576 lines
32 KiB
VB.net
576 lines
32 KiB
VB.net
|
|
Imports System
|
|
Imports System.Data.SqlClient
|
|
Imports System.Security.Cryptography
|
|
Imports System.Threading.Tasks
|
|
Imports Konscious.Security.Cryptography
|
|
|
|
Partial Class login_Change_PW
|
|
Inherits System.Web.UI.Page
|
|
Dim intzahl As Integer = VERAG_VARIABLES.RandomInteger(Math.Pow(2, 7), Math.Pow(2, 10))
|
|
Dim intzahliterats As Integer = VERAG_VARIABLES.getiterationnumber
|
|
Dim salt As Byte() = VERAG_VARIABLES.GenerateSalt(intzahl)
|
|
Protected Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load
|
|
Dim url = Request.ServerVariables("URL")
|
|
Session.Add("urltochangepw", url)
|
|
Dim ConnectionString = ""
|
|
|
|
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
|
|
VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = True
|
|
'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956"
|
|
ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
|
|
Else
|
|
VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = False
|
|
ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
|
|
'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
|
|
End If
|
|
|
|
Using con As New SqlConnection(ConnectionString)
|
|
' Using cmd As New SqlCommand("Validate_User")
|
|
Using cmd As New SqlCommand("SELECT UserId,Password,Username,KundenNr FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND UserId=@UserId")
|
|
' cmd.CommandType = CommandType.StoredProcedure
|
|
Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2"))
|
|
Dim KundenNr As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3"))
|
|
Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par4"))
|
|
Dim Email As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par5"))
|
|
cmd.Parameters.AddWithValue("@Username", usrname)
|
|
cmd.Parameters.AddWithValue("@UserId", UsrID)
|
|
|
|
cmd.Connection = con
|
|
con.Open()
|
|
' userId = Convert.ToInt32(cmd.ExecuteScalar())
|
|
Dim dr As SqlDataReader = cmd.ExecuteReader()
|
|
If dr.HasRows Then
|
|
dr.Read()
|
|
If getDateoftoken(Request.QueryString("Par1")) = True AndAlso usrname = dr("Username") AndAlso KundenNr = dr("KundenNr") AndAlso UsrID = dr("UserId") Then
|
|
Try
|
|
If IsPostBack Then
|
|
If String.IsNullOrEmpty(txt_Pw.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = False Then
|
|
txt_Pw_WH.Enabled = False
|
|
reqPassw1txt_M.Enabled = False
|
|
reqPasswtxt_M.Enabled = False
|
|
reqPasswtxt.Enabled = True
|
|
reqPassw1txt.Enabled = True
|
|
reqPasswtxt.Validate()
|
|
If reqPasswtxt.IsValid = True Then
|
|
txt_Pw_WH.Enabled = True
|
|
reqPassw1txt.Validate()
|
|
End If
|
|
ElseIf String.IsNullOrEmpty(txt_Pw_M.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_WH_M.Text) = False Then
|
|
txt_Pw_WH_M.Enabled = False
|
|
reqPasswtxt.Enabled = False
|
|
reqPassw1txt.Enabled = False
|
|
reqPassw1txt_M.Enabled = True
|
|
reqPasswtxt_M.Enabled = True
|
|
reqPasswtxt_M.Validate()
|
|
If reqPasswtxt_M.IsValid = True Then
|
|
txt_Pw_WH_M.Enabled = True
|
|
reqPassw1txt_M.Validate()
|
|
End If
|
|
End If
|
|
End If
|
|
Catch exc As Exception
|
|
lbl_messagetext.Text = exc.Message
|
|
End Try
|
|
|
|
Else
|
|
VERAG_VARIABLES.initerrorcount()
|
|
VERAG_VARIABLES.seterrorcount(1)
|
|
lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb + "Link is invalid. Please send a new E-Mail!"
|
|
btn_submitpw.Text = "Return to Login!"
|
|
btn_submitpw.PostBackUrl = "login_FLEX.aspx"
|
|
'Response.Redirect("ForgotPW.aspx")
|
|
End If
|
|
dr.Close()
|
|
End If
|
|
End Using
|
|
con.Close()
|
|
End Using
|
|
End Sub
|
|
|
|
Function getDateoftoken(tokenname As String) As Boolean
|
|
Dim data() As Byte = Convert.FromBase64String(VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(tokenname))
|
|
Dim wenn As DateTime = DateTime.FromBinary(BitConverter.ToInt64(data, 0))
|
|
Dim nameoftoken = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(tokenname)
|
|
If wenn < DateTime.UtcNow.AddMinutes(-30) Then
|
|
nameoftoken = String.Empty
|
|
|
|
'MsgBox("Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!")
|
|
lbl_messagetext.Text = "Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!"
|
|
Session.Remove("TokenforEmail")
|
|
btn_submitpw.Text = "Back to Login"
|
|
btn_submitpw.PostBackUrl = "login_FLEX.apsx"
|
|
Return True
|
|
ElseIf nameoftoken = "Error04" Then
|
|
nameoftoken = String.Empty
|
|
tokenname = nameoftoken
|
|
Session.Remove("TokenforEmail")
|
|
Return True
|
|
ElseIf nameoftoken = "NotYet" Then
|
|
Return True
|
|
ElseIf nameoftoken = "Error in Session ID. It has changed. Please check admin!" Then
|
|
' Dim mailto As String = "support@verag.ag"
|
|
Dim mailto As String = "ja@verag.ag"
|
|
Dim htmlbody As String = String.Empty
|
|
VERAG_VARIABLES.seterrorcount(500)
|
|
Dim Betreff As String = "Session ID" + VERAG_VARIABLES.geterrornumb
|
|
|
|
htmlbody = "<p> Der User " + VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")) + "hat eine ungültige oder geänderte Session-ID </p> <table><th><td>User</td></th><th><td>neue ID</td></th><tr><td>" + VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")) + "</td><td>" + Session.SessionID + "</td></tr></table>"
|
|
|
|
VERAG_PROG_ALLGEMEIN.cProgramFunctions.sendMail(mailto, Betreff, htmlbody)
|
|
Return False
|
|
Else
|
|
Return True
|
|
End If
|
|
End Function
|
|
|
|
|
|
Protected Sub Image1_M_Click(sender As Object, e As ImageClickEventArgs)
|
|
MsgBox("")
|
|
End Sub
|
|
|
|
Protected Async Sub btn_submitpw_Click(sender As Object, e As EventArgs)
|
|
Dim tempstr As String = ""
|
|
Dim UsernameDB As String = String.Empty
|
|
Dim pwDB As String = String.Empty
|
|
Dim EmailDB As String = String.Empty
|
|
Dim UsrIdDB As String = String.Empty
|
|
Dim CustomerIDDB As String = String.Empty
|
|
Dim UsrIDIsright As Boolean = False
|
|
Dim isemailright As Boolean = False
|
|
Dim isusrnmright As Boolean = False
|
|
Dim iscstmrIDight As Boolean = False
|
|
Dim IsPWRequal As Boolean = True
|
|
'Dim Msg, Style, Title As String
|
|
reqPassw1txt_M.Enabled = False
|
|
reqPasswtxt_M.Enabled = False
|
|
reqPasswtxt.Enabled = True
|
|
reqPassw1txt.Enabled = True
|
|
reqPasswtxt.Validate()
|
|
If reqPasswtxt.IsValid = True Then
|
|
txt_Pw_WH.Enabled = True
|
|
reqPassw1txt.Validate()
|
|
End If
|
|
|
|
If String.IsNullOrEmpty(txt_Pw.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_M.Text) = True AndAlso String.IsNullOrEmpty(txt_Pw_WH_M.Text) = True Then
|
|
|
|
txt_Pw_WH.Enabled = False
|
|
|
|
Dim ConnectionString = ""
|
|
|
|
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
|
|
VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = True
|
|
'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956"
|
|
ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
|
|
Else
|
|
VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = False
|
|
ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
|
|
'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
|
|
End If
|
|
If reqPassw1txt.IsValid = True Then
|
|
Using con As New SqlConnection(ConnectionString)
|
|
' Using cmd As New SqlCommand("Validate_User")
|
|
Using cmd As New SqlCommand("SELECT UserId,Username,Password,Email,UserId,KundenNr FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND UserId=@UserId")
|
|
' cmd.CommandType = CommandType.StoredProcedure
|
|
Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2"))
|
|
Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3"))
|
|
Dim THEUsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par4"))
|
|
Dim email As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par5"))
|
|
cmd.Parameters.AddWithValue("@Username", usrname)
|
|
cmd.Parameters.AddWithValue("@UserId", THEUsrID)
|
|
cmd.Connection = con
|
|
con.Open()
|
|
Dim dr As SqlDataReader = cmd.ExecuteReader()
|
|
If dr.HasRows Then
|
|
dr.Read()
|
|
If String.Equals(txt_Pw_WH.Text, dr("Password").ToString) = False Then
|
|
tempstr = txt_Pw_WH.Text
|
|
UsernameDB = dr("Username").ToString
|
|
pwDB = dr("Password").ToString
|
|
EmailDB = dr("Email").ToString
|
|
UsrIdDB = dr("UserId").ToString
|
|
CustomerIDDB = dr("KundenNr").ToString
|
|
Else
|
|
lbl_messagetext.Text = "The new password should differ from the old one!"
|
|
End If
|
|
If String.Equals(THEUsrID, UsrIdDB, StringComparison.CurrentCulture) = True Then
|
|
UsrIDIsright = True
|
|
End If
|
|
If String.Equals(txt_Pw.Text, pwDB, StringComparison.CurrentCulture) = False Then
|
|
IsPWRequal = False
|
|
End If
|
|
If String.Equals(usrname, UsernameDB, StringComparison.CurrentCulture) = True Then
|
|
isusrnmright = True
|
|
End If
|
|
If String.Equals(UsrID, CustomerIDDB, StringComparison.CurrentCulture) = True Then
|
|
iscstmrIDight = True
|
|
End If
|
|
If String.Equals(email, EmailDB, StringComparison.CurrentCulture) = True Then
|
|
isemailright = True
|
|
End If
|
|
End If
|
|
dr.Close()
|
|
End Using
|
|
con.Close()
|
|
End Using
|
|
Else
|
|
VERAG_VARIABLES.seterrorcount(22)
|
|
'lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb + "Error at the Passwort-Validation."
|
|
|
|
tempstr = "Error02"
|
|
End If
|
|
|
|
Else
|
|
tempstr = "Error01"
|
|
End If
|
|
|
|
If String.Equals(txt_Pw.Text, tempstr) = True AndAlso String.Equals(txt_Pw_WH.Text, tempstr) = True AndAlso String.IsNullOrEmpty(txt_Pw_M.Text) = True And String.IsNullOrEmpty(txt_Pw_WH_M.Text) = True And String.Equals(tempstr, "Error01") = False And Not tempstr = "Error02" Then
|
|
|
|
If regexval_txt_Pw.IsValid = True Then
|
|
Try
|
|
Dim ConnectionString = ""
|
|
Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2"))
|
|
Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3"))
|
|
Dim THEUsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par4"))
|
|
Dim Email As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par5"))
|
|
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
|
|
'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956"
|
|
ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
|
|
Else
|
|
ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
|
|
'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
|
|
End If
|
|
Dim isPasswhash As Byte() = Await gensaltPassw(usrname, tempstr, intzahliterats, intzahl, Email, Session.IsNewSession)
|
|
Dim isPasswDBhash As Byte() = Await gensaltPassw(UsernameDB, pwDB, intzahliterats, intzahl, EmailDB, Session.IsNewSession)
|
|
If regexval_txt_Pw.IsValid = True Then
|
|
If VERAG_VARIABLES.Verifyhash(txt_Pw.Text, salt, isPasswDBhash, intzahliterats, intzahl) = True And VERAG_VARIABLES.Verifyhash(txt_Pw_WH.Text, salt, VERAG_VARIABLES.HashPassword(txt_Pw.Text, salt, intzahliterats, intzahl), intzahliterats, intzahl) = True Then
|
|
Using con As New SqlConnection(ConnectionString)
|
|
Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET [Password]=@Password WHERE [Username]=@Username AND [UserId]=@UserId")
|
|
' cmd.CommandType = CommandType.StoredProcedure
|
|
cmd.Parameters.AddWithValue("@Username", usrname)
|
|
cmd.Parameters.AddWithValue("@Password", txt_Pw_WH.Text)
|
|
cmd.Parameters.AddWithValue("@UserId", UsrID)
|
|
cmd.Connection = con
|
|
con.Open()
|
|
If String.IsNullOrEmpty(usrname) = False Then
|
|
cmd.ExecuteNonQuery()
|
|
btn_submitpw.Visible = True
|
|
btn_submitpw.Text = "zum Login"
|
|
Else
|
|
VERAG_VARIABLES.seterrorcount(25)
|
|
lbl_messagetext.Text = VERAG_VARIABLES.geterrornumb() + "Old and new Passwords shouldn't match!"
|
|
End If
|
|
End Using
|
|
con.Close()
|
|
End Using
|
|
End If
|
|
Else
|
|
VERAG_VARIABLES.seterrorcount(22)
|
|
'lbl_messagetext_M.ForeColor = Drawing.Color.Red
|
|
'lbl_messagetext_M.Text = VERAG_VARIABLES.geterrornumb() + "Error bei der Validierung des Kennwortes."
|
|
End If
|
|
Catch ex As Exception
|
|
lbl_messagetext.Text = ex.Message
|
|
End Try
|
|
End If
|
|
|
|
regexval_txt_Pw.ForeColor = Drawing.Color.Green
|
|
regexval_txt_Pw.Text = "Passwort has been changed successfully!"
|
|
btn_submitpw.Text = "Back to Login!"
|
|
btn_submitpw.PostBackUrl = "login_FLEX.aspx"
|
|
confirmPasswordReq.Enabled = False
|
|
confirmPasswordReq_M.Enabled = False
|
|
reqPasswtxt.Enabled = False
|
|
reqPassw1txt.Enabled = False
|
|
'Response.Redirect("login_FLEX.apsx")
|
|
'MsgBox(Msg, Style, Title)
|
|
' If MsgBox(Msg, Style, Title).Ok Then
|
|
'Response.Redirect("login_FLEX.aspx")
|
|
'End If
|
|
ElseIf tempstr = "Error01" Then
|
|
regexval_txt_Pw.ForeColor = Drawing.Color.MediumVioletRed
|
|
VERAG_VARIABLES.seterrorcount(2)
|
|
btn_submitpw.Text = "Back to Login!"
|
|
btn_submitpw.PostBackUrl = "login_FLEX.apsx"
|
|
reqPasswtxt.Enabled = False
|
|
reqPassw1txt.Enabled = False
|
|
'Response.Redirect("login_FLEX.aspx")
|
|
'regexval_txt_Pw.Text = VERAG_VARIABLES.geterrornumb + "Passwords could not be found!"
|
|
' Msg = "PW nicht erfolgreich geändert!"
|
|
' Style = vbAbortRetryIgnore + vbCritical + vbDefaultButton1
|
|
' Title = "Error"
|
|
'MsgBox(Msg, Style, Title)
|
|
'If MsgBox(Msg, Style, Title).Retry Then
|
|
'Response.Redirect(Request.RawUrl)
|
|
'ElseIf MsgBox(Msg, Style, Title).Abort Then
|
|
' Response.Redirect("../newPageJulius_Sidebar.aspx")
|
|
'ElseIf MsgBox(Msg, Style, Title).Ignore Then
|
|
' Try
|
|
' Catch ex As Exception
|
|
' End Try
|
|
End If
|
|
End Sub
|
|
Protected Sub txt_Pw_WH_TextChanged(sender As Object, e As EventArgs)
|
|
regexval_txt_Pw_WH.Validate()
|
|
confirmPasswordReq.Validate()
|
|
If confirmPasswordReq.IsValid Then
|
|
' btn_submitpw.Enabled = True
|
|
Else
|
|
lbl_messagetext.ForeColor = Drawing.Color.Red
|
|
lbl_messagetext.Text = "Passwords do not match."
|
|
'btn_submitpw.Enabled = False
|
|
End If
|
|
End Sub
|
|
|
|
Protected Sub txt_Pw_TextChanged(sender As Object, e As EventArgs)
|
|
regexval_txt_Pw.Validate()
|
|
If regexval_txt_Pw.IsValid Then
|
|
txt_Pw_WH.ReadOnly = False
|
|
regexval_txt_Pw_WH.Enabled = True
|
|
Else
|
|
txt_Pw_WH.ReadOnly = True
|
|
regexval_txt_Pw_WH.Enabled = False
|
|
End If
|
|
End Sub
|
|
|
|
Protected Sub txt_Pw_M_TextChanged(sender As Object, e As EventArgs)
|
|
regexval_txt_Pw_M.Validate()
|
|
If regexval_txt_Pw_M.IsValid Then
|
|
txt_Pw_WH_M.ReadOnly = False
|
|
regexval_txt_Pw_WH_M.Enabled = True
|
|
Else
|
|
txt_Pw_WH_M.ReadOnly = True
|
|
regexval_txt_Pw_WH_M.Enabled = False
|
|
End If
|
|
End Sub
|
|
|
|
Protected Sub txt_Pw_WH_M_TextChanged(sender As Object, e As EventArgs)
|
|
regexval_txt_Pw_WH_M.Validate()
|
|
confirmPasswordReq_M.Validate()
|
|
If confirmPasswordReq_M.IsValid Then
|
|
'btn_submitpw_M.Enabled = True
|
|
Else
|
|
lbl_messagetext_M.ForeColor = Drawing.Color.Red
|
|
lbl_messagetext_M.Text = "Passwords do not match."
|
|
'btn_submitpw.Enabled = False
|
|
End If
|
|
End Sub
|
|
|
|
Protected Async Sub btn_submitpw_M_Click(sender As Object, e As EventArgs)
|
|
Dim tempstr As String = ""
|
|
Dim pwDB As String = String.Empty
|
|
Dim EmailDB As String = String.Empty
|
|
Dim usrnmDB As String = String.Empty
|
|
Dim TheUsrIdDB As String = String.Empty
|
|
Dim customerIDDB As String = String.Empty
|
|
Dim isusernameright As Boolean = False
|
|
Dim isemailright As Boolean = False
|
|
Dim ispwrEqual As Boolean = False
|
|
Dim isUSrIDright As Boolean = False
|
|
Dim isctmrIDright As Boolean = False
|
|
Dim ConnectionString = ""
|
|
confirmPasswordReq.Enabled = False
|
|
confirmPasswordReq_M.Enabled = True
|
|
confirmPasswordReq_M.Validate()
|
|
reqPasswtxt.Enabled = False
|
|
reqPasswtxt.Enabled = False
|
|
reqPasswtxt_M.Enabled = True
|
|
reqPassw1txt_M.Enabled = True
|
|
reqPasswtxt_M.Validate()
|
|
If reqPasswtxt_M.IsValid Then
|
|
reqPassw1txt_M.Validate()
|
|
End If
|
|
If String.IsNullOrEmpty(txt_Pw_M.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw_WH_M.Text) = False AndAlso String.IsNullOrEmpty(txt_Pw.Text) = True AndAlso String.IsNullOrEmpty(txt_Pw_WH.Text) = True Then
|
|
|
|
If reqPasswtxt_M.IsValid = True AndAlso reqPassw1txt_M.IsValid = True Then
|
|
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
|
|
VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = True
|
|
'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956"
|
|
ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
|
|
Else
|
|
VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = False
|
|
ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
|
|
'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
|
|
End If
|
|
|
|
Using con As New SqlConnection(ConnectionString)
|
|
' Using cmd As New SqlCommand("Validate_User")
|
|
Using cmd As New SqlCommand("SELECT UserId,Username,Password,Email,KundeNr FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND UserId=@UserId And UserId=@UserId")
|
|
' cmd.CommandType = CommandType.StoredProcedure
|
|
Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")).ToString
|
|
Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")).ToString
|
|
Dim THEUsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par4")).ToString
|
|
Dim Email As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par5")).ToString
|
|
cmd.Parameters.AddWithValue("@Username", usrname)
|
|
cmd.Parameters.AddWithValue("@UserId", UsrID)
|
|
|
|
cmd.Connection = con
|
|
con.Open()
|
|
' userId = Convert.ToInt32(cmd.ExecuteScalar())
|
|
Dim dr As SqlDataReader = cmd.ExecuteReader()
|
|
If dr.HasRows Then
|
|
dr.Read()
|
|
tempstr = txt_Pw_M.Text
|
|
EmailDB = dr("Email").ToString
|
|
pwDB = dr("Password").ToString
|
|
usrnmDB = dr("Username").ToString
|
|
TheUsrIdDB = dr("UserId").ToString
|
|
customerIDDB = dr("KundenNr").ToString
|
|
If String.Equals(usrname, usrnmDB, StringComparison.CurrentCulture) = True Then
|
|
isusernameright = True
|
|
End If
|
|
If String.Equals(Email, EmailDB, StringComparison.CurrentCulture) = True Then
|
|
isemailright = True
|
|
End If
|
|
If String.Equals(txt_Pw_M.Text, pwDB, StringComparison.CurrentCulture) = False Then
|
|
ispwrEqual = False
|
|
End If
|
|
If String.Equals(UsrID, TheUsrIdDB, StringComparison.CurrentCulture) = True Then
|
|
isUSrIDright = True
|
|
End If
|
|
If String.Equals(THEUsrID, customerIDDB, StringComparison.CurrentCulture) = True Then
|
|
isctmrIDright = True
|
|
End If
|
|
|
|
If String.Compare(usrname, dr("Username")) = True Then
|
|
isusernameright = True
|
|
End If
|
|
End If
|
|
dr.Close()
|
|
End Using
|
|
con.Close()
|
|
End Using
|
|
Else
|
|
tempstr = "Error01"
|
|
End If
|
|
If String.Equals(txt_Pw_WH_M.Text, tempstr) = True AndAlso String.Equals(txt_Pw_M.Text, tempstr) = True AndAlso String.IsNullOrEmpty(txt_Pw.Text) = True And String.IsNullOrEmpty(txt_Pw_WH.Text) = True And String.Equals(tempstr, "Error01") = False Then
|
|
Try
|
|
ConnectionString = ""
|
|
Dim usrname As String = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(Request.QueryString("Par2")).ToString
|
|
Dim UsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(Request.QueryString("Par3")).ToString
|
|
Dim THEUsrID As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Request.QueryString("Par4")).ToString
|
|
Dim Email As String = Request.QueryString("Par5").ToString
|
|
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
|
|
'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956"
|
|
ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
|
|
Else
|
|
ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
|
|
'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
|
|
End If
|
|
|
|
Using con As New SqlConnection(ConnectionString)
|
|
Dim isPasswhash As Byte() = Await gensaltPassw(usrname, tempstr, intzahliterats, intzahl, Email, Session.IsNewSession)
|
|
Dim isPasswDBhash As Byte() = Await gensaltPassw(usrnmDB, pwDB, intzahliterats, intzahl, EmailDB, Session.IsNewSession)
|
|
If regexval_txt_Pw.IsValid = True Then
|
|
If VERAG_VARIABLES.Verifyhash(tempstr, salt, isPasswhash, intzahliterats, intzahl) = True AndAlso VERAG_VARIABLES.Verifyhash(pwDB, salt, isPasswDBhash, intzahliterats, intzahl) = True Then
|
|
Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET Password=@Password WHERE Username=@Username AND UserId=@UserId")
|
|
' cmd.CommandType = CommandType.StoredProcedure
|
|
cmd.Parameters.AddWithValue("@Username", usrname)
|
|
cmd.Parameters.AddWithValue("@Password", tempstr)
|
|
cmd.Parameters.AddWithValue("@UserId", UsrID)
|
|
cmd.Connection = con
|
|
con.Open()
|
|
If String.Equals(usrname, VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt("Par2"), CompareMethod.Text) = True Then
|
|
cmd.ExecuteNonQuery()
|
|
regexval_txt_Pw_M.ForeColor = Drawing.Color.Green
|
|
regexval_txt_Pw_M.Text = "Password has been changed sucessfully!"
|
|
btn_submitpw.Text = "Back to Login!"
|
|
btn_submitpw.PostBackUrl = "login_FLEX.aspx"
|
|
confirmPasswordReq_M.Enabled = False
|
|
confirmPasswordReq_M.Enabled = False
|
|
reqPasswtxt_M.Enabled = False
|
|
Else
|
|
btn_submitpw.Text = "Back to Login!"
|
|
btn_submitpw.PostBackUrl = "login_FLEX.aspx"
|
|
confirmPasswordReq.Enabled = False
|
|
confirmPasswordReq_M.Enabled = False
|
|
reqPasswtxt_M.Enabled = False
|
|
End If
|
|
End Using
|
|
End If
|
|
End If
|
|
con.Close()
|
|
End Using
|
|
Catch ex As Exception
|
|
lbl_messagetext_M.Text = ex.Message
|
|
End Try
|
|
|
|
'MsgBox(Msg, Style, Title)
|
|
' If MsgBox(Msg, Style, Title).Ok Then
|
|
'Response.Redirect("login_FLEX.aspx")
|
|
'End If
|
|
ElseIf tempstr = "Error01" Then
|
|
regexval_txt_Pw_M.ForeColor = Drawing.Color.MediumVioletRed
|
|
VERAG_VARIABLES.seterrorcount(2)
|
|
regexval_txt_Pw_M.Text = VERAG_VARIABLES.geterrornumb + "Passwort konnte nicht erfolgreich geändert werden!"
|
|
|
|
btn_submitpw.Text = "Back to Login!"
|
|
btn_submitpw.PostBackUrl = "login_FLEX.aspx"
|
|
confirmPasswordReq.Enabled = False
|
|
confirmPasswordReq_M.Enabled = False
|
|
'Button hierher
|
|
|
|
' Msg = "PW nicht erfolgreich geändert!"
|
|
' Style = vbAbortRetryIgnore + vbCritical + vbDefaultButton1
|
|
' Title = "Error"
|
|
'MsgBox(Msg, Style, Title)
|
|
'If MsgBox(Msg, Style, Title).Retry Then
|
|
'Response.Redirect(Request.RawUrl)
|
|
'ElseIf MsgBox(Msg, Style, Title).Abort Then
|
|
' Response.Redirect("../newPageJulius_Sidebar.aspx")
|
|
'ElseIf MsgBox(Msg, Style, Title).Ignore Then
|
|
' Try
|
|
|
|
' Catch ex As Exception
|
|
|
|
' End Try
|
|
End If
|
|
End If
|
|
End Sub
|
|
|
|
Async Function gensaltPassw(username As String, password As String, intzahliterats As Integer, intzahl As Integer, email As String, isnewSession As Boolean) As Task(Of Byte())
|
|
If isnewSession = False Then
|
|
Dim token As Byte()
|
|
'Dim tok As Byte = Convert.ToBase64String(time.Concat(Key).ToArray())
|
|
Dim tok As String = password
|
|
token = Await VERAG_VARIABLES.HashPasswordAsync(password, salt, intzahliterats, intzahl)
|
|
Return token
|
|
End If
|
|
End Function
|
|
|
|
Function gennewsaltToken(username As String, password As String, email As String, CustomerID As String, intzahlits As Integer, intzahl As Integer, isnewSession As Boolean, theUserID As String) As String
|
|
If isnewSession = False Then
|
|
Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary())
|
|
Dim Key() As Byte = Guid.NewGuid().ToByteArray()
|
|
Dim token As Byte()
|
|
|
|
If String.IsNullOrEmpty(theUserID) = False Then
|
|
|
|
Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray())
|
|
token = VERAG_VARIABLES.HashPassword(tok, salt, intzahlits, intzahl)
|
|
|
|
Return VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(Convert.ToBase64String(token))
|
|
Else
|
|
Return String.Empty
|
|
End If
|
|
Else
|
|
Return "Error in Session ID. It has changed. Please check admin!"
|
|
End If
|
|
End Function
|
|
|
|
Async Function gensaltTokenAsync(STrings As String) As Task(Of String)
|
|
If String.IsNullOrEmpty(STrings) = False Then
|
|
Dim token As Byte()
|
|
|
|
Dim salt As Byte() = VERAG_VARIABLES.GenerateSalt(intzahl)
|
|
Dim tok As String = STrings
|
|
token = Await VERAG_VARIABLES.HashPasswordAsync(tok, salt, intzahliterats, intzahl)
|
|
|
|
Return Convert.ToBase64String(token)
|
|
|
|
Return VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(Convert.ToBase64String(token))
|
|
Else
|
|
Return String.Empty
|
|
End If
|
|
End Function
|
|
End Class |