Beispiel #1
0
        public IActionResult Put(int id_i, Users newUser)
        {
            if (XSS.CheckIfTooLong(newUser.HashPassword, 50))
            {
                return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
                                                                                       String.Empty, false, 7, "Bad password", "The password is too long")));
            }

            if (XSS.CheckIfTooLong(newUser.Name, 20))
            {
                return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
                                                                                       String.Empty, false, 7, "Bad name", "The name is too long")));
            }

            if (!XSS.CheckIfAlphaNum(newUser.Name))
            {
                return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
                                                                                       String.Empty, false, 8, "Bad name", "The name contains forbidden signs")));
            }

            if (XSS.CheckIfTooLong(newUser.Surname, 20))
            {
                return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
                                                                                       String.Empty, false, 7, "Bad surname", "The surname is too long")));
            }

            if (!XSS.CheckIfAlphaNum(newUser.Surname))
            {
                return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
                                                                                       String.Empty, false, 8, "Bad surname", "The surname contains forbidden signs")));
            }

            try
            {
                Users updatedUser = _query.APIGetById(id_i, _context);
                if (updatedUser == null)
                {
                    return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(
                                                HttpStatusCode.OK, String.Empty, false, 3,
                                                "Invalid user", "User not found in database")));
                }
                else
                {
                    // in this moment we assume that email, permissionid, salt
                    // is UNALTERABLE!!
                    _query.APIPut(updatedUser, newUser, _context);
                }
            }
            catch (Exception ex)
            {
                ErrInfLogger.LockInstance.ErrorLog(ex.ToString());
                return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.BadRequest,
                                                                                       String.Empty, false, 4, "Exception", "Application exception thrown")));
            }
            return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
                                                                                   String.Empty, true, 0, "Updated", "User updated in database")));
        }
Beispiel #2
0
        public JsonResult AddFeedback(string openid, string editorContent, string fromcity, string browserName)
        {
            QQUserModel userModel = qqUserService.GetQQUserByOpenId(openid);

            if (userModel == null)
            {
                return(Json(new AjaxResult {
                    state = ResultType.error.ToString(), message = "非法提交,Openid不存在"
                }));
            }
            if (!userModel.Status.Value)
            {
                return(Json(new AjaxResult {
                    state = ResultType.error.ToString(), message = "QQ用户已被锁定,无法留言"
                }));
            }
            WebSiteInfo siteInfo         = new WebSiteInfo();
            int         maxFeedbackNum   = Convert.ToInt32(siteInfo.GetWebSiteInfo().MaxFeedbackNum);
            int         todayFeedbackNum = service.GetTodayFeedbackNum(openid);

            if (todayFeedbackNum >= maxFeedbackNum)
            {
                //锁定QQ用户
                userModel.Status = false;
                qqUserService.UpdateQQUser(userModel);
                return(Json(new AjaxResult {
                    state = ResultType.error.ToString(), message = "留言提交失败,已超出每日最大提交数量"
                }));
            }
            FeedbackModel model = new FeedbackModel()
            {
                SendId   = userModel.Id,
                AcceptId = 0,
                Content  = XSS.FilterXSS(editorContent),
                ParentId = 0,
                City     = fromcity,
                Equip    = browserName,
                CreateOn = DateTime.Now
            };
            bool result = service.CreateModel(model);

            if (result)
            {
                return(Json(new AjaxResult {
                    state = ResultType.success.ToString(), message = "留言提交成功"
                }));
            }
            else
            {
                return(Json(new AjaxResult {
                    state = ResultType.error.ToString(), message = "留言提交失败"
                }));
            }
        }
Beispiel #3
0
        public JsonResult ReplyComment(string openid, string remarkId, string targetUserId, string articleid, string editorContent)
        {
            QQUserModel userModel = qqUserService.GetQQUserByOpenId(openid);

            if (userModel == null)
            {
                return(Json(new AjaxResult {
                    state = ResultType.error.ToString(), message = "非法提交,Openid不存在"
                }));
            }
            if (!userModel.Status.Value)
            {
                return(Json(new AjaxResult {
                    state = ResultType.error.ToString(), message = "QQ用户已被锁定,无法评论"
                }));
            }
            WebSiteInfo siteInfo        = new WebSiteInfo();
            int         maxCommentNum   = Convert.ToInt32(siteInfo.GetWebSiteInfo().MaxCommentNum);
            int         todayCommentNum = service.GetTodayCommentNum(openid);

            if (todayCommentNum >= maxCommentNum)
            {
                //锁定QQ用户
                userModel.Status = false;
                qqUserService.UpdateQQUser(userModel);
                return(Json(new AjaxResult {
                    state = ResultType.error.ToString(), message = "评论提交失败,已超出每日最大提交数量"
                }));
            }
            CommentModel model = new CommentModel()
            {
                SendId    = userModel.Id,
                AcceptId  = Convert.ToInt32(targetUserId),
                Content   = XSS.FilterXSS(editorContent),
                Status    = true,
                ParentId  = Convert.ToInt32(remarkId),
                ArticleId = Convert.ToInt32(articleid),
                CreateOn  = DateTime.Now
            };
            bool result = service.CreateModel(model);

            if (result)
            {
                return(Json(new AjaxResult {
                    state = ResultType.success.ToString(), message = "评论回复成功"
                }));
            }
            else
            {
                return(Json(new AjaxResult {
                    state = ResultType.error.ToString(), message = "评论回复失败"
                }));
            }
        }
        public IActionResult Post(string email_s, string password_s)
        {
            if (XSS.CheckIfTooLong(email_s, 30))
            {
                return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
                                                                                       String.Empty, false, 7, "Bad email", "The email is too long")));
            }

            if (XSS.CheckIfContains(email_s, XSS.forbiddenList_s))
            {
                return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
                                                                                       String.Empty, false, 8, "Bad email", "The email contains forbidden signs")));
            }

            if (XSS.CheckIfTooLong(password_s, 50))
            {
                return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
                                                                                       String.Empty, false, 7, "Bad password", "The pasword is too long")));
            }

            try
            {
                if (email_s == null || password_s == null)
                {
                    return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(
                                                HttpStatusCode.Unauthorized, String.Empty, false, 1,
                                                "Authorization Error", "Wrong login or password")));
                }

                string token_s = _query.APICreateToken(email_s, password_s, _context);

                if (token_s == null)
                {
                    return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(
                                                HttpStatusCode.Unauthorized, String.Empty, false, 1,
                                                "Authorization Error", "Wrong login or password")));
                }

                return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
                                                                                       token_s, true, 0, "Authorized", "Password & login correct")));
            }
            catch (Exception ex)
            {
                ErrInfLogger.LockInstance.ErrorLog(ex.ToString());
                return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.BadRequest,
                                                                                       String.Empty, false, 4, "Exception", "Application exception thrown")));
            }
        }
Beispiel #5
0
        public IActionResult Post(Users newUser)
        {
            if (_query.APIGetByEmail(newUser.Email, _context) != null)
            {
                return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
                                                                                       String.Empty, false, 5, "User exists", "User exists in database")));
            }

            if (XSS.CheckIfTooLong(newUser.Email, 30))
            {
                return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
                                                                                       String.Empty, false, 7, "Bad email", "The email is too long")));
            }

            if (XSS.CheckIfContains(newUser.Email, XSS.forbiddenList_s))
            {
                return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
                                                                                       String.Empty, false, 8, "Bad email", "The email contains forbidden signs")));
            }

            if (XSS.CheckIfTooLong(newUser.HashPassword, 50))
            {
                return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
                                                                                       String.Empty, false, 7, "Bad password", "The password is too long")));
            }

            if (XSS.CheckIfTooLong(newUser.Name, 20))
            {
                return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
                                                                                       String.Empty, false, 7, "Bad name", "The name is too long")));
            }

            if (!XSS.CheckIfAlphaNum(newUser.Name))
            {
                return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
                                                                                       String.Empty, false, 8, "Bad name", "The name contains forbidden signs")));
            }

            if (XSS.CheckIfTooLong(newUser.Surname, 20))
            {
                return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
                                                                                       String.Empty, false, 7, "Bad surname", "The surname is too long")));
            }

            if (!XSS.CheckIfAlphaNum(newUser.Surname))
            {
                return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
                                                                                       String.Empty, false, 8, "Bad surname", "The surname contains forbidden signs")));
            }

            try
            {
                _query.APIPost(newUser, _context);
            }
            catch (Exception ex)
            {
                ErrInfLogger.LockInstance.ErrorLog(ex.ToString());
                return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.BadRequest,
                                                                                       String.Empty, false, 4, "Exception", "Application exception thrown")));
            }
            return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
                                                                                   String.Empty, true, 0, "Created", "User created in database")));
        }