public IActionResult Put(int id_i, Users newUser)
{
if (XSS.CheckIfTooLong(newUser.HashPassword, 50))
{
return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
String.Empty, false, 7, "Bad password", "The password is too long")));
}
if (XSS.CheckIfTooLong(newUser.Name, 20))
{
return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
String.Empty, false, 7, "Bad name", "The name is too long")));
}
if (!XSS.CheckIfAlphaNum(newUser.Name))
{
return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
String.Empty, false, 8, "Bad name", "The name contains forbidden signs")));
}
if (XSS.CheckIfTooLong(newUser.Surname, 20))
{
return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
String.Empty, false, 7, "Bad surname", "The surname is too long")));
}
if (!XSS.CheckIfAlphaNum(newUser.Surname))
{
return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
String.Empty, false, 8, "Bad surname", "The surname contains forbidden signs")));
}
try
{
Users updatedUser = _query.APIGetById(id_i, _context);
if (updatedUser == null)
{
return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(
HttpStatusCode.OK, String.Empty, false, 3,
"Invalid user", "User not found in database")));
}
else
{
// in this moment we assume that email, permissionid, salt
// is UNALTERABLE!!
_query.APIPut(updatedUser, newUser, _context);
}
}
catch (Exception ex)
{
ErrInfLogger.LockInstance.ErrorLog(ex.ToString());
return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.BadRequest,
String.Empty, false, 4, "Exception", "Application exception thrown")));
}
return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
String.Empty, true, 0, "Updated", "User updated in database")));
}
public JsonResult AddFeedback(string openid, string editorContent, string fromcity, string browserName)
{
QQUserModel userModel = qqUserService.GetQQUserByOpenId(openid);
if (userModel == null)
{
return(Json(new AjaxResult {
state = ResultType.error.ToString(), message = "非法提交,Openid不存在"
}));
}
if (!userModel.Status.Value)
{
return(Json(new AjaxResult {
state = ResultType.error.ToString(), message = "QQ用户已被锁定,无法留言"
}));
}
WebSiteInfo siteInfo = new WebSiteInfo();
int maxFeedbackNum = Convert.ToInt32(siteInfo.GetWebSiteInfo().MaxFeedbackNum);
int todayFeedbackNum = service.GetTodayFeedbackNum(openid);
if (todayFeedbackNum >= maxFeedbackNum)
{
//锁定QQ用户
userModel.Status = false;
qqUserService.UpdateQQUser(userModel);
return(Json(new AjaxResult {
state = ResultType.error.ToString(), message = "留言提交失败,已超出每日最大提交数量"
}));
}
FeedbackModel model = new FeedbackModel()
{
SendId = userModel.Id,
AcceptId = 0,
Content = XSS.FilterXSS(editorContent),
ParentId = 0,
City = fromcity,
Equip = browserName,
CreateOn = DateTime.Now
};
bool result = service.CreateModel(model);
if (result)
{
return(Json(new AjaxResult {
state = ResultType.success.ToString(), message = "留言提交成功"
}));
}
else
{
return(Json(new AjaxResult {
state = ResultType.error.ToString(), message = "留言提交失败"
}));
}
}
public JsonResult ReplyComment(string openid, string remarkId, string targetUserId, string articleid, string editorContent)
{
QQUserModel userModel = qqUserService.GetQQUserByOpenId(openid);
if (userModel == null)
{
return(Json(new AjaxResult {
state = ResultType.error.ToString(), message = "非法提交,Openid不存在"
}));
}
if (!userModel.Status.Value)
{
return(Json(new AjaxResult {
state = ResultType.error.ToString(), message = "QQ用户已被锁定,无法评论"
}));
}
WebSiteInfo siteInfo = new WebSiteInfo();
int maxCommentNum = Convert.ToInt32(siteInfo.GetWebSiteInfo().MaxCommentNum);
int todayCommentNum = service.GetTodayCommentNum(openid);
if (todayCommentNum >= maxCommentNum)
{
//锁定QQ用户
userModel.Status = false;
qqUserService.UpdateQQUser(userModel);
return(Json(new AjaxResult {
state = ResultType.error.ToString(), message = "评论提交失败,已超出每日最大提交数量"
}));
}
CommentModel model = new CommentModel()
{
SendId = userModel.Id,
AcceptId = Convert.ToInt32(targetUserId),
Content = XSS.FilterXSS(editorContent),
Status = true,
ParentId = Convert.ToInt32(remarkId),
ArticleId = Convert.ToInt32(articleid),
CreateOn = DateTime.Now
};
bool result = service.CreateModel(model);
if (result)
{
return(Json(new AjaxResult {
state = ResultType.success.ToString(), message = "评论回复成功"
}));
}
else
{
return(Json(new AjaxResult {
state = ResultType.error.ToString(), message = "评论回复失败"
}));
}
}
public IActionResult Post(string email_s, string password_s)
{
if (XSS.CheckIfTooLong(email_s, 30))
{
return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
String.Empty, false, 7, "Bad email", "The email is too long")));
}
if (XSS.CheckIfContains(email_s, XSS.forbiddenList_s))
{
return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
String.Empty, false, 8, "Bad email", "The email contains forbidden signs")));
}
if (XSS.CheckIfTooLong(password_s, 50))
{
return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
String.Empty, false, 7, "Bad password", "The pasword is too long")));
}
try
{
if (email_s == null || password_s == null)
{
return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(
HttpStatusCode.Unauthorized, String.Empty, false, 1,
"Authorization Error", "Wrong login or password")));
}
string token_s = _query.APICreateToken(email_s, password_s, _context);
if (token_s == null)
{
return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(
HttpStatusCode.Unauthorized, String.Empty, false, 1,
"Authorization Error", "Wrong login or password")));
}
return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
token_s, true, 0, "Authorized", "Password & login correct")));
}
catch (Exception ex)
{
ErrInfLogger.LockInstance.ErrorLog(ex.ToString());
return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.BadRequest,
String.Empty, false, 4, "Exception", "Application exception thrown")));
}
}
public IActionResult Post(Users newUser)
{
if (_query.APIGetByEmail(newUser.Email, _context) != null)
{
return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
String.Empty, false, 5, "User exists", "User exists in database")));
}
if (XSS.CheckIfTooLong(newUser.Email, 30))
{
return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
String.Empty, false, 7, "Bad email", "The email is too long")));
}
if (XSS.CheckIfContains(newUser.Email, XSS.forbiddenList_s))
{
return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
String.Empty, false, 8, "Bad email", "The email contains forbidden signs")));
}
if (XSS.CheckIfTooLong(newUser.HashPassword, 50))
{
return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
String.Empty, false, 7, "Bad password", "The password is too long")));
}
if (XSS.CheckIfTooLong(newUser.Name, 20))
{
return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
String.Empty, false, 7, "Bad name", "The name is too long")));
}
if (!XSS.CheckIfAlphaNum(newUser.Name))
{
return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
String.Empty, false, 8, "Bad name", "The name contains forbidden signs")));
}
if (XSS.CheckIfTooLong(newUser.Surname, 20))
{
return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
String.Empty, false, 7, "Bad surname", "The surname is too long")));
}
if (!XSS.CheckIfAlphaNum(newUser.Surname))
{
return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
String.Empty, false, 8, "Bad surname", "The surname contains forbidden signs")));
}
try
{
_query.APIPost(newUser, _context);
}
catch (Exception ex)
{
ErrInfLogger.LockInstance.ErrorLog(ex.ToString());
return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.BadRequest,
String.Empty, false, 4, "Exception", "Application exception thrown")));
}
return(new ObjectResult(ResponsesContainer.Instance.GetResponseContent(HttpStatusCode.OK,
String.Empty, true, 0, "Created", "User created in database")));
}