277 lines
14 KiB
VB.net
277 lines
14 KiB
VB.net
Imports System.Data.SqlClient
|
|
Imports System.Data
|
|
Imports System.Security.Cryptography
|
|
|
|
Partial Class login_FLEX
|
|
Inherits System.Web.UI.Page
|
|
|
|
Dim Customer_ID As String = String.Empty
|
|
Dim UserNaMe As String = String.Empty
|
|
Dim passw As String = String.Empty
|
|
Dim USERID As String = String.Empty
|
|
Protected Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load
|
|
VERAG_VARIABLES.initerrorcount()
|
|
If Page.IsPostBack = True Then
|
|
Page.MaintainScrollPositionOnPostBack = True
|
|
Else
|
|
Page.MaintainScrollPositionOnPostBack = False
|
|
End If
|
|
End Sub
|
|
Protected Sub ValidateUser(sender As Object, e As EventArgs)
|
|
|
|
' cDBFunctions.GetNewOpenConnection()
|
|
Dim ConnectionString = ""
|
|
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
|
|
VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = True
|
|
'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956"
|
|
ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
|
|
Else
|
|
VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = False
|
|
ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
|
|
'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
|
|
End If
|
|
|
|
Dim tb As TextBox = Login1.FindControl("txt_CustomerID")
|
|
Dim tb_M As TextBox = Login2.FindControl("txt_CustomerID_M")
|
|
Dim tb2 As TextBox = Login1.FindControl("Username")
|
|
Dim tb2_M As TextBox = Login2.FindControl("Username")
|
|
Dim tb3 As TextBox = Login1.FindControl("Password")
|
|
Dim tb3_M As TextBox = Login2.FindControl("Password")
|
|
|
|
Dim reqfieldvaluserID As RequiredFieldValidator = Login1.FindControl("CustomerIDrequired")
|
|
Dim reqfieldvaluserID_M As RequiredFieldValidator = Login2.FindControl("CustomerID_M_required")
|
|
Dim reqfieldvaluserName As RequiredFieldValidator = Login1.FindControl("UserNamerequired")
|
|
Dim reqfieldvaluserName_M As RequiredFieldValidator = Login2.FindControl("UserName_M_required")
|
|
Dim reqfieldvalpassw As RequiredFieldValidator = Login1.FindControl("Passwordrequired")
|
|
Dim reqfieldvalpassw_M As RequiredFieldValidator = Login2.FindControl("Passwordrequired_M")
|
|
|
|
Dim regexuserID As RegularExpressionValidator = Login1.FindControl("valid_getNumberInput")
|
|
Dim regexuserID_M As RegularExpressionValidator = Login2.FindControl("valid_getNumber_M_Input")
|
|
Dim regexusername As RegularExpressionValidator = Login1.FindControl("check_UserName_regex")
|
|
Dim regexusername_M As RegularExpressionValidator = Login2.FindControl("check_UserName_M_regex")
|
|
Dim cb As CheckBox = Login1.FindControl("RememberMe")
|
|
Dim cb_M As CheckBox = Login2.FindControl("RememberMe_M")
|
|
|
|
|
|
If String.IsNullOrEmpty(tb.Text) = False AndAlso String.IsNullOrEmpty(tb_M.Text) = True Then
|
|
reqfieldvaluserID.Enabled = True
|
|
reqfieldvaluserID_M.Enabled = False
|
|
reqfieldvaluserID.Validate()
|
|
If reqfieldvaluserID.IsValid = True Then
|
|
regexuserID.Validate()
|
|
If regexuserID.IsValid Then
|
|
Customer_ID = tb.Text
|
|
Else
|
|
VERAG_VARIABLES.seterrorcount(1)
|
|
regexuserID.ErrorMessage = VERAG_VARIABLES.geterrornumb + ": Customer-ID has to be a number."
|
|
End If
|
|
End If
|
|
End If
|
|
If String.IsNullOrEmpty(tb_M.Text) = False AndAlso String.IsNullOrEmpty(tb.Text) = True Then
|
|
reqfieldvaluserID.Enabled = False
|
|
reqfieldvaluserID_M.Enabled = True
|
|
If reqfieldvaluserID_M.IsValid = True Then
|
|
regexusername_M.Validate()
|
|
If regexusername_M.IsValid Then
|
|
Customer_ID = tb_M.Text
|
|
Else
|
|
VERAG_VARIABLES.seterrorcount(2)
|
|
regexusername_M.ErrorMessage = VERAG_VARIABLES.geterrornumb + "Customer-ID does not have any special characters in it."
|
|
End If
|
|
End If
|
|
End If
|
|
If String.IsNullOrEmpty(tb2.Text) = False AndAlso String.IsNullOrEmpty(tb2_M.Text) = True Then
|
|
reqfieldvaluserName.Enabled = True
|
|
reqfieldvaluserName_M.Enabled = False
|
|
regexusername.Validate()
|
|
If reqfieldvaluserName.IsValid = True Then
|
|
If regexusername.IsValid Then
|
|
UserNaMe = tb2.Text
|
|
Else
|
|
VERAG_VARIABLES.seterrorcount(2)
|
|
regexusername_M.ErrorMessage = VERAG_VARIABLES.geterrornumb + "Username does not have any special characters in it."
|
|
End If
|
|
Else
|
|
|
|
reqfieldvaluserName.ErrorMessage = String.Empty
|
|
End If
|
|
End If
|
|
If String.IsNullOrEmpty(tb2_M.Text) = False AndAlso String.IsNullOrEmpty(tb2.Text) = True Then
|
|
reqfieldvaluserName.Enabled = False
|
|
reqfieldvaluserName_M.Enabled = True
|
|
reqfieldvaluserName_M.Validate()
|
|
If reqfieldvaluserName_M.IsValid = True Then
|
|
regexusername_M.Validate()
|
|
If regexusername.IsValid Then
|
|
UserNaMe = tb2_M.Text
|
|
Else
|
|
VERAG_VARIABLES.seterrorcount(3)
|
|
regexusername.ErrorMessage = VERAG_VARIABLES.geterrornumb + "Password has to match the criterias of tge info button."
|
|
End If
|
|
End If
|
|
End If
|
|
If String.IsNullOrEmpty(tb3.Text) = False AndAlso String.IsNullOrEmpty(tb3_M.Text) = True Then
|
|
reqfieldvalpassw.Enabled = True
|
|
reqfieldvalpassw_M.Enabled = False
|
|
reqfieldvalpassw.Validate()
|
|
If reqfieldvalpassw.IsValid = True Then
|
|
passw = tb3.Text
|
|
End If
|
|
End If
|
|
If String.IsNullOrEmpty(tb3_M.Text) = False AndAlso String.IsNullOrEmpty(tb3.Text) = True Then
|
|
reqfieldvalpassw.Enabled = False
|
|
reqfieldvalpassw_M.Enabled = True
|
|
reqfieldvalpassw_M.Validate()
|
|
If reqfieldvalpassw_M.IsValid = True Then
|
|
passw = tb3_M.Text
|
|
Else
|
|
VERAG_VARIABLES.seterrorcount(4)
|
|
reqfieldvalpassw_M.ErrorMessage = String.Empty
|
|
End If
|
|
End If
|
|
' Dim constr As String = ConfigurationManager.ConnectionStrings("constr").ConnectionString
|
|
Using con As New SqlConnection(ConnectionString)
|
|
' Using cmd As New SqlCommand("Validate_User")
|
|
Using cmd As New SqlCommand("SELECT KundenNr,Username,Password FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username AND Password=@Password AND KundenNr=@KundenNr")
|
|
' cmd.CommandType = CommandType.StoredProcedure
|
|
cmd.Parameters.AddWithValue("@Username", UserNaMe)
|
|
cmd.Parameters.AddWithValue("@KundenNr", Customer_ID)
|
|
cmd.Parameters.AddWithValue("@Password", passw)
|
|
cmd.Connection = con
|
|
con.Open()
|
|
' userId = Convert.ToInt32(cmd.ExecuteScalar())
|
|
Dim dr As SqlDataReader = cmd.ExecuteReader()
|
|
If dr.HasRows Then
|
|
dr.Read()
|
|
'MsgBox(dr.Item(0).ToString())
|
|
Select Case dr.Item(0)
|
|
Case 0
|
|
VERAG_VARIABLES.seterrorcount(5)
|
|
Login1.FailureText = VERAG_VARIABLES.geterrornumb + "Username and/or Password do not match."
|
|
Exit Select
|
|
Case -2
|
|
VERAG_VARIABLES.seterrorcount(6)
|
|
Login1.FailureText = VERAG_VARIABLES.geterrornumb + "Account is not activated."
|
|
Exit Select
|
|
Case Else
|
|
If tb.Text = dr("KundenNr") Then
|
|
Customer_ID = dr("KundenNr").ToString
|
|
Else
|
|
VERAG_VARIABLES.seterrorcount(7)
|
|
Login1.FailureText = VERAG_VARIABLES.geterrornumb + "ID cannot be found in the database!"
|
|
End If
|
|
If tb2.Text = dr("Username") Then
|
|
UserNaMe = dr("Username").ToString
|
|
Else
|
|
VERAG_VARIABLES.seterrorcount(8)
|
|
Login1.FailureText = VERAG_VARIABLES.geterrornumb + "Username is not in the database!"
|
|
End If
|
|
If tb3.Text = dr("Password") Then
|
|
passw = dr("Password").ToString
|
|
Else
|
|
VERAG_VARIABLES.seterrorcount(9)
|
|
Login1.FailureText = VERAG_VARIABLES.geterrornumb + "Password is not in the database!"
|
|
End If
|
|
|
|
'MsgBox("Erfolgreich validiert.")
|
|
Session.Add("test", UserNaMe)
|
|
Session.Add("CustomerID", Customer_ID)
|
|
Session.Add("PW", passw)
|
|
Exit Select
|
|
End Select
|
|
End If
|
|
dr.Close()
|
|
con.Close()
|
|
End Using
|
|
Using cmd2 As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET [LastLoginDate]=@Date WHERE [Username]=@Username AND [KundenNr]=@KundenNr AND Password=@Password")
|
|
cmd2.Parameters.AddWithValue("Date", Date.Now.ToString)
|
|
cmd2.Parameters.AddWithValue("Username", UserNaMe)
|
|
cmd2.Parameters.AddWithValue("KundenNr", Customer_ID)
|
|
cmd2.Parameters.AddWithValue("Password", passw)
|
|
cmd2.Connection = con
|
|
con.Open()
|
|
cmd2.ExecuteNonQuery()
|
|
con.Close()
|
|
End Using
|
|
End Using
|
|
|
|
If String.IsNullOrEmpty(tb2_M.Text) = False AndAlso String.IsNullOrEmpty(tb2.Text) = True Then
|
|
FormsAuthentication.SetAuthCookie(Login1.UserName, cb_M.Checked)
|
|
ElseIf String.IsNullOrEmpty(tb2.Text) = False AndAlso String.IsNullOrEmpty(tb2_M.Text) = True Then
|
|
FormsAuthentication.SetAuthCookie(Login2.UserName, cb.Checked)
|
|
End If
|
|
'If (String.IsNullOrEmpty(passw) = False And String.IsNullOrEmpty(UserNaMe) = False And String.IsNullOrEmpty(Customer_ID) = False) Then
|
|
'Dim str = gensaltToken(UserNaMe, passw, Customer_ID, Session.IsNewSession)
|
|
'MsgBox(str)
|
|
'End If
|
|
FormsAuthentication.RedirectFromLoginPage(UserNaMe, True)
|
|
|
|
End Sub
|
|
|
|
Protected Sub LoginButton_Click(sender As Object, e As EventArgs)
|
|
Validate("Login")
|
|
Session.Add("test", UserNaMe)
|
|
Session.Add("CustomerID", Customer_ID)
|
|
Session.Add("PW", passw)
|
|
End Sub
|
|
Protected Sub LoginButton_M_Click(sender As Object, e As EventArgs)
|
|
Validate("Login_M")
|
|
Session.Add("test", UserNaMe)
|
|
Session.Add("CustomerID", Customer_ID)
|
|
Session.Add("PW", passw)
|
|
End Sub
|
|
Function gensaltToken(username As String, password As String, CustomerID As String, isnewSession As Boolean) As String
|
|
If isnewSession = False Then
|
|
Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary())
|
|
Dim Key() As Byte = Guid.NewGuid().ToByteArray()
|
|
Dim token As String
|
|
Dim MyMin As Integer = 155, MyMax As Integer = 875, My1stRandomNumber As Integer, My2ndRandomNumber As Integer
|
|
' Create a random number generator
|
|
Dim Generator As System.Random = New System.Random()
|
|
' Get a random number >= MyMin and <= MyMax
|
|
My1stRandomNumber = Generator.Next(MyMin, MyMax + 1) ' Note: Next function returns numbers _less than_ max, so pass in max + 1 to include max as a possible value
|
|
|
|
' Get another random number (don't create a new generator, use the same one)
|
|
My2ndRandomNumber = Generator.Next(MyMin, MyMax + 1)
|
|
If String.IsNullOrEmpty(username) = False And String.IsNullOrEmpty(passw) = False And String.IsNullOrEmpty(CustomerID) = False Then
|
|
Try
|
|
Dim salt As String = VERAG_VARIABLES.GenerateSalt(My1stRandomNumber)
|
|
Dim passw As String = password
|
|
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(passw, salt, 101, My1stRandomNumber))
|
|
Session.Add("Tokensalt", VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(token))
|
|
Session.Add("salt", VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(salt))
|
|
Return token
|
|
Catch Ex As Exception
|
|
'Dim Msg, Style, Title As String
|
|
'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given."
|
|
'Style = vbRetry + vbExclamation + vbDefaultButton1
|
|
'Title = "Error05: Token-Generierung"
|
|
'MsgBox(Msg, Style, Title)
|
|
'If MsgBox(Msg, Style, Title).Retry Then
|
|
'genToken(username, password, email)
|
|
Dim salt As String = VERAG_VARIABLES.GenerateSalt(My1stRandomNumber)
|
|
Dim passw As String = password
|
|
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(passw, salt, 101, My2ndRandomNumber))
|
|
|
|
|
|
'Else
|
|
'MsgBox("Token-Generation has not been successful." & vbCrLf & "Please try again in five seconds!")
|
|
Dim jetzt As DateTime = DateTime.UtcNow
|
|
Dim wenn As DateTime = DateTime.UtcNow.AddSeconds(-5)
|
|
|
|
If jetzt < wenn Then
|
|
Return "NotYet"
|
|
Else
|
|
token = gensaltToken(username, password, CustomerID, Session.IsNewSession)
|
|
Return token
|
|
'End If
|
|
End If
|
|
End Try
|
|
Else
|
|
Return String.Empty
|
|
End If
|
|
Else
|
|
Return "Error in Session ID. It has changed. Please check admin!"
|
|
End If
|
|
End Function
|
|
End Class |