500)
Dim Betreff As String = "Session ID" + VERAG_VARIABLES.geterrornumb
htmlbody = "<p> Der User " + VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")) + "hat eine ungültige oder geänderte Session-ID </p> <table><th><td>User</td></th><th><td>neue ID</td></th><tr><td>" + VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")) + "</td><td>" + Session.SessionID + "</td></tr></table>"
VERAG_PROG_ALLGEMEIN.cProgramFunctions.sendMail(mailto, Betreff, htmlbody)
Return False
Else
Return True
End If
End Function
Protected Sub Image1_M_Click(sender As Object, e As ImageClickEventArgs)
MsgBox("")
End Sub
Protected Async Sub btn_submitpw_Click(sender As Object, e As EventArgs)
Dim tempstr As String = ""
Dim UsernameDB As String = String.Empty
Dim pwDB As String = String.Empty
Dim EmailDB As String = String.Empty
Dim UsrIdDB As String = String.Empty
Dim CustomerIDDB As String = String.Empty
Dim UsrIDIsright As Boolean = False
Dim isemailright As Boolean = False
Dim isusrnmright As Boolean = False
Dim iscstmrIDight As Boolean = False
Dim IsPWRequal As Boolean = True
'Dim Msg, Style, Title As String
reqPassw1txt_M.Enabled = False
reqPasswtxt_M.Enabled = False
reqPasswtxt.Enabled = True
reqPassw1txt.Enabled = True
reqPasswtxt.Validate()
If reqPasswtxt.IsValid = True Then
txt_Pw_WH.Enabled = True
reqPassw1txt.Validate()
End If
If String.IsNullOrEmpty(txt_Pw.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_M.Text) = True AndAlso String.IsNullOrEmpty(txt_Pw_WH_M.Text) = True Then
txt_Pw_WH.Enabled = False
Dim ConnectionString = ""
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = True
'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956"
ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
Else
VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = False
ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
End If
If reqPassw1txt.IsValid = True Then
Using con As New SqlConnection(ConnectionString)
' Using cmd As New SqlCommand("Validate_User")
Using cmd As New SqlCommand("SELECT UserId,Username,Password,Email,UserId,KundenNr FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND UserId=@UserId")
' cmd.CommandType = CommandType.StoredProcedure
Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2"))
Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3"))
Dim THEUsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par4"))
Dim email As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par5"))
cmd.Parameters.AddWithValue("@Username", usrname)
cmd.Parameters.AddWithValue("@UserId", THEUsrID)
cmd.Connection = con
con.Open()
Dim dr As SqlDataReader = cmd.ExecuteReader()
If dr.HasRows Then
dr.Read()
If String.Equals(txt_Pw_WH.Text, dr("Password").ToString) = False Then
tempstr = txt_Pw_WH.Text
UsernameDB = dr("Username").ToString
pwDB = dr("Password").ToString
EmailDB = dr("Email").ToString
UsrIdDB = dr("UserId").ToString
CustomerIDDB = dr("KundenNr").ToString
Else
lbl_messagetext.Text = "The new password should differ from the old one!"
End If
If String.Equals(THEUsrID, UsrIdDB, StringComparison.CurrentCulture) = True Then
UsrIDIsright = True
End If
If String.Equals(txt_Pw.Text, pwDB, StringComparison.CurrentCulture) = False Then
IsPWRequal = False
End If
If String.Equals(usrname, UsernameDB, StringComparison.CurrentCulture) = True Then
isusrnmright = True
End If
If String.Equals(UsrID, CustomerIDDB, StringComparison.CurrentCulture) = True Then
iscstmrIDight = True
End If
If String.Equals(email, EmailDB, StringComparison.CurrentCulture) = True Then
isemailright = True
End If
End If
dr.Close()
End Using
con.Close()
End Using
Else
VERAG_VARIABLES.seterrorcount(22)
'lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb + "Error at the Passwort-Validation."
tempstr = "Error02"
End If
Else
tempstr = "Error01"
End If
If String.Equals(txt_Pw.Text, tempstr) = True AndAlso String.Equals(txt_Pw_WH.Text, tempstr) = True AndAlso String.IsNullOrEmpty(txt_Pw_M.Text) = True And String.IsNullOrEmpty(txt_Pw_WH_M.Text) = True And String.Equals(tempstr, "Error01") = False And Not tempstr = "Error02" Then
If regexval_txt_Pw.IsValid = True Then
Try
Dim ConnectionString = ""
Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2"))
Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3"))
Dim THEUsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par4"))
Dim Email As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par5"))
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956"
ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
Else
ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
End If
Dim isPasswhash As Byte() = Await gensaltPasswAsync(usrname, tempstr, salt, intzahliterats, intzahl, Email, Session.IsNewSession)
Dim isPasswDBhash As Byte() = Await gensaltPasswAsync(UsernameDB, pwDB, salt, intzahliterats, intzahl, EmailDB, Session.IsNewSession)
If regexval_txt_Pw.IsValid = True Then
If Await VERAG_VARIABLES.Verifyhash(txt_Pw.Text, salt, isPasswhash, intzahliterats, intzahl) = True And Await VERAG_VARIABLES.Verifyhash(txt_Pw_WH.Text, salt, Await VERAG_VARIABLES.HashPassword(txt_Pw.Text, salt, intzahliterats, intzahl), intzahliterats, intzahl) = True Then
Using con As New SqlConnection(ConnectionString)
Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET [Password]=@Password WHERE [Username]=@Username AND [UserId]=@UserId")
' cmd.CommandType = CommandType.StoredProcedure
cmd.Parameters.AddWithValue("@Username", usrname)
cmd.Parameters.AddWithValue("@Password", txt_Pw_WH.Text)
cmd.Parameters.AddWithValue("@UserId", UsrID)
cmd.Connection = con
con.Open()
If String.IsNullOrEmpty(usrname) = False Then
cmd.ExecuteNonQuery()
btn_submitpw.Visible = True
btn_submitpw.Text = "zum Login"
Else
VERAG_VARIABLES.seterrorcount(25)
lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb() + "Passwords shouldn't match!"
End If
End Using
con.Close()
End Using
End If
Else
VERAG_VARIABLES.seterrorcount(22)
'lbl_messagetext_M.ForeColor = Drawing.Color.Red
'lbl_messagetext_M.Text = VERAG_VARIABLES.geterrornumb() + "Error bei der Validierung des Kennwortes."
End If
Catch ex As Exception
lbl_messagetext.Text = ex.Message
End Try
End If
regexval_txt_Pw.ForeColor = Drawing.Color.Green
regexval_txt_Pw.Text = "Passwort has been changed successfully!"
btn_submitpw.Text = "Back to Login!"
btn_submitpw.PostBackUrl = "login_FLEX.aspx"
confirmPasswordReq.Enabled = False
confirmPasswordReq_M.Enabled = False
reqPasswtxt.Enabled = False
reqPassw1txt.Enabled = False
'Response.Redirect("login_FLEX.apsx")
'MsgBox(Msg, Style, Title)
' If MsgBox(Msg, Style, Title).Ok Then
'Response.Redirect("login_FLEX.aspx")
'End If
ElseIf tempstr = "Error01" Then
regexval_txt_Pw.ForeColor = Drawing.Color.MediumVioletRed
VERAG_VARIABLES.seterrorcount(2)
btn_submitpw.Text = "Back to Login!"
btn_submitpw.PostBackUrl = "login_FLEX.apsx"
reqPasswtxt.Enabled = False
reqPassw1txt.Enabled = False
'Response.Redirect("login_FLEX.aspx")
'regexval_txt_Pw.Text = VERAG_VARIABLES.geterrornumb + "Passwords could not be found!"
' Msg = "PW nicht erfolgreich geändert!"
' Style = vbAbortRetryIgnore + vbCritical + vbDefaultButton1
' Title = "Error"
'MsgBox(Msg, Style, Title)
'If MsgBox(Msg, Style, Title).Retry Then
'Response.Redirect(Request.RawUrl)
'ElseIf MsgBox(Msg, Style, Title).Abort Then
' Response.Redirect("../newPageJulius_Sidebar.aspx")
'ElseIf MsgBox(Msg, Style, Title).Ignore Then
' Try
' Catch ex As Exception
' End Try
End If
End Sub
Protected Sub txt_Pw_WH_TextChanged(sender As Object, e As EventArgs)
regexval_txt_Pw_WH.Validate()
confirmPasswordReq.Validate()
If confirmPasswordReq.IsValid Then
' btn_submitpw.Enabled = True
Else
lbl_messagetext.ForeColor = Drawing.Color.Red
lbl_messagetext.Text = "Passwords do not match."
'btn_submitpw.Enabled = False
End If
End Sub
Protected Sub txt_Pw_TextChanged(sender As Object, e As EventArgs)
regexval_txt_Pw.Validate()
If regexval_txt_Pw.IsValid Then
txt_Pw_WH.ReadOnly = False
regexval_txt_Pw_WH.Enabled = True
Else
txt_Pw_WH.ReadOnly = True
regexval_txt_Pw_WH.Enabled = False
End If
End Sub
Protected Sub txt_Pw_M_TextChanged(sender As Object, e As EventArgs)
regexval_txt_Pw_M.Validate()
If regexval_txt_Pw_M.IsValid Then
txt_Pw_WH_M.ReadOnly = False
regexval_txt_Pw_WH_M.Enabled = True
Else
txt_Pw_WH_M.ReadOnly = True
regexval_txt_Pw_WH_M.Enabled = False
End If
End Sub
Protected Sub txt_Pw_WH_M_TextChanged(sender As Object, e As EventArgs)
regexval_txt_Pw_WH_M.Validate()
confirmPasswordReq_M.Validate()
If confirmPasswordReq_M.IsValid Then
'btn_submitpw_M.Enabled = True
Else
lbl_messagetext_M.ForeColor = Drawing.Color.Red
lbl_messagetext_M.Text = "Passwords do not match."
'btn_submitpw.Enabled = False
End If
End Sub
Protected Async Sub btn_submitpw_M_Click(sender As Object, e As EventArgs)
Dim tempstr As String = ""
Dim pwDB As String = String.Empty
Dim EmailDB As String = String.Empty
Dim usrnmDB As String = String.Empty
Dim TheUsrIdDB As String = String.Empty
Dim customerIDDB As String = String.Empty
Dim isusernameright As Boolean = False
Dim isemailright As Boolean = False
Dim ispwrEqual As Boolean = False
Dim isUSrIDright As Boolean = False
Dim isctmrIDright As Boolean = False
Dim ConnectionString = ""
confirmPasswordReq.Enabled = False
confirmPasswordReq_M.Enabled = True
confirmPasswordReq_M.Validate()
reqPasswtxt.Enabled = False
reqPasswtxt.Enabled = False
reqPasswtxt_M.Enabled = True
reqPassw1txt_M.Enabled = True
reqPasswtxt_M.Validate()
If reqPasswtxt_M.IsValid Then
reqPassw1txt_M.Validate()
End If
If String.IsNullOrEmpty(txt_Pw_M.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_WH_M.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw.Text) = True AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = True Then
If reqPasswtxt_M.IsValid = True AndAlso reqPassw1txt_M.IsValid = True Then
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = True
'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956"
ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
Else
VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = False
ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
End If
Using con As New SqlConnection(ConnectionString)
' Using cmd As New SqlCommand("Validate_User")
Using cmd As New SqlCommand("SELECT UserId,Username,Password,Email,KundeNr FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND UserId=@UserId And UserId=@UserId")
' cmd.CommandType = CommandType.StoredProcedure
Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")).ToString
Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")).ToString
Dim THEUsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par4")).ToString
Dim Email As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par5")).ToString
cmd.Parameters.AddWithValue("@Username", usrname)
cmd.Parameters.AddWithValue("@UserId", UsrID)
cmd.Connection = con
con.Open()
' userId = Convert.ToInt32(cmd.ExecuteScalar())
Dim dr As SqlDataReader = cmd.ExecuteReader()
If dr.HasRows Then
dr.Read()
tempstr = txt_Pw_M.Text
EmailDB = dr("Email").ToString
pwDB = dr("Password").ToString
usrnmDB = dr("Username").ToString
TheUsrIdDB = dr("UserId").ToString
customerIDDB = dr("KundenNr").ToString
If String.Equals(usrname, usrnmDB, StringComparison.CurrentCulture) = True Then
isusernameright = True
End If
If String.Equals(Email, EmailDB, StringComparison.CurrentCulture) = True Then
isemailright = True
End If
If String.Equals(txt_Pw_M.Text, pwDB, StringComparison.CurrentCulture) = False Then
ispwrEqual = False
End If
If String.Equals(UsrID, TheUsrIdDB, StringComparison.CurrentCulture) = True Then
isUSrIDright = True
End If
If String.Equals(THEUsrID, customerIDDB, StringComparison.CurrentCulture) = True Then
isctmrIDright = True
End If
If String.Compare(usrname, dr("Username")) = True Then
isusernameright = True
End If
End If
dr.Close()
End Using
con.Close()
End Using
Else
tempstr = "Error01"
End If
If String.Equals(txt_Pw_WH_M.Text, tempstr) = True AndAlso String.Equals(txt_Pw_M.Text, tempstr) = True AndAlso String.IsNullOrEmpty(txt_Pw.Text) = True And String.IsNullOrEmpty(txt_Pw_WH.Text) = True And String.Equals(tempstr, "Error01") = False Then
Try
ConnectionString = ""
Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")).ToString
Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")).ToString
Dim THEUsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par4")).ToString
Dim Email As String = Request.QueryString("Par5").ToString
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956"
ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
Else
ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
End If
Using con As New SqlConnection(ConnectionString)
Dim isPasswhash As Byte() = Await gensaltPasswAsync(usrname, tempstr, salt, intzahliterats, intzahl, Email, Session.IsNewSession)
Dim isPasswDBhash As Byte() = Await gensaltPasswAsync(usrnmDB, pwDB, salt, intzahliterats, intzahl, EmailDB, Session.IsNewSession)
If regexval_txt_Pw.IsValid = True Then
If Await VERAG_VARIABLES.Verifyhash(tempstr, salt, isPasswhash, intzahliterats, intzahl) = True AndAlso Await VERAG_VARIABLES.Verifyhash(pwDB, salt, isPasswDBhash, intzahliterats, intzahl) = True Then
Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET Password=@Password WHERE Username=@Username AND UserId=@UserId")
' cmd.CommandType = CommandType.StoredProcedure
cmd.Parameters.AddWithValue("@Username", usrname)
cmd.Parameters.AddWithValue("@Password", tempstr)
cmd.Parameters.AddWithValue("@UserId", UsrID)
cmd.Connection = con
con.Open()
If String.Equals(usrname, VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt("Par2"), CompareMethod.Text) = True Then
cmd.ExecuteNonQuery()
regexval_txt_Pw_M.ForeColor = Drawing.Color.Green
regexval_txt_Pw_M.Text = "Password has been changed sucessfully!"
btn_submitpw.Text = "Back to Login!"
btn_submitpw.PostBackUrl = "login_FLEX.aspx"
confirmPasswordReq_M.Enabled = False
confirmPasswordReq_M.Enabled = False
reqPasswtxt_M.Enabled = False
Else
btn_submitpw.Text = "Back to Login!"
btn_submitpw.PostBackUrl = "login_FLEX.aspx"
confirmPasswordReq.Enabled = False
confirmPasswordReq_M.Enabled = False
reqPasswtxt_M.Enabled = False
End If
End Using
End If
End If
con.Close()
End Using
Catch ex As Exception
lbl_messagetext_M.Text = ex.Message
End Try
'MsgBox(Msg, Style, Title)
' If MsgBox(Msg, Style, Title).Ok Then
'Response.Redirect("login_FLEX.aspx")
'End If
ElseIf tempstr = "Error01" Then
regexval_txt_Pw_M.ForeColor = Drawing.Color.MediumVioletRed
VERAG_VARIABLES.seterrorcount(2)
regexval_txt_Pw_M.Text = VERAG_VARIABLES.geterrornumb + "Passwort konnte nicht erfolgreich geändert werden!"
btn_submitpw.Text = "Back to Login!"
btn_submitpw.PostBackUrl = "login_FLEX.aspx"
confirmPasswordReq.Enabled = False
confirmPasswordReq_M.Enabled = False
'Button hierher
' Msg = "PW nicht erfolgreich geändert!"
' Style = vbAbortRetryIgnore + vbCritical + vbDefaultButton1
' Title = "Error"
'MsgBox(Msg, Style, Title)
'If MsgBox(Msg, Style, Title).Retry Then
'Response.Redirect(Request.RawUrl)
'ElseIf MsgBox(Msg, Style, Title).Abort Then
' Response.Redirect("../newPageJulius_Sidebar.aspx")
'ElseIf MsgBox(Msg, Style, Title).Ignore Then
' Try
' Catch ex As Exception
' End Try
End If
End If
End Sub
Async Function gensaltPasswAsync(username As String, password As String, salt As Byte(), intzahliterats As Integer, intzahl As Integer, email As String, isnewSession As Boolean) As Task(Of Byte())
If isnewSession = False Then
Dim token As Byte()
'Dim tok As Byte = Convert.ToBase64String(time.Concat(Key).ToArray())
Dim tok As String = password
token = Await VERAG_VARIABLES.HashPassword(password, salt, intzahliterats, intzahl)
Return token
End If
End Function
Async Function gennewsaltToken(username As String, password As String, email As String, salt As Byte(), CustomerID As String, intzahlits As Integer, intzahl As Integer, isnewSession As Boolean, theUserID As String) As Task(Of String)
If isnewSession = False Then
Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary())
Dim Key() As Byte = Guid.NewGuid().ToByteArray()
Dim token As Byte()
If String.IsNullOrEmpty(theUserID) = False Then
Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray())
token = Await VERAG_VARIABLES.HashPassword(tok, salt, intzahlits, intzahl)
Return VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(Convert.ToBase64String(token))
Else
Return String.Empty
End If
Else
Return "Error in Session ID. It has changed. Please check admin!"
End If
End Function
Async Function gensaltTokenAsync(STrings As String) As Task(Of String)
If String.IsNullOrEmpty(STrings) = False Then
Dim token As Byte()
Dim salt As Byte() = VERAG_VARIABLES.GenerateSalt(intzahl)
Dim tok As String = STrings
token = Await VERAG_VARIABLES.HashPassword(tok, salt, intzahliterats, intzahl)
Return Convert.ToBase64String(token)
Return VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(Convert.ToBase64String(token))
Else
Return String.Empty
End If
End Function
Shared Function RandomInteger(ByVal min As Integer, ByVal _
max As Integer) As Integer
Dim rand As New RNGCryptoServiceProvider()
Dim one_byte() As Byte = {0}
rand.GetBytes(one_byte)
Return min + (max - min) * (one_byte(0) / 255)
End Function
End Class
Reference in New Issue View Git Blame Copy Permalink