edv/VERAG_Homepage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8b62dd33b3ed987aa5be9488b59499a6a672cdc8
VERAG_Homepage/login/login_FLEX.aspx.vb

276 lines
14 KiB
VB.net
Raw Blame History

Imports System.Data.SqlClient
Imports System.Data
Imports System.Security.Cryptography
Partial Class login_FLEX
Inherits System.Web.UI.Page
Dim Customer_ID As String = String.Empty
Dim UserNaMe As String = String.Empty
Dim passw As String = String.Empty
Dim USERID As String = String.Empty
Protected Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load
VERAG_VARIABLES.initerrorcount()
If Page.IsPostBack = True Then
Page.MaintainScrollPositionOnPostBack = True
Else
Page.MaintainScrollPositionOnPostBack = False
End If
End Sub
Protected Sub ValidateUser(sender As Object, e As EventArgs)
' cDBFunctions.GetNewOpenConnection()
Dim ConnectionString = ""
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = True
'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956"
ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
Else
VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = False
ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
End If
Dim tb As TextBox = Login1.FindControl("txt_CustomerID")
Dim tb_M As TextBox = Login2.FindControl("txt_CustomerID_M")
Dim tb2 As TextBox = Login1.FindControl("Username")
Dim tb2_M As TextBox = Login2.FindControl("Username")
Dim tb3 As TextBox = Login1.FindControl("Password")
Dim tb3_M As TextBox = Login2.FindControl("Password")
Dim reqfieldvaluserID As RequiredFieldValidator = Login1.FindControl("CustomerIDrequired")
Dim reqfieldvaluserID_M As RequiredFieldValidator = Login2.FindControl("CustomerID_M_required")
Dim reqfieldvaluserName As RequiredFieldValidator = Login1.FindControl("UserNamerequired")
Dim reqfieldvaluserName_M As RequiredFieldValidator = Login2.FindControl("UserName_M_required")
Dim reqfieldvalpassw As RequiredFieldValidator = Login1.FindControl("Passwordrequired")
Dim reqfieldvalpassw_M As RequiredFieldValidator = Login2.FindControl("Passwordrequired_M")
Dim regexuserID As RegularExpressionValidator = Login1.FindControl("valid_getNumberInput")
Dim regexuserID_M As RegularExpressionValidator = Login2.FindControl("valid_getNumber_M_Input")
Dim regexusername As RegularExpressionValidator = Login1.FindControl("check_UserName_regex")
Dim regexusername_M As RegularExpressionValidator = Login2.FindControl("check_UserName_M_regex")
Dim cb As CheckBox = Login1.FindControl("RememberMe")
Dim cb_M As CheckBox = Login2.FindControl("RememberMe_M")
If String.IsNullOrEmpty(tb.Text) = False AndAlso String.IsNullOrEmpty(tb_M.Text) = True Then
reqfieldvaluserID.Enabled = True
reqfieldvaluserID_M.Enabled = False
reqfieldvaluserID.Validate()
If reqfieldvaluserID.IsValid = True Then
regexuserID.Validate()
If regexuserID.IsValid Then
Customer_ID = tb.Text
Else
VERAG_VARIABLES.seterrorcount(1)
regexuserID.ErrorMessage = VERAG_VARIABLES.geterrornumb + ": Customer-ID has to be a number."
End If
End If
End If
If String.IsNullOrEmpty(tb_M.Text) = False AndAlso String.IsNullOrEmpty(tb.Text) = True Then
reqfieldvaluserID.Enabled = False
reqfieldvaluserID_M.Enabled = True
If reqfieldvaluserID_M.IsValid = True Then
regexusername_M.Validate()
If regexusername_M.IsValid Then
Customer_ID = tb_M.Text
Else
VERAG_VARIABLES.seterrorcount(2)
regexusername_M.ErrorMessage = VERAG_VARIABLES.geterrornumb + "Customer-ID does not have any special characters in it."
End If
End If
End If
If String.IsNullOrEmpty(tb2.Text) = False AndAlso String.IsNullOrEmpty(tb2_M.Text) = True Then
reqfieldvaluserName.Enabled = True
reqfieldvaluserName_M.Enabled = False
regexusername.Validate()
If reqfieldvaluserName.IsValid = True Then
If regexusername.IsValid Then
UserNaMe = tb2.Text
Else
VERAG_VARIABLES.seterrorcount(2)
regexusername_M.ErrorMessage = VERAG_VARIABLES.geterrornumb + "Username does not have any special characters in it."
End If
Else
reqfieldvaluserName.ErrorMessage = String.Empty
End If
End If
If String.IsNullOrEmpty(tb2_M.Text) = False AndAlso String.IsNullOrEmpty(tb2.Text) = True Then
reqfieldvaluserName.Enabled = False
reqfieldvaluserName_M.Enabled = True
reqfieldvaluserName_M.Validate()
If reqfieldvaluserName_M.IsValid = True Then
regexusername_M.Validate()
If regexusername.IsValid Then
UserNaMe = tb2_M.Text
Else
VERAG_VARIABLES.seterrorcount(3)
regexusername.ErrorMessage = VERAG_VARIABLES.geterrornumb + "Password has to match the criterias of tge info button."
End If
End If
End If
If String.IsNullOrEmpty(tb3.Text) = False AndAlso String.IsNullOrEmpty(tb3_M.Text) = True Then
reqfieldvalpassw.Enabled = True
reqfieldvalpassw_M.Enabled = False
reqfieldvalpassw.Validate()
If reqfieldvalpassw.IsValid = True Then
passw = tb3.Text
End If
End If
If String.IsNullOrEmpty(tb3_M.Text) = False AndAlso String.IsNullOrEmpty(tb3.Text) = True Then
reqfieldvalpassw.Enabled = False
reqfieldvalpassw_M.Enabled = True
reqfieldvalpassw_M.Validate()
If reqfieldvalpassw_M.IsValid = True Then
passw = tb3_M.Text
Else
VERAG_VARIABLES.seterrorcount(4)
reqfieldvalpassw_M.ErrorMessage = String.Empty
End If
End If
' Dim constr As String = ConfigurationManager.ConnectionStrings("constr").ConnectionString
Using con As New SqlConnection(ConnectionString)
' Using cmd As New SqlCommand("Validate_User")
Using cmd As New SqlCommand("SELECT KundenNr,Username,Password FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND Password=@Password AND KundenNr=@KundenNr")
' cmd.CommandType = CommandType.StoredProcedure
cmd.Parameters.AddWithValue("@Username", UserNaMe)
cmd.Parameters.AddWithValue("@KundenNr", Customer_ID)
cmd.Parameters.AddWithValue("@Password", passw)
cmd.Connection = con
con.Open()
' userId = Convert.ToInt32(cmd.ExecuteScalar())
Dim dr As SqlDataReader = cmd.ExecuteReader()
If dr.HasRows Then
dr.Read()
'MsgBox(dr.Item(0).ToString())
Select Case dr.Item(0)
Case 0
VERAG_VARIABLES.seterrorcount(5)
Login1.FailureText = VERAG_VARIABLES.geterrornumb + "Username and/or Password do not match."
Exit Select
Case -2
VERAG_VARIABLES.seterrorcount(6)
Login1.FailureText = VERAG_VARIABLES.geterrornumb + "Account is not activated."
Exit Select
Case Else
If tb.Text = dr("KundenNr") Then
Customer_ID = dr("KundenNr").ToString
Else
VERAG_VARIABLES.seterrorcount(7)
Login1.FailureText = VERAG_VARIABLES.geterrornumb + "ID cannot be found in the database!"
End If
If tb2.Text = dr("Username") Then
UserNaMe = dr("Username").ToString
Else
VERAG_VARIABLES.seterrorcount(8)
Login1.FailureText = VERAG_VARIABLES.geterrornumb + "Username is not in the database!"
End If
If tb3.Text = dr("Password") Then
passw = dr("Password").ToString
Else
VERAG_VARIABLES.seterrorcount(9)
Login1.FailureText = VERAG_VARIABLES.geterrornumb + "Password is not in the database!"
End If
'MsgBox("Erfolgreich validiert.")
Session.Add("test", UserNaMe)
Session.Add("CustomerID", Customer_ID)
Session.Add("PW", passw)
Exit Select
End Select
End If
dr.Close()
con.Close()
End Using
Using cmd2 As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET [LastLoginDate]=@Date WHERE [Username]=@Username AND [KundenNr]=@KundenNr AND Password=@Password")
cmd2.Parameters.AddWithValue("Date", Date.Now.ToString)
cmd2.Parameters.AddWithValue("Username", UserNaMe)
cmd2.Parameters.AddWithValue("KundenNr", Customer_ID)
cmd2.Parameters.AddWithValue("Password", passw)
cmd2.Connection = con
con.Open()
cmd2.ExecuteNonQuery()
con.Close()
End Using
End Using
If String.IsNullOrEmpty(tb2_M.Text) = False AndAlso String.IsNullOrEmpty(tb2.Text) = True Then
FormsAuthentication.SetAuthCookie(Login1.UserName, cb_M.Checked)
ElseIf String.IsNullOrEmpty(tb2.Text) = False AndAlso String.IsNullOrEmpty(tb2_M.Text) = True Then
FormsAuthentication.SetAuthCookie(Login2.UserName, cb.Checked)
End If
'If (String.IsNullOrEmpty(passw) = False And String.IsNullOrEmpty(UserNaMe) = False And String.IsNullOrEmpty(Customer_ID) = False) Then
'Dim str = gensaltToken(UserNaMe, passw, Customer_ID, Session.IsNewSession)
'MsgBox(str)
'End If
FormsAuthentication.RedirectFromLoginPage(UserNaMe, True)
End Sub
Protected Sub LoginButton_Click(sender As Object, e As EventArgs)
Validate("Login")
Session.Add("test", UserNaMe)
Session.Add("CustomerID", Customer_ID)
Session.Add("PW", passw)
End Sub
Protected Sub LoginButton_M_Click(sender As Object, e As EventArgs)
Validate("Login_M")
Session.Add("test", UserNaMe)
Session.Add("CustomerID", Customer_ID)
Session.Add("PW", passw)
End Sub
Function gensaltToken(username As String, password As String, CustomerID As String, isnewSession As Boolean) As String
If isnewSession = False Then
Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary())
Dim Key() As Byte = Guid.NewGuid().ToByteArray()
Dim token As String
Dim MyMin As Integer = 155, MyMax As Integer = 875, My1stRandomNumber As Integer, My2ndRandomNumber As Integer
' Create a random number generator
Dim Generator As System.Random = New System.Random()
' Get a random number >= MyMin and <= MyMax
My1stRandomNumber = Generator.Next(MyMin, MyMax + 1) ' Note: Next function returns numbers _less than_ max, so pass in max + 1 to include max as a possible value
' Get another random number (don't create a new generator, use the same one)
My2ndRandomNumber = Generator.Next(MyMin, MyMax + 1)
If String.IsNullOrEmpty(username) = False And String.IsNullOrEmpty(passw) = False And String.IsNullOrEmpty(CustomerID) = False Then
Try
Dim salt As String = VERAG_VARIABLES.GenerateSalt(My1stRandomNumber)
Dim passw As String = password
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(passw, salt, 101, My1stRandomNumber))
Return token
Catch Ex As Exception
'Dim Msg, Style, Title As String
'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given."
'Style = vbRetry + vbExclamation + vbDefaultButton1
'Title = "Error05: Token-Generierung"
'MsgBox(Msg, Style, Title)
'If MsgBox(Msg, Style, Title).Retry Then
'genToken(username, password, email)
Dim salt As String = VERAG_VARIABLES.GenerateSalt(My1stRandomNumber)
Dim passw As String = password
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(passw, salt, 101, My2ndRandomNumber))
'Else
'MsgBox("Token-Generation has not been successful." & vbCrLf & "Please try again in five seconds!")
Dim jetzt As DateTime = DateTime.UtcNow
Dim wenn As DateTime = DateTime.UtcNow.AddSeconds(-5)
If jetzt < wenn Then
Return "NotYet"
Else
token = gensaltToken(username, password, CustomerID, Session.IsNewSession)
Return token
'End If
End If
End Try
Else
Return String.Empty
End If
Else
Return "Error in Session ID. It has changed. Please check admin!"
End If
End Function
End Class
Reference in New Issue View Git Blame Copy Permalink