protected void Application_Start()
{
AreaRegistration.RegisterAllAreas();
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
MvcHandler.DisableMvcResponseHeader = true; //to remove MVC version disclosure
//getting all the data required for initialization
string dataRoot = AppDomain.CurrentDomain.GetData("DataDirectory").ToString();
string rawUpgrades = File.ReadAllText(dataRoot + @"\tofu-universe-upgrades.js");
string rawItems = File.ReadAllText(dataRoot + @"\tofu-universe-items.js");
string iv = WebConfigurationManager.AppSettings["iv"];
string key = WebConfigurationManager.AppSettings["key"];
//initialize all of our custom classes
Database.Initialize(System.Configuration.ConfigurationManager.ConnectionStrings["WebAppConnString"].ToString());
Upgrade.Initialize(JsonConvert.DeserializeObject <Dictionary <int, dynamic> >(rawUpgrades));
Item.Initialize(JsonConvert.DeserializeObject <Dictionary <int, dynamic> >(rawItems));
AESCryptoStuff.Initialize(iv, key);
Hmac.Initialize(key);
ValidityMap.Initialize();
//transfer storage objects to .js files served to the client
string scriptsRoot = Server.MapPath("~") + @"\Scripts\TofuUniverse\";
string itemsFile = "let _tofuUniverse = {}; _tofuUniverse.ITEMS = " + rawItems;
string upgradesFile = "_tofuUniverse.UPGRADES = " + rawUpgrades;
File.WriteAllText(scriptsRoot + "tofu-universe-items.js", itemsFile);
File.WriteAllText(scriptsRoot + "tofu-universe-upgrades.js", upgradesFile);
}
public ActionResult TransactionHistory()
{
#region role and is logged in
if (Session["uname"] == null || Session["uname"].ToString() == "")
{
return(RedirectToAction("Login", "User"));
}
if (Session["role"].ToString() != "Admin")
{
return(RedirectToAction("Index", "Unauthorised"));
}
#endregion
Database d = Database.CurrentInstance;
try
{
if (d.OpenConnection())
{
List <TransactionHistory> transactions = new List <TransactionHistory>();
string SearchQuery = "SELECT * FROM dububase.beantransaction Order by dateOfTransaction Desc";
MySqlCommand c = new MySqlCommand(SearchQuery, d.conn);
AESCryptoStuff AES = AESCryptoStuff.CurrentInstance;
using (MySqlDataReader r = c.ExecuteReader())
{
while (r.Read())
{
transactions.Add(new TransactionHistory
{
TransactionNo = AES.AesDecrypt(r["transactionNo"].ToString()),
TransactionDesc = AES.AesDecrypt(r["transactionDesc"].ToString()),
Price = Convert.ToDouble(r["priceOfBeans"]),
Status = r["status"].ToString(),
BeansBefore = Convert.ToInt32(r["userBeansBefore"]),
BeansAfter = Convert.ToInt32(r["userBeansAfter"]),
DateOfTransaction = (Convert.ToDateTime(r["dateOfTransaction"])).ToString(),
UserID = AES.AesDecrypt(r["UserID"].ToString())
});
}
}
ViewBag.Transactions = transactions;
return(View());
}
}
catch (MySqlException e)
{
Debug.WriteLine(e);
}
finally
{
d.CloseConnection();
}
return(View());
}
//Retreive msg from db
public List <string> ChatGetMessage()
{
//Set connection string
String connString = System.Configuration.ConfigurationManager.ConnectionStrings["WebAppConnString"].ConnectionString;
conn = new MySql.Data.MySqlClient.MySqlConnection(connString);
try
{
//Storing list
List <string> chatList = new List <string>();
List <string> decodedList = new List <string>();
List <string> censoredList = new List <string>();
//Open connection
conn.Open();
MySqlCommand cmd = new MySqlCommand(queryString, conn);
AESCryptoStuff aes_obj = AESCryptoStuff.CurrentInstance;
Censors censorMessage = new Censors();
//QueryString set
queryString = "SELECT * FROM dububase.chat";
cmd.CommandText = queryString;
cmd = new MySql.Data.MySqlClient.MySqlCommand(queryString, conn);
reader = cmd.ExecuteReader();
while (reader.HasRows && reader.Read())
{
//While rows are present read and add each row from chatmessage column to chatList
chatList.Add(aes_obj.AesDecrypt(reader["chatMessage"].ToString()));
}
//Loop through list and decode
foreach (string i in chatList)
{
decodedList.Add(encInit.DecodeStuff(i));
}
foreach (string b in decodedList)
{
censoredList.Add(censorMessage.CrapCensor(b));
}
return(censoredList);
}
catch (System.Data.SqlClient.SqlException ex)
{
string errorMsg = "Error";
errorMsg += ex.Message;
throw new Exception(errorMsg);
}
finally
{
reader.Close();
conn.Close();
}
}
public ActionResult UserProfile(string username)
{
if (Session["uname"] == null || Session["uname"].ToString() == "")
{
return(RedirectToAction("Login", "User"));
}
if (Session["role"].ToString() != "Admin")
{
return(RedirectToAction("Index", "Unauthorised"));
}
Database d = Database.CurrentInstance;
List <DummyProfile> Dummys = new List <DummyProfile>();
try
{
if (d.OpenConnection())
{
string SearchQuery = "SELECT * FROM dububase.users Where username = @username;";
MySqlCommand c = new MySqlCommand(SearchQuery, d.conn);
c.Parameters.AddWithValue("@username", username);
AESCryptoStuff AES = AESCryptoStuff.CurrentInstance;
user users = new user();
using (MySqlDataReader r = c.ExecuteReader())
{
while (r.Read())
{
user user = new user
{
userName = (r["userName"].ToString()),
email = (r["email"]).ToString(),
role = (r["role"].ToString())
};
ViewBag.Dummy = user;
}
}
}
}
catch (MySqlException e)
{
Debug.WriteLine("MySQL Error!");
}
finally
{
d.CloseConnection();
}
return(View());
}
public ActionResult RoleChange(ChangeRoleModel model)
{
#region role and is logged in
if (Session["uname"] == null || Session["uname"].ToString() == "")
{
return(RedirectToAction("Login", "User"));
}
if (Session["role"].ToString() != "Admin")
{
return(RedirectToAction("Index", "Unauthorised"));
}
#endregion
Database d = Database.CurrentInstance;
AESCryptoStuff aes_obj = AESCryptoStuff.CurrentInstance;
try
{
if (d.OpenConnection())
{
string queryString = "UPDATE dububase.users SET role = @role Where username=@username;";
MySqlCommand cmd = new MySqlCommand(queryString, d.conn);
cmd.CommandText = queryString;
cmd.Parameters.AddWithValue("@role", model.NewRole);
cmd.Parameters.AddWithValue("@username", model.Username);
cmd.ExecuteNonQuery();
return(RedirectToAction("UserProfile", "Admin", new { username = model.Username }));
}
}catch (System.Data.SqlClient.SqlException ex)
{
string errorMsg = "Error";
errorMsg += ex.Message;
throw new Exception(errorMsg);
}
finally
{
d.CloseConnection();
}
//change to somewhere
return(View());
}
public ActionResult ChangePassword(ChangePasswordViewModel model)
{
if (Session["uname"] == null || Session["uname"].ToString() == "")
{
return(RedirectToAction("Login", "User"));
}
var response = Request["g-recaptcha-response"];
string secretKey = "6LenbkIUAAAAAJGZh-mw37g7pIC-vLXNXAbxnsXd";
var client = new WebClient();
var result = client.DownloadString(string.Format("https://www.google.com/recaptcha/api/siteverify?secret={0}&response={1}", secretKey, response));
var obj = JObject.Parse(result);
var status = (bool)obj.SelectToken("success");
ViewBag.Message = status ? "Google reCaptcha validation success" : "Google reCaptcha validation failed";
if (status == true)
{
Database d = Database.CurrentInstance;
AESCryptoStuff AES = AESCryptoStuff.CurrentInstance;
try
{
if (d.OpenConnection())
{
var username = Session["uName"];
string SearchQuery = "SELECT * FROM dububase.users Where @username";
MySqlCommand c = new MySqlCommand(SearchQuery, d.conn);
c.Parameters.AddWithValue("@username", username);
string password = "";
using (MySqlDataReader r = c.ExecuteReader())
{
while (r.Read())
{
password = AES.AesDecrypt(r["password"].ToString());
}
}
var OldPassword = Crypto.Hash(model.OldPassword);
var NewPassword = Crypto.Hash(model.NewPassword);
if (OldPassword == password)
{
string query = "Update dububase.users set password = @newPassword where username =@username;";
c = new MySqlCommand(query, d.conn);
c.Parameters.AddWithValue("@newPassword", AES.AesEncrypt(NewPassword));
c.Parameters.AddWithValue("@username", username);
c.BeginExecuteNonQuery();
return(RedirectToAction("UserProfile", "Profile"));
}
else
{
ViewBag.Message = "Wrong Password";
return(View());
};
}
}
catch (MySqlException e)
{
Debug.WriteLine("MySQL Error!");
}
finally
{
d.CloseConnection();
}
}
return(View());
}
public ActionResult TransactionHistory()
{
if (Session["uname"] == null || Session["uname"].ToString() == "")
{
return(RedirectToAction("Login", "User"));
}
var Username = Session["uname"];
//if(Session["u"].ToString() != Username)
//{
// return RedirectToAction("TransactionHistory", "Profile", new { Username = Username });
//}
Database d = Database.CurrentInstance;
try
{
if (d.OpenConnection())
{
string SearchQuery = "SELECT * FROM dububase.beantransaction Where userID = @userID Order by dateOfTransaction Desc";
//string SearchQuery = "Select userID From dububase.users where username = @username;";
MySqlCommand c = new MySqlCommand(SearchQuery, d.conn);
//c.Parameters.AddWithValue("@username", Username);
//int userID = 0;
//using (MySqlDataReader r = c.ExecuteReader())
//{
// while (r.Read())
// {
// userID = Convert.ToInt32(r["userID"].ToString());
// }
//}
var uid = Session["userID"].ToString();
c = new MySqlCommand(SearchQuery, d.conn);
AESCryptoStuff AES = AESCryptoStuff.CurrentInstance;
c.Parameters.AddWithValue("@userID", AES.AesEncrypt(uid.ToString()));
List <TransactionHistory> transactions = new List <TransactionHistory>();
using (MySqlDataReader r = c.ExecuteReader())
{
while (r.Read())
{
transactions.Add(new TransactionHistory
{
TransactionNo = AES.AesDecrypt(r["transactionNo"].ToString()),
TransactionDesc = AES.AesDecrypt(r["transactionDesc"].ToString()),
Price = Convert.ToDouble(r["priceOfBeans"]),
Status = r["status"].ToString(),
BeansBefore = Convert.ToInt32(r["userBeansBefore"]),
BeansAfter = Convert.ToInt32(r["userBeansAfter"]),
DateOfTransaction = (Convert.ToDateTime(r["dateOfTransaction"])).ToString(),
UserID = AES.AesDecrypt(r["UserID"].ToString())
});
}
}
ViewBag.Transactions = transactions;
return(View());
}
}
catch (MySqlException e)
{
Debug.WriteLine(e);
}
finally
{
d.CloseConnection();
}
return(View());
}
public ActionResult BanUser(BanUserModel model)
{
#region role and is logged in
if (Session["uname"] == null || Session["uname"].ToString() == "")
{
return(RedirectToAction("Login", "User"));
}
if (Session["role"].ToString() != "Admin")
{
return(RedirectToAction("Index", "Unauthorised"));
}
#endregion
string username = model.Username;
//db stuff
Database d = Database.CurrentInstance;
AESCryptoStuff aes_obj = AESCryptoStuff.CurrentInstance;
//EncodeDecode encInit = new EncodeDecode();
try
{
if (d.OpenConnection())
{
string queryString = "UPDATE dububase.users SET isBan = 'true', banTill=@date Where username=@username;";
List <user> users = new List <user>();
MySqlCommand cmd = new MySqlCommand(queryString, d.conn);
String BanPeriod = model.BanPeriod;
int time = 0;
if (BanPeriod == "1 Week")
{
time = 7;
}
else if (BanPeriod == "2 Weeks")
{
time = 14;
}
else if (BanPeriod == "1 Month")
{
time = 30;
}
else if (BanPeriod == "3 Months")
{
time = 90;
}
else if (BanPeriod == "1 Year")
{
time = 365;
}
DateTime mehgofu = DateTime.Now.AddDays(time);
cmd.Parameters.AddWithValue("@date", mehgofu);
cmd.Parameters.AddWithValue("@username", model.Username);
cmd.ExecuteNonQuery();
//add ban table into sql
queryString = "INSERT INTO dububase.banhistory(username, banReason,banPeriod) VALUES(@username, @banReason,@banPeriod); ";
cmd = new MySqlCommand(queryString, d.conn);
cmd.Parameters.AddWithValue("@username", model.Username);
cmd.Parameters.AddWithValue("@banReason", model.BanReason);
cmd.Parameters.AddWithValue("@banPeriod", model.BanPeriod);
cmd.ExecuteNonQuery();
return(RedirectToAction("UserProfile", "Admin", new { username = model.Username }));
}
}
catch (MySqlException e)
{
Debug.WriteLine(e);
}
finally
{
d.CloseConnection();
}
return(RedirectToAction("UserProfile", "Admin", new { username = model.Username }));
}
public ActionResult PaymentWithPaypal(Models.CreditCard currentCard)
{
Database d = Database.CurrentInstance;
AESCryptoStuff AES = AESCryptoStuff.CurrentInstance;
int userID = Convert.ToInt32(Session["UserID"]);
string price = string.Empty;
price = Convert.ToString(Session["price"]);
string beansName = string.Empty;
beansName = Convert.ToString(Session["beansName"]);
string beansAmount = string.Empty;
beansAmount = Convert.ToString(Session["beansAmount"]);
//getting the apiContext as earlier
APIContext apiContext = Models.Configuration.GetAPIContext();
//generating sessionID
Session["ShopSessionID1"] = KeyGenerator.GetUniqueKey(20);
string sessionID1 = Session["ShopSessionID1"].ToString();
Session["ShopSessionID2"] = BCrypt.HashSession(sessionID1, BCrypt.GenerateSalt());
try
{
string payerId = Request.Params["PayerID"];
if (string.IsNullOrEmpty(payerId))
{
//this section will be executed first because PayerID doesn't exist
//it is returned by the create function call of the payment class
// Creating a payment
// baseURL is the url on which paypal sendsback the data.
// So we have provided URL of this controller only
string baseURI = Request.Url.Scheme + "://" + Request.Url.Authority +
"/Shop/PaymentWithPayPal?";
//guid we are generating for storing the paymentID received in session
//after calling the create function and it is used in the payment execution
var guid = Convert.ToString((new Random()).Next(100000));
//CreatePayment function gives us the payment approval url
//on which payer is redirected for paypal account payment
var createdPayment = this.CreatePayment(apiContext, baseURI + "guid=" + guid);
//get links returned from paypal in response to Create function call
var links = createdPayment.links.GetEnumerator();
string paypalRedirectUrl = null;
while (links.MoveNext())
{
Links lnk = links.Current;
if (lnk.rel.ToLower().Trim().Equals("approval_url"))
{
//saving the payapalredirect URL to which user will be redirected for payment
paypalRedirectUrl = lnk.href;
}
}
// saving the paymentID in the key guid
Session.Add(guid, createdPayment.id);
return(Redirect(paypalRedirectUrl));
}
else
{
// This section is executed when we have received all the payments parameters
// from the previous call to the function Create
// Executing a payment
var guid = Request.Params["guid"];
var executedPayment = ExecutePayment(apiContext, payerId, Session[guid] as string);
if (executedPayment.state.ToLower() != "approved")
{
string addItemTransQuery = "INSERT INTO beantransaction(transactionNo, transactionDesc, priceOfBeans, status, dateOfTransaction, userID) VALUES (@transactionNo, @transactionDesc, @price, @status, @dateOfTransaction, @userID)";
string transDesc = "Failed Purchase of " + beansName + " (" + beansAmount + " Beans) for $" + price;
MySqlCommand c3 = new MySqlCommand(addItemTransQuery, d.conn);
c3.Parameters.AddWithValue("@transactionNo", AES.AesEncrypt(KeyGenerator.GetUniqueKey(20)));
c3.Parameters.AddWithValue("@transactionDesc", AES.AesEncrypt(transDesc));
c3.Parameters.AddWithValue("@price", Convert.ToDouble(price));
c3.Parameters.AddWithValue("@status", "Failure");
c3.Parameters.AddWithValue("@dateOfTransaction", DateTime.Now);
c3.Parameters.AddWithValue("@userID", AES.AesEncrypt(userID.ToString()));
return(RedirectToAction("FailureView"));
}
}
}
catch (Exception ex)
{
Debug.WriteLine(ex);
string addItemTransQuery = "INSERT INTO beantransaction(transactionNo, transactionDesc, priceOfBeans, status, dateOfTransaction, userID) VALUES (@transactionNo, @transactionDesc, @price, @status, @dateOfTransaction, @userID)";
string transDesc = "Failed Purchase of " + beansName + " (" + beansAmount + " Beans) for $" + price;
MySqlCommand c3 = new MySqlCommand(addItemTransQuery, d.conn);
c3.Parameters.AddWithValue("@transactionNo", AES.AesEncrypt(KeyGenerator.GetUniqueKey(20)));
c3.Parameters.AddWithValue("@transactionDesc", AES.AesEncrypt(transDesc));
c3.Parameters.AddWithValue("@price", Convert.ToDouble(price));
c3.Parameters.AddWithValue("@status", "Failure");
c3.Parameters.AddWithValue("@dateOfTransaction", DateTime.Now);
c3.Parameters.AddWithValue("@userID", AES.AesEncrypt(userID.ToString()));
return(View("FailureView"));
}
try
{
if (d.OpenConnection())
{
string userQuery = "SELECT * FROM users WHERE userID = @userID";
MySqlCommand c = new MySqlCommand(userQuery, d.conn);
c.Parameters.AddWithValue("@userID", userID);
int beansBefore = 0;
int beansAfter = 0;
Debug.WriteLine("SCARY");
using (MySqlDataReader r = c.ExecuteReader())
{
while (r.Read())
{
if (Convert.ToInt32(r["userID"]) == userID)
{
beansBefore = Convert.ToInt32(r["beansAmount"].ToString());
beansAfter = beansBefore + Convert.ToInt32(beansAmount);
}
}
r.Close();
string updateQuery = "UPDATE users SET beansAmount = @beansAfter WHERE userID = @userID";
MySqlCommand c2 = new MySqlCommand(updateQuery, d.conn);
c2.Parameters.AddWithValue("@beansAfter", beansAfter);
c2.Parameters.AddWithValue("@userID", userID);
c2.ExecuteNonQuery();
Debug.WriteLine(beansBefore + " " + beansAfter);
string addItemTransQuery = "INSERT INTO beantransaction VALUES (@transactionNo, @transactionDesc, @price, @beansBefore, @beansAfter, @status, @dateOfTransaction, @userID)";
string transDesc = "Purchase " + beansName + " (" + beansAmount + " Beans) for $" + price;
MySqlCommand c3 = new MySqlCommand(addItemTransQuery, d.conn);
c3.Parameters.AddWithValue("@transactionNo", AES.AesEncrypt(KeyGenerator.GetUniqueKey(20)));
c3.Parameters.AddWithValue("@transactionDesc", AES.AesEncrypt(transDesc));
c3.Parameters.AddWithValue("@price", Convert.ToDouble(price));
c3.Parameters.AddWithValue("@beansBefore", beansBefore);
c3.Parameters.AddWithValue("@beansAfter", beansAfter);
c3.Parameters.AddWithValue("@status", "Successful");
c3.Parameters.AddWithValue("@dateOfTransaction", DateTime.Now);
c3.Parameters.AddWithValue("@userID", AES.AesEncrypt(userID.ToString()));
c3.ExecuteNonQuery();
}
}
}
catch (MySqlException e)
{
Debug.WriteLine(e);
string addItemTransQuery = "INSERT INTO beantransaction(transactionNo, transactionDesc, priceOfBeans, status, dateOfTransaction, userID) VALUES (@transactionNo, @transactionDesc, @price, @status, @dateOfTransaction, @userID)";
string transDesc = "Failed Purchase of " + beansName + " (" + beansAmount + " Beans) for $" + price;
MySqlCommand c3 = new MySqlCommand(addItemTransQuery, d.conn);
c3.Parameters.AddWithValue("@transactionNo", AES.AesEncrypt(KeyGenerator.GetUniqueKey(20)));
c3.Parameters.AddWithValue("@transactionDesc", AES.AesEncrypt(transDesc));
c3.Parameters.AddWithValue("@price", Convert.ToDouble(price));
c3.Parameters.AddWithValue("@status", "Failure");
c3.Parameters.AddWithValue("@dateOfTransaction", DateTime.Now);
c3.Parameters.AddWithValue("@userID", AES.AesEncrypt(userID.ToString()));
return(RedirectToAction("FailureView"));
}
finally
{
d.CloseConnection();
}
return(RedirectToAction("SuccessView"));
}
public ActionResult ItemPurchase(string beansPrice, string premiumItemName, string premiumItemID)
{
Database d = Database.CurrentInstance;
int userID = Convert.ToInt32(Session["UserID"]);
int itemID = Convert.ToInt32(premiumItemID);
try
{
if (d.OpenConnection())
{
string userQuery = "SELECT * FROM users WHERE userID = @userID";
MySqlCommand c = new MySqlCommand(userQuery, d.conn);
c.Parameters.AddWithValue("@userID", userID);
int beansBefore = 0;
int beansAfter = 0;
bool successfulPurchase = false;
using (MySqlDataReader r = c.ExecuteReader())
{
while (r.Read())
{
if (Convert.ToInt32(r["userID"]) == userID)
{
beansBefore = Convert.ToInt32(r["beansAmount"].ToString());
beansAfter = beansBefore - Convert.ToInt32(beansPrice);
if (beansAfter < 0)
{
successfulPurchase = false;
}
else if (beansAfter > 0)
{
successfulPurchase = true;
}
}
}
r.Close();
if (successfulPurchase == true)
{
AESCryptoStuff AES = AESCryptoStuff.CurrentInstance;
string updateQuery = "UPDATE users SET beansAmount = @beansAfter WHERE userID = @userID";
MySqlCommand c2 = new MySqlCommand(updateQuery, d.conn);
c2.Parameters.AddWithValue("@beansAfter", beansAfter);
c2.Parameters.AddWithValue("@userID", userID);
c2.ExecuteNonQuery();
string addItemTransQuery = "INSERT INTO itemtransaction VALUES (@transactionNo, @transactionDesc, @price, @beansBefore, @beansAfter, @userID, @dateOfTransaction)";
string transDesc = "Purchase of " + premiumItemName + " for " + beansPrice + " beans.";
MySqlCommand c3 = new MySqlCommand(addItemTransQuery, d.conn);
c3.Parameters.AddWithValue("@transactionNo", AES.AesEncrypt(KeyGenerator.GetUniqueKey(20)));
c3.Parameters.AddWithValue("@transactionDesc", AES.AesEncrypt(transDesc));
c3.Parameters.AddWithValue("@price", beansPrice);
c3.Parameters.AddWithValue("@beansBefore", beansBefore);
c3.Parameters.AddWithValue("@beansAfter", beansAfter);
c3.Parameters.AddWithValue("@userID", AES.AesEncrypt(userID.ToString()));
c3.Parameters.AddWithValue("@dateOfTransaction", DateTime.Now);
c3.ExecuteNonQuery();
string addInventoryQuery = "INSERT INTO inventory VALUES (@userID, @itemID)";
MySqlCommand c4 = new MySqlCommand(addInventoryQuery, d.conn);
c4.Parameters.AddWithValue("@userID", userID);
c4.Parameters.AddWithValue("@itemID", itemID);
c4.ExecuteNonQuery();
}
else
{
return(RedirectToAction("FailureView"));
}
}
}
}
catch (MySqlException e)
{
Debug.WriteLine(e);
}
finally
{
d.CloseConnection();
}
return(RedirectToAction("Shop"));
}
